With the Growth of SD-WAN Approaches, New Security Vulnerabilities Are Also Growing
By: Matthew Vulpis
Originally published on SD-WAN Resource
After experiencing slower growth in 2020 caused by the COVID-19 pandemic, Dell’Oro Group said earlier this year that the SD-WAN market is expected to accelerate in 2021 and 2022.
According to the analyst firm, worldwide sales of SD-WAN technologies are forecasted to grow at a compound annual growth rate (CAGR) of 24 percent over the next five years, and the market is expected to surpass $4 billion in 2025.
“The pandemic caused some delays in SD-WAN deployments in 2020, but the underlying demand drivers for modernizing WAN infrastructures remains strong”, said Shin Umeda, Vice President at Dell’Oro Group, when the company released results in January of this year.
SD-WAN is defined as a specific application of software-defined networking (SDN) to WAN connections. It is built on years of innovation in the virtualization of network functions and impressive software leaders (including many of whom have been acquired by giant tech firms over the last few years), and while the very definition of a private WAN theoretically embeds security, as more breaches occur, threats and vulnerabilities found in SD-WAN products are coming to the fore.
According to Gartner’s predictions, more than 50% of routers will be replaced with SD-WAN solutions by 2020, but community knowledge on SD-WAN threats and attacks is limited.
SD-WAN systems form a network perimeter and connect Internet, WAN, extranet, and branches, which makes them attractive targets for attackers. SD-WAN includes firewalls, DPI, VPN, malware detection, and other traditional security features on board, which is crucial from a cybersecurity point of view, but may be lacking when it comes to how privileged users are being managed.
SD-WAN enables new implementation of the planes and its functions on the SDN-NFV infrastructure specific to WAN, which provides additional features for enterprise network operations teams and managed service providers, including multitenancy (VRF and routing), zero-touch provisioning, overlay, and dynamic tunneling VPN, WAN optimization, automatic bandwidth detection, and service chaining.
Documented weaknesses, including instances where a network controller and orchestrator can be deployed in the same IP network, enable attackers to perform vertical access control attacks and access management interfaces and functions, which can be catastrophic for organizations.
Furkan Kirmaci, Product Owner at Ironsphere, a Privileged Access Management software and solution company, said, “It’s time the industry recognize that without a solid access management component to any type of enterprise network, including SD-WANs, the cost savings new models enable may evaporate if the network is compromised and valuable data is breached.”
SD-WAN separates the data and control planes of the wide-area network, monitors the performance of the mix of WAN data connections (Internet, Internet with IP overlay, MPLS, ATM), and selects the most appropriate connection for each traffic type, based on current link performance, the cost of the connection, and the needs of the application or service.
“SD-WANs can certainly be flexible, efficient, and cost-effective if they employ multiple transport services, including the public Internet,” Kirmaci said, “and even more savings can be recognized as the overlay innovators prove they can provide high speed, secure access, leveraging the public Internet – a trend that is now an inevitability.”
Kirmaci explained that increasing cloud workloads, more edge automated solutions, remote users, IoT devices, and simply more computing means enterprises will rely even more heavily on the Internet going forward.
“The good news is that with access management software and automation, ensuring that breaches don’t happen, especially when privileged users, for example, IT admins, are supported by automation, including password controllers that generate passwords and create a recording of activities that can be used to strengthen compliance, especially in highly regulated industries.”
Kirmaci said Zero Trust Networking will be the de facto access standard, and privileged accounts/users are the most critical piece of ZTNA.
“One critical aspect of transitioning to ZTNA is ensuring users remain safe while accessing applications the enterprise doesn’t control,” Kirmaci said. “We’ve seen that over and over recently, with various sophisticated phishing attacks when users were tied to the corporate network using managed devices designed to protect against malware and ransomware, where phishing expeditions were still successful and where the biggest attacks most recently have been associated with privileged credentials being accidentally or intentionally shared.”
Kirmaci said CISOs can no longer leave this to chance and that the time to act is now, “even as organizations are rolling out digital transformation initiatives, making the environment even more complicated and vulnerable.”
The motivations behind SD-WAN migration make perfect sense: reduce cost, increase agility, build flexibility, and some experts are now saying it may be time to skip SD-WAN altogether and move straight to a Zero Trust framework.
“We’ll see a lot of combinations, variations, and transitions over time,” Kirmaci concluded. “What will never change is the need to ensure that only those users who should have access to mission-critical systems do have access, and by helping them with automated, intelligent, intuitive support systems, organizations can optimize the full value of software-driven data networking without losing sleep.”
The benefits of moving more and more to the cloud are now proven. What do IT teams need to know when contracting with cloud service providers and the communications service providers delivering access and transmission services?
While we all instantly understand the motivation for cyber criminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.
When the Covid-19 pandemic began, organizations across all industries were forced to go digital, which unfortunately led to a boom-time for potential cybercriminals. Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals, with phishing and ransomware remaining the most common approach, accounting for 33 percent of cyberattacks.