• Chris Newell

SD-WAN Security

There is no doubt that there are big changes for the future of software-defined networking in a wide area network (SD-WAN) but providing security for the ever-changing infrastructure is something that is concerning.

When we think of a traditional business network, clients are reassured by the presence of firewalls, complex cyber-security applications and algorithms that keep proprietary information and customer data safe. But since WANs face outward and rely on transport outside of a firewall, there are all sorts of inherent risks.

When we consider expanding SD-WAN past the standard single-hop overlay; the ongoing work-from-home paradigm shift caused by the continuing global COVID-19 pandemic, and the rise of both 5G and edge computing, there is a much larger security perimeter to consider. With so many moving parts, it can limit visibility and might need a shift from policy built upon location to policy focused on identity. The old hub-and-spoke network is gone, largely replaced by cloud-first enterprises applications that need different security solutions.

How are four of the bigger players in SD-WAN approaching the security issue? Here is a closer look at SilverPeak, VeloCloud (VMware), Versa and Bigleaf and their capabilities.

Silver Peak

Silver Peak targets all sizes of enterprise. Formerly a WAN optimization specialist, its SD-WAN product is known as Unity, and includes an app that can terminate WAN circuits. It excels at app identity and policy control. Silver Peak has partnered with Zscaler to deliver a security solution for SD-WAN from the cloud to better protect data packets by redirecting all traffic through Zscaler’s service using data plane security, security compliance, management plane security, and service chaining.

VeloCloud (VMware)

VeloCloud’s managed service is targeted at retail, SMBs, mid-markets, and small enterprises. VeloCloud’s architecture allows flexibility to secure data and traffic deployed as a secure overlay to a transport/provider independent infrastructure. VMWare’s SD-WAN claims to be able to handle security-sensitive businesses of the highest level and offers high levels of visibility while allowing corporate IT to hold the reins for security, compliance, and control. In other words, it is a bring your own security solution.


Versa hit the market in 2015 and focuses on service injection/NFV in the edge node. In 2016 it partnered with RCN business to offer a managed security service that leverages virtualized security functions. The Versa SD-Security solution is a complex mixture of next-generation firewalls, malware protection, URL and content filtering, IPS and antivirus solutions, as well as DDoS and VPN/next-generation VPN. It uses zero-touch provisioning and automatic service chaining to simplify the process for the end-user.


Bigleaf markets itself towards Cloud App customers and those looking to keep their existing firewall/security setups and not change their configuration, including small-to-medium sized businesses (SMBs) and mid-markets. Each customer location is connected to two gateways for redundancy and customers are free to set up their own encryptions from their own firewalls. Customers must have their own firewall or router place to create a VPN connection. Bigleaf does not do site-to-site connectivity, which enhances its security as it does not breach the LAN’s security perimeter.

Edge security has always been an issue since the first days of the Internet of Things (IoT) deployment. With the work-from-home movement looking to be a permanent thing, enterprises will likely see more issues with SD-WAN overlays that exposed logjams in many solutions since March 2020.

52 views0 comments

Recent Posts

See All