by Gur Shatz, Co-Founder and CTO, Cato Networks
Software-defined infrastructure has firmly gained traction
in public and private data centers and clouds, because of its game-changing
nature: It has virtualized the server, giving it scalable capacity on demand at
a fraction of the cost of its hardware counterpart. And what software-defined
did for the server and storage markets, it is bound to do for the network, too.
Initial advances in software-defined networking include
SD-WAN, which is poised to grow from $225 million in 2015 to $6 billion by
2020, according to IDC. Yet, SD-WAN has not fully cracked the
network performance and security conundrum. SD-WAN still relies on MPLS links
to ensure low-latency connectivity, and the use of the Internet is mostly for
WAN backhauling and doesn’t fully address the need for secure Internet and
cloud access. This points to the need
for a new software-defined approach that firmly binds network and security as
one, and which frees up valuable networking resources.
Why SD-WAN Is Not
Enough
The promise of SD-WAN lies in providing standard, low-cost
Internet connections to supplement the managed, low-latency, yet expensive MPLS
with its guaranteed capacity. However, a survey of network security
professionals found that one-third cited latency between locations as their
biggest network security challenge, and a quarter cite direct Internet access
from remote locations.[1]
SD-WAN, while taking some of the network performance issues
and costs out, cannot fully provide the game-changing impact of true
software-defined infrastructure; it is a primarily a networking technology, not
a security solution. For SD-WAN to be a viable solution for today’s hybrid
networks, it needs to be secured in a way MPLS is not. Due to its nature as a
private network, companies didn’t need to encrypt MPLS traffic. While MPLS
networks are often not encrypted, SD-WAN cannot forego encryption – a new
problem for most network teams. Furthermore, it has no impact on enabling
direct internet access – for example, at the branch level – without adding
third-party security solutions. SD-WAN requires investment in core security
capabilities, such as app control, URL filtering, next-generation firewalls,
and cloud access control (among others) – all of which add costs and management
complexity right back into the enterprise.
SD-WAN++
SD-WAN tackles the legacy enterprise WAN: branches and
datacenters. It adds Internet links to the MPLS-based WAN, but must continue
and rely on MPLS for low-latency connectivity. This limits its impact. A
contemporary WAN design should integrate, in addition to physical locations,
mobile users and public cloud infrastructure. It should enable low-latency
connectivity on a global basis to ensure consistent user experience, even if
MPLS is not used. And, it should include an integrated security stack to
protect WAN and Internet-bound traffic to Public Cloud Applications (SaaS) for
all network users. To truly evolve the network, today’s IT leaders need a new
simple, scalable and secure solution that binds a global network and built-in
security. Such a unified, software-defined solution could enforce policies for
all users and locations, with access to all data, in a way that reduces
complexity and management overhead.
Effectively, such a system becomes the real solution to the
MPLS conundrum: it optimizes performance/latency and enables enterprise-grade
security, creating the true hybrid network of the future - today.
About the Author
Gur is co-founder and CTO of Cato Networks.
Prior to Cato Networks, he was the co-founder and CEO of Incapsula Inc., a
cloud-based web applications security and acceleration company. Before
Incaspula, Gur was Director of Product Development, Vice President of
Engineering and Vice President of Products at Imperva, a web application
security and data security company.
Gur holds a BSc in Computer Science from Tel Aviv College.
About Cato Networks
Cato Networks is rethinking network security from the ground
up and into the cloud. Cato has developed a new Network Security as a Service
(NSaaS) platform that is changing the way network security is delivered, managed,
and evolved for the distributed, cloud-centric, and mobile-first enterprise.
Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cybersecurity
luminary Shlomo Kramer, who previously cofounded Check Point Software
Technologies and Imperva, and Gur Shatz, who previously cofounded Incapsula.
Cato Networks is backed by Aspect Ventures and U.S. Venture Partners. For more
information, visit http://www.catonetworks.com/.
[1]
Based on feedback from 70+ network professionals who took part in “MPLS, SD-WAN and Cloud Networks: The path to a better,
secure and more affordable WAN," May 18, 2016.