Can I have both SD-WAN simplicity and strong security?

Innovations around SD-WAN have enabled significant cost savings thanks to the internet’s speed and ubiquity. Enterprises can establish a presence anywhere, anytime with a last mile of their choosing, including MPLS, cable, DSL, 4G/LTE, satellite, or even DS-1/T1. It’s flexibility uniquely inherent to Citrix SD-WAN. However, branch offices can be exposed to advanced cyber threats that can proliferate quickly.

So what’s the best approach to security? Should you install a complete security stack at every branch and manage it yourself? Or rely on a centralized cloud security solution delivered as a service? Or a hybrid approach that meets your organization’s unique requirements and provides strong security?

One size doesn’t fit all, and Citrix gives you choices, from the long-established multi-site to the advanced multi-layered approach, both of which can protect users and data at the branches, data center, and clouds from multi-vector cyber threats. It is also your choice to continue using your trusted firewall and augment the outer perimeter security in branch offices with Citrix SD-WAN’s integrated firewall. And when you’re ready, you can move to a next-generation firewall, delivered by appliances or as cloud services.

This blog outlines different security approaches that ensure our SD-WAN provides complete protection from the branches to the cloud and the traffic flows in between.

Citrix SD-WAN Integrated Firewall complements your trusted firewall investment and strengthens overall security infrastructure.

Citrix provides an integrated perimeter firewall that masks users and infrastructure from cyber surveillance. This integrated stateful firewall has global policy control, supports zone-based policies so that you can implement granular micro-segmentation of traffic and enforce uniform policy consistently. Citrix SD-WAN can also intelligently track the fast-changing open ports from SaaS and IaaS apps as trusted traffic and directly breakout the traffic to the internet, enhancing application performance. It marks all other traffic, such as web browsing, as untrusted and forwards it to the full security stack, typically located at the HQ or a private data center. Citrix SD-WAN also takes extra precautions by encrypting all branch-to-branch egress traffic, even when it is transported over a private MPLS line.

Figure 1 – Citrix SD-WAN’s integrated firewall complements full-stack security at the headquarter or data center.

Citrix SD-WAN Automates Connectivity to Cloud Security

With most enterprises embarking on some form of cloud transformation, Citrix recommends extending perimeter security to the cloud, where apps and workloads reside. Citrix has partnered with industry leaders like Palo Alto Networks, Zscaler, and Symantec to deliver joint solutions that enable our SD-WAN to be a transparent gateway for Secure Web Gateway (SWG) service. Cloud-based SWG is a popular option for branch offices due to its simple and yet effective multi-layer protection.

Citrix SD-WAN management platform is the key component in this joint solution, providing onboarding automation and a direct subscription link to Palo Alto Global Protect (aka Prisma) and Zscaler Secure Internet Gateway services. Through API automation, Citrix SD-WAN also secures the connectivity (via IPsec) from the branch to the Palo Alto, Zscaler and Symantec clouds.

The benefits of automation become more significant as more branch sites are involved, directly translating into time savings and reduction in configuration errors. Last but not least, Citrix provides this automated on-boarding capability free of charge.

In addition, cloud-based security also enables a new service-consumption model. It provides an option to shift to opex spending, which can be easily aligned with your business growth. There is no need to deploy security appliances at every branch. It also removes the need to build an in-house resource to manage the security infrastructure. Your CFO will love this.

Figure 2 – Citrix SD-WAN with automated connectivity to Cloud Security.

In the second part of this blog, next week, I’ll cover a third option that combines the most advanced SD-WAN product from Citrix and a virtualized next-generation firewall from Palo Alto Networks to co-exist in the same appliance. Find out why so many enterprises and service providers are leaning toward this option.

Learn More in Our Webinar

We invite you to join our upcoming webinar on June 18, where we will discuss the various aspects of our security solutions and Citrix SD-WAN in more detail. Register now.

Date: Tuesday, June 18
Time: 9 a.m. ET (EMEA) and 11 a.m. ET (Americas)
Register now

If you already have Citrix SD-WAN and are interested in the cloud security solutions from our partners, check out the solutions briefs from Citrix and Palo Alto and Zscaler.