Citrix Systems enhanced its SD-WAN in order to increase automation and security. This includes new security features that enable companies to extend user-centric policies to the branch and connect employees to cloud applications and software-as-a-service (SaaS) platforms.
The platform also has integration with the zScaler cloud security platform. Chalan Aras, vice president of networking at Citrix, said the connection allows for the use of zScaler services, which includes secure cloud gateway and its user interface. This is primarily useful for enterprises that rely on more internet-centric applications.
“It’s just end-to-end automated integration that … really simplifies the life of IT administrators,” Aras said. He added that this enables IT admins to have confidence that everything is connecting properly the first time rather than debugging connectivity and network issues as they arise.
The zScaler platform is one of multiple third-party APIs that Citrix leverages to bolster its platform. For security, it also integrates with Palo Alto Networks for firewall protection of an enterprises’ data center applications. It also has APIs that enable the synchronization of location information to provide security insight and it establishes IPsec tunnels between branches and security enforcement points — all to automatically apply controls that protect users and applications.
It also leverages APIs for application active settings and performance settings. Aras noted that Citrix is looking to bring more API integrations to its SD-WAN in the future, including security integrations and cloud on-ramp integrations. Citrix already offers cloud on-ramps to Microsoft Azure and Amazon Web Services (AWS).
Citrix’s Strategy for SD-WAN
Aras said that Citrix differentiates itself from other SD-WAN vendors with its security posture. “We’ve built a very broad framework for secure connectivity to this myriad of locations where the applications are produced. And part of that is actually the automation factor, how the hundreds or thousands of branch locations are now connected to these application sources,” he said.
Specifically, Citrix built its own “sophisticated” firewall that is “far more comprehensive compared to the other SD-WAN players.” It also leverages those third-party vendors, like Palo Alto Networks and zScaler, to make application level decisions regarding where policy is applied.
Aras also referred to the platform conducting a “handshake” between SaaS providers and cloud application providers. This is through a security exchange mechanism that initiates the handshake and establishes trust between the provider and SD-WAN to enable the free and secure flow of data.
The Citrix SD-WAN also takes what Aras said was a “people-centric” approach. He explained that as enterprises scale, both with branch locations and with the addition of new cloud applications, the bigger attack area requires more defense. What Citrix does is combine centralized policy control with insights into user behavior, and use machine learning to automatically and contextually apply security policies based on user behavior and access patterns. One of the ways it does this is by feeding information from the SD-WAN to Citrix’s analytics platform, which runs a long-term view of what users are doing to provide a long-time security view based on user behavior. Citrix can then define security zones to apply different policies to different users.