Today’s threat landscape is ever-changing, and the tools IT uses to protect against cyber-attacks must be more advanced and multi-faceted than those attempting to breach our organizations.
Every day, the news headlines bring us the unfortunate stories of yet another enterprise that has fallen victim. Branch locations are some of the most vulnerable attack vectors. For those of us responsible for ensuring our enterprise WANs are secure, we must have the necessary security tools and systems in place to protect users, corporate data and networks.
Mosaic SoftWave SD-WAN as-a-Service is built on VMWare NSX SD-WAN by VeloCloud, and with its emphasis on data security, it is a “Game Changer”. Below are some of the key security features that can help thwart attacks on your enterprise WAN:
- Public Key Infrastructure (PKI) – Uses a Certificate Authority (CA) to distribute certificates for authentication in VPN deployments.
- Unique Keys per Tunnel – Using unique keys per VPN tunnel results in a more secure solution than when the same set of keys is shared by more than two sites.
- Secure Onboarding – Ensures new sites connecting to an existing VPN are authenticated and authorized before they are allowed to connect.
- Integrated Certificate Server – While PKI is recommended for authentication because it offers a more secure and scalable solution than pre-shared key authentication, PKI requires a certificate server for certificate management and distribution.
- Tunnel Integrity Check – If an existing branch or hub site in a VPN is compromised, the site’s certificate is immediately revoked and all tunnels to that site are deleted.
- Management Plane Security, Secure Onboarding and Activation – Once connected to the Internet in a zero-touch deployment, SD-WAN Edge appliances automatically authenticate, connect, and receive configuration instructions.
- SD-WAN Orchestrator – Supports Two Factor Authentication.
- Compliance – Every component of the Mosaic SoftWave SD-WAN platform is certified PCI compliant.