Best Practices for SD-Branch Edge Security - eWEEK
Networking
SHARE
Facebook X Pinterest WhatsApp

Best Practices for Branch Office Edge Security

eweek.logo.DataPoints-UPDATE
Written By
eWEEK Staff
eWEEK Staff
Jul 18, 2019
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

At last it is the enterprise branch’s turn to experience digital transformation in earnest. Organizations want faster cloud adoption and an expansion of their WAN edge operations. SD-WAN (software-defined wide-area networking) has helped in these endeavors, and secure SD-WAN has gone even further with enterprise-class security that is fully integrated.

These advances are all well and good, but here’s the catch: SD-WAN solutions don’t address the changes that the branch itself is undergoing. The ramped-up adoption of internet of things (IoT) devices and the growth of connected end-user devices, for example, have overwhelmed the local branch network. What’s more, this transformation has expanded the potential attack surface, bringing security to the fore. No organization wants a branch office to be the weak link in their security strategy.

Go here to see eWEEK’s list of Top SD-WAN Vendors.

Go here to see eWEEK’s listing of Top Next-Generation Firewall Vendors.

However, many organizations are shooting themselves in the foot by assuming they can address branch security with the same approach used at their core network. Branch offices have quickly been overwhelmed with point security products, isolated management systems and complex integrated services routers, coupled with little to no local IT staff. Consequently, branch network security often suffers from lack of visibility, complex management challenges and too many solutions being used to secure WAN and access edges beyond the SD-WAN connection.

To address this mounting challenge, organizations are beginning to turn to SD-branch architecture: one automated and centrally managed software-centric platform. In this eWEEK Data Points article, security provider Fortinet offers a list of essential elements of SD-branch security deployments.


Data Point No. 1: Network Edge Protection

For secure SD-branch deployments, a next-generation firewall (NFGW) is a perfect fundamental component. An NGFW needs to be able to extend security from the SD-WAN connection to wired and wireless access controllers. This ensures that all inbound and outbound traffic, including direct internet and cloud links generated by individual devices, is inspected and secured at digital speeds—even when encrypted. 

An NGFW designed for branch deployments should also offer consolidated security and network access controls. And like all other SD-branch components, it needs to also support zero-touch provisioning so it can be quickly installed and be fully operational in a matter of minutes.


Data Point No. 2: Access Protection

To protect the SD-branch network edge, access points must not only be secure, but be able to extend next-gen firewall capabilities to the WLAN edge so it receives the same level of protection as the WAN edge. WiFi APs need to provide adequate capacity and throughput to keep up with expanding bandwidth needs, while switches need to support higher speeds while also offering higher power (PoE) to run even the most power-hungry IoT devices.


Data Point No. 3: Device Edge Protection

Per-device security is another must-have for an SD-branch solution. The proliferation of IoT devices at the branch represents a significant threat to organizations and must be properly identified and segmented. A network access control (NAC) solution should provide automatic discovery, classification and security for IoT devices as they enter the network, including intent-based segmentation. But its work is not yet done.


Advertisement

Data Point No. 4: Device Monitoring

Because they often work with the NGFW, NAC solutions should also constantly monitor these devices for anomalous behavior via traffic scanning. This allows the security solution to identify potentially compromised devices and can respond by dynamically segmenting those devices for quarantine and remediation.


Data Point No. 5: Zero-Touch Provisioning

Zero-touch deployment is a foundational requirement from an SD-branch solution, allowing new branch environments to be rolled out quickly, even without IT staff on site. Likewise, integrated management via a single-pane-of-glass console simplifies enterprise branch deployments by centralizing and automating configuration updates, patching, remote management and analysis, policy updates and more.

If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.
eWEEK Staff
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information