How to Refocus Network Security During a Crisis

eWEEK NETWORKING ANALYSIS: Oracle’s SD-WAN simplifies security threats created by work-from-home employees.


Enterprises are especially vulnerable during a pandemic crisis like the current one, since the majority of employees working from home open up new vulnerabilities—everything from shadow IT to unmanaged devices to unsecured internet access.

Because companies are at an increased risk for cyberattacks, safeguarding networks and systems is more crucial than ever. To address today’s challenges, it’s important to consider network architectures that can secure voice, video, application and data traffic while also protecting headquarters and branch offices.

Work From Home Creates New Security Risks

A recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned about rising COVID-19-related malware and ransomware attacks, as well as an increase in “potentially vulnerable services” such as virtual private networks (VPNs) that create additional threats for businesses and individuals. Cybercriminals are taking advantage of weaknesses in VPNs, remote office tools and teleconferencing platforms. Attacks on Microsoft’s Remote Desktop Protocol (RDP) endpoints are also on the rise, with a 127 percent increase in exposed RDP endpoints, according to CISA.

Uncertainties surrounding the pandemic are driving business leaders to prioritize network security. Enterprises need robust solutions and technical expertise to help navigate the challenges of securing networks as the number of endpoints continue to skyrocket. More companies are turning to software-defined wide-area networking (SD-WAN) as a virtual architecture of choice to mitigate the security risks of connecting remote users to enterprise networks.

SD-WANs Secure Private WANs and Cloud Connectivity

SD-WANs enable multiple secure connections—both private and public—directly to the cloud without backhauling all traffic back to corporate data centers. Yet, unauthorized access to cloud services that goes undetected by IT continues to be a problem. That’s due to vanilla SD-WAN solutions that fail to provide enough protection from increasingly sophisticated security threats. Internet protocol (IP) communications, in particular, are susceptible to denial of service (DoS) attacks and privacy breaches.

Only a SD-WAN with built-in multilayered security can fully safeguard enterprise multicloud environments against unauthorized traffic. A secure SD-WAN must have failsafe features, dynamically changing encryption keys to encrypt all traffic, and it should be able to support any architecture. Oracle incorporated those capabilities into its SD-WAN solution, designed specifically for enterprises that want to secure and consolidate their communications infrastructure. Oracle SD-WAN shields IP-based systems from threats by securing real-time communications on both trusted and untrusted networks.

Oracle’s SD-WAN Takes a Multilayered Approach to Security

Oracle SD-WAN provides five layers of encryption, secure message session and cloud/network authentication and service protection with distributed firewalls. When data is sent across public links, the SD-WAN ensures that it won’t be compromised by using either 128-bit or 256-bit Advanced Encryption Standard (AES). Meanwhile, distributed firewalls give enterprises control over every office and branch location that accesses the network. Distributed firewalls deliver additional security and segmentation of the network by employing virtual routing and forwarding (VRF).

With so many remote workers needing access from home, the traditional hub-and-spoke model that requires all security services to be located in a centralized site is problematic for enterprises with evolving networks. A SD-WAN that serves as a regional hub can improve performance and security by grouping branches into regions that connect back to a central hub in a specific location. Regional hubs offer effective backhauling over short distances, which minimizes changes to network security.

SD-WANs Simplify Global Policy Management

Oracle SD-WAN simplifies the configuration process since firewall policies are created at the global level. The global configuration consists of policy templates that can be applied to all sites. Such firewall policies can block inbound traffic that didn’t result from an outbound session. An external firewall wouldn’t have the ability to look inside SD-WAN’s traffic in this manner to apply policies.

Oracle integrates with other cloud-based security providers such as Zscaler and Palo Alto Networks to provide internet protocol security (IPsec) connectivity. For example, Oracle SD-WAN can forward all internet traffic to the Zscaler cloud gateway and run Palo Alto’s next-generation firewall (NGFW).

A clear understanding of which security features are built into a SD-WAN solution can help enterprises make informed decisions based on their needs. Most importantly, it’s time for enterprises to move away from the hub-and-spoke security model to a distributed model, so that every remote connection to cloud services can be secured from the get-go.

The need for endpoint security isn’t going away after the pandemic, because multicloud networks will continue to grow more complex.

Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.