What do ogres, onions and SD-WAN security have in common? Layers!

Remember this scene from the movie Shrek? The big ogre was explaining to Donkey that ogres are very complicated, and like onions, they have layers. Donkey, of course, didn’t like the analogy because not everyone likes onions and would have preferred cake as everyone likes cake, but he did seem to understand that ogres did indeed have layers after it was explained to him. 

Orges and onions have layers, but what else does? Or at least should? 

Security for SD-WANs — but that may not seem obvious to everyone.

This week SD-WAN provider, Aryaka, which is now neck and neck with VeloCloud/VMware in market share, according to IHS Markit, announced Passport, a multi-layered security platform and ecosystem that provides best-of-breed security at every level of a software-defined WAN (SD-WAN).

Most SD-WAN vendors encrypt the traffic between two points, and that is certainly important, but data in flight isn’t the only way an SD-WAN can be breached, and Aryaka’s Passport offers end-to-end protection using a number of best-of-breed security partners.

Encryption is table stakes

Like most of the SD-WAN solutions, Aryaka does IPsec encrypt its network. However, it operates a private, layer 2 network where each customer’s traffic is kept isolated from others, which is markedly more secure than using the Internet as transport. Also, it applies Radware’s Hybrid Cloud Attack Mitigation for in-network DDoS protection. The combination of private networks, encryption, and DDoS protection is like having two belts and suspenders on for maximum protection.

Aryaka’s Passport secures at multiple layers

Passport also offers edge-device protection with next-generation firewalls and intrusion prevention from Palo Alto Networks. (Note: Palo Alto Networks is a client of ZK Research.) Palo Alto also brings virtual firewalls to Aryaka that are hosted in popular cloud services such as Microsoft Azure and Amazon Web Services.

While Aryaka has a huge global private network, not all customer traffic can be kept on their backbone, meaning some will have to hit the Internet. To secure these connections for internet-bound traffic, Aryaka is leveraging a partnership with Zscaler and Palo Alto’s Global Protect Cloud Service. Think of the encryption and DDoS protecting “on net” traffic, and Zscaler and Palo Alto securing “off net” traffic. Given the rise of SaaS applications, this service will get increasingly more important. Aryaka also offers the equivalent of direct connectivity to all cloud and SaaS applications. 

Aryaka’s Passport provides its customers with up to six layers of security, so if a breach happens, only that layer is compromised and the rest of the network is secure.  This multi-layered approach may be overkill to smaller businesses, but it is critically important in the large enterprise, which is Aryaka’s primary customer base.

The cloud has been a huge game changer for businesses and has caused them to look at different network architectures to optimize user experience and control costs. The evolution of the network must be accompanied by a shift in security strategy. Long gone are the days when one could deploy a massive firewall and expect that to be the extent of the security. Now, security needs to be everywhere — in the network, the cloud, internet, and the network edge. Aryaka’s Passport is unique in the SD-WAN market, as it operates at every critical layer.