By Shira Landau, Editor-in-Chief,


Branch offices are critical among financial services groups, in the retail sector and in healthcare, where consumers prefer to interface with business representatives or providers directly, as opposed to via virtual environment. Most branch offices need internet, which means that the parent organization must determine how to provide internet delivery and internet security services for each branch.

WAN architecture was initially designed to assist businesses in connecting branch offices and data centers. WAN provides high levels of connectivity across the enterprise environment. However, many organizations have migrated to SD-WAN, which can help reduce complexity, lower latency, improve agility and account for an increase in remote work operations.

Ninety percent of organizations are expected to migrate to SD-WAN architecture by 2023. But SD-WAN can pose significant cyber security risks. In leveraging SD-WAN, security should be a priority from day one. If you are an SD-WAN security decision-maker, these 10 considerations can assist you in making a strong purchasing decision.

  1. When mapping out an SD-WAN security strategy, prioritize a security solution with top-rated threat prevention, flexible deployment options, and scalable management for security policy consistency. These features can provide exponential advantages for your enterprise, especially within a continued climate of pandemic-driven uncertainty.
  2. Get an SD-WAN security solution that integrates with your business’s existing SD-WAN investment, if extant. Consider solutions that combine the best of SD-WAN networking providers and the best of SD-WAN security. This is a no-compromise approach that gives organizations a strong return on investments.
  3. Identify security solutions providers that can continually provide your organization with the latest threat intelligence. This helps block thousands of zero-day and next-generation cyber security threats on a daily basis. Some threat intelligence tools leverage components that allow threats identified on one device to be automatically propagated as an IoC (Indicator of Compromise) to protect branch, mobile and cloud-hosted assets from the same zero-day threat.
  4. Top rated threat prevention technologies are essential. Seek out solutions providers that consistently receive high scores via independent, third-party tests. For example, Check Point’s Harmony Connect service and Quantum Edge VM both represent NSS top-rated threat prevention tools, with a 100% cyber attack catch rate.
  5.  The less time spent on deployment, the better. Some security products for WAN architecture and SD-WAN architecture can be deployed in 10 minutes or less. In addition, rapid deployment options mean that enterprises can secure to far away locations overnight; without sending IT personnel to those branches. The future is in automated provisioning with zero-touch deployment.
  6. Seek out SD-WAN security vendors that prioritize enabling businesses to reduce operational expenses. The right WAN architecture can slash your expenditures by 20-40%. A combination of zero-touch deployment, reengineering of network infrastructure and turn key management options can reliably lower costs.
  7. Security-as-a-Service products can provide efficient deployment of consistent security across thousands of branches. These types of products always have the latest security features and include integration of the latest updates, enabling your enterprise to retain sophisticated security under any circumstances.
  8. Products with minimal hardware can help you keep SD-WAN security simple while delivering high-performance services for business critical activities. Minimal hardware requirements mean greater centralization and less time spent coordinating with support personnel all over the country or all over the world.
  9. Single-pane-of-glass solutions allow businesses to maintain complete visibility of the SD-WAN connectivity status, quality of service (QoS), and resource allocation within systems. SD-WAN consoles should provide metrics such as network egress from specific branch offices, QoS of business critical applications, and real-time performance for each WAN link.
  10. SD-WAN security solutions can enable businesses to better secure remote users. Some SD-WAN security technologies enable organizations to enforce security policies directly on users’ devices. SD-WAN can also provide encrypted connectivity between end-user devices, cloud-gateways and private cloud resources, ensuring the integrity of your data as employees use and manage it.

In addition, secure your SD-WAN with an integrated next generation firewall, integrated web filtering and intrusion prevention technologies, sandboxing, and HTTPS inspection. All of these capabilities lead to a stronger cyber security posture.

Protect your branch traffic 24/7. For more information about WAN architecture, SD-WAN and securing branch offices, click here or see our SD-WAN Buyer’s Guide. Want to learn even more about WAN architecture? See how WAN architecture relates to SASE. Lastly, to receive impactful insights, cutting-edge analysis and robust resources each week, sign up for the Cyber Talk newsletter.