Future-proof IT

Five signs your traditional software-defined wide area network isn’t keeping up

Feb 05, 2024
Five signs your traditional software-defined wide area network isn’t keeping up

Editor's note: This post was authored by Naresh Kumar, VP of product management at Zscaler.

With the realization that old IT infrastructures are not designed to support the diverse hybrid working arrangements we see today, Zscaler customers challenged us to enable the work-from-anywhere paradigm. With our lead in zero trust, we knew we could offer our legendary security and performance benefits without compromise across a wider area of corporate infrastructure. 

So, last month, we launched our Zero Trust SD-WAN solution and portfolio of plug-and-play appliances as part of our single-vendor SASE announcement. You may have attended the launch event

With ZT SD-WAN, you can finally create a secured café-like branch experience so that your employees have a seamless digital experience as they roam from morning coffee at Starbucks to the local sales office for lunch and some in-person meetings before heading back home to complete a report as dinner simmers on the stove. 

The solution allows you to securely connect locations like branches, factories, hospitals, retail locations, and data centers with secure inbound and outbound zero trust networking without overlay routing, additional firewall appliances, or policy inconsistencies.

If you are curious about what this could mean for you, consider the five reasons why our customers have been using our Branch Connector appliances to connect branches through the Zscaler Zero Trust Exchange as a forwarder since 2022. Now add in the possibilities for the new deployment option as an inline gateway with dual ISP connectivity and high availability.  

Zscaler Branch Connector
Customer deployment of a pair of ZT-400 Z-Connector appliances with 200 Mbps and four GE ports each and Trust Platform (TPM) 2.0.

1. Your SD-WAN mesh of site-to-site VPNs is holding back your zero trust strategy 

SD-WANs are virtualized network overlays that use site-to-site VPN tunnels and routing protocols. While you can use them instead of expensive MPLS networks, they have drawbacks. They can expand your attack surface into infrastructure you do not directly control and they can allow attackers to move laterally from one site to another exposing your organization to cyber risks. You can try to contain these risks with network-based segmentation, but that means more firewall appliances at the branch and complex network-based security policies. Why play in a minefield of potential errors that expose you to business risk when you can move it all to a zero trust architecture? 

2. You’ve suffered the consequences of a cyber attack in one branch office in another location(s)   

In a typical network setup, site-to-site VPNs create an extensive, routable network in which a single infected device can quickly spread malware or compromise the entire network. Lateral movement allows threats and bad actors to traverse across your WAN in search of high-value targets and you know how challenging it is to contain and mitigate them while isolating the point of compromise. 

3. Your mergers and acquisitions are slowed down by IT integration

What if you could eliminate 80% of the cyber risks during an M&A and speed up the IT part from months to days? By simplifying IT integration with zero trust, customers like Cornerstone Building Brands have benefited from a more secure, less costly, and less complex alternative to traditional IT. Capture value faster by only integrating what is needed, or at least prioritize what is needed and do away with complex network engineering, end user and ID management, and IT standardization projects. By deploying Zero Trust SD-WAN at an acquired site, enterprises can steer traffic to Zero Trust Exchange, which brokers the connection from the other end for secure communication. 

4. Your suppliers can’t securely connect to your operational technology 

Depending on your industry, you may need to connect apps such as building management or HVAC systems, industrial machinery, fire control systems, or assembly line robots to outside vendors, contractors, and third parties. With our plug-and-play Z-Connector appliances, you can extend zero trust based connectivity from your OT network to your third-party users or systems easily and securely, allowing you to avoid adding an attack surface since you are not exposing RDP/SSH/VNC ports. 

5. You don’t have a handle on your “things” across your Internet of Things

Consider your server-to-client communication connections. Imagine the print server in a data center may need to issue a print command to a remote printer in a branch location. With ZT SD-WAN, there are no exposed service ports that a hacker could exploit to breach the network. All branch communication is proxied through Zero Trust Exchange, which stitches the connection between the print server and the remote printer. By extending zero trust security to all entities, such as users, IoT/OT devices, and servers, your overall security goes up and your risk goes down.

Zscaler delivers the world's most comprehensive SSE protection across users, workloads, and IoT/OT. The Zscaler Zero Trust Exchange platform is a purpose-built SSE solution for risk reduction, performance, and scalability. Now that our platform more seamlessly connects to branches and data centers, you can eliminate the attack surface and prevent lateral threat movement inherent in traditional SD-WAN solutions.

What to read next 

Introducing Zero Touch Branch Connectivity

‘Un-networking’ the corporate office

How Zero Trust can accelerate your M&A strategy in 2024