Security Features of Cisco SD-WAN: A Comprehensive Guide

With the expanding attack surface at branch locations, especially due to local breakouts and direct internet access, securing these locations has become increasingly critical. Cisco's Secure SD-WAN aims to tackle this challenge by embedding key security capabilities directly within the SD-WAN solution. This unification allows for cohesive management and more effective protection of the network.

Key Security Capabilities

  1. Enterprise Firewall with Application Awareness:

    • Function: Utilizes Cisco’s NBAR2 engine to detect over 1400 applications.

    • Benefit: Provides granular control and visibility over application traffic, allowing precise policy enforcement.

  2. Intrusion Prevention Systems with Cisco Talos Signatures:

    • Function: Uses signatures from Cisco Talos, one of the largest threat detection networks, to recognize and stop known threats.

    • Benefit: Helps in proactively defending the network against emerging threats and potential vulnerabilities.

  3. URL Filtering:

    • Function: Enables the blocking or allowance of URLs based on categories and reputation scores.

    • Benefit: Assists in enforcing acceptable use policies and preventing access to potentially harmful websites.

  4. DNS/Web-layer Security with Cisco Umbrella:

    • Function: Offers a first line of defense against threats like malware, botnets, phishing, and targeted attacks.

    • Benefit: Adds an extra layer of security, protecting all branch users and supporting seamless integration with other security features.

Additional Advantages

  • PCI Compliance: Helps in meeting the requirements of Payment Card Industry standards, safeguarding sensitive payment information.

  • Segmentation: Allows for the logical separation of network segments, enhancing security by isolating different parts of the network.

  • Threat Protection: Offers a robust defense against a wide range of cyber threats, reducing the risk of successful attacks.

  • Content Filtering: Facilitates control over the types of content that can be accessed within the network, aligning with organizational policies and legal compliance.

Cisco SD-WAN Security Features

Enterprise Firewall with Application AwarenessThis stateful firewall utilizes the Network-Based Application Recognition (NBAR2) engine to identify over 1400 applications. It provides granular control over application access, prioritization, and blocking, ensuring optimal network performance in alignment with organizational policies.
Intrusion Prevention System (IPS)Leveraging Cisco Talos, one of the largest threat detection networks, the IPS is equipped with continually updated signatures to detect and prevent known and emerging threats. Deployed using a security virtual image, it adds an essential layer of protection to the network.
URL FilteringURL Filtering in Cisco SD-WAN offers control over web access based on 82 different categories and web reputation scores. It can block or allow specific URLs, helping to enforce acceptable use policies and prevent access to potentially harmful content. Like IPS, it is also deployed using a security virtual image.
Advanced Malware Protection (AMP)AMP delivers global threat intelligence, advanced sandboxing, and real-time malware blocking. This system continuously monitors file activity across the extended network, enabling rapid detection, containment, and removal of advanced malware. It’s designed to prevent breaches and is deployed using a security virtual image for seamless integration.
Cisco Umbrella IntegrationCisco Umbrella is a cloud-based security solution that acts as a first line of defense against various cybersecurity threats, including phishing and malware. Integrated with Cisco SD-WAN, it provides additional protection by enforcing security at the DNS layer, blocking malicious domains, and providing secure web gateway functionality.

Cisco SD-WAN's Enterprise Firewall with Application Awareness is a specific feature that focuses on providing a security layer with the ability to recognize and control application traffic within the network. Here's a more detailed look at this particular feature:

Enterprise Firewall with Application Awareness

1. Stateful Firewall Functionality:

The Enterprise Firewall with Application Awareness in Cisco SD-WAN is a stateful firewall, meaning it tracks the state of active connections and makes decisions based on the context of the traffic. This ensures that only legitimate and approved traffic is allowed, and all other traffic is blocked.

2. NBAR2 Application Detection Engine:

The feature leverages Cisco’s Network-Based Application Recognition (NBAR2) engine to identify over 1400 applications, including cloud-based applications, web services, file-sharing platforms, and more. This deep level of recognition allows the firewall to differentiate between applications, providing granular control.

3. Application Visibility and Control:

Administrators can gain visibility into the types of applications being used within the network. This information can be leveraged to create specific policies that control the usage of these applications, ensuring that network resources are used efficiently, and security is maintained.

4. Policy Enforcement:

The ability to recognize applications enables the creation of detailed policies that can prioritize, limit, or block specific applications or categories of applications. This ensures alignment with business goals and compliance requirements.

5. Integration with Other Security Features:

The Enterprise Firewall with Application Awareness can be integrated with other Cisco SD-WAN security features like Intrusion Prevention System (IPS), URL Filtering, and Advanced Malware Protection (AMP) to provide a comprehensive security solution.

6. Ease of Management:

Centralized management allows network administrators to manage and update the firewall policies across all sites in the network from a single interface.

7. Scalability and Performance:

Designed to handle the demands of modern enterprise networks, the firewall offers scalability and high performance without compromising the user experience.