Test Criteria

What Does a Secure SD-WAN Need to Provide in Order to Pass?

A summary of the requirements that ICSA Labs tests in its Secure SD-WAN testing service are listed below:
  • Support for multiple WAN paths
  • Dynamic path selection
  • Auto-provisioning of SD-WAN edge devices
  • Single pane-of-glass administrative interface
  • Configure, deploy firewall policies on SD-WAN edge devices
  • Capability to perform secure remote upgrades of SD-WAN edge devices
  • Identification and authentication of administrative users
  • Secure remote administration
  • Confidentiality of in-transit administrator communications
  • Confidentiality of in-transit sensitive data
  • Real-time metrics, reporting of data items & relevant status information
  • Logs with relevant data for select security, operational & administrative events
  • Industry-accepted crypto protecting remote admin sessions, in-transit administrative data & in-transit sensitive data
  • Support for advanced security functions (either built-in or via service chaining)
  • Properly enforces policies applied to SD-WAN edge devices
  • Stateful inspection of permitted network traffic
  • Invulnerable to known attacks including DoS attacks
  • Introduces no vulnerabilities to any systems
Please review the full set of pass/fail testing criteria against which SD-WAN solutions are tested.   ICSA Labs welcomes any feedback from enterprises and SD-WAN vendors alike.