What Does a Secure SD-WAN Need to Provide in Order to Pass?
A summary of the requirements that ICSA Labs tests in its Secure SD-WAN testing service are listed below:
- Support for multiple WAN paths
- Dynamic path selection
- Auto-provisioning of SD-WAN edge devices
- Single pane-of-glass administrative interface
- Configure, deploy firewall policies on SD-WAN edge devices
- Capability to perform secure remote upgrades of SD-WAN edge devices
- Identification and authentication of administrative users
- Secure remote administration
- Confidentiality of in-transit administrator communications
- Confidentiality of in-transit sensitive data
- Real-time metrics, reporting of data items & relevant status information
- Logs with relevant data for select security, operational & administrative events
- Industry-accepted crypto protecting remote admin sessions, in-transit administrative data & in-transit sensitive data
- Support for advanced security functions (either built-in or via service chaining)
- Properly enforces policies applied to SD-WAN edge devices
- Stateful inspection of permitted network traffic
- Invulnerable to known attacks including DoS attacks
- Introduces no vulnerabilities to any systems
Please review the full
set of pass/fail testing criteria against which SD-WAN solutions are tested. ICSA Labs welcomes any feedback from enterprises and SD-WAN vendors alike.