What Does a Secure SD-WAN Need to Provide in Order to Pass?
A summary of the requirements that ICSA Labs tests in its Secure SD-WAN testing service are listed below:
- Support for multiple WAN paths;
- Dynamic path selection;
- Auto-provisioning of SD-WAN edge devices;
- Support for advanced security functions (inherent or via service chaining);
- Identification and authentication for administrative users;
- Secure remote administration;
- Can configure, disseminate & enforce policies @ SD-WAN edge devices;
- Confidentiality of in-transit administrator communications;
- Confidentiality of any sensitive data in-transit;
- Capability to perform secure remote upgrades of SD-WAN edge devices;
- Real-time metrics + reporting of data items & relevant status information;
- Logs with relevant data for a selection of security, operational & admin events;
- Industry-accepted crypto for protecting remote administration sessions;
- Industry-accepted crypto for protecting in-transit administrative data;
- Industry-accepted crypto for protecting in-transit sensitive data;
- Invulnerable to known attacks;
- Introduce no vulnerabilities to any systems.
Please review the full
draft set of criteria. Because it is a "draft" set of criteria requirements (and will remain so until tested products begin to attain certification), ICSA Labs welcomes any feedback from enterprises and SD-WAN vendors alike.