SD-WAN changing the game for service and security assurance

sd wan firewall

In British detective shows, a large number of closed-circuit TV (CCTV) cameras in cities across the U.K. are always a reliable source of evidence. But there are inevitable gaps in camera placement, where suspects move about unseen.

What does this have to do with network and application service assurance in the age of Software-defined Wide Area Network (SD-WAN)?

SD-WAN offers service providers a big opportunity: the ability to see and control traffic more effectively through virtual connections and in near real-time ― both on the WAN and Internet connects and beyond them to the endpoints. So there are no more blind spots. You gain full visibility of traffic end-to-end via the deployment of virtual service assurance functions at the network edge.

The Benefits extending visibility to the premises 

Why should network operators care? Because for starters, as with SD-WAN, it’s going to lower your costs.

Improved visibility will both strengthen an operator’s (SLA), as well as help drive down OpEx by reducing truck rolls. Similarly, the ability to strengthen premise security over an SD-WAN link through enhanced service assurance capabilities in virtual services by increasing visibility.

With such a solution in place for your SD-WAN customers, you’re getting more reliable information, in real-time, on application performance and security events, than ever before. Feeding your information base is traffic data from the data center to the edge and from the edge to the end user’s device. 

It’s like installing another CCTV camera, via software, to see deeper into the network in the search for traffic anomalies that can be either threats or inefficiencies.  

How SD-WAN supports new service offerings

The SD-WAN architecture gives you the opportunity to more easily and quickly deploy software features for many operational functions that can now extend beyond the WAN to the endpoints in the customer’s network. Now you can deploy a white box universal CPE (uCPE) and bring up virtual elements such as a firewall or other security features. These VNFs can now report much richer, packet-level traffic analysis for enhanced security. Adding virtual network functions (VNFs) has gotten much simpler than having to set up multiple tunnels over MPLS. 

Use Case: Improved Managed Security

Firewall performance and managed security offerings can be greatly enhanced by adding traffic pattern analysis based on the monitoring of packet flow. During a distributed denial of service (DDoS) attack, for example, while the firewall might be looking for unique digital signatures, a service assurance VNF could identify both DDoS campaigns as well as unusual traffic patterns that are occurring during such an attack. The latter is a big deal since many DDoS campaigns are diversionary tactics while the real theft occurs unnoticed.

In the Internet of Things (IoT) age, where all of a sudden simple devices become Internet-enabled, they run the risk of being hacked. Malware, network exploits, and data theft can be launched from within your network via a backdoor to a managed device. Using tools deployed as VNFs in the SD-WAN service, you use probes and synthetic, diagnostic transactions to remotely monitor and understand the health of the WAN and premise applications. These tools can capture and report on traffic from every device and correlate this traffic data in real-time across a provider’s network, for deep visibility and split-second diagnostics, alerts, and responses.  

Other Opportunities to Leverage Traffic Metadata

The traffic metadata generated by this type of enhanced service assurance solution can be used for a lot more than just bolstering your network defenses. It can also become part of an indexed repository of valuable information that you can use to inform real-time and actionable operational intelligence, business and marketing strategy, product and service design, and other initiatives.  

With traffic volumes increasing and becoming more complex and the continual race to stay one step ahead of cybercrime techniques, the ability to virtually monitor, collect, and process traffic data at a packet level, end-to-end, across networks, and then respond with operational changes is quite an accomplishment. It’s possible, at minimal cost, using VNFs in the SD-WAN.

Data mining of user and application traffic and network and service sessions, from the source as it crosses the wire, eliminates the need for expensive middleware or aggregation servers. The metadata (generated without installing device agents or complex provisioning) can now include key traffic indicators, key performance indicators, and Layer 4 through 7 problem indicators for the discovered applications and servers. This type of VNF-based network and application service assurance solution can support hundreds of enterprise applications, including voice and video.

It’s definitely worth your consideration if you’re deploying an SD-WAN service.

NETSCOUT provides technologies that capture deeper traffic data than ever before across diverse network topologies for service providers and enterprises and Smart Data solutions to make it usable for service assurance, business analytics, and security. 

~Written by Gene Knauer. Gene is a senior content marketing writer who works with technology companies in a variety of B2B marketing communications projects.