Software-defined wide area networking, or SD-WAN, evolved as a replacement for multi-protocol label switching (MPLS). MPLS was designed to provide pre-determined, high-performance routes, typically between branch offices, headquarters, and private data centers. However, the high cost of MPLS service compared to the ubiquity and lower cost of public broadband internet has made SD-WAN an attractive alternative for many companies.

SD-WAN uses dynamic, policy-based routing decisions to provide the same level of performance and reliability as MPLS without relying on dedicated WAN circuits. It uses virtualized network overlays to connect corporate offices and data centers, as well as routing traffic directly to the internet. With SD-WAN, routing decisions are determined based on an application’s specific needs and conditions on available networks. SD-WAN routes are not limited to those based on WAN transport technologies and can choose an optimal path across various mediums (e.g. broadband, MPLS, 4G LTE, etc.). Defined priorities, like prioritizing corporate voice or video traffic, allows for the best possible quality of experience (QoE).. 

How Is SD-WAN Related to SASE?

While SD-WAN solves the problem of supporting QoE service level agreements at a reasonable price, it does not address cloud security challenges. Secure Access Service Edge, or SASE, groups SD-WAN with cloud security services such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA)

With SASE, organizations can extend consistent security policies to all enterprise resources, regardless of the location of the user or resource they are trying to access. Security teams can also manage policies to secure SaaS apps and on-premises resources, control access to web destinations, identify shadow IT, and enforce data loss prevention (DLP) all from a single control point. With SASE, organizations can deliver consistent security across all corporate locations, virtual private data centers, and remote users.

Securing SD-WAN Architectures with SASE

Now that many SD-WAN offerings are directly connected to the public cloud through platforms like AWS, organizations can leverage SASE to secure practically any SD-WAN architecture. 

By deploying SASE, organizations gain consistent data and threat protection for all headquarters, data center, and remote locations. Common use cases and benefits of integrating SASE include: 

Advanced Threat Protection (ATP)

Modern hyper-connected workplaces mean malware can easily spread across cloud resources, corporate networks, and user devices. Behavior-based techniques are critical to detecting malware, especially zero-day malware, to prevent infection and reinfection. By leveraging integrations with advanced detection engines, organizations can extend ATP to SD-WAN architectures without having to install software on user devices, securing users regardless of their location. 

Data loss prevention (DLP)

Whether accessing a cloud app or on-premises resources, SASE can enforce DLP policies across a SD-WAN solution. Through mechanisms like advanced regex, exact data match, and file fingerprinting, integration ensures that sensitive resources are not exposed. Not only can SASE help prevent data loss, it can enforce policies and remediate by encrypting, redacting, or applying digital rights management (DRM). 

Contextual Access Control

Contextual access control ensures that authorized users are able to access the corporate resources needed to perform their jobs. Granular access policies can be defined based on factors like access method, device, location, user group, or other custom characteristics. Step-up security, like requiring multi-factor authentication, can also be enabled for privileged users or to access privileged resources. This allows for secure access to cloud and on-premises resources in a way that adheres to zero trust principles. 

Complete Visibility

SASE ensures comprehensive visibility across SD-WAN architectures, supplementing networking logs with security activity logs for all users, files, app, and web activities. Admins can easily generate reports to enable audits, demonstrate regulatory compliance, and ensure security policies are adhered to across headquarter, datacenter, branch, and remote locations. 

Bitglass SASE with SD-WAN

Bitglass SASE delivers superior user experience and performance via a true cloud architecture to secure any SD-WAN architecture. Through native AWS integrations using AWS Transit Gateway Connect, Bitglass provides comprehensive data and threat protection for cloud, web, and networks without requiring additional hardware or complex maintenance resources. Unlike other limited offerings, Bitglass’ SASE solution combines a Gartner-MQ-Leading CASB, the world’s only SWG that can be deployed locally on user endpoints, and advanced ZTNA to secure any interaction between any devices, apps, web destinations, on-premises resources, or infrastructure. Bitglass ATP is also included, protecting organizations against zero-day threats using advanced, behavior-based detections and leveraging detection engines from CrowdStrike, Cylance, and Bitdefender

Bitglass integrates with leading SD-WAN providers including those from Aruba, 128 Technology, Fortinet, Silver Peak, Citrix, Arista Networks, Aviatrix, Sophos, Cisco, Alkira, Aryaka, Palo Alto Networks, Versa, and more. 

Learn more about integrating Bitglass SASE with your SD-WAN. 


Bitglass SASE with SD-WAN


Learn more about integrating Bitglass SASE with your SD-WAN. Request a free trial below.