With so much enterprise network traffic now destined for the cloud, backhauling traffic across an expensive MPLS connection to a data center to apply security policy no longer makes sense. Software-defined WANs (SD-WAN) promise lower transport costs with direct, higher-performing connections to cloud and Internet resources. But what are the security implications of moving traffic off of private MPLS VPNs and onto public broadband links?

This article tackles the above and many more questions around enterprise WAN network connectivity options and the different type of SD-WAN network implementations along with their advantages and disadvantages.

Here’s what we’ve got covered for you:

• SD-WAN Deployment Options
• Do-It-Yourself (DIY) – Deploying Security at Each Site
• Telco Managed SD-WAN Services
• SD-WAN as a Service
• Summary

Directly connecting branch offices to the cloud increases your exposure to malware and Internet-borne attacks, expanding your attack surface across many sites. If not adequately addressed, these risks could outweigh the cost and performance benefits of SD-WAN. Let’s take a look at the SD-WAN options for securing your sites.

SD-WAN Deployment Options

There are a few SD-WAN options available. Each requires a different approach to branch security:

• Do it yourself (DIY): It’s possible to build and manage your own SD-WAN by deploying firewalling and unified threat management (UTM) capabilities yourself at each branch site. You can install separate physical appliances for each type of security you need or run the security tasks as virtual network functions (VNFs) in software. VNFs usually run in a special CPE appliance, but it may also be possible to run the VNFs in your branch router, depending on which router vendor you use.

• Telco managed SD-WAN services: This option mirrors the DIY approach above; however, a telco resells the needed SD-WAN appliances and software to you and manages the installation on your behalf. The SD-WAN setup is the same but lightens the load on your IT staff and reduces the need for specialized SD-WAN skill sets in-house.

• SD-WAN as a cloud service (“SD-WANaaS”) from a software-defined carrier (SDC): With this option, most SD-WAN functions run as a distributed, multi-tenant software stack in a global, private cloud maintained by your SDC. The provider integrates multiple levels of security into the network in the cloud, and your traffic traverses the SDC provider’s own IP backbone, avoiding the risk and best-effort performance challenges of the public Internet.

Let’s take a closer look at each approach.

There are two primary approaches to web application security testing. Dynamic Application Security Testing (DAST), also called black box testing, imitates an attacker.

The application is tested from the outside with no access to the source code or the web server. Static Application Security Testing (SAST), also called white box testing, imitates a code reviewer. The application source code is analyzed from the inside.

Before we dive deeper into these interesting web application testing and vulnerability scanning technologies, let's take a quick look at what's covered:

• Analyzing Dynamic Security (DAST) & Static Application Security Testing SAST) Mechanisims
• Interactive Application Security Testing (IAST)
• Web Application Vulnerability Scanning - Automation to the Rescue
• Where's the Catch? Supporting PHP, Java and .NET

Analyzing Dynamic Security & Static Application Security Testing

Both of these methods have lots of advantages. The DAST approach is very practical and has huge coverage. You can run a black box test on an application written even in the most exotic technology or language. Its coverage is even bigger because detected vulnerabilities can be caused for example by bad configuration and not by mistakes in the source code.

On the other hand, SAST can let you discover some things that are not obvious when seen from the outside. For example, additional URLs or parameters. With white box testing, you also know immediately where the problem is located in the source code so it speeds up fixing.

IAST provides precision web vulnerability scanning

Imagine how effective a security scan can be if you were to join the two methods together! And no, this is not just theory, it actually exists. The merger of these two approaches is called Interactive Application Security Testing (IAST) or gray box testing and is available for example in Acunetix (thanks to its AcuSensor technology).

A free trial Web Vulnerability Scanner can be downloaded from: Acunetix

What Can You Do with IAST?

Implementing Infrastructure as a Service (IaaS) is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in the upcoming webinar from Altaro: How to Supercharge your Infrastructure with Azure IaaS.

The webinar will be presented by Thomas Maurer, who has recently been appointed Senior Cloud Advocate, on the Microsoft Azure Engineering Team alongside Altaro Technical Evangelist and Microsoft MVP Andy Syrewicze.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list for Thomas and Andy to tackle. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Once again, this webinar is going to presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) - or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from these Microsoft experts.

Save your seat for the webinar!

Acunetix has just released their annual Web Application Vulnerability report which aims to provide security professionals, web application developers, system administrators, web server administrators and other interested parties with an analysis of data on web application vulnerabilities detected the past year via scans run on the Acunetix Online platform.

The extensive report has been compiled from scans performed from more than 10,000 targets and reveals some very interesting results about today's security threats and the percentage of organizations that correctly deal with their vulnerable web applications and exploits. From SQL Injection vulnerabilities to Cross-Site-Scripting (XSS) vulnerabilities, popular CMS platform vulnerabilities to remediation steps and more.

Here are some of the report's highlights that will surely interest every IT security professional and web application developer: 

• 46% of websites scanned contained high severity vulnerabilities
• 87% of websites contained medium severity vulnerabilities
• SQL Injection vulnerabilities have declined slightly
• 30% of websites contained Cross-Site-Scripting (XSS) vulnerabilities
• 30% of websites had vulnerable JavaScript Libraries
• 30% of websites were WordPress sites with a number of vulnerabilities

The free to download report is a great opportunity for professionals to learn more about the latest and greatest vulnerabilities circling the web and proactively take measures to ensure their own websites and web applications are properly tested and patched against popular vulnerabilities and attacks.

Here’s vital security information the 2019 Web Application Vulnerability Report contains:

• Vulnerabilities that are rising and falling in frequency
• Vulnerability findings by type and severity
• Changes in the threat landscape from both clients and server sides
• The four major stages of vulnerability analysis
• Detailed analysis of each discovered vulnerability – how it works, pointers and remediation steps
• Current security concerns – increasing complexity of new applications, accelerating rate of new versions and the problem of scale
• Vulnerabilities that are major to the security of all organizations, regardless of their size and location.
• Plenty of useful information and advice aimed for network security professionals, web application developers, IT Managers, security auditors, application architects and more.

The 2019 Web Application Vulnerability Report is offered completely free to download and is used by leading security professionals and web application developers to help understand how to protect network and applications for the latest security threats and web vulnerabilities.

Click image to download

Altaro, a global leader in virtual machine data protection and recovery, has introduced WAN-Optimized Replication in its latest version, v8, allowing businesses to be back up and running in minimal time should disaster strike. Replication permits a business to make an ongoing copy of its virtual machines (VMs) and to access that copy with immediacy should anything go wrong with the live VMs. This dramatically reduces the recovery time objective (RTO).

Optimized for WANs, Altaro's WAN-Optimized Replication enables system administrators to replicate ongoing changes to their virtual machines (VMs) to a remote site and to seamlessly continue working from the replicated VMs should something go wrong with the live VMs, such as damage due to severe weather conditions, flooding, ransomware, viruses, server crashes and so on.

Drastically Reducing RTO

"WAN-Optimized Replication allows businesses to continue accessing and working in the case of damage to their on-premise servers. If their office building is hit by a hurricane and experiences flooding, for instance, they can continue working from their VMs that have been replicated to an offsite location," explained David Vella, CEO and co-founder of Altaro Software.

"As these are continually updated with changes, businesses using Altaro VM Backup can continue working without a glitch, with minimal to no data loss, and with an excellent recovery time objective, or RTO."

Click here to download your free copy now of Altaro VMware Backup

Centralised, Multi-tenant View for MSPs

Managed Service Providers (MSPs) can now add replication services to their offering, with the ability to replicate customer data to the MSP's infrastructure. This way, if a customer site goes down, that customer can immediately access its VMs through the MSP's infrastructure and continue working.

With Altaro VM Backup for MSPs, MSPs can manage their customer accounts through a multi-tenant online console for greater ease, speed and efficiency, enabling them to provide their customers with a better, faster service.

How to Upgrade

WAN-Optimized Replication is currently available exclusively for customers who have the Unlimited Plus edition of Altaro VM Backup. It is automatically included in Altaro VM Backup for MSPs.

Upgrading to Altaro VM Backup v8 is free for Unlimited Plus customers who have a valid Software Maintenance Agreement (SMA). The latest build can be downloaded from this page. If customers are not under active SMA, they should contact their Altaro Partner for information about how to upgrade.

New users can benefit from a fully-functional 30-day trial of Altaro VM Backup Unlimited Plus.