- Protecting the branch edge: The first component is a next-generation firewall to extend security from the edge of the SD-WAN connection to wired and wireless access controllers to ensure that all inbound and outbound traffic, including direct internet and cloud links, is inspected and secured at digital speeds – even when encrypted. However, not all next-generation firewall (NGFW) solutions are alike. An NGFW designed for SD-Branch needs to provide consolidated security, network access controls and unified management in a single solution.
- Protecting access: Secure access points are another critical element for protecting the SD-Branch. Wi-Fi access points need to provide adequate capacity and throughput to keep up with expanding bandwidth needs, switches need to support higher speeds, and they should also offer adequate Power over Ethernet (PoE) to run even the most power-hungry IoT devices.
- Protecting devices: Per-device security is another critical component of the SD-Branch. The proliferation of IoT devices at branch and retail locations represents a significant threat to organizations. The same is true for the expansion of end-user devices. Any devices seeking network access need to be properly identified and segmented, which requires a network access control solution. NAC solutions for the SD-Branch need to provide automatic device discovery and classification, and intent-based segmentation to secure chronically insecure IoT devices. SD-Branch NAC solutions also need to work with the NGFW to continuously monitor devices for anomalous behavior via traffic scanning to not only detect bad device behavior, but respond by dynamically quarantining those devices for remediation.
- Zero-touch provisioning: Because branch offices and retail locations rarely have on-site IT staff, zero-touch deployment is another table-stakes requirement. True zero-touch deployment means that once an SD-Branch security device is connected to a power supply it can automatically connect through the SD-WAN to a central or cloud-based management solution, immediately update components, auto-discover the branch network and connected devices, initiate device onboarding, establish and secure access points and implement security policies such as segmentation – all without human intervention.
- Centralized management: Integrated management via a single-pane-of-glass console simplifies enterprise branch deployments by centralizing and automating network and security functions such as configuration checking and updates, patching, remote management and analysis, policy updates and orchestrated threat response.
When properly positioned, SD-Branch can significantly expand your selling opportunities:
- First, what many organizations looking to update their branch connectivity with SD-WAN actually want to do is extend digital business capabilities to their remote users and devices. SD-WAN alone only provides part of that solution. As a result, these organizations still end up having to update the capabilities of the branch network itself. By adding SD-Branch to an SD-WAN opportunity up front, organizations can realize the value and capabilities they’re looking for, while doubling or tripling the size of a simple SD-WAN opportunity.
- Second, with more than 60 SD-WAN vendors in the market today, competition can be fierce. By explaining the advantages of an SD-Branch solution, and then helping the customer reframe requirements to extend advanced networking and security functionality into the branch itself, you automatically narrow the field of competition.
There are currently millions of branch office and retail locations that could directly benefit from an SD-Branch upgrade. SD-WAN deployments are an excellent starting place for discussing the advantages of an SD-Branch solution. Or, SD-WAN and SD-Branch can be positioned as a single solution, with the advantage of tying together connectivity and security issues right from the start. By joining these solutions, you help organizations achieve their branch transformation goals and reduce deployment time and complications while also lowering TCO. And at the same time, channel partners increase their profitability, making it a win-win opportunity.
Jon Bove is the vice president of Americas channels at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. as the company seeks to help them build successful — and profitable — security practices. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.