We’ve seen the articles. The adoption of software-defined wide-area networks (SD-WAN) is on the rise1, and for good reason. 

The story of embracing SD-WAN is really a story about digital transformation (DX), amplified by the pandemic. Yes, organizations were already in the midst of figuring out what DX meant for their network, data and applications before 2020. But when COVID-19 sent a huge percentage of the workforce home, it was no longer a question of whether an organization should digitize, but rather how they should do it.

Almost immediately, businesses had to deal with higher network traffic from remote workers. And with them, an increased demand for cloud-first applications, APIs and voice, video and collaboration capabilities. 

Embracing SD-WAN is the logical choice for improved network performance and reliability. 

Even if remote workers return to the office full time – and many are not2 – SD-WAN was and still is the right call for the demands of DX3. Legacy wide-area networks (WANs) simply aren’t equipped to support cloud-first business strategies, and this will only become more problematic as time goes on.

One big but…

The way people talk about DX technologies is often rosy, because they solve a lot of problems.

Having said that, DX does come with certain challenges, not the least of which is giving bad actors a bigger target to hit (or hack). In many cases, organizations choose to deploy SD-WAN with broadband internet network connectivity, and when compared with private connectivity, it significantly expands your attack surface.

It might be tempting to minimize the threat of cyber attacks, but they’re a real, expensive and increasing threat. According to recent threat reports4, ransomware cyber attacks in 2021 were up 105% from the year before. There was also a 65% spike in never-before-seen malware.

New threats are the hardest to keep up with because security measures generally require constantly scanning for threats. As just one example: Chemical distributor Brenntag paid $4.4 million USD in 2021 to prevent the DarkSide ransomware group from publicly leaking stolen data5. This is an example of double extortion, and it’s becoming more common.

Out-of-the-box SD-WAN security is not enough

Some advanced SD-WAN providers have integrated security features, which is the future of secure networking, and goes a long way in preventing threats and mitigating risk. These features often include next-generation firewall (NGFW) protection, automatic security signature updates and specialist teams to manage the entire security stack. 

Here are some questions you can ask yourself about your SD-WAN security. Ideally, your solution would meet all these criteria.

1. Does the solution offer application awareness and automated path intelligence?

You want to be able to help your network teams see which applications are being used across the enterprise and make well-informed decisions about routing across network circuits.

2. Does the solution feature automatic failover capabilities?

It’s important that routing can automatically change to the best-available link, if and when the primary WAN path degrades.

3. Which security and protection measures are included in the solution?

Your team likely already knows the features you have, but this question is really about asking what isn’t included. 

4. Which managed services are covered with the solution?

If you are looking for a managed service, it is important to understand which elements are and are not managed by the service provider. It could include comprehensive services like network/security architecture design, installation, CPE and WAN links, monitoring, updates and reporting.

For those who want specifics, here’s a shopping list of features you can take with you on your search for secure SD-WAN:

Security is a battle worth fighting

More and more businesses are going cloud first every day. Their uptake of SD-WAN is also increasing to keep pace with network demands. But these changes exciting as they are should not move forward without proactive network security. 

Businesses can’t afford to forget the quiet-but-constant battle happening in the background. Threat actors are sophisticated and they’re always adjusting their strategies. By prioritizing robust SD-WAN security, you stay on top of protecting your network, your data and your reputation.


1 “Futuriom expects the SD-WAN market to reach $2.6 billion in 2021, $3.5 billion by 2022, $4.6 billion by 2023.” https://www.futuriom.com/articles/news/the-2021-sd-wan-growth-report-is-here/2021/06
2 Gallup, Remote Work Persisting and Trending Permanent, October 2021, https://news.gallup.com/poll/355907/remote-work-persisting-trending-permanent.aspx
3 “Indeed, by 2022, 70% of all organizations globally will have accelerated their use of digital technologies, transforming existing business processes to drive customer engagement, employee productivity, and business resiliency.” https://www.idc.com/getdoc.jsp?containerId=US48299421&pageType=PRINTFRIENDLY
4 SonicWall, Cyber Threat Report 2022, https://www.sonicwall.com/2022-cyber-threat-report/?elqCampaignId=13998&sfc=7013h000000MiQZAA0&gclid=CjwKCAiAgbiQBhAHEiwAuQ6BkmbfNdHZWbIdJBPGBn4ut4T3yR5wDxM6JrGQbSMPEUk4O5ClyAmcVxoC7MsQAvD_BwE
5 Chemical distributor pays $4.4 million USD to DarkSide ransomware, https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/


About Acronym

Acronym Solutions Inc. is a full-service information and communications technology (ICT) company that provides a range of scalable and secure Network, Voice & Collaboration, Security, Cloud and Managed IT Solutions. We support Canadian businesses, large enterprises, service providers, healthcare providers, public-sector organizations and utilities. We leverage our extensive network expertise to design and build customized, fully scalable solutions to help our customers grow their businesses and realize their full potential. With more than 20 years’ experience managing the communications system that enables Ontario’s electrical grid, Acronym is uniquely positioned to understand the mission-critical needs of any business to deliver the innovative and reliable services that respond to the changing demands of businesses, and support rapid growth and digital transformation initiatives.

To say cybercrime is increasing is an understatement. It fails to capture the relentless activities of bad actors trying to access sensitive information, interrupt normal business, extort money or gain control of an organization’s own data.

Here are just some of the year-over-year global numbers from a recent Cyber Threat Report1:

It’s not just the frequency of attacks that’s escalating; it’s also the complexity and impact. We’re seeing more double extortion and even triple extortion2 strategies to ensure the success of a ransomware attack. These attacks first steal a copy of your data, such that not only are your systems and data held ransom, but your entire backup set and those who would not want to see it published are targeted. One other consideration is that single-stage ransomware attacks have now become multi-layered, and may not necessarily end after the first stage of infection

Sophos reported that the average ransomware victim paid $812,360 USD in 2021 to get their encrypted data back – and that amount doesn’t include lost revenue3. Adding insult to injury, paying a ransom does not guarantee that files will be recovered or systems will be restored, or that you have any type of guarantee from the bad actors.

So, how do you protect your organization from serious cyber threats? 

Complex problems require sophisticated solutions, and there are two major areas to consider: network security and data security. The offence and defence of protecting your business.

1. Network security

Simply put, network security is all about prevention. It’s any activity that protects the usability and integrity of your network, endpoints and data. But the task is not actually simple, and the number of ways to penetrate one’s network is expanding. The job of protecting your IT infrastructure, then, should go to someone (or some people) who can stay ahead of increasingly elaborate threats. 

After the banner year ransomware has had, an organization’s best bet is to leave network and endpoint security to an expert team. If managed security services (MSS) haven’t been on your company’s radar in the past, now is the time to consider them.

There are certainly financial benefits4 and even operational benefits5 to outsourcing your IT management and security – like scalability, productivity, lower costs, etc. – but the biggest benefit is the access that you get to dedicated expertise and advanced technology. 

With MSS, your service provider’s entire job is to deploy and manage high-quality defences across your company’s digital landscape. 

Whether you choose to outsource your IT security or not, your business should be proactive on network security. Your cyber security team needs to thoroughly understand your network, digital assets and the evolving threat landscape, plus have the ability to adapt and react quickly. 

2. Data/Information security

Data security is all about preparing for the worst, which means ensuring you are backing up your data and protecting it from cybercriminals. If your business finds its systems and data unexpectedly encrypted and is unable to conduct business as usual, professional managed data backup will help you restore your operations.

The key is to identify mission-critical data, plan how to store it and then test the restoration of your data. There are variations of backup rules, but one of the most popular is evolving. The 3-2-1 backup rule has evolved into 3-2-1-1-0, where you have:

Each step is important and will make all the difference in the event of a ransomware attack, but the offline part is key.

Why? Because ransomware threats often target any and all backups on the network or through cloud services. An offline backup set is like a backup of your backups, and can be a lifeline. 

So why have onsite backups at all? For quick and easy file access, they’re still helpful. Local backups are fast, and they help you protect your business data, but they just don’t offer a complete, secure solution on their own.

Conclusion

Cyber threats will keep evolving. Increasing sophistication and technological advancement will make it harder for businesses to detect, and protect themselves against, network infiltration. The most secure organizations will be the most proactive. They will have expert teams managing and monitoring their networks, and actively searching for threats and vulnerabilities. In addition to hardening their network, endpoints and cloud services, best practices now call for placing a backup set “out of reach” to back up your backups.


1 SonicWall, Cyber Threat Report 2022, https://www.sonicwall.com/2022-cyber-threat-report/?elqCampaignId=13998&sfc=7013h000000MiQZAA0&gclid=CjwKCAiAgbiQBhAHEiwAuQ6BkmbfNdHZWbIdJBPGBn4ut4T3yR5wDxM6JrGQbSMPEUk4O5ClyAmcVxoC7MsQAvD_BwE#top

2 Security Intelligence, Ransomware Attackers’ New Tactic: Double Extortion, https://securityintelligence.com/articles/ransomware-double-extortion/

3 Sophos, The State of Ransomware 2022, https://assets.sophos.com/X24WTUEQ/at/4zpw59pnkpxxnhfhgj9bxgj9/sophos-state-of-ransomware-2022-wp.pdf

4 Marco, 8 Financial Benefits of Managed IT Services, https://www.marconet.com/blog/8-financial-benefits-of-managed-it-services

5 Hitachi Solutions, The Importance of Managed Services: 8 Reasons to Partner With an MSP, https://global.hitachi-solutions.com/blog/benefits-of-managed-services/


About Acronym

Acronym Solutions Inc. is a full-service information and communications technology (ICT) company that provides a range of scalable and secure Network, Voice & Collaboration, Security, Cloud and Managed IT Solutions. We support Canadian businesses, large enterprises, service providers, healthcare providers, public-sector organizations and utilities. We leverage our extensive network expertise to design and build customized, fully scalable solutions to help our customers grow their businesses and realize their full potential. With more than 20 years’ experience managing the communications system that enables Ontario’s electrical grid, Acronym is uniquely positioned to understand the mission-critical needs of any business to deliver the innovative and reliable services that respond to the changing demands of businesses, and support rapid growth and digital transformation initiatives.

Distributed Denial of Service (DDoS) attacks aim to cripple an organization’s network, servers and applications by overwhelming them with malicious traffic. Such attacks can severely limit your ability to function and lead to tens of thousands of dollars in lost revenue, mitigation costs and consumer trust. And the threat is growing. It is estimated that the total number of DDoS attacks will double to 15.4 million in 2023, from 7.9 million in 2018.1 

Firewalls are not enough

Many enterprises and organizations use firewalls to protect against DDoS attacks. Although firewalls can protect networks from a variety of security issues, they are not designed to detect and mitigate large-scale DDoS attacks. There are three main reasons for this.

1. Firewalls can be overwhelmed by excessive traffic.

“WHEN CONFRONTED WITH EXCESSIVE TRAFFIC, THE FIREWALL MAY SLOW THE TRANSMISSION PROCESS, LEADING TO DISRUPTIONS OF DATA FLOWS AND NETWORK DOWNTIME.”

Firewalls are designed to keep suspicious network traffic from breaching the perimeter of an organization’s systems. The firewall filters incoming packets of information, checking to see if they meet specific criteria before allowing them through. However, when confronted with excessive traffic, the firewall may slow the transmission process, leading to disruptions of data flows and network downtime.

In addition, firewalls are “stateful” – that is, they have to keep track of the full state of active network traffic to deliver protection. The memory and processing resources required to store and filter this information can make them a soft target for DDoS attackers, who can easily overwhelm them with volumetric attacks, take your network offline and block legitimate users from establishing connections.

2. Firewalls cannot distinguish between malicious and non-authenticated legitimate users.

Firewalls aim to prevent the intrusion of one packet of information at a time – it’s how they filter incoming information and ensure it is legitimate. But firewalls are not designed to detect the combined actions of legitimate packets of data sent millions of times. DDoS attacks such as HTTP floods are designed to overwhelm a server with millions of seemingly legitimate HTTP requests. Each individual session appears legitimate and is not marked as a threat by firewalls. But firewalls are not designed to look at the behaviour of millions of concurrent sessions as a whole, which limits their ability to recognize an attack. When the targeted server becomes saturated with HTTP requests and is unable to respond to normal traffic, denial of service can occur for legitimate users.

Some DDoS attacks are also staged by creating thousands of fake source IP addresses, making it difficult to identify the location of the attacking machines. These fake addresses can sometimes trick the firewall into thinking they are legitimate, allowing the attack to slip through.

“A DDOS SOLUTION THAT COMPLEMENTS A FIREWALL, AND WHICH ALLOWS LEGITIMATE TRAFFIC TO FLOW THROUGH, IS THE MOST EFFECTIVE APPROACH TO ADDRESS VOLUMETRIC DDOS ATTACKS.”

3. Firewalls are often deployed in the wrong location.

To effectively protect themselves against DDoS attacks, organizations need a defence strategy that will stop an attack before it reaches their network firewalls. Most intrusion detection solutions are deployed too close to the protected servers – and not as the first line of defence. However, when faced with volumetric attacks, this is too far down the road to offer much protection.

A dedicated DDoS mitigation strategy is best deployed before traffic reaches your hand-off from the Internet Service Provider – providing true early detection and mitigation of a potential attack before it reaches your firewall. A DDoS solution that complements a firewall, and which allows legitimate traffic to flow through, is the most effective approach to address volumetric DDoS attacks.

How traffic accesses your network with Acronym DDoS protection

Detect and mitigate attacks before they reach your network

DDoS Shield from Acronym can protect your business from the dangers of DDoS attacks before they reach your network. DDoS Shield makes use of automated cyber threat detection and mitigation technology that works in real time to monitor for malicious traffic and block it before it can affect your network. Because the detection and mitigation of your traffic is contained within Acronym’s network in Canada, network latency is kept to a minimum and your data remains under Canadian jurisdiction.

Featuring 24/7/365 detection and mitigation in seconds, plus an easy-to-use portal for comprehensive visibility into your threat landscape, DDoS Shield can provide your business with protection and peace of mind.


1 Cisco Annual Internet Report (2018-2023) White Paper. Updated March 9, 2020.


About Acronym

Acronym Solutions Inc. is a full-service information and communications technology (ICT) company that provides a range of scalable and secure Network, Voice & Collaboration, Security, Cloud and Managed IT Solutions. We support Canadian businesses, large enterprises, service providers, healthcare providers, public-sector organizations and utilities. We leverage our extensive network expertise to design and build customized, fully scalable solutions to help our customers grow their businesses and realize their full potential. With more than 20 years’ experience managing the communications system that enables Ontario’s electrical grid, Acronym is uniquely positioned to understand the mission-critical needs of any business to deliver the innovative and reliable services that respond to the changing demands of businesses, and support rapid growth and digital transformation initiatives.