Cisco SD-WAN DIA (Direct Internet Access) at remote branches allowed users to reach cloud and Internet native applications in a more optimal way by connecting to the closest and best-performing cloud provider's point of presence, leveraging geo-location and DNS services. Additionally, these local Internet breakouts allowed the organizations to offload the guest traffic directly to the local ISP instead of backhauling it to the data center through the WAN. Combined with Application-Aware Routing, the DIA solution makes sense for most organizations across most industries.

Threat Surface
Figure 1. Threat Surface

With local Internet breakouts and many business-critical applications hosted in the cloud, the organization's attack surface continues to increase, as illustrated in figure 1 above. As an effect, protecting the branch from cyber threats is even more critical than before. Cisco SD-WAN brings some essential security capabilities embedded into the firmware of WAN edge routers with single-pane-of-glass management for routing and security - vManage.

The Cisco SD-WAN security capabilities include an application-aware firewall, intrusion prevention system (IPS), URL-Filtering (URLF), advanced malware protection (AMP), and Secure Internet Gateway integration (SIG). These security features help organizations achieve threat protection, PCI compliance and threat protection against Internet-bound cyber attacks. 

Table 1 describes each Cisco SD-WAN capability that is embedded in vEdge's firmware: 

Cisco SD-WAN Security Capabilities
SD-WAN Capability Description
Application-aware Firewall

Stateful firewall with a DPI engine for application detection. The firewall provides app visibility capable of detecting 1400+ apps.

Intusion Prevention (IPS)

The Intrusion Prevention (IPS) uses the Cisco Talos signatures and is updated automatically. The IPS software is deployed using a security virtual image hosted on a container in the WAN edge router.

URL Filtering (URF)

Blocks or allows URLs based on a web reputation score. The URL Filtering is also deployed using a security virtual image hosted on a container in the WAN edge router.

Advanced Malware Protection (AMP)

AMP continually analyzes file activity across the organization's network and detects, contains, and removes advanced malware. Advanced Malware Protection is deployed using a security virtual image hosted on a container in the WAN edge router.

Secure Internet Gateway (SIG)

Cloud-delivered security that provides a first line of protection against cyber security threats.