Software-Defined WANs: Pros & Cons

Most hardware-based defenses lack the ability to mitigate DDoS attacks, but cloud-based mitigation solutions that leverage software-defined WANs can mitigate these attacks.

Read more: How to Create a Disaster Recovery Plan

Eliminate Manual Traffic Handling

SD-WAN can eliminate manual traffic handling by automating route engineering services and optimizing traffic across multiple networks. That means service providers will be able to react to DDoS attacks and mitigate them more quickly.

Protect Infrastructure During a DDoS

SD-WAN can protect the overall infrastructure from collateral damage that often happens when handling a big DDoS spike. Automation helps reduce a security operation center’s errors, which currently are common, given the mounting pressures during an attack.

Automated Route Engineering

Automated route engineering enables service providers to spend less time on routine traffic routing services and more time on developing and supporting advanced mitigation services.

Accurate Mitigation and Less False Positives

SD-WAN services can automatically perform path computations—even during an attack—to determine the optimal route based on service needs, business requirements, network topology, resource status, cost and other parameters.

Read more: How to Handle Security Incidents and Data Breaches

Optimize Traffic Across Many Networks

SD-WANs optimize traffic across multiple networks, and bottlenecks can be avoided through load balancing over available peers. Policies can be predetermined and proactively written to ensure that the most efficient routing decisions and changes occur with near real-time efficiency.

Intelligent Routing Capabilities

SD-WAN provides intelligent software-defined routing capabilities for WANs that connect geographically distributed locations. In the case of customers that share the same network, collateral damage can be minimized.

Save Costs

Automated handling essentially eliminates the need to pay overcharges and to overbuy the capacity needed to absorb initial DDoS traffic spikes.

Risks of SD-WANs

SD-WANs are not without risks. The unpredictable and dynamic situation of a multi-tenancy DDoS defense cloud has many related variables that require situational handling. Not everything that the individual situation calls for can be prewritten in rules.

Hungry for Bandwidth

SD-WANs still require copious bandwidth and a large, robust infrastructure to absorb the load of the initial DDoS spikes. Because SD-WAN can be so efficient, there can be a tendency to under-buy infrastructure resources.

Read next: What is an Advanced Persistent Threat (APT) Attack?