Not sure if anyone has encountered this, but I am curious if someone is using SD-WAN devices in a HITRUST (Healthcare) certified environment. Many SD-WAN vendors only provide stateful firewall capabilities in their edge devices, and they will say they that it denies any unauthenticated inbound connections. So this means that any (malicious) connection coming to the branch office from the internet will be dropped (with maybe the header information from the connection being logged and possibly sent to a SIEM depending on the SD-WAN vendor). However, HITRUST seems to require that an IDPS capability be in place at the perimeter network, which in this case would be the SD-WAN device at the branch. I'm not sure how an IDPS would be relevant if the firewall is dropping the packet before it would even reach the IDPS, but I would like to see if how anyone else may have satisfied this control when using SD-SWAN. Thanks !
No comments:
Post a Comment