First Bank Drives Security Integration with SD-WAN

Marc Ashworth, Senior VP and Chief Information Security Officer (CISO) with First Bank, has a unique role. Not only is he the CISO of the multi-branch U.S. bank based in St. Louis, but he’s also in charge of the network. That’s one of the reasons why deploying an SD-WAN platform made sense: It helps unify the two functions of security and networking, which is becoming a broader industry trend.

“I’m the CISO, but the networking team also reports to me. That’s great because they go hand-and-hand. They watch the packets go across and so do I. It’s atypical, but I think it works very well.”

First Bank spent many months evaluating a wide range of new SD-WAN platforms and picked the Silver Peak Unity EdgeConnect™ SD-WAN edge platform, which it is now using to build an entirely new secure all-broadband WAN to connect its 107 branches, delivering far better network and application performance than its legacy MPLS network. “As a result, First Bank will save over $1 million a year on circuit costs while at the same time improving WAN performance and fortifying security.” says Ashworth.

The cost savings come from replacing all of the bank’s expensive, out-of-date MPLS circuits, which Ashworth said were no longer cost effective and viewed as legacy technology.

“SD-WAN is driving down the cost of MPLS,” says Ashworth. “It’s old technology and the cost doesn’t go down. We wanted to utilize low-cost broadband circuits and get off more expensive MPLS circuits,” says Ashworth.

In addition to driving down costs, Ashworth liked the idea of having strong encryption and authentication features as well as the management flexibility of being able to centrally control the company’s entire SD-WAN using the Silver Peak Unity Orchestrator™ management console.

“There were a lot of sites that didn’t have the bandwidth we wanted, we wanted to be flexible, provide additional security, and grow a lot better.”

Across the company there are now nearly 200 Silver Peak EdgeConnect appliances deployed in total which encrypt all of the company’s traffic on multi-layer VPN tunnels. The network can also be configured to require users to use multi-factor authentication, which Ashworth likes as the CISO.

On the performance side, Ashworth says that Silver Peak delivered an improvement in its VOIP applications, which often suffered dropped calls. Ashworth says that First Bank tested other SD-WAN platforms and found that Silver Peak was the only platform that could deliver VOIP without dropping connections using sub-second circuit failover. Circuit failover is seamless and undetected by end users. Competitive products had other shortfalls, as well, said Ashworth.

“[On other products] the failover time between the different circuits was really high” says Ashworth. “Some of them didn’t have acceleration. We wanted to be able to manage the product ourselves and be independent of the provider. We had 18-24 circuits that we have to manage ourselves.”

The combination of strong security, failover features, and easy management led First Bank to choose Silver Peak over SD-WAN competitors. Ashworth believes the benefits of SD-WAN will continue the strong trend of replacing legacy leased circuits, especially MPLS, because of the administrative benefits of managing the network at a lower cost.

Some of the other features that Ashworth is excited about include a unified zone-based firewall feature set and the flexibility to use any combination of WAN transport including cable, DSL, or LTE circuit combinations. In some cases, a site might link together two cable modems or use fiber if it’s available. The SD-WAN approach increases the power and flexibility of using many different types of broadband.

Such flexibility and feature options led Ashworth to believe that the SD-WAN trend has just started, both on the enterprise customer side and the managed service provider side. He believes that using internet broadband technologies can provide better performance, security and management.

“I would expect more and more of the providers to go with SD-WAN rather than old-school routers. There’s still a place for those, but for different facilities you will see more of the SD-WAN.”