SD-WANs (software-defined wide-area networks) are often praised for uniting enterprise network and security functions into one solution, but there is actually a bigger story of convergence. Recently, some vendors and solutions have been converging the network, security and artificial intelligence under the SD-WAN umbrella, giving way for AI-powered insights, virtual assistants and augmented management. With these additions, SD-WAN is starting to look like autonomous networking.
As the new central hub for the multicloud enterprise, SD-WAN’s centralized control gives IT professionals flexible hybrid connectivity and bundled security features needed for cloud transformation. But we’re seeing SD-WAN move past the early years of connectivity, next-gen firewalls and secure internet breakouts. Now, it’s taking a deeper dive into cloud security and AI-based network automation.
In fact, it’s hard to find another sector of the enterprise IT industry that has experienced faster growth than SD-WAN. IDC analysts predict the SD-WAN market will grow 40.4% each year to at least 2022, when it will reach $4.5 billion. Dell’Oro Group analysts said the growth rate will hit 35% a year over five years.
SD-WAN enables enterprise branch offices to use a range of transport methods—not only MPLS but also broadband internet and 3G and 4G LTE networks—to move data and applications. With the current 5G, data speeds are only going to improve. SD-WAN also provides more consistent performance, improved security, easier system provisioning and management, and lower costs.
SD-WAN is a hot topic and on the short list for almost every business. Choosing a vendor is tough because the range of what type of features offered is so broad.
Top SD-WAN Vendors
In no particular order (outside of Cisco Systems, which is a clear No. 1 atop the market), here’s a look at what eWEEK sees as the top SD-WAN vendors, with the list being created with data resources from eWEEK, Gartner, IDC, Dell’Oro Group and other resources.
Cisco Systems
Value proposition for potential buyers: The world’s top networking vendor has a broad router lineup and a range of offerings in the SD-WAN space for companies of all sizes:
Key values/differentiators:
Through its acquisition of SD-WAN pureplay Viptela in 2017 for $610 million, Cisco has evolved its portfolio to integrate Viptela capabilities into the Cisco ISR and ASR edge routers.
- Cisco SD-WAN offers two different solutions:
- Cisco SD-WAN powered by Viptela offers maximum versatility with advanced capabilities for sophisticated IT environments
- Cisco SD-WAN powered by Meraki provides simple and secure full-stack IT for SD-Branch and lean IT environments
- Cisco offers a fully integrated security stack for SD-WAN, including Cisco Umbrella Secure Internet Gateway cloud security, to help customers evolve to a Secure Access Service Edge (SASE) architecture
- Cisco has established partnerships and SD-WAN integrations with prominent SaaS, IaaS, and cloud service providers, ensuring connectivity with their products, and a seamless and secure application experience across any cloud.
- The largest networking vendor in the world by volume and revenue, with the largest share in the SD-WAN market.
VMware
Value proposition for potential buyers: The pioneer in virtualization has expanded its networking scope to include the WAN and LAN through acquisitions and internal innovation
Key values/differentiators:
- Has a broad presence in data centers and a wide range of channel and ecosystem partnerships that run from the data center into the cloud and out to the edge.
- Expanded its capabilities in SD-WAN with its acquisition of VeloCloud in late 2017, adopting the solution name VMware’s SD-WAN by VeloCloud. The offering includes physical and virtual edge appliances, cloud gateways, and centralized orchestration, which can be on-premises, or hosted by an MSP or VMware.
- VMware has a wide range of go-to-market partners, including multiple global NSPs, as well as VMware and Dell channels; this provides enterprises with many ways to consume the solution and has a proven track record of being able to fulfill large, complex global networks of greater than 1,000 sites. In fact, it has some of the largest SD-WAN deployments.
- In 2020 VMware introduced its SASE platform that combines the SD-WAN gateways, a ZTNA service powered by WorkspaceONE, a cloud web security solution, and firewall capabilities to offer a comprehensive cloud networking and security stack to enterprises seeking to provide high-performance and secure environment for their increasingly distributed workforce.
Juniper Networks
Value proposition for potential buyers: Juniper has been a survivor in the networking business due to well-respected technology and an excellent go-to-market approach. It has an expanded presence in enterprises through its long history as a networking and security vendor. The company entered the software-defined networking (SDN) space in 2012 with its acquisition of Contrail Systems and has since expanded the Contrail technology to SD-WAN.
Key values/differentiators:
- Contrail SD-WAN provides unified policy and security controls across myriad WAN connection types, supporting MPLS, broadband, 4G LTE and others. It also offers dynamic path selection to ensure the right transport mode for the workload. 5G is in the works.
- Zero-touch provisioning of Juniper’s CPE (customer premises equipment) means the hardware can be easily deployed on site, with branch devices and cloud endpoints being managed centrally.
- Contrail Service Orchestration integrates VPNs and third-party virtual-network functions like WAN optimization, next-generation firewalls, wireless LAN controllers and edge computing frameworks. The NFX Series Network Services Platform hosts these services on-premises.
Aruba / HPE
Value Prop for Buyers: Aruba pioneered the SD-Branch market in 2018 with a new approach designed to modernize branch networks for evolving cloud, IoT and mobility requirements. Integration of cloud-managed SD-WAN, wired and wireless networking solutions, secured with context-based policy enforcement, allows network operators to improve network availability and application performance, while reducing management time and costs–all from a single point of control.
Key values/differentiators:
- Cloud-based management provides remote, centralized provisioning and management of wired and wireless connections inside the branch, and WAN and Internet connections with SD-WAN infrastructure. This enables organizations to quickly implement new services and network changes across distributed environments without requiring on-site IT.
- Aruba security solutions offer automated, granular intra-branch and WAN policy enforcement capabilities. Also, an expansion of Aruba’s unified branch defense capabilities provide unique, identity-based attack detection and intrusion prevention to deliver zero trust in-store network security.
- Application, user and device contextual awareness delivers granular QoS within the branch and across the WAN for SaaS, mobile UC, and other remote applications. This simplifies how LAN and WAN traffic is prioritized and routed inside and outside the branches to deliver a consistent experience, regardless of user role, device type or location.
- Integration of the Aruba SD-WAN solution with the AWS Transit Gateway Network Manager greatly simplifies the deployment and management of networks connecting remote branch locations to Amazon Virtual Private Clouds (VPCs). IT teams deploying the Aruba SD-WAN solution alongside AWS will have the ability to easily monitor and manage connectivity between AWS resources and their on-premises locations using either Aruba Central or AWS Transit Gateway Network.
Open Systems
Value proposition for potential buyers: Open Systems is a leading global provider of a secure SD-WAN that claims it enables enterprises to grow without compromise. Using Open Systems, the company claims, users can transform the power of disruptive technologies into growth without the complexity and high cost of traditional wide area networks.
Key values/differentiators:
- Open Systems integrates best-of-breed SD-WAN capabilities with security functions, and couples it with network and security operations from world-class engineers to help customers increase business agility – simply and securely.
- With assured security, AI-assisted automation and expert management that free valuable IT resources, Open Systems delivers the visibility, flexibility and control users want with the performance, simplicity and security they need in their networks.
- The SASE (secure access service edge) provider acquired Swiss-based Sqooba, an AI-based IT analytics and visibility vendor in January 2020. Open Systems will use Sqooba’s intellectual property to enhance its SASE platform to include end-to-end visibility.
- Open Systems was actually a pioneer in SASE because it architected its product to deliver integrated network and security before the term “SASE” was being used. The addition of Sqooba gives Open Systems a rich data source to correlate with its existing network data to provide better business-critical insights.
- Sqooba is delivered as a SaaS service, but the data can live in the cloud, in the company’s data center or a combination of both, which makes SASE deployments hybrid in nature (part cloud and part on-premises).
- In May 2020, Open Systems announced it has integrated the Microsoft Azure Sentinel security information and event management solution (SIEM) into its managed detection and response (MDR) service. The marriage of the Azure SIEM with Open Systems’ cloud-native SASE service will enable customers to see threats faster and in more places and, more importantly, contain the threats before they become harmful to the business.
Riverbed Technology
Value proposition for potential buyers: Riverbed is another vendor that moved into SD-WAN based on the strength of its other areas of expertise, including WAN acceleration and network performance monitoring. The company was taken private in 2015 by Thoma Bravo, allowing it to become a more agile, nimble company, non-beholden to 90-day SEC report cycles.
Key values/differentiators:
- The 18-year-old company brings a range of network and application performance expertise and capabilities as well as a customer base that has experience with its networking products.
- Riverbed took its first steps into SD-WAN in 2015 with the announcement of its “Project Tiger” initiative and rapidly grew its portfolio through the acquisition in 2016 of Ocedo, a German company whose products included gateways, switches, access points and an integrated cloud management system.
- In 2019, Riverbed expanded its SD-WAN offering with enterprise-class routing and advanced security functions, leveraging an OEM partnership with Versa Networks. Riverbed’s solution, combined with its WAN acceleration, provides an integrated stack for WAN edge infrastructure.
Aryaka Networks
Value proposition for potential buyers: 11-year-old Aryaka came into the market with SD-WAN in mind, delivering its technology via a managed services model.
Key values/differentiators:
- The company continues to grow quickly, with more than 800 enterprise customers in 63 countries and a 98 percent retention rate.
- Aryaka’s SmartConnect SD-WAN platform is delivered as a service, leveraging cloud providers that include AWS and Microsoft Azure and offer about 50 percent faster performance than MPLS. The vendor’s private global network provides faster transport than MPLS or the internet.
- SmartConnect offers integrated cloud connectivity, SaaS support, WAN optimization, the SmartCDN content delivery network and mobile application acceleration via its SmartAccess product. Branch office connectivity deployment can range from eight to 48 hours, much faster than the weeks or months needed for MPLS.
Citrix Systems
Value proposition for potential buyers: Citrix brings a wealth of experience to enterprises in everything from server and desktop virtualization to networking to the cloud. The company has a presence in more than 400,000 organizations, including 99 percent of the Fortune 100 and 98 percent of the Fortune 500.
Key values/differentiators:
- Citrix’s SD-WAN offering—formerly called NetScaler—consolidates such network functions as real-time path selection, stateful firewall and WAN optimization into a single appliance for the branch.
- Appliances are placed in remote sites and central data centers and can run multiple transport modes, from MPLS and mobile to broadband, through a single virtual link.
- Citrix SD-WAN comes in Standard, Premium and WANOp edition appliances and also is available as a cloud service hosted on AWS and Microsoft Azure.
- Offers fast failover from one link to another and failover in milliseconds via bi-directional link monitoring and offers edge mode or overlay deployment within the same network.
Oracle
Value proposition for potential buyers: Enterprise software giant Oracle jumped into the SD-WAN market in late 2018 when it bought well-known pureplay Talari Networks, a move to complement its session border controller, network management and cloud efforts.
Key values/differentiator:
- With Talari, Oracle inherited a mature SD-WAN portfolio that includes the Talari Controller to centrally manage and distribute services and application policies, appliances, the Talari Overlay Network for linking the appliances and controller and real-time analytics, visibility into the network and capacity planning.
- Oracle developed the Oracle SD-WAN Orchestration Cloud Service to provide SaaS SD-WAN management for connecting clouds and networks..
- Through Talari SD-WAN, enterprises get an open and extensible WAN for data centers, remote offices and cloud services, with packets routed based on bandwidth suitability for the packets protocol. This capability is embedded in the packet header to ensure that business-critical applications are given higher priority than those that are less business-critical.
Nuage Networks
Value proposition for potential buyers: Nuage Networks, launched in 2013, has the backing of parent company Nokia, a global network vendor.
Key values/differentiator:
- Nuage’s SD-WAN solution is Virtualized Network Services (VNS) and includes the Network Services Gateway, which is x86-based branch hardware. When connected to the network, the NSG calls for a policy engine and downloads a pre-defined configuration based on location.
- Enterprises can use VNS for visibility and control from a single interface and to orchestrate enterprise IT services in data centers, public clouds and enterprise branch sites.
- The company in September 2018 released the latest version of VNS that supports what officials are calling SD-WAN 2.0, which moves beyond simply automating and managing connectivity to branch offices to include seamless WAN connectivity to include data centers and SaaS and public cloud providers as well as providing the platform for deploying such value-added services as voice-over-IP, next-generation firewall, WiFi access and IoT.
Fortinet
Value proposition for potential buyers: For 20+ years Fortinet has been a cybersecurity leader and has continued to innovate a comprehensive a ‘Secure SD-WAN’ solution organically with a security-driven networking approach. Fortinet’s SD-WAN capabilities scale from the home office to the branch and distributed cloud enabling self-healing networks.
Key values/differentiators:
- With over 21,500 customers, Fortinet Secure SD-WAN solution integrates best of breed Next-Generation Firewall (NGFW) and SD-WAN capabilities into a single solution in Fortinet’s flagship product -Fortigate.
- Fortinet unique approach of purpose-built SD-WAN ASIC delivers highest performance and lowest TCO in the market. Additionally, validated by consecutive recommendation by NSS Labs SD-WAN Group tests in 2018 & 2019.
- SD-WAN Orchestrator is a unified configuration module within FortiManager and provides simplified workflow to configure, network settings, and introduces complete automation of Overlay networks. Intuitive Business Policies enable dynamic application steering, network remediation and failover.
- Fortinet’s Secure SD-WAN is available in available in multiple form factors from hardware, virtual and available in all major public cloud providers including Azure, AWS, Google Cloud Platform, Alibaba IBM and Oracle.
Palo Alto Networks
Value proposition for potential buyers: Palo Alto Networks, the industry’s leading cybersecurity company, recently acquired CloudGenix, bringing together best-in-class security with cloud-delivered SD-WAN, all in a single platform.
Key Differentiators:
- Supports the cloud-delivered branch architecture in which branch infrastructure such as networking and security can all be delivered and managed from the cloud.
- Leverages machine learning and data science methodologies to automate network and security operations and reduce complexity. CloudGenix CloudBlades also allows for simplified integration leveraging APIs.
- Provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering. This level of visibility and intelligence ensures exceptional user experience by enabling network teams to deliver SLAs for all apps including Cloud, SaaS and UCaaS.
Masergy
Value proposition for potential buyers: Masergy is a managed service provider (MSP) that offers a full palette of network, security, and collaboration solutions. The company has been one of the most forward-leaning MSPs in defining the future of SD-WAN.
Key values/differentiators:
- Recently infused AI into its SD-WAN offering, making it the only MSP that leads with an AIOps story and has a strong AI-enabled SASE story.
- Masergy offers a broad choice of firewall delivery: on premises, cloud native or a hybrid of the two as well as embedded user identity analytics and Shadow IT discovery.
- For companies that don’t have the skill sets to make the shift to SD-WAN, Masergy provides fully managed and co-managed solutions.
- SD-WAN, SD-network, UCaaS, CCaaS, and a full suite of managed security solutions all in one platform
- Meets key requirements of SASE with a flexible model for solution design
- One portal for end-to-end visibility with real-time analytics and controls
- Industry-leading SLAs include SLAs for direct cloud interconnections and proactive credits
Versa Networks
Value proposition for potential buyers: Single pass pipeline architecture with integration of security, routing, SD-WAN, analytics, and multi-tenancy on-premises and in the cloud.
Key values/differentiators:
- Comprehensive security, advanced routing, full-featured SD-WAN, genuine multi-tenancy and sophisticated analytics in a single software operating system (VOS™) for on-premises and cloud
- The leading vendor for Secure SD-WAN and SASE for cloud and on-premises
- Thousands of enterprise customers and over 120 service providers
- Full includes Versa Secure SD-WAN for mid to very large sized Enterprises down to Versa Titan for Lean IT organizations
- Operates on Versa appliances, Dell appliances, certified white box devices, virtualization environments, and the cloud (AWS, Azure, GCP, etc.)
- Complete multi-tenancy for Enterprise and service provider implementations
- Scalable advanced routing including IPv6 support
Cato Networks
Value proposition for potential buyers: An early adopter of SASE and has built a cloud native service that converges networking and security. Cato enables enterprise class customers to rapidly move away from MPLS and on-premises infrastructure to a much more agile network with cloud resident services.
Key values/differentiators:
- Early adopter of SASE connects branches, mobile users and cloud resources
- Cato delivers networking and security capabilities through a single software stack versus separate appliances.
- A single network that connects all enterprise resources. Branches and data centers are connected using Cato’s edge SD-WAN devices, known as Sockets. IPsec tunnels from third-party firewalls can also be used to connect sites.
- Mobile users connect using Cato’s client-based or clientless remove access solution
- Cloud data centers connect directly to Cato’s points of presence directly or via virtual appliances.
- Single management console for end to end view of the network
- Full suite of cloud native, managed security services that protect both north-south and east-west traffic. Includes next generation firewall VPN, secure web gateway, advanced threat prevention, cloud and mobile access protection and managed threat detection and response.
- Global private network with integrated WAN Optimization
Zeus Kerravala of ZK Research and former eWEEK staff writer Jeffrey Burt contributed to this article, which is an update of a 2019 eWEEK feature.