IT security is becoming a bigger factor in deciding which software-defined wide area network (SD-WAN) platform an enterprise IT organization chooses to deploy. Both Cisco Systems and SonicWall are responding to that changing dynamic by separately announcing SD-WAN offerings that come with integrated security services.
Cisco announced it has integrated an application-aware enterprise firewall, intrusion prevention, URL filtering, and its Talos cybersecurity threat intelligence services across its portfolio of Cisco SD-WAN devices. In addition, Cisco has now integrated those SD-WAN devices with Cisco Umbrella, a suite of cybersecurity services it makes available as a cloud service.
Meanwhile, SonicWall has embedded SD-WAN capabilities to version 6.5.3 of SonicOS, the operating system it deploys on top of its firewall. SonicWall CEO Bill Conner said the goal is make it easier for midmarket organizations to deploy SD-WAN capabilities within a branch office without having to deploy separate SD-WAN and firewall appliances. Most of those organizations don’t have separate networking and security IT teams, which means they will prefer an approach to SD-WAN that includes embedded security services, he said.
In addition, SonicWall is adding zero-touch deployment; risk meters that deliver company-specific, real-time threat intelligence; and risk scoring. Plus, it’s now possible to deploy a virtual instance of its firewall on Microsoft Hyper-V virtual machines as well as Microsoft Azure and Amazon Web Services (AWS) public clouds.
SonicWall is joining a battle over how networking services now are being delivered to remote offices. Instead of backhauling all network traffic to a data center managed by IT, organizations are moving to enable remote offices to directly access software-as-a-service (SaaS) applications over a public internet connection. Vendors such as VMware and Silver Peak have been making the case for replacing routers in those branch offices with SD-WAN appliances, which make it possible to route application traffic between public internet connections and MPLS networks used to access applications residing in a local data center.
Cisco has countered first by acquiring Viptela, a provider of SD-WAN appliances, and Meraki, a provider of wireless access networks that includes SD-WAN networking software. Since then, Cisco has added the ability for IT organizations to deploy Viptela SD-WAN software directly on a router, thereby eliminating the need for a separate SD-WAN appliance.
Gee Rittenhouse, senior vice president for product management in the data center networking group, said Cisco is moving to embed security functions and services into every domain of the network. In many cases, decisions concerning security are now being driven more by networking teams rather than a dedicated team of cybersecurity specialists. While those cybersecurity specialists still define policies, the need to acquire separate security infrastructure is being reduced sharply, Rittenhouse said.
Cisco and SonicWall are joining vendors that are moving to unify security and SD-WAN services, such as Barracuda Networks. It remains to be seen how other providers of SD-WAN appliances will respond. But the one thing that is certain is security services are finally becoming a feature rather than an overlay that needs to be managed separately.