Cisco Piles Into SD-WAN Security Trend
It's been clear that security applications and features have become a key part of the SD-WAN story. Now Cisco has a plan to ride the wave by bundling security features and services into its SD-WAN products, which include the Viptela SD-WAN software purchased last year.
The main thrust of Cisco's announcements today, made at the Cisco Partner Summit in Las Vegas, is the integration of an application-aware enterprise firewall, intrusion prevention, URL filtering, and advanced security features into Cisco's SD-WAN devices. This includes Talos, Cisco's cyber-threat intelligence solution.
Is Cisco SD-WAN Affordable?
One of the key questions that customers will be asking about Cisco's approach is this: How much does it cost? Futuriom research with end users indicates one of their main concerns about using Cisco's SD-WAN solutions is they tend to be expensive relative to the competition, as Cisco layers in subscription fees.
Related Articles
SASE Ecosystem Growth: What to Expect in 2024
Futuriom believes the secure access service edge (SASE) market is in the early innings of a long-term shift helping cybersecurity pros consolidate distributed cloud security
2023 Multicloud Networking and NaaS Survey ReportOur survey of 125 qualified IT and networking professionals indicates a critical need for MCN and NaaS technology
Indeed, the announcement does look like part of Cisco's strategy to boost recurring subscription software revenue. In today's announcement, Cisco said these new SD-WAN security features will be embedded in some routing devices and can be enabled in others, but they will require a subscription license, with recurring fees based on service bandwidth.
That approach could be painful for some customers, who say the cost of Cisco routers is already high. And it also seems to run counter to the value proposition of SD-WAN in general, which is to lower the cost of hardware with a commercial off-the-shelf (COTS) box and then layer software on top of that. With Cisco products customers are often paying the tax of the additional cost of Cisco's proprietary routing hardware and software.
Startups Led the Security Wave
Is all of this enough for Cisco to get ahead of the curve in the SD-WAN market? Several startups have been leaders in pushing security as part of the SD-WAN story, notably most Cato Networks, which offers built-in security on its own SD-WAN network, called the Cato Cloud, and Versa Networks, which integrates a suite of security services including a next-generation firewall, into its SD-WAN platform.
There's also an argument to be made that SD-WAN can be used as a platform to deliver best-of-breed security solutions. For example, Silver Peak has an integrated firewall but partners with security firms Checkpoint, Fortinet, Palo Alto Networks, and Zscaler to service-chain firewalls and security features into its SD-WAN platform. Aryaka recently launched its PASSPORT program to build security partners into its SD-WAN network. Many other SD-WAN players are also taking this approach, saying they want to give the customer the choice in which security applications it chooses.
And then there is yet another approach. The firewall vendors, eyeing the success of the SD-WAN model, are building SD-WAN features into their firewall devices. Fortinet has been a leader in this approach.
So, Cisco's announcement is not a breakthrough, but it is a ratification of the existing trend that makes SD-WAN a powerful security approach for enterprises. It's clear that SD-WAN can be used as a model to combine the functions and applications of many edge devices: Firewalls, routers, security, and WAN optimization. And security features will be a key battleground for SD-WAN going forward.
Related Articles
ROI Through Converged Cloud Networking and Security
This leadership briefs explores ways to reduce cloud costs with distributed Networking and network security convergence
Cato Adds CASB to SASECato Networks has added cloud access security broker (CASB) functionality to its SASE services, including the ability to create and control access security policy
SASE Ecosystem Growth: What to Expect in 2024Futuriom believes the secure access service edge (SASE) market is in the early innings of a long-term shift helping cybersecurity pros consolidate distributed cloud security