Aryaka Beefs Up SD-WAN Security With PASSPORT


By: R. Scott Raynovich

Aryaka Networks, which operates its own global software-defined wide-area network (SD-WAN) service targeting enterprise connectivity, today launched PASSPORT, a multi-layered security platform and ecosystem that includes value-added security services such as private network encryption, DDoS (distributed denial of service) attack protection, integrated firewall, and cloud security.

It’s a significant move for Aryaka, which is distinguishing itself from a growing crowd of SD-WAN vendors and operators by providing its own private network, claiming it offers higher security than other approaches to SD-WAN. Many SD-WAN networks leverage the Internet for enterprise WAN connectivity, while Aryaka operates its own SD-WAN network with 28 POPs (points of presence), each secured with its own firewall and other security measures.

“We have a dedicated network where [client] traffic is not mixed with anybody else’s,” said Gary Sevounts, Aryaka’s Chief Marketing Officer, in an interview with Futuriom about the announcement. “It’s not going to the public Internet, so nobody knows where it enters and where it exits. By definition, the way it's architected, it’s significantly more secure.”

To boost security, Aryaka is partnering with several major security providers to offer additional security functions included with PASSPORT. Partners include Radware, Palo Alto Networks (PANW), and Zscaler. Components of the PASSPORT offering including the following:

  • Built-in security features of Aryaka’s global private network. Client traffic traverses through dedicated, not shared, layer 2 links with enterprise-grade end-to-end encryption
  • DDoS attack prevention using Radware’s Hybrid Cloud Attack Mitigation
  • Aryaka’s edge network devices will include integrated security features such as firewalls and intrusion prevention, as well as integration with Next-Generation firewalls from Palo Alto Networks
  • Aryaka will provide advanced cloud security for non-critical traffic that traverses over the Internet via partnerships with Palo Alto Networks Global Protect Cloud Services and Zscaler Cloud Security
  • Aryaka provides direct connectivity to all SaaS (software as a service) and cloud platforms along with additional integrated security from Palo Alto Networks for virtual firewalls hosted in services such as AWS and Microsoft Azure.

Sevounts said that Aryaka is pursuing a “best of breed” security strategy because that is what clients in the market are looking for -- several layers of security provided by different vendors.

"The reason that enterprises use best of breed is that if you get all your security from one vendor, if there is a vulnerability in that one provider, then all of your security layers are compromised."

It's a smart move by Aryaka, as enterprise customers regularly cite security as one of the top concerns in implementing network technology. Futuriom’s own security research shows that enterprises are not only interested in best-of-breed solutions, but they are also interested in security features that are integrated with existing services, to remove the cost and headaches of implementing complicated and expensive technology.

For example, the Futuriom SysSecOps Report in 2017 surveyed 149 IT specialists and executive managers and found that 53% percent of the IT and security respondents -- including IT system admins, security specialists, hardware specialists, network admins, executive managers, and others -- indicated a “challenge in integration of many security tools” as a major issue in securing their endpoint environments.

Aryaka’s PASSPORT is addressing this concern, by moving down the path of integrating best-of-breed security tools with its own private SD-WAN. Keep an eye on this emerging trend. As the SD-WAN market evolves in 2018, it's likely that security features and functionality are going to be an increasing part of the discussion among adopting customers.