The pace of software-defined wide-area networks (SD-WANs) developments continues to accelerate for several reasons. One fundamental reason is that SD-WAN is not only programmable from a feature support perspective, it is also secure. Factor in the pace of applications that are moving to the cloud, and it is not surprising that the ability to program software security services into a connectivity service has rapidly become a strategic imperative.

In order to understand the associated SD-WAN security business drivers and technical requirements, Heavy Reading launched the "SD-WAN Security Market Leadership Study (MLS)" with collaboration partners Amdocs, Fortinet, Lavelle Networks and Nuage Networks in Q4 2019. The survey attracted 90 qualified global respondents and documented SD-WAN security service use cases, implementation timelines, cloud service integration opportunities, the role of automation, and policy, as well as technical requirements, including future success requirements.

Security is strategic
The rapid evolution and demand for SD-WAN services have enabled communications service providers (CSPs) to integrate high value security services into their SD-WAN portfolio. One reason security represents such a high value proposition is that there is a broad range of security services supported.

These range from virtual firewalls (vFirewalls) to secured SD branches (which apply advanced management tools), packet filters and even virtualized session borders controllers (vSBC). As illustrated in Figure 1, based on "extremely important" responses, the top four capabilities are vFirewall (40%), intrusion prevention (35%), DDoS mitigation (34%) and secured SD branch (30%).

The results were somewhat expected since these capabilities are considered foundational and mature security capabilities. However, the relatively strong level of "extremely important" support for emerging advanced capabilities such as application control (26%), web filtering (25%) and packet filtering (25%) confirms that effective SD-WAN security service portfolios are multidimensional.

Further evidence of their relative strategic value is that they attained the highest scoring in the "important" band of responses (52%-55%). Thus, at least 69% of respondents believe it is either "extremely important" (18%-40%) or "important" (42%-55%) that their SD-WAN solution supports security services.

Figure 1: SD-WAN security service implementation priorities Question: How important is it for your SD-WAN implementation to support the following security services? (N=89)
Source: Heavy Reading

Scanners, signatures and application-specific strategies
The richness of SD-WAN's security service offering has unquestionably been one of the factors for the market success of managed security services. And looking forward, new capabilities will be needed to maintain this position of strength as network requirements evolve. Accordingly, Heavy Reading asked survey respondents to provide insight into which additional capabilities would enhance their ability to upsell managed security services.

As shown in Figure 2, all the standard SD-WAN security services fared well based on the level of "extremely important" and "important responses." However, in looking at the "extremely important" responses, three capabilities stand out. The highest ranked of these is the ability to utilize SD-WAN security policies to steer applications to multiple scanners based on specific application requirements (38%).

Heavy Reading believes the high ranking of this capability highlights the realities and challenges associated with moving to an application-centric cloud. Very close behind at 37% is signature-based detection in SD-WAN devices. This is significant because it not only confirms that devices remain an area of concern for end users, it also reinforces that CSPs are looking for any unique attack identifiers that can help with the detection of future attack vectors.

The third-ranked advanced capability is branch-specific. In this case, the focus is on applying SD-WAN security policies in the branch to first ensure the devices and applications in the branch are fully compliant to the cloud(s) they will run in (32%).

Overall, Heavy Reading views these results as further validation that the shift to an application environment will demand the adoption of SD-WAN security services strategies that possess the richness to support a programmable and multidimensional application-aware security model.

Figure 2: Ranking advanced capabilities Question: To what extent would support of the following advanced capabilities enhance your ability to sell your customer-managed SD-WAN security services? (N=81-88)
Source: Heavy Reading

Looking for more information?

SD-WAN Security Services White Paper
https://www.lightreading.com/lg_redirect.asp?piddl_lgid_docid=757173

SD-WAN Security Services: Implementation, Integration & Impacts Webinar
https://www.lightreading.com/webinar.asp?webinar_id=1538

This blog is sponsored by Lavelle Networks.

— Jim Hodges, Chief Analyst – Cloud and Security, Heavy Reading