Security

Windstream soups up security for SD-WAN

News Analysis Kelsey Kusterer Ziser, Editor 8/6/2020
Windstream Enterprise's SD-WAN service is getting a facelift with a new Virtual Network Function (VNF) Next-Generation Firewall (NGFW). The VNF Firewall will be hosted on the existing devices Windstream's customers use for SD-WAN service (VMware SD-WAN by VeloCloud hardware).

The new security feature will assist midsized enterprise customers in preventing security threats at the network edge without having to purchase additional hardware, according to Windstream. Enterprise customers can co-manage the security VNF through Windstream's WE Connect network management dashboard, which also provides visibility into the customer's network, voice service information and account details.

"For Windstream, this looks like a nice combination," says Brian Washburn, practice leader, Network Transformation and Cloud for Omdia. "They want to put multiple devices on one appliance, like the promise of NFV – reduce the number of boxes. And they didn't have to spend a bomb on building a whole huge customized orchestration system, so that potentially translates in not having to charge all that back to their customer base."

As many service providers are now adding on more than one flavor of SD-WAN to their suite of services, Washburn says Windstream faces the challenge of sacrificing some flexibility by putting all their SD-WAN and orchestration eggs in one vendor's basket. However, he says this is less of an issue to mid-market customers – Windstream's target customer base for SD-WAN – as they're less likely to demand Cisco or Palo Alto-branded SD-WAN, for example.

Earlier this month, AT&T added Cisco SD-WAN to its service options, in addition to an existing partnership with VMware for SD-WAN. AT&T AVP Rupesh Chokshi said the collaboration with Cisco was spurred by customer demand, plus AT&T's longstanding relationship with Cisco for managed routing and other services.

The types of SD-WAN platforms deployed by large enterprises
[n=480 global respondents.] Source: Omdia Enterprise Network Services Insights 2020.
[n=480 global respondents.] Source: Omdia Enterprise Network Services Insights 2020.

MNS VNF arrives to the security suite
Currently, Windstream provides MNS Cloud and MNS CPE as its Managed Network Security components for SD-WAN. MNS Cloud is a network-based version of the security service, and MNS CPE uses an appliance installed on the customer's premise, explains Trent Pham, head of Product Security for Windstream.

The new MNS VNF option is a software version of what the appliance provides that runs in conjunction with the SD-WAN system by VMware, explains Pham. The MNS VNF provides the same security features as MNS Cloud and MNS CPE, and can be remotely provisioned for customers that already have the VMware SD-WAN by VeloCloud device installed on site.

Many of Windstream's SD-WAN customers require Payment Card Industry (PCI) compliance, and the new Managed Network Security (MNS) VNF is also PCI certified. In addition, the security VNF provides application control, web content filtering, intrusion prevention system, and security information and event management (SIEM) for threat monitoring and log retention.

The SIEM service is the only security feature not provided inside the firewall itself, but "is a service that we run and have included in the premium tier of our services," says Pham.

Windstream also began working with Fortinet in 2019 to integrate the supplier's firewall and security services into Windstream's SD-WAN service. Earlier this month, Windstream announced that its WAN Concierge managed network service can now be purchased with the Fortinet Secure SD-WAN platform.

"The Fortinet variant version of SD-WAN runs on the security device that provides the MNS service as well," says Pham. "The SD-WAN Fortinet runs in conjunction with the MNS CPE because they leverage the same physical system to provide those capabilities."

By the end of 2021, Windstream aims to provide enterprise customers with a universal CPE platform with which to run SD-WAN and firewall services.

— Kelsey Kusterer Ziser, Senior Editor, Light Reading

