SD-WAN deployments continue to grow at an impressive clip, and the leading adoption drivers include cloud connectivity requirements, interest in SASE packages, the promise of simpler WAN management, and cost savings potential, according to IDC.
The research firm evaluated 12 SD-WAN vendors for its newly published IDC MarketScape: Worldwide SD-WAN Infrastructure 2023 Vendor Assessment, which found the SD-WAN infrastructure market grew 25 per cent in 2022. Looking ahead, IDC is forecasting a compound annual growth rate of 10 per cent and expects the market to reach US$7.5 billion by 2027.
“SD-WAN growth is driven by a variety of factors, including some that were the initial impetus for the development of this technology. Namely, an ability to optimise the performance and management of the WAN while also saving costs,” said Brandon Butler, a research manager with IDC’s network infrastructure group.
According to Butler, the SD-WAN market is in a state of transition. Since the technology took hold nearly five years ago, vendors have evolved their platforms in a variety of ways, including by integrating more security features into SD-WAN offerings.
“One aspect concerns the natively integrated security capabilities offered by SD-WAN vendors, such as intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and content/web/URL filtering,” Butler said.
A second trend is the evolution toward secure access service edge (SASE) architectures that combine SD-WAN and cloud-based network edge security-as-a-service (NESaaS) tools, such as a secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA), according to Butler. “SD-WAN customers can work with their existing SD-WAN vendor to consume NESaaS and build a SASE architecture or use a multivendor approach,” he said.
SASE interest is on the rise, but not all enterprises are ready to commit. “While much of the market momentum has shifted toward SASE, IDC research shows there is a significant portion of SD-WAN buyers that continue to evaluate SD-WAN infrastructure for the networking-specific capabilities of the SD-WAN,” Butler said.
Software-defined branch (SD-Branch), which refers to integrated management of SD-WAN with LAN/WLAN networks, is also gaining interest among enterprises.
“SD-Branch architectures create an opportunity for enterprises to have centralised visibility, analytics, and management of their network, across the LAN/WLAN and SD-WAN,” Butler said.
“Other benefits of SD-Branch include the ability for advanced ML/AI-enhanced management and leveraging a cloud-based platform. SD-Branch is ideal for customers that want to consolidate management across their campus and branch for ease of management.”
Meanwhile, the cost savings potential for SD-WAN remains another key driver for adoption.
“The IDC Global SD-WAN Survey asked respondents how much savings they expect to derive from deploying SD-WAN,” Butler said. “The median response rate was 15.0 per cent, but almost one-third of respondents (31.8 per cent) said they expect to save more than 20 per cent on WAN costs from deploying SD-WAN.”
Lastly, increased use of AI/ML-enhanced analytics and automation features is another important SD-WAN evolution.
“The visibility and automation platforms included in SD-WAN infrastructure products are maturing rapidly. We’re already seeing interesting use cases for AI-enhanced automation in SD-WAN. For example, Cisco has the Predictive Path Recommendations (PPR) feature, which leverages data from ThousandEyes WAN Insights. The tool monitors historical network performance and application traffic flow patterns to forecast network path quality and makes path recommendations to optimise traffic along the most optimal routing path,” Butler said.
“Having insights into network performance and end-user experience, and linking that data to advanced AI-enhanced automation systems, becomes a powerful tool for enterprises that are managing globally distributed SD-WAN deployments,” Butler said.
Five SD-WAN vendors driving platform advancements
As for the vendors driving these changes, IDC named five leaders: Cisco, Fortinet, HPE Aruba Networking, Palo Alto Networks and VMware. The research firm called out seven vendors as major players or contenders: Aryaka, Barracuda Networks, H3C, Huawei, Juniper Networks, Nokia and Versa. Another three vendors did not meet IDC’s criteria to be included as full participants of the research but were named vendors to watch: Ericsson/Cradlepoint, Extreme Networks and NetSkope.
From the IDC report, here are the top 5 SD-WAN vendors’ strengths and challenges:
Cisco has a strong heritage in enterprise routing and enterprise networking in general, which the company has leveraged to build a prominent market share position in SD-WAN. The company has two SD-WAN offerings: Cisco Catalyst SD-WAN and Cisco Meraki SD-WAN. Combined, they provide a comprehensive SD-WAN solution that meets a wide range of customer use cases and requirements. The company also has strong integrations of its SD-WAN with Cisco Umbrella and Duo, along with the Talos Threat Intelligence platform and third-party security platforms. Cisco also has a strong go-to-market channel with a large network of resellers, managed service providers, and value-added resellers, along with partnerships with leading communication service providers.
Challenge: Having two SD-WAN offerings causes some confusion in the market and for customers about which platform is best for which use case. Also, as Cisco evolves its security strategy with the introduction and continued development of the Cisco Security Cloud, the company has an opportunity to further simplify its SD-WAN and security portfolios into more streamlined product offerings.
Fortinet offers highly integrated security and networking SD-WAN capability via the company's FortiGate physical or virtual appliance, which has integrated next-generation firewall capabilities, along with SSL inspection and a custom ASIC. Fortinet also offers LAN and WLAN products for an SD-Branch architecture. Fortinet has a strong channel partner strategy with communication SPs, as well as managed SPs and VARs.
Challenge: Fortinet is primarily a security vendor, which could pose a challenge for the company as it looks to engage with customers that prioritise an SD-WAN vendor with a heritage in networking, and routing specifically. Also, its primary security solutions are offered by Fortinet itself; this may be a limitation to customers who want to use Fortinet for SD-WAN but integrate it with third-party security tools.
HPE Aruba Networking offers two primary SD-WAN offerings: EdgeConnect SD-WAN, which is based on technology from Silver Peak and EdgeConnect SD-Branch, which offers strong integrations across HPE Aruba Networking's portfolio of enterprise networking products (e.g., wireless LAN, wired LAN, VPN, and security), managed by the Aruba Central. Aruba's EdgeConnect SD-WAN has strong capabilities in advanced routing and WAN optimisation. In 2023 the company purchased Axis Security to provide cloud-based and unified ZTNA, SWG, CASB, and DLP integrated with the SD-WAN.
Challenge: HPE Aruba Networking has two separate management platforms for its SD-WAN products and will continue to build integrations across them. Also, HPE Aruba Networking is actively building stronger integrations between its EdgeConnect products and the HPE Aruba Networking SSE cloud-based security technology the company acquired from Axis Security. Compared with some other SD-WAN vendors, HPE Aruba Networking has fewer communication service providers as channel partners.
Palo Alto Networks has high levels of integration between Prisma SD-WAN and its suite of cloud-based security tools, named Prisma Access. The company has Prisma SASE, which combines Prisma SD-WAN and Prisma Access into a single offering. This single offering allows enterprise customers, and service providers, to consume highly integrated SD-WAN and security tools more easily. The company has an intuitive and feature-rich management platform, strong API support, and an integrated visibility and analytics tool.
Challenge: Palo Alto Networks is primarily a security company, so it has had challenges appealing to organisations looking for a routing heritage in their SD-WAN vendor. The company's strength is in cloud-managed SASE, which could be a limitation for some customers who do not want to embrace a cloud-based security offering. The company does not have strong integrations or an offering for campus local area networking technology such as WLAN and LAN.
VMware's SD-WAN platform is based on technology from VeloCloud, which gives the company a strong heritage in the SD-WAN market. VMware is building a portfolio of cloud-based security tools that it will deliver from its SD-WAN Gateways, giving customers optimised connections into IaaS and SaaS, and a platform for hosting distributed security services including a CASB, URL filtering, and DLP. VMware has successfully leveraged communication service providers as an effective go-to-market channel and has built a management platform for communication SPs.
Challenge: VMware has some integrations with campus LAN technologies, particularly around visibility, analytics, and management, but it does not offer its own WLAN or LAN solutions. Some customers have voiced concern over uncertainty related to what the pending Broadcom acquisition will mean for VMware and its customers.