10 Best SD WAN Providers Reviewed (With comparison tool)

How we reviewed each SD WAN provider solution and our methodology

We setup an initial SD WAN with default security policies across each vendor. This process involved:

1. Logging into the management portal of each solution
2. Moving through the configuration steps
3. Viewing the statistics and reporting capability
4. Analyzing features and SD WAN use-cases
5. Explaining SASE and SSE security features
6. Outlining Pros and Cons across each SD WAN solution
7. Detailing information on solution competitors

The above review methodology helped us create this highly exhaustive best SD WAN providers article.

Which SD WAN capabilities should your business compare?

1. Compare SD WAN coverage

One key factor to compare is coverage, which depends on whether your business operates nationally or globally. A crucial difference in selecting an SD WAN solution is its ability to support global connectivity. For instance, if your business comprises only 10 sites located in the US or the UK, a global network of interconnected PoP's might not be a priority. However, if your business is a multinational corporation, then having this kind of coverage can significantly impact which SD WAN solutions make it to your shortlist.

2. Compare SD WAN Managed Services

The second factor your IT team should compare is the level of managed services your business needs. SD WAN enables flexible management options, from fully managed to co-managed and DIY services.

Certain SD WAN providers specialize in fully outsourced services, while others are a better fit for DIY provision. Therefore, when selecting an SD WAN solution, it is crucial to determine which providers align with the level of management services required by your business.

3. Compare SD WAN Complex Services

The third factor to compare is the level of complexity required by your business. For large multinationals with complex routing, disaster recovery policies, and a vast number of remote users with various BYOD devices, only a select few providers and vendors can support such complex requirements.

On the other hand, if your business is more standardized, then you should look for solutions that are cost-effective and simpler to manage and provision. Some products provide out-of-the-box configurations and policies that can get your business started quickly.

Therefore, it is important to select an SD WAN solution that aligns with the level of complexity required by your business to ensure that you are getting the most efficient and effective solution.

4. Compare SASE and SSE Cybersecurity

The fourth comparison factor to consider is SASE and SSE security, which is now a must-have product for all businesses. SD WAN is considered a subset of SASE.

SD WAN enables security across remote users and branch-office sites, making it an essential component of SASE. Therefore, when selecting an SD WAN solution, it's important to keep in mind that it is a critical part of your overall security architecture.

By incorporating a SD WAN solution into your security strategy, you can ensure that your remote users and branch-office sites have secure and efficient access to the network resources they need.

The components of SASE typically include:

Secure web gateway (SWG) - This is a cloud-based service that provides a range of security capabilities to protect against web-based threats. This includes web filtering, URL filtering, and other features designed to enhance web security.

Cloud access security broker (CASB) - This service provides organizations with increased visibility and control over the use of cloud applications and services, ensuring that sensitive data is protected and compliance requirements are met.

Zero-trust network access (ZTNA) - This service provides secure access to applications and data, regardless of location or device. It operates on a "never trust, always verify" principle, requiring authentication and verification for all network access.

Software-defined wide-area networking (SD WAN) - This service provides secure and optimized connectivity to applications and services, helping to improve network performance and reduce costs.

Firewall as a service (FWaaS) - This cloud-based firewall service provides network security capabilities, protecting against unauthorized access and other threats.

A range of security components may be included in SSE, such as:

Firewall - This is a security solution that can be hardware or software-based and is designed to protect a specific segment of a network or perimeter against unauthorized access and other threats.

Intrusion detection and prevention systems (IDPS) - This security solution is capable of monitoring network traffic for signs of malicious activity and can either alert or block potential threats.

Virtual private network (VPN) - This secure connection allows remote workers to access the network in a manner that emulates an on-site connection, thus ensuring a secure connection.

Access control mechanisms - These are security measures that are implemented to ensure that only authorized users and devices can access network resources. This helps to protect against unauthorized access and security breaches.

SSE can include various additional components, including both hardware and software-based firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPN), and various access control mechanisms.

These technologies work in concert to safeguard a specific network segment or perimeter, thus ensuring that only authorized personnel and devices can access network resources.

Companies can monitor network traffic for suspicious or malicious activity, thereby enabling the prompt detection and prevention of potential security threats.

With the help of these robust security measures, SSE can provide enhanced protection against unauthorized access and other security risks.

5. Compare SD WAN Features and Benefits

The fifth factor to compare revolves around the features and benefits of SD WAN. As a comprehensive solution, a typical SD WAN vendor offers various features that provide businesses with increased flexibility, security, and efficiency for managing their WAN.

Circuit bonding combines multiple connections together to improve bandwidth and resilience, while network segmentation enhances security and enables greater control over traffic flow.

By optimizing WAN performance, SD WAN reduces latency and improves application speed. Quality of Service (QoS) ensures that critical traffic is prioritized, and dynamic traffic routing automatically selects the best path for traffic to follow.

With cloud-native access and termination, integrating cloud-based services into the WAN is easy. Finally, SD WAN supports a variety of connection types, including 4G, 5G, Broadband, and leased line services, making it a versatile and adaptable solution for modern businesses.

Selecting an SD WAN solution that aligns with the unique features and benefits required by your business can ensure that you are getting the most efficient and effective solution.

6. Compare Cloud-native options

Finally, the sixth comparison are is Cloud. SD WAN is a secure and efficient way for businesses to access cloud services, including AWS, Azure, and Google Cloud.

The cloud-native architecture of SD WAN allows for seamless integration with cloud services in a simple and secure manner. This architecture is designed to enable businesses to transition their WAN to the cloud with ease, taking advantage of the flexibility and scalability of cloud-based services.

To access cloud services, the SD WAN appliance utilizes direct connectivity, such as AWS Direct Connect, Azure ExpressRoute, and Google Cloud Interconnect. These dedicated connections provide a private and high-bandwidth link between the SD WAN edge device and the cloud provider's network, ensuring low latency, high performance, and increased security.

SD WAN solutions are built with cloud-native architectures, utilizing cloud-based technologies like microservices and containers. This design enables the solution to be more flexible and scalable, providing fast and seamless integration with cloud services.

Along with direct connectivity, SD WAN offers application-aware routing, which can dynamically route traffic to the closest cloud service endpoint. This feature enhances application performance, reduces latency, and provides a better user experience. Overall, SD WAN is an effective solution for businesses looking to connect securely and efficiently with cloud services.

7. Compare SD WAN SLA's (Service Level Agreements)

When comparing SLAs for SD WAN service providers, it is important to look at key network performance metrics such as packet loss, latency, and jitter for both primary and backup links. Make sure to find SLAs that guarantee a high level of network uptime, for example, 99.99% availability, and consider the service provider's mean time to repair (MTTR) for network outages. SLAs related to support services, such as 24/7 customer support, escalation procedures, and response times to make an informed decision.

The SD WAN market has experienced significant changes - 2023 looks to be no different. A major trend has been the shift towards cloud-native solutions, which have become increasingly popular as businesses continue to adopt cloud-based services and applications hosted within AWS, Azure and Google Cloud.

Some notable acquisitions have resulted in a higher demand for SD WAN solutions that can seamlessly integrate with leading cloud platforms, as well as provide improved security from SASE (Secure Access Service Edge) and SSE (Security Service Edge). Consequently, a smaller number of large providers have emerged as dominant players, while smaller providers have resorted to specializing in niche areas.

• VMware acquired VeloCloud in 2017
• Cisco acquired Viptela in 2017
• Silver Peak was acquired by HPE in 2020
• Palo Alto Networks acquired CloudGenix in 2020
• Juniper Networks acquired 128 Technology in 2020

Another notable trend has been the growing focus on edge computing, with SD WAN playing a pivotal role in facilitating distributed computing. Despite these changes, the market continues to evolve rapidly, suggesting a dynamic and exciting future.

1. Cato Networks Review

IT administrators begin with Cato by selecting a new site and specifying the intended use case and location, deploying a site through Cato is a straightforward process. During installation, IT teams can supply key information such as the site name, type (Branch, HQ, user), connection type (Socket or client), country and state, license type, users, bandwidth, and the assigned IP range. If required, the Cato interface also permits WAN2 configuration to accommodate a diverse circuit.

After setting up, policies are immediately assigned to ensure company security and apply any necessary restrictions. The Cato socket is then plugged into the WAN port of the ISP router, which brings up the actual appliance within the management portal.

Cato SASE, SSE and Remote Access

Remote users are a major component of the Cato value proposition. Setting up their configuration is simple; the first step involves adding the user's name and email address. Shortly after setting up the account, the user will receive an email asking them to activate the Cato service, which directs them to the Cato website's user portal. Once on the website, the portal prompts the user to select Windows, MacOS, iOS, Android, or Linux. After downloading and installing the application, the user can add their username and password to invoke the app, allowing them to connect to the Cato cloud.

Once the user is set up, firewall services can be applied for the WAN (site-to-site and corporate resource access) as well as for Internet access (general browsing). Applying anti-malware and intrusion protection services is simple; just select the option to begin using their standard services.

As an example, when users attempt to visit denied websites, Cato will automatically block sites that are deemed unnecessary for corporate access.

With the site and user set up, no additional action is required because the Cato SSE 360 applies almost real-time security to the WAN.

I was impressed with the comprehensive security features and ease of use that the platform offered. The consolidation of security tools and services into a single platform was a standout feature, allowing for simplified network management and greater visibility and control over network traffic.

The AI-powered threat detection and response were also noteworthy, providing a higher level of protection from emerging cyber threats. The user-friendly interface made it easy to manage and configure policies, and the support team was always available to answer any questions I had.

I was impressed with the platform's comprehensive view of SaaS usage through its Shadow IT dashboard. The dashboard provided both high-level statistics and application-specific data, allowing me to assess the risk of each application accurately. The risk assessment was done by Cato's unique Application Credibility Engine (ACE), which collected information regarding the application's purpose, publisher, security, and compliance to calculate a risk score, determining the most suitable access policy.

I found the platform to be a reliable and efficient solution for businesses seeking comprehensive network security. The fact that all WAN and internet traffic goes through the Cato Cloud ensures that there are no blind spots and no need for multiple appliances from different providers, making it a cost-effective solution.

One of the standout features of Cato's cloud-based solution is its ability to inspect any combination of encrypted and unencrypted traffic with all supported security services. This provides customers with reliable and comprehensive protection, and unlike other solutions, there is no need to go through sizing exercises or forced upgrades, as the platform ensures that sufficient capacity is available to provide the subscribed service.

With Cato's cloud-based solution, customers can be assured that inspection capacity is handled exclusively by Cato, ensuring that there is always enough support for licensed capacity. This means that businesses don't have to worry about sizing, upgrading, patching, or refreshing appliances, as Cato takes care of all of this on their behalf.

Cato's cloud-based solution is efficient and easy-to-use solution for keeping network security up-to-date against emerging threats and evolving business needs. The platform's comprehensive security features and minimal maintenance requirements make it an excellent choice for businesses seeking reliable and cost-effective network security solution.

Cato's CASB supports highly granular access policies, which were enforced inline in real-time, setting it apart from many competing solutions. The level of granularity ensures that an Enterprise's SaaS usage is secure and protected against potential threats. I appreciated the platform's ease of use, advanced features, and security measures, which made it an ideal choice for businesses seeking to streamline their SaaS usage and reduce their risk exposure. Overall, I found Cato's CASB to be a reliable and effective solution for managing SaaS usage, and I would highly recommend it to other enterprises looking for a comprehensive security solution.

Cato's advanced SASE and SSE security solutions, coupled with their global backbone, offer the necessary tools to secure branch offices and remote users. Cato Networks is an excellent option for businesses that prioritize security and require a simple-to-use product. However, enterprise businesses with more granular and complex SD WAN and security requirements may find Cato limited by their standardized feature sets, which may preclude large, complex multinational businesses. What we like about Cato is their easy-to-use management portal, which allows fast deployment of users and sites with simple adds, moves, and changes that can be completed in seconds.

Cato TLS decryption

One further option that Cato offers is the application of TLS decryption. The majority of web traffic is TLS-encrypted, which means your SD WAN provider needs to decrypt this traffic to view the contents and ensure security is upheld. Typically, TLS requires additional hardware, but with the Cato solution, switching on this additional service component is simple; you don't need any other service options. Once TLS is applied, the Socket or client will automatically check all traffic with TLS encryption that traverses the network.

Cato SMB acceleration

The Cato SMB acceleration feature improves traffic acceleration for large batch files, which boosts network performance  and thus improves transfer speeds. An example transfer of a batch file demonstrated the following efficiencies:

The above table shows a positive impact of over 400%. Another improvement witnessed was with RDP (Remote Desktop Protocol). Not only were the same security policies applied through Remote Desktop, but the performance was also excellent, including the quality of video and voice applications. This is a byproduct of the Cato Global backbone.

Users outside of Active Directory can be supported and configured using Cato Zero Trust (ZTNA). 

Who is Cato Networks?

Cato Networks is a leading provider of a single-vendor SASE platform that has experienced impressive annual recurring revenue growth from $1 million to $100 million in just five years. IT decision makers seeking Global SD WAN with SASE and SSE products can turn to Cato Networks for a range of use cases.

Why should your business should consider Cato SD WAN?

1. Cato Networks simplifies MPLS migration, allowing organizations to transition from outdated MPLS networks to public Cloud-based SD WAN.
   
   
2. Cato Networks offers low-latency cloud network access with significant benefits, such as improved access to key applications which includes Office 365 and AWS.
   
   
3. Cato Networks' optimized private backbone allows global offices and remote workers to connect directly to any of Cato's 75 PoPs, providing fast and dependable access to critical business applications without complex and expensive VPN setups.
   
   
4. Cato Networks' managed services offer the resources and support your organization needs to ensure smooth SD WAN management. They can provide various tiers of managed SD WAN and assist with monitoring last-mile circuits and security threats for in-house management.
   
   
5. Cato Networks' solution for local Internet access can enhance branch office connectivity. This solution offers simplified deployment and management, improved application performance, and enhanced security through Cato's cloud SASE and SSE technologies. 

What products does Cato SD WAN include?

The main product features Cato offers are as follows:

What is Cato's Gartner SD WAN Magic Quadrant status?

Cato is not currently included on the Gartner magic quadrant for SD WAN.

Who are Cato's main competitors?

Aryaka is a natural competitor to Cato Networks due to their similarity across their provision of private network PoPs. Aryaka is focussed on fully managed network services whereas Cato is a better option for DIY and Co-managed. Also consider VeloCloud for access to Global public Cloud gateways and strong SASE security integration with 3rd party vendors.

What are the benefits (pros) and drawbacks (cons) of Cato Networks?

2. Aryaka Networks Review

Configuring and deploying Aryaka is straightforward with an easy to use menu system which supports advanced configuration, network monitoring, QoS, network segmentation, traffic rules, WAN optimisation and virtual machine options. Aryaka's primary value proposition lies in its network and security as-a-service, making it an ideal solution for companies seeking to completely outsource their WAN and security requirements.

The advanced configuration menu option displays the site type, license, and naming convention. Changing the bandwidth is perhaps the simplest option here, but interestingly, you are also able to select burstable to ensure that your network is not limited in the event that extra bandwidth is required. Note: burstable depends on your Internet provider offering this service.

Deploying Aryaka at a basic site-to-site level is straightforward. IT administrators can log in to the MyAryaka portal and choose whether to route traffic via Aryaka or site-to-site with pure Internet. Simply select the sites you want to configure, and the portal will submit the request for provisioning. This means the configuration change does not happen immediately and requires the Aryaka team to manually make the change.

When a change or order is submitted by the customer, a confirmation email is sent containing the references from the Aryaka support team.  When a site is in a provisioning state, the MyAryaka portal will display the status which includes:

• Draft
• Provisioning
• Configured

It is important to note that there is a help function which allows users to quickly understand each of the options which exist on the portal.

Aryaka SASE, SSE and Remote Access

SASE is another key component of the Aryaka proposition and can easily be accessed via the portal. Once logged onto the security domain, the data displayed shows a summary of connected sites, user connections, and threats. When using Aryaka's Secure Web Gateway, we found the top threats graph interesting as is weekly trends at a glance. Additionally, there is security data on users who poses the biggest threat to the business.

Monitoring of live logs is available, allowing IT teams to view real-time threats and flags as they occur on the network. This feature is particularly useful when known virus threats exist.

The directory service allows Active Directory users to be bulk added to the network with simple workflows to quickly set up layer 3/4 firewall policies, content-based policies, and traffic scan options to permit or deny traffic. The Aryaka Secure Web Gateway supports URL category filtering, internet firewall options, SSL inspection, antivirus and malware scanning, user identity and control, analysis and reporting, and finally a security policy for hybrid workers.

Adding an Internet policy with Aryaka can be done using segments or zones with two types of policies which can be configured to send traffic to local segments or DMZ's and traffic to specific address ranges. Authentication of remote users is completed using Active Directory (as mentioned previously) with the local PoP assigning an IP address from whatever range is configured.

Aryaka employs multi-factor authentication, where a connection request generates a one-time password sent via email or SMS, ensuring enhanced security measures. The Aryaka SWG applies all the relevant policies that either permit or deny access as per the configuration. In case a user tries to access a restricted website, a message is displayed, and the Aryaka portal adds logs to enable IT teams to identify user trends. For senior staff, individual policies can be configured at the user level rather than at the IP level, offering more personalized and customized security measures.

Who is Aryaka?

Aryaka is a leading provider of software-defined network (SD WAN) connectivity and application delivery solutions. Headquartered in San Mateo, California, Aryaka has a global presence with additional offices located in London, United Kingdom, Bengaluru, India, Beijing, China, and Singapore. The company's innovative SD WAN technology enables businesses to securely and efficiently connect their networks across geographically dispersed locations, providing enhanced application performance, reliability, and security. With its global presence and commitment to customer service, Aryaka is able to offer businesses the support they need to manage their networks and optimize their performance.

Why should your business should consider Aryaka SD WAN?

1. Aryaka Secure Web Gateway next-provides generation firewall technology from Checkpoint and Palo Alto, as well as cloud-based security solutions from Zscaler, Palo Alto, Cisco, Symantec, and Checkpoint, to provide protection against URL filtering, anti-virus, malware, and SSL inspection. 
   
   
2. Aryaka's multi-cloud networking solution comprises four key components: ANAP SD WAN CPE, a global private network of 40+ PoPs, MyAryaka Cloud Portal, and direct regionally-based connections to IaaS and SaaS providers. 
   
   
3. FlexCoreTM architecture, delivers QoS optimized per-site and per-application performance and global resource reservation for each customer. HybridWAN combines MPLS and public internet connectivity options, while Aryaka's patented technology resolves latency and packet loss issues in the last-mile internet link.
   
   
4. Aryaka's cloud-optimized solution provides WAN optimization, application analytics, and direct connections to major IaaS, SaaS, and UCaaS providers for optimal performance. Aryaka offers a fully-meshed private backbone with 40+ service PoPs and 5-9 SLAs for high-quality connectivity.
   
   
5. Aryaka's solution meets the demands of modern cloud-based operations, offering features such as WAN optimization, application analytics, and direct connections to top IaaS, SaaS, and UCaaS providers for peak performance. 

What product features does Aryaka SD WAN include?

The main product features Aryaka offers are as follows:

What is Aryaka's Gartner SD WAN Magic Quadrant status?

Aryaka is not currently included on the Gartner magic quadrant for SD WAN.

Who are Aryaka's main competitors?

Cato Networks is the main competitor to Aryaka because of their private Global network provision. Customers choose Aryaka for their fully managed capability across SD WAN+SASE and SSE. Also consider Masergy as a service provider alternative when opting for fully managed services and VeloCloud as a public gateway alternative to private PoP provision.

What are the benefits (pros) and drawbacks (cons) of Aryaka?

3. Masergy Review (Comcast Business)

One of the original Masergy propositions surrounded adding bandwidth to circuits on the fly and while this approach is no longer specific to Masergy, it does remain a core feature of their network-on-demand capability. This is because the bandwidth change happens in real time which is a key differentiator between their approach and other providers and vendors where tickets take time to process. Using the Masergy portal, an authorised administrator simply selects the site and changes the bandwidth using a slider.

Today, Masergy is offering a number of key solutions to customers. Masergy SD WAN is available as a fully managed and co-managed solution - as a service provider, offering DIY is not part of their proposition. The platform offers support for Masergy-provided Internet or MPLS, Broadband, 4G/5G, or customers can even provide their own network connectivity (over-the-top SD WAN).

Perhaps the biggest feature recognized by Netify is their Service Level Agreement (SLA), which applies to both their own connectivity but also any over-the-top providers sourced on your behalf. If one of your sites is under contract and cannot be migrated to Masergy, over-the-top will take the circuit under management with a bespoke SLA.

Multi-Cloud Connect is available to AWS, Azure, Google Cloud, Salesforce, SAP, and Cisco with SASE cybersecurity with next-generation Firewalls and managed NOC and SOC layered over the proposition.

Wrapped around the service proposition are real-time statistics and insights into the network with AIOps. With artificial intelligence, AI works as a virtual engineer to enhance application performance and predict bandwidth needs. An example is where AI discovers excessive packet drops or high bandwidth utilization - the tool will notify your point of contact. If Office 365 bandwidth is increasing over time, AIOps will also provide notifications that this is a potential future issue.

Maergy SASE, SSE and Remote Access

"On The Go" (Masergy remote access) Endpoint detection and response with CASB and Zero Trust form the basis of Masergy's remote access proposition, which is provided by Fortinet. In addition to their remote capabilities, Masergy also adds their UCaaS VoIP and video conferencing solution, which means your delay-sensitive traffic is served over one IP network. With Fortinet, Masergy offers a work-from-home edge device, which means any connected device is secured when accessing the internet, vs. their client, which is installed directly onto the laptop, PC, tablet, or phone as an app.

Protection against malware, phishing, and ransomware is a priority, all of which is monitored and managed by their operations control NOC. The service does have a 30-day installation time, which is used to process orders and create your initial setup.

Fortinet is the main vendor used within Masergy managed services across SD WAN, Firewall, and Secure Web Gateway, with Forcepoint supporting Cloud Service Security Broker. The Masergy value is based around security analytics and AIOps - in other words, the service is configured and set up on your behalf, with the reporting and analytics provided for your business to understand current threats and issues.

Who is Masergy?

Masergy is a North American company headquartered in Plano, Texas, founded in 2000 to deliver software-defined networking solutions. The service provider offers managed and co-managed, best-of-breed SD WAN and SASE solutions through integrations with leading networking and security vendors delivered over a global network comprising fifty-one (51) points of presence. Comcast acquired Masergy in 2021, but the company has been operating independently since the acquisition.

Previously renowned for their exceptional global metro area backbone connectivity, Masergy has advanced to offer a full suite of services, including fully-managed SD WAN and SASE solutions, unified communications, contact center solutions, and managed security services. With a strong commitment to customer service, Masergy boasts one of the highest net promoter scores in the industry, exemplifying their focus on ensuring customer satisfaction. By leveraging Masergy's comprehensive services, IT decision makers can enhance their organization's productivity and efficiency, while enjoying peace of mind knowing their network is in safe and experienced hands.

Why should your business should consider Masergy SD WAN?

1. Companies which prefer a service provider with support for multiple SD WAN vendors should consider Masergy.
   
   
2. Choose Masergy for their high performing backbone which offers significant benefits across latency and jitter.
   
   
3. Designed for the mid-market, their solutions meet the demands of most requirements without being overly complex to consume.
   
   
4. Masergy support both SD WAN, SASE and SSE together with UCAAS, MS Teams and Contact Centre.
   
   
5. Simple bandwidth changes make the solution flexible when organisations experience significant usage changes.

What products does Masergy SD WAN include?

The main product features Masergy offers are as follows:

What is Masergy's Gartner SD WAN Magic Quadrant status?

Masergy is not currently included on the Gartner magic quadrant for SD WAN.

Who are Masergy's main competitors?

Masergy's main value proposition surrounds fully outsourced SD WAN and SASE managed services. Ayraka is a vendor alternative as their value also has a focus on managed SD WAN. Other service provider telcos are a further consideration, including GTT, BT and Colt.

What are the benefits (pros) and drawbacks (cons) of Masergy?

4. Versa Review

Versa was recognized for their capability to support complex WAN requirements. Although this remains the case today, Versa can also support standard requirements for medium to large businesses. As with the majority of SD WAN providers listed in this article, the Versa portal allows users to administer the SD WAN solution via configuration, monitoring, troubleshooting, management of users and licenses.

When adding a site, you are confronted with network, security, and steering. With network, the company intranet or LAN, and of course the WAN. When selecting the Versa WAN configuration, users and sites can be forced to send traffic as Internet, VPN only, or within the actual organization. The addition of being able to configure interfaces easily is a great feature that allows you to simply implement WAN diversity (WAN1/WAN2) and also add 4G and 5G LTE services for backup (although cellular can be configured as primary if it makes sense).

Security is easily deployed out of the box with default policies for Firewall, profile definitions for whitelisting and blacklisting, IP reputation, Antivirus, and intrusion protection. Each feature is customizable but also very simple and straightforward to deploy with a range of recognized threats and websites that are auto-denied by using Easy Security Picks (Versa auto-deployment).

Traffic steering is an important feature of Versa which allows easy setup and configuration of applications based on a number of options as follows:

• Low latency
• Low packet loss
• Low delay variation

Versa will detect which underlay circuit supports the best latency, packet loss, or jitter. You can also select per application to route the traffic across whichever link is most suitable.

Reporting is available with an at-a-glance display of your connected sites and their current network, security, and device status. With LTE circuits, the signal strength is also displayed to quickly understand any potential performance impact. The security tab shows the URL categories your users are visiting from computer and Internet information through to shopping and travel - deny policies can be set up if required. URL reputation, session quantity, and the bandwidth used are also displayed, representing important data points when evaluating the users' daily access to the Internet.

Troubleshooting displays the current status of deployed branch-office hardware appliances and any remote users connected to the network. An interesting feature is Versa's pre-defined troubleshooting options, which include Internet connection problems, Wi-Fi issues, slow speeds, and trouble accessing websites.

The portal also allows you to select loss recovery options, which includes Forward Error Correct (FEC) and packet replication, which is ideal when running delay-sensitive applications such as voice and video. The same stream if sent over a primary and secondary circuit - if one circuit fails, the other takes over.

Versa SASE, SSE and Remote Access

Versa SD WAN is a networking and security solution that provides a comprehensive approach to branch or remote user connectivity. Their solution is categorized into networking and security, with a focus on providing users with a wide range of connectivity options, such as WiFi, cellular, routing, appliances, or apps. This ensures that users have access to the best possible connectivity solution for their specific needs.

The security capabilities of the solution include Firewall, Anti-virus, Anti-malware, Intrusion Protection, and Secure Web Gateway. This comprehensive suite of security features ensures that users are protected from a wide range of threats, including malware, viruses, and unauthorized access attempts.

Both the networking and security capabilities of Versa SD WAN feed into the Versa Flex VNF (Virtual Network Function) proposition, which is the key to the aggregation of Versa technologies.

The Versa SASE client provides a unique pre-logon connection feature that allows clients to establish a secure VPN connection to an organization's network at the same time as their user login.

This pre-logon authentication method guarantees that the user's identity is verified and that the client device establishes a secure connection to the network. Furthermore, the pre-logon feature is especially beneficial for organizations that use Active Directory on-premises, as a connection between the user device and AD is necessary during the initial login. With pre-logon enabled, new users without AD connectivity can quickly and efficiently log in to the network using their Versa SASE client and login credentials provided by the network administrator.

Before shipping the laptop device, network administrators must install the Versa SASE client with pre-logon enabled and ensure that the necessary OS updates and security patches are in place to meet the organization's security requirements. Once installed, the new user can log in from any location and access the organization's internal resources, thanks to the pre-logon feature. Overall, the Versa SASE client's pre-logon connection method offers a secure and reliable option for organizations that require their users to access their network from various locations.

The Versa SASE solution elements are as follows:

Versa SASE is an excellent solution for organizations that require a comprehensive suite of network security capabilities to safeguard their on-premises, branch, or cloud applications. Versa Security is a fundamental component of the Versa SASE platform, providing a centralized location for managing network security capabilities that allow you to enforce policies in real-time with complete visibility. The NGFW, secure remote access, and UTM services offer enhanced protection for application and user activity across the enterprise WAN, branch, and private or public clouds.

One of the remarkable features of Versa Security is its multi-tenancy, multi-service, elasticity, and zero-touch provisioning. These features make it a critical component of any organization's security strategy. Providers can effortlessly create basic managed firewall services or multi-function services like UTM, replacing complex physical or virtual appliances with virtualized security functions. These services can operate on-premises, in the provider data center or cloud, public cloud, or a combination of all. Additionally, the security functionality is embedded directly into the network stacking, making it a more cost-effective solution than third-party or proprietary security hardware or software packages.

Versa's service chaining and multi-service capabilities make it simple for organizations to integrate critical security functions like next-generation firewall and secure web gateway into their existing network infrastructure. In conclusion, Versa Security offers a full suite of network security capabilities that are centrally managed through a single pane of glass, providing complete visibility and real-time policy enforcement for your on-premises, branch, or cloud applications.

The virtualized security functions offered by Versa are open, fully programmable, and run on commodity x86-based hardware, providing a cost-effective alternative to third-party or proprietary security hardware or software packages. Overall, Versa SASE is an outstanding solution for organizations that need to simplify security and networking interoperability while providing comprehensive protection for their applications.

Who is Versa?

Versa's unique approach to Secure Access Service Edge (SASE) sets it apart from other vendors in the market. As a provider of an end-to-end solution that both simplifies and secures modern networks, Versa's SASE, which is built on its proprietary operating system, VOS, offers a comprehensive range of capabilities that can be delivered via the cloud or on-premises. This enables businesses to create agile and secure networks that can efficiently manage remote workforces and connect users to applications no matter where they exist. Versa's focus is to solve the security and networking challenges faced by enterprises and service providers.

Why should your business should consider Versa SD WAN?

1. Versa Networks' SD WAN solution enables secure and efficient connectivity between multiple cloud environments, including public, private, and hybrid clouds, and branch offices/remote users. The Versa solution optimizes cloud application performance and dynamically routes traffic over the most appropriate path based on real-time network conditions.
   
   
2. Secure connectivity is provided to remote workers, guest users, and IoT devices while ensuring compliance with corporate security policies. SASE overlays SWG, ZTNA, FWaaS, and CASB.
   
   
3. Versa enables secure access to SaaS applications, such as Office 365 and Salesforce, by enforcing granular access policies and providing advanced threat protection. It can also protect against data exfiltration and compliance violations.
   
   
4. Versa SWG enables secure internet access for remote workers and branch offices by providing advanced threat protection, URL filtering, and malware detection. It can also enforce security policies to prevent data leakage and compliance violations.
   
   
5. 24/7 monitoring, incident response, and reporting ensure that enterprises can focus on their core business while Versa Networks takes care of their security needs.

What products does Versa SD WAN include?

The main product features Versa offers are as follows:

Forcepoint SASE, SSE and Remote Users

Forcepoint One is easy to manage and easy to use. Administrators log in to the Force One console to set security policies and monitor what is happening. This unified portal in the cloud makes setting security policies easy.

Once in the portal, you can control how people access and use your data on the web to enforce your acceptable use policies, prevent uploading of sensitive data, and defend against potential malware in cloud and SaaS apps to control how, where, and when your managed cloud apps and data are used even from BYOD and unmanaged devices and in internal private applications in data centers or private clouds.

Within each policy, you can quickly specify what actions to take in each situation. To keep attackers out and sensitive data in, you can allow certain groups of people to log into cloud apps such as Microsoft 365 from a personal device but not be able to download files.

This data protection works in both directions. With a few clicks, you can prevent users from uploading sensitive files into unmanaged websites like Dropbox or personal email. Force One comes preconfigured with a wide range of geographic and industry-based DLP patterns that can be added to a policy in seconds.

It also helps keep people safe from malware and Internet attacks as they surf the web and use unmanaged web applications. With Forcepoint One, you can enforce your corporate web usage policies anywhere so that remote users don't engage in prohibited activity that could put your organization at risk but also allow for safe access to websites they need to use, but that you're concerned might not be safe.

As is often the case for lawyers, insurance adjusters, financial organizations, and others having to look up information on the internet, our remote browser isolation provides true zero trust browsing, including sanitizing downloaded files so that they can be opened without risk.

And browsing is fast. Instead of detouring traffic through a separate cloud service, our security is enforced locally on the managed device so that traffic can go directly to the website. With this unique distributed architecture, browsing is up to twice as fast as other web security solutions.

This same threat protection and data security can be applied to private applications in your internal data centers or private clouds. With Forcepoint's Zero Trust Network Access (ZTNA), you can control who can access your apps while freeing your users from the pain of VPNs.

You can prevent users from uploading malware into your line of business apps and limit who can download sensitive data, such as personally identifiable information, managing access and use of corporate data on the web, in the cloud, and in private apps all in one place.

Forcepoint and Office 365

Typically, organizations adopt Office 365 because they want to take advantage of the boost in productivity they can get from it, such as sharing files, having meetings, conducting business with people dispersed geographically, and exchanging files and content to make their business happen.

Forcepoint DLP and Office 365 work together to secure each component of the solution. In a demo of a file transfer over MS Teams, we configured a Forcepoint DLP policy to understand the sub-application part of Office 365 where the file has been transferred, ensuring that the upload of the file won't go through.

If the file was deemed confidential or sensitive, Forcepoint provides better control over how those files are exchanged by tailoring policies specifically for cloud applications in Office 365. Another example is using OneDrive - you may not want that in Teams or in SharePoint.

Forcepoint provides the granularity to be able to switch because they are very different applications. Office 365 is just a general suite, and Teams, SharePoint, and OneDrive have unique needs in terms of how you interact with people. This is a tremendous benefit that Forcepoint provides to customers, giving them the ability to have granular control and visibility.

In the demo, we could see how easy it was to apply extended granularity, and the DLP policies can be tailored to suit the customers' needs, not just what they came up with.

Who is Forcepoint?

Forcepoint is a renowned cybersecurity company that specializes in providing effective and reliable solutions to help businesses safeguard their crucial data and networks from potential internal and external threats. Established in 2016, Forcepoint is the result of a merger of three cybersecurity giants - Raytheon Cyber Products, Websense, and Stonesoft.

With its extensive range of products and services, Forcepoint caters to the diverse security needs of organizations. Its offerings include cloud access security brokers, web and email security, insider threat protection, data loss prevention, and network security. These solutions are strategically designed to ensure that companies can protect their confidential data, intellectual property, comply with regulations, and prevent cyberattacks.

Not limited to a particular industry, Forcepoint serves a broad range of sectors such as government, healthcare, financial services, and retail, to name a few. Its global presence can be felt across the United States, Europe, and Asia Pacific, where it has established offices to cater to its clientele spread across 150 countries.

Why should your business should consider Forcepoint SD WAN?

1. Companies which are heavily invested within the Office 365 eco-system will benefit from Forcepoint's capability to secure each element of the solution.
   
   
2. Existing Firewall customers of Forcepoint will benefit from the progression of adding additional SD WAN, SASE and SSE features.
   
   
3. Focus on DLP (Data Loss and Prevention) scanning across files and transfer of data occurring on the network.
   
   
4. Forcepoint are aligned to verticals which includes Government, Critical Infrastructure, Finance, Healthcare and Energy.
   
   
5. Forcepoint offer GDPR compliance across their solutions.

What products does Forcepoint SD WAN include?

The main product features Forcepoint offers are as follows:

What is Forcepoint's Gartner SD WAN Magic Quadrant status?

Forcepoint is a Gartner Magic Quadrant niche player.

Who are Forcepoint's main competitors?

Forcepoint lead with their SASE+SD WAN and SSE features. As a vendor, their capability is comparable to HPE Aruba in respect of features. Both companies began by offering a broad based capability across SD WAN. The Forcepoint value proposition is designed to reduce complexity which aligns with Cato and Versa which both offer out of the box capability.

What are the benefits (pros) and drawbacks (cons) of Forcepoint?