2023 SD WAN Provider and Vendor comparison
The best SD WAN providers are: Cato, Aryaka, Masergy, BT Business, AT&T, COLT, GTT, Lumen, Open Systems and Tata. The best SD WAN features include zero-touch deployment, traffic steering, circuit bonding, managed & DIY services, reporting, cloud native access, next generation firewall, SASE security & network POPs.
Use cases for the 10 best SD WAN Providers:
- Cato Networks - best vendor for companies requiring global DIY or managed services with strong cloud delivered SASE options.
- Aryaka - best vendor for global managed services across SD WAN and cloud SASE, strong in China.
- Masergy - best provider for metro located businesses due to their high performing backbone and strong managed services portfolio.
- BT Business - best provider for UK managed SD WAN services with options for global underlay connectivity and support.
- AT&T - best provider for US based large global Enterprise managed SD WAN.
- COLT - best provider for UK and European underlay due to high on-net connectivity with strong managed SD WAN options.
- GTT - best provider for medium to large global Enterprise businesses with support for high bandwidth global underlay.
- Lumen - best provider for Global Enterprise businesses across the US & UK with strong global underlay together with good security and professional services.
- Open Systems - best provider for UK and European DIY and managed SD WAN with strong SASE security support.
- TATA - best provider for companies requiring low latency global traffic support with a bias toward Cisco.
Who is the best SD WAN provider?
Cato Networks is the best Global SD WAN provider. Cato Networks offers a cloud-native SD WAN-as-a-service solution with a complete set of networking and SASE security features delivered from the cloud. Cato operates a private backbone spanning over 65 PoPs.
Please complete the Netify SD WAN assessment to learn whether Cato is a good fit for your business.
SD WAN vendor and provider use case & comparison matrix:
Vendor Strengths and Weaknesses |
Business use case & SD WAN feature comparison |
Why choose Cato SD WAN? |
With Cato Networks’ flexibility to use their proprietary Cato Socket Edge edge devices or IPSec on existing 3rd party edge hardware, multi-gig throughput complete SASE, SSE, and SD-WAN services, and cloud-native architecture, they are a strong performing provider of SD-WAN solutions. They provide mature infrastructure with skillfully designed solutions and top-tier security. Additionally, given their global private backbone with over 75 PoPs globally, enterprises of all sizes and geographies can benefit from their solutions. |
Why choose Aryaka SD WAN? |
Aryaka provides ANAP (Aryaka Network Access Point) appliances with integrated NGFW, powered by CheckPoint or Palo Alto which delivers their edge connectivity and support for global enterprises of any size. Security is handled through one of many 3rd party security partners at Aryaka so for organizations looking for flexibility in design and implementation, Aryaka is not to be discounted. Aryaka have a strong presence in China. |
Why choose Masergy SD WAN? |
Masergy partners with Cisco, Forcepoint, HPE Aruba, and Fortinet to provide best-in-class security and threat management embedded in the edge as well as in the cloud. Masergy provides over-the-top, managed, or co-managed solutions with guaranteed SLAs so organizations looking for a solution built on tried-and-true 3rd party hardware with high reliability could see their solutions as a good fit. |
Why choose BT Business SD WAN? |
BT’s SD-WAN offerings are powered by Palo Alto’s Prisma, Cisco, Meraki, VMware, Agile Connect Nuage, and Nokia in order to deliver full-featured solutions, security and networking expertise, and global infrastructure. The many options available allow organizations the opportunity to choose from a variety of solutions and determine which suite their needs best while still receiving backbone connectivity provided by BT. This is a good solution for those looking for choices in edge hardware and software backed by a leading network provider that prefer direct connectivity as close to the backbone as possible. However, although they offer a variety of choices, their solutions may be less customized or tailored, and include less of a ‘white glove’ approach in terms of bundled professional services. |
Why choose AT&T SD WAN? |
AT&T has partnered with top names in SD-WAN technology and provides one of the largest and most mature global network infrastructures in the industry. Organizations that want world-class reliability should not overlook AT&T as they are poised to consistently stay at the top of the SD-WAN food chain due to their global footprint, and partnerships with VMware, Cisco, Aruba and Palo Alto Networks. |
Why choose COLT SD WAN? |
COLT is a solid choice offering self-service SD-WAN management and cloud-native architecture operated on their own network. They partner with Versa Networks and VMware to provide edge infrastructure and services. They have a huge footprint in Europe and Asia, as well as some footprint in the United States which can be extended through partner relationships. |
Why choose GTT SD WAN? |
GTT runs a Tier 1 global IP network with more than 600 points-of-presence making them a leading SD-WAN service provider. Partnerships with VMware and Silver Peak enable built-in security including complete segmentation and end-to-end encryption. If managed network services on a large global network is what your organization requires, GTT is a great place to turn. |
Why choose Lumen SD WAN? |
Lumen has a large network footprint strengthened through both acquisitions and global partner relationships. Lumen has partnered with the SD-WAN industry leaders including Cisco, Versa Networks, and VMware to provide a selection of solutions with features fit for almost any-sized organization. Leveraging partnerships with networking leaders grants flexibility while shopping for a solution, and the ability to mix-and-match among their partners allows a layered security approach. |
Why choose Open Systems SD WAN? |
Open Systems combines fully managed SD-WAN solutions with top-tier Managed Threat Detection and Response (MDR) backed by 24/7 security operations centers (SOCs) and highly skilled team of support engineers and network architects. This makes them well-positioned to provide solutions to organizations without vendor preference who want a fully managed solution with built-in security and monitoring. |
Why choose TATA SD WAN? |
TATA Communications a cloud-first SD-WAN architecture with a Cisco edge that supports end-to-end security on-premise and in the cloud. The solution can deploy with an underlay or overlay approach and offers holistic SASE coverage from NGFWs and virtual proxies all while leveraging a zero-trust secure fabric. They also are known for their support of low-latency multicast traffic around the globe. |
Compare the SD WAN & SASE / SSE Cybersecurity market across 150 providers and vendors now
- Compare DIY or fully managed solutions for your business
- Learn why each solution is a match for your business
- Used by companies including CDC, Permira, Square Enix, British Legion and more
Over the last three years, I've been researching numerous managed SD WAN providers and vendors for the Netify marketplace. In this article, I've listed the ten best vendors and managed service providers together with an overview of their SD WAN solutions which fit the needs of most US and UK national and multinational companies. If you want to find the best option for your specific business, please use our free assessment tool to create an SD WAN & SASE/SSE Cybersecurity shortlist across US, UK and Global Gartner leaders, niche players and startups.
The following is an in-depth perspective and comparison of SD WAN across the 10 best Providers and Solutions for DIY & Managed services.
1. Cato Networks
Who is Cato Networks?
Cato Networks is an Israeli company founded in 2015 to deliver cloud-based, unified networking and security solutions. The vendor's SD WAN and SASE offerings are a fully managed or co-managed cloud service over a POP-based independent global backbone extending six (6) continents, with multiple connectivity options to integrate SaaS, PaaS, and IaaS environments.
How does Cato Networks fit your business needs?
Cato Networks' flagship product is Cato SASE with SSE 360, an end-to-end security and networking solution delivered as a cloud-based, single-vendor platform. This solution is provisioned over a global private backbone that securely connects branch offices, data centers, remote users, and clouds. Branch offices connect to the nearest Cato PoP via the Cato Socket edge device, while the Cato vSocket connects multiple public clouds via IPsec tunnels. Similarly, clientless and client-based remote access for mobile users is available via Cato ZTNA.
Built directly into Cato SASE Cloud is Cato SSE 360, providing consistent security policy enforcement across all edges and traffic.
The vendor offers a 99.999% uptime SLA and around-the-clock global NOC and SOC support.
Who are Cato Networks' main competitors?
Cato Networks' main competitors include Palo Alto Networks, Fortinet, Versa Networks, Aryaka, VMWare, Cisco Meraki, and Aruba Networks.
What are Cato Networks' main SD WAN and SASE features?
Cato Networks' SD WAN solution is delivered over a global private backbone interconnected via over seventy-five (75) points of presence (POPs) and fully managed by Cato. Cato Networks' SD WAN provides bandwidth optimization and resiliency through link aggregation and active-active or active-passive load balancing, increasing network capacity and minimizing downtime. Similarly, Cato Networks' dynamic path selection and policy-based routing allow customers to prioritize mission-critical traffic, routing business-critical applications over high-speed circuits and non-business traffic over low-speed links. Other standard SD WAN features offered by Cato Networks include application identification via deep packet inspection, QoS, BGP> integration, and PoP-based packet loss mitigation via automatic link failover.
Cato Networks' top SASE/SSE features include:
- Secure Web Gateway (SWG) with SSL inspection, enabling secure Internet access for on-premises and mobile users
- Cloud Access Security Broker (CASB) securing public cloud application access
- Firewall-as-a-Service (FWaaS) with advanced threat detection, including Intrusion Protection System (IPS) and NextGen malware protection
- Managed Detection & Response (MDR) is an optional managed service.
- Zero-Trust Network Access (ZTNA)
- Inline and API-based Data Loss Prevention (DLP)
- Remote Browser Isolation (RBI)
What are the benefits (pros) and drawbacks (cons) of Cato Networks?
|
Benefits (pros) |
Drawbacks (cons) |
|
Fully managed cloud-native solution delivered via a single-vendor unified networking and security stack |
Limited security feature set compared to similar enterprise-grade solutions. |
|
Highly scalable and fault-tolerant via zero-touch SD WAN edge devices and link aggregation. |
Limited integration with third-party identity providers |
|
Centralized management via a user-friendly and simplified web user interface |
Relatively new solution that is still gaining popularity amongst the IT community |
2. Aryaka
Who is Aryaka?
Aryaka is a North American company founded in 2009 to deliver software-defined network connectivity across wide-area networks. The vendor managed SD WAN and SASE solutions use proprietary network and security technology over a cloud-first POP-based global network backbone, extending six (6) continents, and branching out to multiple public clouds.
How does Aryaka fit your business needs?
SmartConnect is Aryaka's signature product, a single-vendor, all-in-one managed SD WAN (or SD WANaaS) solution providing end-to-end network connectivity between hub locations, branch offices, and multiple clouds globally, with guaranteed SLAs and uptime up to 99.999% and deterministic network performance and latency. Complementing its SD WANaaS solution are Prime EZ and Prime Pro, Aryaka's cloud-first SASE platforms designed as a single-vendor security stack delivered from the cloud.
Who are Aryaka’s main competitors?
VMWare, Versa Networks, Cato Networks, Aruba Networks, and Cisco Meraki are among Aryaka's top competitors.
What are Aryaka’s main SD WAN and SASE features?
Aryaka SD WAN solution is delivered over a Layer 3 and Layer 2 private backbone with varying fixed bandwidth tiers for maximum flexibility and cost-effectiveness. The solution offers multiple cloud connectivity options, including IaaS-SDCI, SaaS peering (add-on), cloud security connector to integrate with third-party cloud security providers, and cloud transport networks to extend connectivity to public clouds, such as Microsoft Azure and Amazon Web Services (AWS). Aryaka's standard SD WAN features include multiple traffic steering and link optimization options, including path preference, selection, replication, packet loss recovery, de-jitter, and load balancing.
Aryaka’s top SASE features include:
- Layer 3, 4, and 7 (application) stateful inspection firewall with optional managed or hosted NextGen firewalls.
- Micro-segmentation
- Private access is an add-on to Prime EZ and Prime Pro offerings.
- Secure web gateway (SWG) for branch users with an option to cover remote and mobile users, featuring URL filtering, malware protection, SSL inspection, and L3/L4 stateful inspection firewalls for Internet breakouts.
What are the benefits (pros) and drawbacks (cons) of Aryaka?
|
Benefits (pros) |
Drawbacks (cons) |
|
Fully managed, end-to-end SD WAN solution, including first and last-mile procurement and management. |
Many desirable capabilities, such as SaaS peering, ZTNA, and SWG, are available as upgrades or optional add-ons. |
|
Aryaka’s SD WAN service is available in regions where few providers operate, such as China. |
The current product offering does not offer CASB and DLP capabilities. |
|
Centralized co-management and self-service capabilities are available via the MyAryaka customer portal. |
Limited coverage in South America and Africa with a single PoP location in each continent. |
3. Masergy (Comcast Business)
Who is Masergy?
Masergy is a North American company headquartered in Plano, Texas, founded in 2000 to deliver software-defined networking solutions. The service provider offers managed and co-managed, best-of-breed SD WAN and SASE solutions through integrations with leading networking and security vendors delivered over a global network comprising fifty-one (51) points of presence. Comcast acquired Masergy in 2021, but the company has been operating independently since the acquisition.
How does Masergy fit your business needs?
Masergy offers managed and co-managed SD WAN using an Internet-only model, overlying the solution over any private and public network. With this model, customers can "bring their own network" or opt for Masergy's private or public connectivity options, creating an ideal, low-cost alternative for customers with long-term network contracts.
Masergy's SD WAN edge device is a Fortinet product with built-in standard and advanced security features. Masergy also addresses the work-from-home use case with a lightweight Fortinet SD WAN device installed in users' home offices to boost the performance of residential Internet circuits.
From a SASE/SSE standpoint, Masergy offers tiered security services ranging from standard unified threat protection to fully managed security services.
Who are Masergy’s main competitors?
Hughes Network Systems, MetTel, AT&T, and Lumen are Masergy’s top competitors.
What are Masergy’s main SD WAN and SASE features?
Masergy's SD WAN solution is delivered over a global network of fifty-one (51) points of presence (POPs). The solution integrates artificial intelligence via AIOps to predict and self-heal network performance issues and outages by evaluating and automatically redeploying network policies before user impact is experienced. Masergy's most innovative managed SD WAN feature is Masergy Performance Edge, a propriety technology that boosts network performance across low-cost broadband connections, increasing stability and minimizing packet loss.
Masergy’s SASE/SSE features include:
- Next-generation firewall (NGFW) with unified threat protection (UTP), next-generation malware protection, IDS/IPS, URL filtering, and DLP available as standard features in all service tiers
- CASB included in Masergy’s Managed Security Services tier
What are the benefits (pros) and drawbacks (cons) of Masergy?
|
Benefits (pros) |
Drawbacks (cons) |
|
Masergy offers co-managed SD WAN services for customers who need to retain control of network and security policy management. |
Masergy does not currently have a ZTNA solution integrated into its SASE offering. |
|
Masergy's AI-integrated SD WAN solution helps predict outages and cloud application performance issues through the continual evaluation of network policies, bandwidth utilization, and application usage. |
Masergy offers SASE security capabilities through integration with third-party security vendors rather than natively via a single-vendor stack. |
|
Masergy offers a unified web portal enabling customers to manage, monitor, and troubleshoot network, security, and application performance issues from a single pane of glass. |
|
|
Masergy offers competitive SLAs with 100% committed uptime for SD WAN sites deployed with high availability. |
|
4. BT
Who is BT?
BT is a British telecommunications company headquartered in London and the largest provider of telephony services in the United Kingdom. The service provider offers managed and co-managed SD WAN solutions from prominent third-party vendors with BT's public and private backbone as the transport, which extends to more than one hundred and ninety-eight (198) countries, connecting to eight (8) public cloud providers in seventy-four (74) cities.
How does BT fit your business needs?
BT offers managed SD WAN solutions from Cisco Meraki, Cisco Viptela, Nuage, Fortinet, and VMWare, with BT's global backbone network as the underlay. BT's universal CPE supports multiple virtual network functions (AFVs) and can be deployed as a virtual CPE in the cloud or a physical edge device. All SD WAN solutions are delivered as managed and co-managed services. BT also offers a SASE solution based on the VMWare SASE platform.
BT's subsidiary in China, BT China Communications Limited, is licensed to operate in China and deliver VPN and Internet services in the region.
Who are BT's main competitors?
BT's main competitors include AT&T, Vodafone, Verizon, Tata Communications, NTT Communications, Singtel, China Telecom Global, and Colt.
What are BT's main SD WAN and SSE features?
BT's SD WAN features vary based on the SD WAN vendor:
- BT with VMWare SD WAN provides dynamic multi-path optimization using VMWare's Dynamic Path Optimization technology and many virtual network functions, including NextGen firewalls, WAN optimization, and traffic acceleration.
- BT with Cisco Meraki SD WAN offers application prioritization, dynamic path selection, and failover via multiple access methods.
- BT with Nuage SD WAN introduces support for remote workers and mobile users.
- Cisco Viptela SD WAN allows customers to deploy secure SD WAN on BT's hybrid underlay, benefitting from intelligent routing and improved application performance.
BT SSE features, powered by the VMWare SASE Platform, include:
- Next-generation cloud firewall
- URL classification and web content filtering
- Inline CASB
- Malware protection
- ZTNA via VMWare Secure Access Service Edge Platform
What are the benefits (pros) and drawbacks (cons) of BT SD WAN?
|
Benefits (pros) |
Drawbacks (cons) |
|
BT's global backbone network offers excellent coverage in all regions. |
Long lead times for new site deployments. |
|
BT's uCPE provides customers with more SD WAN vendor choices. |
|
|
BT is licensed to operate in China and can offer in-country services with local billing. |
|
5. AT&T
Who is AT&T?
AT&T is an American telecommunications company headquartered in Dallas, Texas, with a global presence in more than two hundred (200) countries and the largest share of managed SD WAN locations in the North American market. The service provider offers managed SD WAN and SASE solutions from prominent third-party vendors. The solutions are carrier-agnostic and can run over AT&T's MPLS and Internet backbone or as an over-the-top solution.
How does AT&T fit your business needs?
AT&T offers managed SD WAN solutions based on Cisco, Aruba, VMWare, and Palo Alto Networks and SASE solutions from Cisco, Fortinet, Palo Alto Networks, and VMWare, managed by the AT&T Cybersecurity division. AT&T also offers the FlexConnect platform, AT&T's own managed SD WAN service running on universal hardware and centrally managed from a cloud-based orchestrator. FlexConnect is also available as a self-managed service.
Who are AT&T's main competitors?
AT&T's top competitors include Cato, Masergy, Aryaka, Versa, Cisco, GTT, Lumen, Palo Alto, and Globalgig.
What are AT&T's main SD WAN and SSE features?
AT&T's main SD WAN features include dynamic path selection, dynamic routing, WAN aggregation, and near real-time performance monitoring, enabling optimal traffic delivery across different network transports.
What are the benefits (pros) and drawbacks (cons) of AT&T?
|
Benefits (pros) |
Drawbacks (cons) |
|
AT&T's balanced SD WAN portfolio offers prominent vendor technologies and deployment options, including hybrid, network-based, and over-the-top. |
AT&T technical support is fragmented, often leading to long lead times to resolve customer issues. |
|
AT&T offers its own SD WAN solution, FlexConnect, based on a universal compact SD WAN edge device |
|
|
AT&T's site-by-site flexibility allows customers to combine SD WAN and non-SD WAN sites on the same network |
6. COLT
Who is Colt?
Colt is a British company headquartered in London, founded in 1992 as a telecommunications service provider. The service provider offers managed and co-managed SD WAN and SASE solutions through integrations with leading third-party SD WAN and security providers. Colt SD WAN and SASE offerings are delivered over Colt's fully-owned public and private backbone network, the Colt IQ Network, which extends to four continents.
How does Colt fit your business needs?
Colt offers managed SD WAN solutions based on Versa Networks and VMWare, overlayed on its own global private and public backbone network. The company has a significant presence and infrastructure across Europe and the Asia Pacific, with limited coverage in South America, Central America, and Africa. With over five hundred (500) data centers distributed across forty-eight (48) European cities, Colt is an ideal candidate for companies operating out of Europe.
Colt also offers co-managed SD WAN White Label solutions with a customized client portal.
Who are Colt’s main competitors?
Colt’s main competitors include Orange Business Services, AT&T, Verizon, NTT, BT, and Telefonica.
What are Colt’s main SD WAN and SASE features?
Colt's managed SD WAN solution offers standard and advanced SD WAN capabilities delivered as network function virtualization (NFV) modules in a single branch office device. The standard features include basic application traffic steering and layer 3/4 stateful inspection firewall. The basic application traffic steering feature allows customers to route application traffic via different links based on IP address, network port, protocol, and network performance metrics, such as jitter, latency, and packet loss.
Advanced SD WAN capabilities include deep packet inspection of over 2,600 applications, dynamic multi-path routing based on URL, and layer 7 firewalls with DDoS protection. Colt also offers WAN optimization using packet cloning and Forward Error Correction (FEC) to speed up mission-critical application traffic over low-quality circuits.
Lastly, Colt's SASE/SSE features include a secure web gateway based on Versa SASE.
What are the benefits (pros) and drawbacks (cons) of Colt?
|
Benefits (pros) |
Drawbacks (cons) |
|
Colt offers a co-managed SD WAN White Label, allowing network service providers to resell Colt's SD WAN service globally. |
Colt's backbone network has minimal coverage in South America, Central America, and Africa. |
|
Colt offers multiple SD WAN edge device options, including pre-configured COTS servers, universal CPEs, and SD WAN edge devices by Versa and VMWare. |
Colt offers limited security capabilities at the branch office compared to its competitors. |
|
Colt supports VoIP over SD WAN through VoIP traffic prioritization. |
|
7. GTT
Who is GTT?
GTT is a North American telecommunications provider headquartered in McLean, Virginia, operating a Tier-1 IP backbone spanning more than six hundred (600) points of presence across one hundred and forty (140) countries in six (6) continents. The service provider offers managed and self-managed SD WAN and SASE solutions based on third-party vendors, underpinned by GTT's global MPLS and Internet backbone.
How does GTT fit your business needs?
GTT's SD WAN portfolio includes managed and self-managed solutions based on Aruba Silver Peak, VMWare VeloCloud, and Fortinet technology. GTT offers two specific service plans based to meet its customers' needs, including:
- DIY SD WAN with GTT circuits, a solution that runs on GTT's Tier 1 Internet backbone, allowing the customer to choose the SD WAN technology and network access at every location and manage user and application-level policies
- Managed SD WAN, a turnkey, fully managed SD WAN solution with GTT as the transport network.
Both service packages leverage GTT's network-based SD WAN gateways (universal CPEs) running many virtual network functions (VNFs).
GTT offers a managed, single-vendor SASE solution, Secure Connect, unifying SD WAN with cloud-based security.
Who are GTT's main competitors?
GTT's main competitors include Tata Communications, AT&T, Orange Business Services, BT, Masergy, Verizon, Lumen, and Vodafone.
What are GTT's main SD WAN and SSE features?
GTT's main SD WAN features include application-based dynamic path selection, allowing customers to prioritize mission-critical applications and latency-sensitive traffic. The company also provides a client portal where customers can configure policies and gain insights into network performance and bandwidth utilization per application, location, and user.
GTT's Secure Connect SASE solution offers NextGen FWaaS, malware protection, SWG, and CASB.
What are the benefits (pros) and drawbacks (cons) of GTT?
|
Benefits (pros) |
Drawbacks (cons) |
|
GTT is a Tier-1 Internet service provider with worldwide coverage. |
GTT’s financial future may be uncertain after the company filed for bankruptcy under Chapter 11 in 2021. |
|
GTT offers a selection of network access options, including EoC, DSL, cable, Ethernet over fiber, and 3G/4G |
GTT's network coverage is limited to Latin America and Asia. |
8. Lumen
Who is Lumen?
Lumen is a North American telecommunications company headquartered in Monroe, Louisiana, offering self-managed, co-managed, and managed SD WAN and SSE solutions from leading third-party vendors. Lumen's SD WAN solutions run over its global private and public backbone network extending to over twenty-two hundred (2,200) public and private data centers, with direct connectivity to the leading public cloud providers in thirty-three (33) cities.
How does Lumen fit your business needs?
Lumen offers a large selection of SD WAN and SSE technologies, including solutions from Fortinet, Versa Networks, Cisco Viptela, Cisco Meraki, and VMWare. Customers can choose from self-managed, co-managed, or fully managed service models, the latter available through authorized channel partners and system integrators. Customers can deploy Lumen SD WAN based on Versa Networks and Cisco Meraki on any number of locations, while solutions based on VMWare and Cisco Viptela require at least a ten (10) site deployment.
Furthermore, Lumen SD WAN with Meraki does not currently have global availability. All SD WAN options are available with Lumen's private and public backbone network as the transport or as an "over-the-top" solution.
Lumen's SD WAN edge devices can be deployed as virtual machines in the cloud and on-premises or as virtual network functions (VNF) running on universal CPE.
Lumen's SSE solutions are currently available from Fortinet and VMWare, with deployment options in AWS, Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.
Who are Lumen's main competitors?
Lumen's main service provider competitors include Tata, AT&T, Vodafone, Verizon, Comcast, Masergy, BT, and GTT.
What are Lumen's main SD WAN and SSE features?
Lumen's standard SD WAN capabilities include performance-, application-, and user-aware routing with WAN optimization and dynamic path selection for minimal latency, maximum performance, and high availability.
Lumen SSE features include:
- FWaaS, including NextGen and L4 stateful inspection firewall with URL content filtering, malware protection, IDS/IPS, DoS protection, DNS security, and DLP
- ZTNA
- SWG with DLP, application control, URL filtering, and malware protection
What are the benefits (pros) and drawbacks (cons) of Lumen?
|
Benefits (pros) |
Drawbacks (cons) |
|
Lumen offers various managed and self-managed SD WAN and SSE solutions from leading vendors. |
Lumen's backbone network has limited reach in Africa and the Middle East. |
|
Lumen's SD WAN solutions are available with Lumen as the underlay or as over-the-top solutions. |
Lumen does not have network connectivity in Latin America but partners with Cirion to deliver the region's digital infrastructure and technology solutions. |
|
Lumen integrates with six (6) public cloud providers across thirty-three (33) cities. |
9. Open Systems
Who is Open Systems?
Open Systems is a cybersecurity-as-a-service company founded in 1990 in Zurich, Switzerland, with main offices in Silicon Valley, California. The vendor's core offerings include carrier-agnostic managed secure SD WAN, cloud-native SSE, and managed detection and response services delivered to more than one hundred and eighty (180) global markets.
How does Open Systems fit your business needs?
Open Systems is ideal for companies seeking managed, unified networking and security solutions with flexible service options.
Open Systems' flagship service is SASE+, a turnkey, cloud-delivered security and networking solution connecting any edge, remote user, and public cloud over a carrier-agnostic overlay. The solution is available in three flexible service packages, including core SD WAN features, 24x7 level-3 support and monitoring, and technology and hardware management. The Secure SD WAN solution, available as a standard offering across all service tiers, interconnects branch offices and data centers via encrypted tunnels, with local Internet breakouts for optimal Internet and public cloud application performance. SSE features are only available in higher-end service tiers.
Open Systems manages all aspects of the solution, including SD WAN edge device provisioning, orchestration, and patching, with around-the-clock networking and security monitoring.
Who are Open Systems' main competitors?
Open Systems' main competitors include Cato Networks, Masergy, Orange Business Services, AT&T, Lumen, and Colt.
What are Open Systems' main SD WAN and SSE features?
Open Systems managed SD WAN runs on top of any public and private backbone. The solution is purpose-built to deliver policy-based application routing and per-app dynamic path selection, mission-critical application prioritization via bandwidth control, and automatic encryption of all user and application traffic with site-to-site IPsec tunnels.
Open Systems offers a complete cloud-based SSE solution that includes DNS filtering, zone-based FWaaS, SWG with integrated CASB, and ZTNA. More advanced security features are available as optional add-ons, including Advanced Threat Protection, Secure Email Gateway, and Cloud Sandbox
What are the benefits (pros) and drawbacks (cons) of Open Systems?
|
Benefits (pros) |
Drawbacks (cons) |
|
Open Systems' SASE+ is available in three flexible service tiers. |
Many core SSE components are offered as optional add-ons, including ZTNA, SWG, and CASB. |
|
Open Systems offers Managed Detection & Response services leveraging Microsoft Azure Sentinel. |
|
|
Open Systems offers unified security and networking via a single-vendor stack. |
|
|
Open Systems' SD WAN edge devices support unlimited local Internet breakouts. |
10. TATA
Who is Tata?
Tata is an Indian telecommunications company headquartered in Mumbai, with a global presence in more than two hundred (200) countries and the largest subsea fiber optics network carrying 30% of the world's Internet routes. The service provider offers managed, co-managed, and self-managed SD WAN solutions based on in-house-developed and best-of-breed third-party technology underpinned by Tata's MPLS and Internet backbone.
How does Tata fit your business needs?
Tata's signature service is IZO SDWAN, a cloud-native SD WAN solution based on Cisco SD WAN and Versa Networks technology. The solution is offered globally across one-hundred and fifty (150) countries, with a cloud-based portal automating policy, user, and branch deployments. Customers can choose from managed, self-managed, and co-managed service models and use Tata's global backbone to underlay or bring their network.
With managed IZO SDWAN, Tata oversees and manages all aspects of the solution, including design, deployment, configuration, site adds, moves, and changes.
Who are Tata's main competitors?
Tata's main competitors include Tejas Networks, Orange Business Services, AT&T, Vodafone, Lumen, Verizon, Masergy, GTT, and BT.
What are Tata's main SD WAN and SSE features?
Tata's main SD WAN features include:
- Dynamic application-aware routing.
- Self-service WAN optimization.
- Virtual network functions (VNF) service chaining.
- Dynamic load balancing.
- Advanced reporting.
Multiple security features are built directly into the SD WAN edge device, including a layer-7 firewall, layer-4 stateful inspection firewall, URL filtering, and DoS protection. Additionally, cloud-based security features are available, including a secure web gateway, anti-DDoS, virtual UTMs, and CASB.
What are the benefits (pros) and drawbacks (cons) of Tata?
|
Benefits (pros) |
Drawbacks (cons) |
|
Tata offers a turnkey solution, managing the underlay and overlay networks. |
Limited network coverage across Latin America and Europe |
|
Tata is a Tier-1 telecommunications provider with Internet coverage across five (5) continents with over four hundred (400) PoPs across more than two hundred (200) countries. |
|
|
Tata offers a single dashboard to manage and monitor the service. |
|
Managed SD WAN Service Provider and Solution comparison matrix 1-5
| Managed Provider 1-5 | Aryaka | Cato Networks | Masergy | COLT | Open Systems |
| Focus technologies | SD WAN as a service with end-to-end management and SASE for Global business. | Managed and co-managed SD WAN with SASE for Global companies. | Managed SD WAN with a robust and well-engineered backbone which includes SASE. | Global low-cost managed services with hybrid connectivity across on-net metro locations. | Primary product focus on Cybersecurity services with strong SD WAN. |
| SASE features | Aryaka has integrated their SecuCloud acquisition and now offers full SASE capability. | Cato Networks provides a complete SASE solution via Cato SSE 360 built directly into Cato SASE Cloud. | Masergy offers NGFW, and CASB. | Colt offers an SWG from Versa Networks. | Open Systems offers a complete SSE solution, including NGFW, CASB, ZTNA, and SWG. |
| What is their USP? | SD WAN and SASE delivered over their layer2 private backbone (Aryaka FlexCore) with last mile procurement and management. | SD WAN and SASE are delivered over a global private backbone (Cato SASE Cloud) fully managed by Cato. | SD WAN from Fortinet and multi-vendor SSE (Fortinet and Forcepoint) delivered over their private and public backbone network with last mile procurement and management or as an over-the-top solution. | SD WAN from Versa Networks and VMWare delivered over Colt's backbone network with last mile procurement and management or as an over-the-top solution. | SASE (Open Systems SASE+) provide an over-the-top solution over any public and private network. |
| Global coverage | 100+ countries over six continents served by 40 Global PoP locations. Supported languages include English, Mandarin, Hindi and others. WAN edge shipped globally with international shipping between 1 and 5 working days. | 150+ countries over six continents served by 75+ PoP locations and 24x7x365 global NOC and SOC. | 51+ global points of presence distributed across five continents, with limited coverage in Africa. | Global coverage in 4 continents, with 500+ data centers in Europe, spread across 48 cities. | Global coverage. |
| Differentiators | WAN optimization is built into their global PoP backbone with multi-cloud support. | Link aggregation and cloud-based security services are delivered via a single-vendor stack. | Technology choice; "bring-your-own-network" deployment model; competitive SLAs; self-healing technology powered by AI. | Co-managed SD WAN White Label offering for wholesalers, SD WAN edge device choice, WAN optimization suite, and dual CPE for high availability. | Cloud-native solution, including SD WAN and a complete SSE. Enhanced security services, including monitoring, response, and proactive hunting. |
| Ideal customer and vertical | Up to 1000 sites, global, typically ten branch offices plus. | Small to mid-sized companies with a large cloud footprint. | Companies with connectivity requirements in major international markets. | Companies with a large concentration of sites located across Europe or Asia-Pacific. | Small to mid-sized companies with a large cloud footprint. |
| What is the MSP a bad fit for? | Small businesses with local requirements and any requirements which do not fit with their global PoP locations. | Companies seeking a DIY SD WAN solution and large enterprises requiring granular and complete feature sets often found in enterprise-level products. | Masergy may be unsuitable for companies seeking a comprehensive, single-vendor SSE solution. | Colt may be unacceptable for companies in South America, Central America, and Africa, where their network connectivity is limited. | Companies seeking a DIY solution or who want to leverage existing network hardware. |
| SD WAN architecture | WAN edge-based gateways, connectivity provided via a range of middle-mile providers. | SD WAN edge devices (gateways) connected via IPSec or MPLS to the nearest Cato POP. | SD WAN edge devices or gateways (universal CPE) with Masergy as the underlay network or connected over any public/private network (BYON). | SD WAN edge gateways (universal CPE) connected via Colt's MPLS or the Internet via IPsec tunnels. | SD WAN edge devices are connected to cloud-based PoPs via IPSec tunnels. |
| What managed services are offered? | End-to-end management of SASE and connectivity, which includes proactive monitoring and resolution with read/write access to make co-managed changes. | Last-mile management, configuration and change management, managed threat detection and response, and site deployment assistance. | End-to-end connectivity management, including procuring and managing access links, edge devices, monitoring, and day-to-day operations. Masergy also offers managed EDR, vulnerability scanning and management, and threat intelligence and hunting. | End-to-end management of connectivity, including procuring and managing access links, edge devices, and day-to-day operations, with customers managing network and security policy changes. | Technology stack management, including operating system and software; hardware lifecycle management, including hardware and software upgrades; log ingestion and management, ongoing monitoring, and proactive threat hunting. Open Systems does not manage the underlay. |
| Over the top support | No | Yes | Yes | No | No |
| Is there a proof of concept (PoC) | 2 sites, paid trial with specific problem solving included. | 1:1 Demo | Free PoC | PoC is offered on new services only | Free PoC and Demo |
| Is network underlay supported | Yes, fully procured and managed on the customers behalf. | Yes, fully procured and managed on the customers' behalf but not as standard. | Yes, fully procured and managed on the customers' behalf. | Yes, fully procured and managed on the customers' behalf. | No. |
| Is the solution Opex or Capex biased? | Opex with some capex. | Opex with some capex. | Capex. | Opex with some capex. | Opex with some capex. |
| What support is offered for cellular 4G and 5G? | Aryaka technology does support cellular, including 4G/5G LTE, but they do not offer direct termination. | Cato Networks supports 4G for backup connectivity. | Masergy supports 4G/5G LTE. | Colt supports 4G/4G+ and 5G. | GTT supports 3G and 4G |
Managed SD WAN Service Provider and Solution comparison matrix 6-10
| Managed Provider 6-10 | Lumen | BT | TATA | AT&T | GTT |
| Focus technologies | Managed, co-managed, and self-managed SD WAN. | Managed and co-managed SD WAN. | Managed, co-managed, and self-managed SD WAN. | Managed, co-managed, and self-managed SD WAN. | Managed, co-managed, and self-managed SD WAN. |
| SASE features | Lumen offers SSE from Fortinet and VMWare. | BT offers SSE from VMware SASE Platform, including NGFW, CASB, and ZTNA. | Tata offers SWG and CASB. | AT&T offers SSE solutions from Cisco, Fortinet, and Palo Alto Networks. | GTT offers an SSE solution, Secure Connect, including NGFW, SWG, and CASB. |
| What is their USP? | SD WAN from Fortinet, Versa Networks, Cisco Viptela, Cisco Meraki, and VMware is delivered over Lumen's backbone network with last-mile procurement and management or as an over-the-top solution. | SD WAN from Cisco Meraki, Cisco Viptela, Nuage, Fortinet, and VMware and SSE (VMware) delivered over their private and public backbone network with last mile procurement and management or as an over-the-top solution. | SD WAN based on Cisco technology (IZO SDWAN) is delivered over Tata's global backbone network or as an over-the-top solution. | SD WAN from Cisco, Aruba, VwWare, Palo Alto Networks and SSE based on Cisco, Fortinet, Palo Alto Networks, and VMware, delivered over AT&T's global backbone network with last mile procurement and management or as an over-the-top solution. | SD WAN based on Aruba Silver Peak, VMware Velo Cloud, and Fortinet and single-vendor SSE (Secure Connect) delivered over GTT's global backbone network with last mile procurement and management. |
| Global coverage | Dense coverage across North America and Europe, with 18+ data centers in the United States. | 198+ countries, with connectivity to 8 cloud service providers in 74 cities. | 400+ PoPs distributed across 200+ countries. | 200+ countries and territories. | 140+ countries across 6 continents, with 600+ global PoPs and 3,000 regional access partners. |
| Differentiators | Technology choice and Lumen's Marketplace for buying and managing SASE solutions. | Technology choice and license to operate in China. | Optimized Internet connectivity with end-to-end SLAs and deterministic routing. | Technology choice and hybrid network model connecting SD WAN and non-SD WAN on the same network. | Tier-1 IP network backbone. |
| Ideal customer and vertical | Large multinational companies seeking managed or self-managed SD WAN. | Large international companies and organizations based out of Europe. | Global companies of all sizes and any company with connectivity requirements across Africa, the Middle East, and Asia-Pacific. | Companies of all sizes, regardless of location. | Companies with connectivity requirements across North America and Europe. Companies with PCI DSS obligations, including retail and e-commerce. |
| What is the MSP a bad fit for? | Lumen may be unsuitable for companies in Latin America. | BT may be inappropriate for small to mid-sized companies with localized operations outside of Europe where other providers offer better coverage. BT may also be unsuitable for companies seeking to turn up sites quickly with short installation lead times. | Tata may be problematic for companies with large site concentrations in Latin America and Europe, where their network connectivity is limited. | AT&T may be unsuitable for companies seeking short lead times for incident resolution. | GTT may be unsuitable for companies with large site concentrations in Latin America and Asia, where their network connectivity is limited. |
| SD WAN architecture | SD WAN edge device or gateway (universal CPE) with Lumen as the underlay or connected via any public/private backbone (BYON). | SD WAN edge gateway (universal CPE) with BT as the underlay or connected via any public/private backbone (BYON). | SD WAN edge gateway (universal CPE) with Tata as the underlay or connected via any public/private backbone (BYON). | SD WAN device or gateway (universal CPE) with AT&T as the underlay or connected via any public backbone. | SD WAN edge gateway (universal CPE) with GTT's backbone network as the underlay. |
| What managed services are offered? | End-to-end
connectivity management, including procuring and managing access links, deployments, edge device patch management, monitoring, ongoing support, and configuration. |
End-to-end
connectivity management, including procuring and managing access links, edge devices, and day-to-day operations. |
End-to-end connectivity management, including procuring and managing access links, edge devices, assessments, deployments, ongoing support, configuration, and change management. Tata also offers MDR. | End-to-end connectivity management, including procuring and managing access links, edge devices, and day-to-day operations. | End-to-end connectivity management, SD WAN, and SSE, including security and application control. |
| Over the top support | Yes, via authorized channel partners and system integrators. | No. | Yes, via solution partners. | No. | No. |
| Is there a proof of concept (PoC) | 30-day free trial. | PoC lab. | Virtual and on-site PoC and demo. | Free PoC. | Free PoC. |
| Is network underlay supported | Yes, fully procured and managed on the customers' behalf. | Yes, fully procured and managed on the customers' behalf. | Yes, fully procured and managed on the customers' behalf. | Yes, fully procured and managed on the customers' behalf. | Yes, fully procured and managed on the customers' behalf. |
| Is the solution OPEX or CAPEX biased? | OPEX with some CAPEX. | OPEX with some CAPEX. | OPEX with some CAPEX. | OPEX with some CAPEX. | OPEX with some CAPEX. |
| What support is offered for cellular 4G and 5G? | Lumen supports 4G/5G LTE. | BT supports 4G LTE for backup connectivity. | Tata supports 4G/5G LTE. | AT&T supports 4G/5G LTE. | GTT supports 3G and 4G. |
User reviews for Managed SD WAN Providers and Solutions
|
Service Provider |
Review |
|
Aryaka user reviews |
|
|
Cato user reviews |
|
|
Masergy user reviews |
|
|
Colt user reviews |
|
|
Open Systems user reviews |
|
|
Lumen user reviews |
|
|
BT user reviews |
|
|
Tata user reviews |
|
|
AT&T user reviews |
|
|
GTT user reviews |
|
