Get suggestions

Compare the SD WAN Market

Create your own software shortlist by taking our quiz to get personal SD WAN security vendor and provider suggestions.
  • Find your top 3 match
  • Compare the market across 100+ vendors
  • Data on why each solution is a good fit vs your business

Let’s create your SD WAN shortlist now.

Compare the market

Who are the top rated SD WAN security vendors?

The top 10 SD WAN security vendors are Palo Alto, Fortinet, Cisco (Meraki and Viptela), Versa, Aryaka, VeloCloud, HPE Aruba, Citrix and Cato Networks. The best SD WAN security vendors offer SASE cloud features which include FWaaS, ZTNA, SWG, CASB and MDR.

List of the top 10 SD WAN security vendors:

What does SD WAN security include?

While SD-WAN's core capability is to boost application performance across WAN edges, most SD-WAN products include basic security functionality to protect network traffic from common cyber attacks. Some vendors augment basic SD-WAN security with advanced capabilities through a tiered subscription model or integrations with third-party security vendors. 

Top rated SD WAN Security feature matrix table.
Security Integration TypeManagementCore SD-WAN Security CapabilitiesAdvanced SD-WAN/SASE Security CapabilitiesSecurity Operations CapabilitiesSpecialized (less common) security capabilities
Native, built into SD-WAN gateways, agents, or appliancesCentralized management console with role-based access and MFABasic stateful firewall (Layer 4)Next-generation firewall (Layer 7)Integration with 3rd party SIEM solution via API or traditional syslogIoT security
Integrated, via service chaining to 3rd party security vendorsZero-touch deployment (ZTD)IPsec VPNSSL inspectionAutomatic software updates of SD-WAN appliances and gatewysManaged Detection and Response
 Encrypted management console accessNetwork SegmentationAntimalwareAPIs for security automation and orchestrationEDR
 Management console integration with identity providers (IdP) via SAMLApplication controlIntrusion Detection and Prevention (IDS/IPS)  
 Secure management protocols (i.e., SSH, TLSv2 or greater)DoS protectionData loss prevention (DLP)  
  AES256 encryption (minimally)Web content filtering and URL categorization  
  TPMZTNA with MFA  
  Key management with optional integration with 3rd party key management system (KMS)Cloud sandboxing  
   Advanced threat protection  
   Remote browser isolation  
   CASB  
   DNS Security  

Company Performance

Top-Rated SD WAN Security Vendors

Best SD WAN Security Companies

(based on 2021 rating)
Palo Alto4.54.7
Aryaka42.5

(SD WAN rating : Cybersecurity rating)

Overview

We compare 10 leading SD WAN security vendors with an overview of the market.

SD WAN Security Vendors Top 10 ListThe SD WAN market comprises products and solutions designed to provide mesh-like network connectivity between hub locations, connecting users to internal and cloud-based resources.

SD WAN fundamentally changes the traditional hub-and-spoke network architecture by connecting geographically distributed sites via secure IP tunnels over public or private backbones. Companies often use multiple point solutions to secure SD WAN networks, such as firewalls, proxies, and IPS appliances, which creates a significant hardware sprawl that increases cost, complexities, operational and management overhead, and, in many cases, inconsistent security. Similarly, using best-of-breed security products requires more time to integrate into the SD WAN fabric and considerable skills to manage and operate.

In 2019, Gartner devised Security Access Service Edge (SASE), a new cybersecurity model addressing SD WAN security. This new cybersecurity model converges networking and security capabilities into a unified single-vendor service delivered from the cloud. SASE combines SD WAN with advanced security capabilities, like SWG, ZTNA, CASB, and NGFW, providing secure connectivity and consistent policy enforcement across all users, devices, and locations. The SASE model ensures that branch office SD WAN appliances, gateways, and SASE/SD WAN device agents fully integrate basic and advanced security capabilities, enabling companies to use a single vendor vs. best-of-breed products. With this model, companies can significantly reduce or eliminate appliance sprawl, simplify network and security operations, reduce management overhead, and lower the total ownership cost by using a single vendor for their networking and security needs.

SD WAN Readiness Assessment

Take the quiz, create your own personalized SASE Cybersecurity or SD WAN shortlist.

The simplest way for IT decision makers to shortlist Gartner SASE & SD WAN solutions vs your needs.

We've built self assessment quizzes to specifically help IT decision makers create their own unique vendor or managed provider shortlist.

SASE Vendor

1. What SD WAN security solution does Palo Alto offer?

Palo Alto's SD WAN offering, Prisma SD WAN, delivers cloud-based network services to the branch office, leveraging artificial intelligence and automation to simplify network operations and proactively address performance issues. Prisma SD WAN is a component of Prisma Access, Palo Alto's secure access service edge (SASE) solution. Prisma Access merges security, SD WAN, and digital experience management into a unified, cloud-delivered platform that protects all apps regardless of the users' network location or point of access (remote or on-premises). Among the security services offered by Prisma Access are ZTNA, cloud SWG, CASB, and FWaaS. Furthermore, Prisma SD WAN ION (Instant-On Network) appliances supply branch offices with an application-based, zone-based firewall (ZBFW) to ensure consistent WAN perimeter protection and traffic segmentation.

Chart

Palo Alto Strengths and Weaknesses

SASE Security4.7
SD WAN4.5
Reporting4.4
Costs3.5

Palo Alto demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of Palo Alto. Please note, Palo Alto will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of Palo Alto

SASE Vendor

2. What SD WAN security solution does Fortinet (FortiGate) offer?

Fortinet Secure SD WAN delivers networking and security services to WAN edges using a single operating system (FortiOS) and a central management console. The solution unifies next-generation firewall, threat intelligence, and SD WAN services into the FortiGate appliance, with a portfolio of security subscriptions (FortiGuard Security Services) and services to simplify SD WAN security, including application control with SSL inspection, antivirus, intrusion prevention, DLP, security rating service, web filtering, IoT security, advanced threat protection, and segmentation.

While Fortinet Secure SD WAN protects the branch office, it integrates with FortiSASE, Fortinet's SASE platform, to extend security services to remote users, including FWaaS, SWG, IPS, DLP, and ZTNA.

Resources and Downloadable Content

Request the very latest Fortinet SD WAN & SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.

Book a demo of the Fortinet SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.

Chart

Fortinet Strengths and Weaknesses

SASE Security4
SD WAN3
Reporting4
Costs4

Fortinet demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of Fortinet. Please note, Fortinet will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of Fortinet

SASE Vendor

3/4. What SD WAN security solution does Meraki and Viptela offer?

Cisco SD WAN powered by Meraki is a cloud-managed solution that delivers network connectivity and security to branch offices, data centers, and cloud environments. Through the Meraki appliance at hub locations, companies can secure their applications and user activity by employing an extensive suite of security features, including:

  • Application-based firewall
  • Web content filtering using Webroot BrightCloud URL categorization databases
  • IDS and IPS powered by Cisco SNORT engine
  • Malware protection via Cisco Advanced Malware Protection (AMP)

The solution integrates nicely with Umbrella, Cisco's SASE solution, through the Meraki Umbrella SD WAN connector, extending a wide array of security protections to remote and mobile users. By integrating Meraki SD WAN with Cisco Umbrella, companies can protect on-premises and remote users against internet-based threats through a wide range of security capabilities, including DNS-layer security, FWaaS, SWG, malware protection, DLP, and remote browser isolation.

Cisco SD WAN powered by Viptela/IOS XE delivers cloud-based network connectivity and security to hub locations from a unified and centrally managed platform (Cisco vManaged). The solution offers a complete security stack deployed on-premises or in the cloud via Cisco Umbrella integration, including:

  • Firewall via Cisco Secure Firewall
  • CASB
  • SWG via Cisco Umbrella Secure Internet Gateway
  • Malware protection via Malware Defense
  • IPS
  • Web content filtering
  • DNS-layer protection

Furthermore, the solution offers real-time protection through Cisco Talos, Cisco's threat intelligence group.

Resources and Downloadable Content

Request the very latest Cisco Meraki SD WAN & SASE datasheet PDF directly from your local account team.

Netify have created a Cisco Meraki essentials demo, join over Zoom and watch deployment, how to manage SD WAN & SASE and learn about reporting.

Ask Cisco Meraki for your local in-country Meraki sales contact.

Chart

Cisco Strengths and Weaknesses

Please book your Cisco vendor demo to learn more about their capability. Although their SD WAN and SASE offerings are strong, there are certain use cases where their product may not suit your business requirements.

SASE Security3.9
SD WAN3.9
Reporting4
Cost4.5

Cisco demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Netify have created a Meraki essentials demo, join over Zoom and watch deployment, how to manage SD WAN & SASE and learn about reporting.

Book a demo of Meraki

SASE Vendor

5. What SD WAN security solutions does Versa Networks offer?

Versa Secure SD WAN is a component of Versa SASE, an integrated multi-tenant solution delivering networking and security services to the WAN edge, branch office, and cloud environments. The solution uses a single operating system (Versa Operating System - VOS) running on commodity hardware to provide consistent network and security capabilities across all edges. Versa Security, built into Versa SASE, is the security layer that provides NGFW, secure remote access, and unified threat management (UTM) services across all applications, users, and locations (WAN edges, branch offices, and cloud). Versa Security is flexible, allowing customers to choose where to deploy the various security capabilities, including on-premises at the branch office, at a data center, or in a co-location PoP, while managing security policies from a central location.

Versa Networks Resources and Downloadable Content
Chart

Versa Networks Strengths and Weaknesses

The scores show the approximate capability of Versa to deliver across SASE security, SD WAN features, reporting and cost.

SASE Security4.2
SD WAN3.9
Reporting4
Cost2.8

Versa demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of Versa Networks. Please note, Versa will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of Versa Networks

SASE Vendor

6. What SD WAN security solution does Aryaka offer?

Aryaka combines SD-WAN and SASE services into a unified cloud-delivered architecture connecting WAN edges, branch offices, remote users, and cloud (SaaS/PaaS/IaaS) environments through a private backbone. Branded Prime EZ, Aryaka's managed SASE solution includes SD-WAN, secure edge devices, ZTNA delivered via Aryaka Private Access, and unified threat protection for all users, sites, and apps through Aryaka Secucloud Threat Protection. Aryaka's SD-WAN security features include a stateful inspection firewall, micro/macro segmentation, and, optionally, NGFW for the branch office and other WAN edges. The security capabilities extend to remote and mobile users through Aryaka's Private Access and Secucloud Threat Protection to deliver secure internet and app access regardless of the users' network location.

Resources and Downloadable Content

Request the very latest Aryaka SD WAN & SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.

Book a demo of the Aryaka SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.

Chart

Aryaka Strengths and Weaknesses

Aryaka offers fully managed services across their global metro to metro IP backbone with support for SD WAN, SASE, UCAAS and Microsoft Teams integration.

SASE Security3.5
SD WAN4
Reporting3.9
Cost3

Aryaka demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of Aryaka. Please note, Aryaka will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of Aryaka

SASE Vendor

7. What SD WAN security solution does VeloCloud offer?

VeloCloud is VMWare's cloud-delivered SD WAN solution providing network connectivity and security to branch offices, cloud environments, and data centers through SD WAN gateways, orchestrators, and edge appliances managed from a central location. The solution supports service chaining to forward traffic to select cloud-based security services, such as Zscaler, transparently through policies. Furthermore, VMWare SD WAN integrates with the VMWare SASE Platform, delivering ZTNA, SWG, and CASB capabilities for remote users (via VMWare Workspace ONE) and sites through cloud PoPs, cloud on-ramps, and IaaS interconnects.

Resources and Downloadable Content
Chart

VeloCloud Strengths and Weaknesses

SASE Security3.8
SD WAN4
Reporting4
Costs3.3

VeloCloud demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of VeloCloud. Please note, VeloCloud will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of VeloCloud

SASE Vendor

8. What SD WAN security solution does HPE Aruba offer?

HPE's SD WAN solution is branded Aruba EdgeConnect Enterprise SD WAN, delivering unified network connectivity and security services across WAN edges. By integrating Aruba Threat Defense and ArubaClearPass with EdgeConnect Enterprise, IPS/IDS and micro-segmentation capabilities are extended to hub locations connected to the SD WAN network, enabling secure Internet and application access. Furthermore, the solution allows integration with leading security vendors, such as CheckPoint, McAfee, Netskope, Broadcom, Palo Alto, and Zscaler, to create a SASE architecture through service-chaining.

Resources and Downloadable Content

Request the very latest HPE Aruba SD WAN & SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.

Book a demo of the HPE Aruba SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.

Chart

HPE Aruba Strengths and Weaknesses

SASE Security3
SD WAN4.4
Reporting4.2
Costs2.9

HPE Aruba demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Thank you for requesting a demo of HPE Aruba. Please note, HPE Aruba will reach out directly to arrange dates. If you do not receive contact, please check your junk folder.

Book a demo of HPE Aruba

SASE Vendor

9. What SD WAN security solution does Citrix offer?

Citrix SD WAN securely connects users to hybrid environments, including cloud, Internet, and on-premises, through physical and virtual appliances, cloud on-ramps, and dedicated SaaS access managed from a central orchestrator. Citrix SD WAN offers native security, including layer four (4) firewalls, malware prevention, web content filtering, IPS, and SSL inspection. Additional protection is available through Citrix Secure Internet Access integration to protect users against Internet-borne threats and service chaining with "best-of-breed" security vendors, such as Zscaler, Palo Alto Networks, and CheckPoint.

Resources and Downloadable Content

Request the very latest Citrix SD WAN & SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.

Book a demo of the Citrix SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.

Chart

Citrix Strengths and Weaknesses

Please book your Citrix vendor demo to learn more about their capability. Although their SD WAN and SASE offerings are strong, there are certain use cases where their product may not suit your business requirements.

SASE Security4
SD WAN4
Reporting4.1
Costs3.1

Book a demo of the Citrix SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Book a demo of Citrix

SASE Vendor

10. What SD WAN security solution does Cato offer?

Cato SD WAN is part of Cato SASE, a cloud-based platform merging SD WAN and security services into a unified solution, delivered over a global private backbone. The solution connects hub locations to Cato SASE PoPs via Cato Socket SD WAN devices or IPSec tunnels on customer appliances. Moreover, Cato PoPs provide a complete enterprise-grade security stack where security policies are consistently enforced across remote and on-premises users. Among the security capabilities offered by Cato SASE are FWaaS, SWG, standard and next-generation antimalware, IPS, CASB, and, optionally, Managed Detection and Response (MDR).

Resources and Downloadable Content
Chart

Cato Strengths and Weaknesses

Please book your Cato vendor demo to learn more about their capability. Although their SD WAN and SASE offerings are strong, there are certain use cases where their product may not suit your business requirements.

SASE Security5
SD WAN4
Reporting4
Cost2

Cato demos are hosted over Zoom or Microsoft Teams and typically last 30 minutes. Submit your details and Netify will put you in touch with your UK, North American or Global contact.

Netify have created a Cato Networks essentials demo, join over Zoom and watch deployment, how to manage SD WAN & SASE and learn about reporting.

Book a demo of Cato Networks

Summary

What are use cases for SASE and the recommendations?

What are SD WAN security concerns?

Cloud adoption has driven organizations to enable direct Internet access from the branch office to optimize cloud application access and improve user experience.

While this architectural shift eliminates the network latency caused by backhauling all Internet traffic to a central Internet perimeter, it enlarges the attack surface by a rate directly proportional to the number of hub locations, exposing users to Internet-borne threats. Consequently, IT decision-makers must identify the most suitable security architecture that will meet the long-term needs of their business while concurrently reducing the total cost of ownership and ensuring consistent security across all users, locations, and resources.

What is SD WAN security?

SD WAN security refers to using secure IP tunnels, generally, IPsec VPN tunnels, to encrypt network traffic sent between hub locations over the Internet, augmented by a local or cloud-based security stack to deliver security capabilities that can neutralize Internet-based threats.

While many SD WAN providers offer native security solutions to protect branch office application access and user activity, including east-west and north-south network traffic protection, others offer integrated security through "service chaining". Service chaining integrates SD WAN solutions with cloud security solutions from top-tier security vendors, such as SWG, CASB, FWaaS, and ZTNA.

How does SD WAN improve security?

SD WAN can improve security by integrating security capabilities into the SD WAN network fabric without the added complexities of traditional MPLS networks, encrypting east-west network traffic, and enforcing consistent security policies across the entire ecosystem, regardless of the user's network location (remote or on-site). Furthermore, SD WAN's unified management of networking and security policies from a central location, complemented by the zero-touch deployment of SD WAN gateways, provides consistent network device configuration, significantly reducing security risks arising from misconfigured devices.

What are the security challenges with SD WAN?

Many organizations shift to an SD WAN architecture to enable digital innovation and accelerate cloud adoption, focusing on the operational and business benefits with little regard for security. Consequently, IT decision-makers are faced with solving the security challenges of securing a distributed Internet perimeter after selecting an SD WAN vendor or provider, which significantly increases the cost and time to implement.

IT decision-makers have several approaches to choose from to solve the security challenges arising from SD WAN, such as:

  1. Deploying a branch office security stack, either as a stand-alone solution or built into an SD WAN gateway. While this approach will meet most security requirements, it requires a significant up-front investment and ongoing management, is challenging to scale, and does not provide coverage for remote users.
  2. Use a cloud-based security platform, enforcing security policies for remote and branch office users from a central location.
  3. Use a combination of local and cloud-based security, where basic controls are applied locally, and more process-intensive security capabilities are delivered from the cloud.

Each approach has financial, performance, architectural, and operational implications. Therefore, IT decision-makers should evaluate each option against their business needs before selecting an SD WAN vendor.

What are the top-rated SD WAN security features?

While the security features vary from one vendor to another, the core SD WAN security capabilities generally include IPsec VPN, basic stateful firewalling, and DoS protection, with optional native advanced security, such as SWG, NGFW, malware protection, IPS, DLP, and CASB.

What are the top SD WAN security risks?

The top security risks associated with SD WAN arise from enabling direct branch office Internet access without suitable protection. These risks include:

  • Increased exposure to malware and phishing attacks
  • Increased susceptibility to branch office network compromise
  • Lack of visibility into user network activity, resulting in undetected security events and incidents
  • Increased likelihood of undetected data exfiltration through the branch office perimeter

How should IT teams implement SD WAN security measures?

While there are many options to deploy SD WAN security, IT Teams should strive to simplify the branch office security architecture. One way to do so is to use a cloud-based enterprise security stack to deliver more advanced and process-intensive security capabilities, such as SSL inspection, SWG, DLP, and CASB, augmented by a local basic or next-gen firewall as needed. This fundamental change protects branch office users and remote users alike; it allows remote users to access applications or the Internet from the nearest cloud-based security enforcement point (or PoP) with the same level of protection as on-site users.

What are the SD WAN security benefits?

The primary benefit of SD WAN security, mainly when delivered as a cloud service, is consistent and scalable protection across all users and applications, regardless of whether users are remote or on-site. Additionally, SD WAN security simplifies branch office Internet access while concurrently reducing the initial capital investment and the total cost of ownership by eliminating the need for vendor hardware integrations at each branch office.

Briefings

Get real advice. Learn about the top 10 vendors and managed providers vs your needs in our free 30 minute Zoom session.

Join us via Zoom to where one of our research team will walk you through 10 top/best vendors and managed providers. We'll talk about your needs and map which Gartner leading solutions, niche players and startups match your requirements.

Netify free vendor Zoom advice briefing-1

Complete your details to learn more about the Netify vendor and managed service provider briefing.

Learn More

Guides

SD WAN pricing calculator

Try the beta version of our SD WAN and connectivity pricing calculator. Currently supporting Versa in our initial release.

Marketplace

There are no results matching your selection.

Company Performance

Cybersecurity Rating

Palo Alto Networks4.75
Fortinet3
Cisco Meraki3.8
Cisco Viptela4
Versa Networks4.8
Aryaka2.5
VeloCloud4.7
HPE Aruba3
Citrix4
Cato Networks5
Resources and Downloadable Content

IT decision makers are challenged to research the SD WAN and SASE security market. Netify vendor and service provider briefings offer clarity with actionable, objective insight into the top 10 Gartner rated solutions. Our research data is backed by proprietary data to help you make better decisions.

Chart

SASE Market Worth

(Projected)

Billion $ USD
2021$1.2
2026$4.1
Netify is the first dedicated global SD WAN & SASE comparison marketplace.

List Your Business

Netify Forbes member logo

For Global IT Decision Makers

The Global SD WAN & Cybersecurity Playbook

Download our vendor and managed service provider guide to the top 10 SD WAN & top 10 SASE cybersecurity solutions for Global companies.