Cisco Systems Embeds Security For 'No Compromise' SD-WAN

Cisco Systems is fully embedding its market-leading security stack into its SD-WAN platform to deliver a simple, open, "no compromises" solution that it says will be difficult for competitors like VMware and Silver Peak to match.

The development is a strong signal that the San Jose, Calif., networking giant sees SD-WAN as perhaps its biggest opportunity and is making that market its biggest focus in the coming year. The company announced the SD-WAN security capabilities at its Cisco Partner Summit event Tuesday in Las Vegas.

"When you look at some of the offers in the market, some say they have some security capability, but they don't have the application experience features you need," said Sachin Gupta, Cisco senior vice president of product management. "Others have the app-ex features, but not the advanced routing you need. You need advanced routing and traffic steering capabilities. What we're saying is as you adopt this new cloud edge, you need to make sure you have best-of-breed routing, best-of-breed security, best-of-breed application experience and there's no compromise. That's the only way you can deliver to your users the right application experience and the right security all the time."

The new system embeds Cisco's data center and cloud security portfolio in its Viptela and Meraki SD-WAN solutions, allowing customers to implement security in a fully automated way in branch locations.

The system does away with the multiple steps required to manage traditional distributed security solutions that can take weeks or months to set up. Gupta said Cisco can provide firewall, intrusion protection and one-click cloud security through its simple SD-WAN interface, meaning security can be deployed to "hundreds and hundreds" of branches within hours.

For Cisco partners, that capability combined with the ability to take advantage of the platform's openness and programmability represents a powerful value proposition, Gupta said.

"Everything we do in SD-WAN is open and programmable," Gupta said. "The controller, vManage, talks to the infrastructure using open APIs. Partners and customers can use the APIs on top of the SD-WAN solution to set up overlays, security policies, application experience."

Gupta said managed service providers tend to be on the front lines of using APIs in that fashion. "If I'm a partner and I want to create my own personal SD-WAN service for my customer, all of that can be done. To make it easier [Cisco] DevNet publishes APIs, shares code and training. It's all available."

Competitors like VMware and Silver Peak are nowhere near integrating all of these capabilities into their SD-WAN solutions, Gupta said.

"Each of those vendors, customers have to compromise on security, or advanced routing, or scale, or simplicity, or application experience," Gupta said. "You're not going to get the full solution suite, and you're going to get varying degrees of support for APIs. What we're saying is we're committed to a complete set of APIs so you can invoke the full power of the system. I haven't seen anybody else having a program like DevNet. We have more than 500,000 active people on DevNet. Cisco is the furthest ahead in the development community."

Cisco partners said because SD-WAN operates over the internet rather than on private connections like traditional WAN, security is integral to any SD-WAN conversation.

"Customers want the SD-WAN economics, but they don't want to make a bet on a new platform without having security embedded as part of the strategy, said Kent MacDonald, senior vice president of strategic alliances at Long View Systems, a Canadian solution provider that works with Cisco.

"Security is a great door-opener and growth area for us, and for Cisco," MacDonald said. "To extend the security value is an upside for me. Doors are opened when you talk about improving a customer's security posture, and SD-WAN is a market we anticipate good penetration with. We're gunning for growth with SD-WAN in 2019."

"We're not having SD-WAN conversations without security," said Faisal Bhutto, vice president of corporate strategy at Computex, a Houston, Texas, solution provider that works with Cisco. "Anyone looking to utilize alternative connectivity using the public internet knows that security is integral to the conversation."

Bhutto said other vendors will ultimately follow Cisco's lead when it comes to unified SD-WAN and security. "The SD-WAN conversation is a unified tech management conversation," he said. "It's not the old WAN where you talk about speeds and feeds. You can't have an SD-WAN conversation without security, and you'll see more and more convergence happening with security and SD-WAN."

Cisco is also announcing the ability to integrate SD-WAN solutions, through APIs, with Microsoft Office365 to automatically choose the best network path to take for that application. The company said the capability could result in 40 percent better performance for Office365.

The company is also launching two new pieces of gear: The ISR 1111X-8P compact fixed branch platform with integrated WiFi and LTE and the ISR 4461 scalable modular branch platform with storage and compute.