Corporate networks are evolving, and the enterprise WAN is rapidly becoming more important than the corporate LAN. As IT infrastructure moves to the cloud and employees increasingly work remotely, organizations require networking solutions that are both high-performance and secure.
Software-defined wide area networks (SD-WAN) can provide a number of networking and security benefits to a company. However, they also have their limitations, including limited integrated monitoring capabilities.
Network Monitoring Capabilities are a Priority for SD-WAN Users
Despite the fact that many offerings integrate security functionality, SD-WAN is designed primarily as a networking tool. It provides a number of different benefits for the corporate WAN, including:
- Transport Medium Integration: SD-WAN is designed to provide an integrated interface for multiple different types of transport media, including broadband Internet, multiprotocol label switching (MPLS) circuits, and mobile networks. The SD-WAN appliance provides a single “pipe” to applications and then sends the traffic over the most suitable transport link.
- Optimized Routing: SD-WAN appliances have the ability to monitor the health and bandwidth of different routes between the appliances in an organization’s network. This enables them to select optimal routes, ensuring high performance and functionality for latency-sensitive applications.
- Application-Specific Policies: Many SD-WAN offerings have the ability to automatically identify the source application based upon its network traffic. This enables these SD-WAN solutions to apply and enforce application-specific policies to give priority to certain types of applications, route certain traffic over a particular transport medium (such as reserving MPLS bandwidth for latency-sensitive applications), and apply security policies specific to each application.
While geared toward the networking team, SD-WAN’s capabilities also bring benefits to the security team. For both teams, one of the top priorities and biggest shortcomings of traditional SD-WAN is the visibility that it provides into the traffic flowing over an organization’s WAN.
Where Native SD-WAN Monitoring Falls Short
Most SD-WAN solutions have built-in monitoring capabilities. In fact, the design of SD-WAN makes it ideally suitable for providing in-depth visibility into network traffic. SD-WAN networks are structured as a web of connections between the SD-WAN appliances. Since all traffic flows through one or more of these appliances, it is possible to gain visibility into the traffic flowing over the network at a level that is difficult to match with other WAN solutions, such as virtual private networks (VPNs).
However, many organizations feel the need to deploy an additional third-party monitoring solution for their WAN networks. The reason for this is that SD-WAN isn’t deployed for the SOC or NOC alone.
If something goes wrong with an organization’s network, it’s the job of the network engineer to figure out what is happening and to fix it. The built-in monitoring tools for SD-WAN are great at identifying that something is going wrong, and application-specific visibility means that a NOC analyst can even see when a specific application is having trouble.
However, integrated SD-WAN monitoring tools are not as effective for root cause analysis or finding out why something is messed up with the network. To diagnose and correct the problem, a network engineer requires tools and visibility not built into most SD-WAN consoles.
One of the biggest selling points of SD-WAN (and Secure SD-WAN in particular) is solution integration and the ability to eliminate third-party and standalone tools for network routing and security. However, the anaemic monitoring solutions provided within the console of an SD-WAN solution makes these tools necessary for an organization’s network engineers to do their job effectively.
SASE Eliminates the Need for Third-Party SD-WAN Monitoring Solutions
If an organization wants to eliminate this reliance on standalone solutions for network performance and security, a different networking solution is required. However, this doesn’t mean that it needs to give up the benefits derived from SD-WAN.
Secure Access Service Edge (SASE) is a next-generation WAN solution. It includes all of the capabilities of Secure SD-WAN – including all of the network routing capabilities of SD-WAN and an integrated security stack – and deploys as a cloud-based virtual appliance. This allows each SASE point of presence (PoP) to perform the same role as an SD-WAN appliance and an organization’s existing security stack.
SASE allows an organization to eliminate the need for standalone network monitoring solutions by allowing it to eliminate the need for network management altogether. Many SASE solutions are offered as a managed service, where the SASE provider is responsible for setting up, managing, and optimizing the network infrastructure that links the SASE PoPs together.
This approach to corporate WAN provides a number of different advantages. On the networking side, an organization no longer needs to manage its SD-WAN appliances and other network infrastructure and can leverage a network built of dedicated links. For the SOC, SASE’s integrated security stack and the availability of managed security services enable them to focus on protecting the enterprise rather than configuring and managing dozens of standalone security products.