The Top SD-WAN Providers 2023
Cato Networks, Aryaka, Versa
The Top SD-WAN Providers 2023
CATO networks, Aryaka, Cisco, Fortinet, Versa, VMWARE
SASE Matrix: Technologies link to provider's VMware SD-WAN Provider Aryaka Cato Networks Cisco Meraki Cisco SD-WAN + Umbrella Fortinet Pathnder prole (VeloCloud) Standalone SD-WAN Standalone SD-WAN Standalone SD-WAN S Standalone SD-WAN Standalone SD-WAN capabilities the product Product Offerings Standalone SSE Standalone SD-WAN Standalone SSE Standalone SSE can deliver standalone Standalone SSE Standalone SASE Standalone SASE Standalone SASE Standalone SASE SD-WAN 2022: Not SD-WAN 2022: Not placement within SD-WAN 2022: Leaders SD-WAN 2022: Leaders SD-WAN 2022: Leaders SD-WAN 2022: Leaders SD Ranked Ranked Gartner Magic Quadrant Gartner's Magic Quadrant for the industry SSE 2023: Challengers SSE 2023: Challengers SSE 2023: Not Ranked SSE 2023: Not Ranked S SSE 2023: Not Ranked SSE 2023: Not Ranked edge-based = only edge 1,000+ global, public 80+ global POPs for cloud, devices; gateways = gateways for internet and internet, and site-to-site hosted, used for Internet 40+ global POPs for site- edge-based edge-based cloud trafc. Some trafc. Regional site-to- SD-WAN Architecture and cloud; POPs = hosted, to-site and cloud-based edge-based providers have built out site trafc can go directly often used for site-to-site, trafc may vary by provider may vary by provider their own gateways, and m from one Socket to as well as cloud, connected may offer their own another. by middle mile private middle mile. Is the solution purely 80+ global POPs for cloud, edge-based, or are there internet, and site-to-site Aryaka offers a subset of edge-based ed also POPs or gateways to trafc. Regional site-to- cloud-based with over 100 SSE Architecture SSE features in their global n/a 35+ global SSE gateways bas consider? If there are site trafc can go directly global SSE gateways POPs. may vary by provider POPs or gateways, how from one Socket to many, and where? another. offers middle-mile network that connects SD- Network Backbone yes yes no yes no no no WAN POPs and optimizes long-haul trafc What are the supported physical (vEdge, ISR, ASR), "physical; virtual physical; virtual (Citrix, phy deployment options for virtual (VMware, Hyper-V, (VMware, KVM); cloud physical; virtual (VMware); physical; cloud (AWS, Hyper-V, KVM, VMware, Hy Form Factor (SD-WAN) your SD-WAN appliance physical KVM), cloud (AWS, Azure) (AWS, Azure) cloud (AWS, Azure) Azure, GCP, Alibaba) Xen); cloud (Alibaba, AWS, AW (e.g., physical, virtual, Azure, GCP, Oracle) cloud, uCPE)? may vary by provider may vary by provider" Is an appliance required physical; virtual (Citrix, phy for Security functionality? Hyper-V, KVM, VMware, H Form Factor (Security) If so, which Form Factors no (cloud-based) no (cloud-based) physical no (appliance required) no (appliance required) Xen); cloud (Alibaba, AWS, c are supported (e.g., Azure, GCP, Oracle) Az physical or virtual)? maximum amount of Max Throughput per trafc/throughput 1G 5G 2G 20G+ 20G+ 10G Device supported on each SD- WAN edge device SaaS: 8x8 signicant related Partnerships & Add-on Cloud: Azure Virtual Security: Check Point, technology or provider Security: SentinelOne none none Services Security: Check Point, WAN, GCP Palo Alto, Zscaler, Fortinet partnerships Palo Alto, Zscaler provider's ability to P Can deploy Palo Alto and Check Point, Palo Alto, and support various other Fo uCPE & VNFs Check Point rewalls onto no no no no Fortinet rewalls can run virtual network functions Th Aryaka devices. on VeloCloud devices. on the edge device S some devices can terminate LTE circuits Yes, via SIM and MX67C or directly via SIM card slots; Included in select devices. MX68CW devices. Via yes, SIM card slot on select yes (SIM card on vEdge LTE Termination if that’s not an option, a no roadmap Others require a separate ye USB air card on other models 510LTE device) USB modem or separate LTE modem. devices. LTE extender device is required Cisco Cloud On-Ramp Aw if and how the solution includes access and Yes; VeloCloud has 1,000+ s measures application cloud apps can ride Cato dynamic path selection to shared gateways for path Cloud App Path Selection performance and makes yes (via 40+ global POPs) backbone end-to-end and no Ofce365, Google, Box, no optimization. Providers boo decisions for hosted apps, egress at optimal POP Salesforce, Dropbox, can build out their own to d such as SaaS Zendesk, Amazon, and gateways as well. to AWS. when deployed inline with router, if device goes Fail to Wire down, it becomes a dumb yes no no no no no wire that still passes trafc through it ability to send packets (i.e. yes; can set on a per- yes; on a per-application Packet Duplication voice) on both links to yes no yes yes application basis basis ensure quality ability to send parity packets that help to yes; on a per-application Forward Error Correction reconstitute lost packets yes; enabled by default no no yes yes basis and improve performance of real-time apps like voice Ability to VPN to your SD- WAN solution using a third-party device. yes (via gateways, not VPN Tunnels Existing investments can yes yes yes no yes edge devices) often be leveraged while phasing the network to the new solution or over time.
WAN Optimization uses data caching, yes (add-on to Cisco deduplication, yes (available on select WAN Optimization yes limited (TCP optimization) no hardware; not available on no compression, and more to devices) vEdge) increase efciency of WAN trafc. A CDN is a group of dispersed servers that Content Delivery work together to provide yes no no no no no Network (CDN) fast delivery of internet content. CASB is a software that monitors all activity to Cloud Access Security cloud applications and no yes (proprietary) no yes (proprietary) yes (proprietary) yes (proprietary) Broker (CASB) enforces security policies on trafc destined for the cloud. SWG protects users from Secure Web Gateway web-based threats and yes yes (proprietary) no yes (proprietary) yes (proprietary) yes (proprietary) (SWG) blocks access to inappropriate content. ZTNA (Zero Trust Network Access) / VPN (Virtual Private Network) Remote Client / VPN: yes Remote Client / VPN: yes Remote Client / VPN: yes Remote Client / VPN: yes Re Remote Client / VPN: yes Remote Client / VPN: yes is a software client that (proprietary) (proprietary) (proprietary) (proprietary) ZTNA / VPN provides secure access for ZTNA: no ZTNA: no users anywhere, ideally ZTNA: yes (proprietary) ZTNA: yes (proprietary) ZTNA: yes (proprietary) ZTNA: yes (proprietary) ZT only to requisite IT resources. basic = zones-based, stateful, layer 7; advanced basic on Viptela hardware; basic; advanced via basic; advanced with SSE Firewall = next-gen, with anti- advanced advanced advanced on Cisco advanced partners add-on malware, IDS, IPS, content hardware ltering, sandbox RBI is a web security solution designed to Remote Browser Isolation protect users from no yes no no yes (proprietary) yes (proprietary) (RBI) internet-borne threats via web browser (i.e. Chrome, Edge, Firefox). Gateways allow a customer to optimize their global core network to Can put Viptela on Cisco Includes advanced trafc to cloud and SaaS ne solve for middle mile global core network; Routers or vEdge devices security in the device and applications; smaller next-gen rewall; single issues; WAN optimization single-vendor, unied or Cisco ENCS (Cisco optional add ons. Some devices have Wi-Fi access unique features of the pane of glass for other Differentiators built in; Last Mile Services SASE solution; network uCPE platform), ISR vendors have built out points; NFV allows for technology features: Wi-Fi, switching, pro including circuit and remote access; last routers can handle T1 Fortinet gateways or integrated security on the security cameras so procurement and mile management Handoffs (non-ethernet POPs. Supports LTE SD-WAN edge; integration management based). natively in some devices. with other VMware network intelligence products (AIOps).