Industry Trends

MSSPs: Disrupting the SD-WAN Market for Fun and Profit

By Stephan Tallent | May 11, 2018

The software-defined wide area network (SD-WAN) market is currently exhibiting all the symptoms of hyper growth, expanding from a global total addressable market (TAM) of $225 million in 2015, to $1.9 billion in 2017, and quadrupling to $8.05 billion by 2021 according to market research firm IDC. But the SD-WAN business is not only growing. It also a catalyst of a stunning market leadership disruption as the baton passes from old-line telecommunications service providers to managed security service providers (MSSPs).

But first some background. One way to look at SD-WAN is as an improved Internet capable of delivering quality service (QoS) sufficient to support reliable and time-bounded application delivery, virtual private network, voice over Internet protocol (VOIP), data access, and other services that the latencies, packet losses, and jitter of the standard Internet make very difficult to provide.

However, when you review the different recommendations around SD-WAN requirements from analysts and other technology experts, security is often missing from the bill of requirements. Even though SD-WAN communications are encrypted and can support VPN services, that’s just the tip of the iceberg when it comes to protecting critical data moving between different network devices, domains, and ecosystems. Without robust security integrated into SD-WAN services, customers who buy SD-WAN are also buying a mystery grab bag of unknown vulnerabilities. This is clearly unacceptable given today’s threat and business risk environments.

SD-WAN+Security or Secure SD-WAN?

But of its inherent lack of integrated security, SD-WAN service providers often offer security functionality as an extra-cost option delivered on top of their SD-WAN services. Unfortunately, enterprises soon discover that instead of paying to support one infrastructure—SD-WAN—they now pay for two—SD-WAN plus a third party-sourced parallel security infrastructure. Furthermore, because add-on security costs include the amortized value of the vendor’s security hardware, operations, and maintenance, as well as the unexpected complexities of managing two multivendor infrastructures that may or may not talk to each other all that well, a secure SD-WAN solution is often far more expensive than it may seem at first glance.

All of that is about to change. Recent upgrades to a number of Fortinet products and capabilities, including FortiOS 6.0, now make it possible to deliver carrier-grade SD-WAN services and functionalities through your existing cybersecurity infrastructure at minimal added cost. This advance is a serious market disruptor.

No task-focused SD-WAN services vendor is required. No dedicated SD-WAN hardware or software is needed. Plus, customers and/or service providers can now see and manage both cybersecurity and SD-WAN functions from a single console. In short, Fortinet has transformed SD-WAN from an insecure extra-cost premium service to a standard feature provisioned and managed from your existing cybersecurity infrastructure. We call it Fortinet Secure SD-WAN.

Enabling Technologies and Products

Three currently shipping Fortinet offerings now work together to provide Secure SD-WAN services for customer- or MSSP-managed infrastructures:

FortiGate Next Generation Firewalls (NGFW). FortiGate NGFWs can deliver SD-WAN services, along with their already outstanding security functionalities, through their programmable, software-defined architecture. FortiGate NGFWs integrate both network and security paths across the Internet at scales ranging from the local to the global, while delivering enterprise-grade service level agreement (SLA) standards fully capable of supporting X-as-a-Service applications functions.

FortiManager. This single-pane-of-glass solution enables automated device provisioning and universal policy management simultaneously across thousands of devices. It drastically reduces management costs, simplifies configuration, and accelerates deployment cycles through its unified policy and control console. 

FortiOS 6.0. The release of FortiOS 6.0 delivers a broad range of additional SD-WAN functionality. Enhanced capabilities include application awareness and controls for over 3,500-plus applications, as well as automatic multi-pathing and multi-broadband support. When integrated into the Fortinet Security Fabric, Fortinet’s SD-WAN delivers application prioritization for granular control of SaaS, VoIP, and other business apps, new one-touch VPN, and zero-touch deployment features that further reduce complexity to enable rapidly setting up new enterprise branches.

MSSP Opportunity of the Century

Fortinet Secure SD-WAN perfectly positions MSSPs to profit from this technology revolution as they can tell their customers that they no longer need a telecom service provider to deliver SD-WAN. An MSSP can now offer enterprise-grade Secure SD-WAN either as a low-cost add-on to security services customers are already consuming or, in greenfield situations, a “two-for-one” security-plus-SD-WAN package deal. Furthermore, by managing security and SD-WAN over a common visibility and control plane, customers benefit from improved security by reducing blind spots and cutting detection-to-remediation latencies.

Needless to say, Fortinet Secure SD-WAN arms MSSPs with an irresistible value proposition. By upending the conventional approach to providing SD-WAN services by making traditional SD-WAN service providers redundant and including security as an integral part of any SD-WAN offering rather than an add-on, Fortinet Security SD-WAN has the power to disrupt the SD-WAN marketplace just as it was getting ready to take off into the multibillion dollar stratosphere.

There’s more about secure SD-WAN than can be described in a short blog. A great place to learn more is to download the new white paper, “What Organizations Should Consider When Evaluating SD-WAN.”

Check out the latest Quarterly Threat Landscape Report for more details about recent threats. Sign up for the weekly FortiGuard intel briefs or for our FortiGuard Threat Intelligence Service.