Research Manager, Enterprise Networks
Leaders
CiscoFeatured Vendor
VMware
HPE Aruba Networking
Fortinet
Palo Alto Networks
Major Players
Versa
Nokia
Huawei
Juniper Networks
Aryaka
H3C
Contenders
Barracuda
This IDC study represents a vendor assessment model called the IDC MarketScape, which is a quantitative and qualitative research assessment of vendors’ present and future offerings, for the software-defined wide area network (SD-WAN) infrastructure market. This study assesses the capability and business strategy of 12 SD-WAN infrastructure vendors. The evaluation is based on a comprehensive framework and a set of parameters expected to be most conducive to success in providing SD-WAN infrastructure solutions.
The SD-WAN infrastructure market is highly competitive and undergoing important strategic shifts. Key findings include:
SD-WAN infrastructure is a compelling technology for any organization looking to improve WAN reliability and cost, optimize network performance, and enhance user experiences for applications accessed via the WAN. IDC’s 2022 Global SD-WAN Survey of existing and prospective SD-WAN users asked respondents how much savings they expect to derive from deploying SD-WAN. The median response rate was 15.0%, but almost one-third of respondents (31.8%) said they expect to save more than 20% on WAN costs from deploying SD-WAN.
Another survey question asked what respondents believe are the most important features of a modern, enterprise-grade SD-WAN platform. Figure 2 shows the responses, with the top answers being integrated security, ability to provide robust network and application performance assurance, and integrated machine learning/artificial intelligence (ML/AI)-enhanced SD-WAN management capabilities.
All SD-WAN products featured in this IDC MarketScape have a core set of features. These include WAN routing, management of multiple WAN links (e.g., broadband, MPLS, and 4G/LTE), dynamic WAN path selection, application-based policy controls, and application steering and prioritization. Beyond these features, most SD-WAN offers on the market today include additional features such as direct connections to public clouds (IaaS and SaaS), WAN link visibility and analytics, end-user experience monitoring, zero-touch provisioning, integrated security, and cellular routing options.
Other factors SD-WAN buyers should consider are discussed in the sections that follow.
n = 1,044
Base = respondents currently use or plan to use SD-WAN technology solutions in the next two years
Source: IDC’s Software-Defined WAN (SD-WAN) Survey, November 2022
One of the most significant developments in the market in recent years has been the advancement of integrated security functionality in SD-WAN products. Security is an important part of any networking investment, but there are multiple dimensions to the trend of more integrated management of SD-WAN and security. One aspect concerns the natively integrated security capabilities offered by SD-WAN vendors. Common security features in SD-WAN products include intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and content/web/URL filtering.
A second aspect of this trend is toward secure access service edge (SASE) architectures, which combine SD-WAN with cloud-based network edge security as a service (NESaaS) tools, such as a secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA). SD-WAN customers can work with their existing SD-WAN vendor to consume NESaaS and build a SASE architecture or use a multivendor approach.
It’s important for SD-WAN buyers to consider what security capabilities they value from an SD-WAN today and into the future. As SD-WANs control connectivity from the enterprise edge across the wide area network, it’s beneficial to have on-premises or cloud-based security integrated with the SD-WAN. But IDC research shows there is a significant portion of SD-WAN buyers that continue to evaluate SD-WAN infrastructure for the networking-specific capabilities of the SD-WAN. This research focuses on the networking strategy and capabilities of SD-WAN vendors, while also taking into account integrated and partner-led security approaches of SD-WAN vendors.
Another important trend is the software-defined branch (SD-Branch), which refers to integrated management of SD-WAN with LAN/WLAN networks. SD-Branch architectures create an opportunity for enterprises to have centralized visibility, analytics, and management of their network, across the LAN/WLAN and SD-WAN. Other benefits of SD-Branch include the ability for advanced ML/AI-enhanced management and leveraging a cloud-based platform. SD-Branch is ideal for customers that want to consolidate management across their campus and branch for ease of management.
Most SD-WAN vendors offer customers various deployment options, including integrated hardware — typically a router or firewall, or both — along with virtualized versions of the SD-WAN software that can be deployed on existing infrastructure or hosted in a public IaaS cloud. Organizations also have a choice related to architectural designs of their wide area network. For example, from a multicloud access perspective, many SD-WAN vendors offer integrations with IaaS provider WANs, such as AWS Cloud WAN or Azure Virtual WAN. Many SD-WAN vendors also offer integrations with colocation vendors such as Equinix and Megaport, which provide direct connections from the colocation vendor into IaaS and SaaS clouds. Alternatively, many SD-WAN vendors are building software-defined cloud interconnect (SDCI) services that utilize a series of points of presence (POPs), usually hosted in colocation facilities, that provide access to IaaS and SaaS clouds.
Customers have a choice for the SD-WAN management platform being hosted on premises or from the cloud. Most SD-WAN vendors offer a cloud-hosted management plane, but some offer on-premises management too. Enterprises may also consider existing relationships they have with SD-WAN vendors across other product areas and what sorts of licensing discounts they may be able to receive as part of a longer-term subscription package.
Another consideration is what type of partner would organizations like to purchase SD-WAN infrastructure from. Some SD-WAN vendors have value-added resellers (VARs), others rely on communication service providers (SPs) that bundle WAN connectivity (e.g., MPLS, broadband, or cellular) with an SD-WAN service. Many managed service providers bundle and integrate the requisite underlays (transports) with an SD-WAN overlay.
Other factors enterprises should consider are what sort of visibility and analytics platforms they require from their SD-WAN vendor. Some vendors have robust platforms that monitor not just WAN link health, but application and user experiences too; others offer visibility platforms that extend into the local area network. Increasingly, visibility and analytics platforms feed data into AI/ML-enhanced SD-WAN management platforms, which can recommend ways to optimize user and application experiences or automatically fix problems that arise.
The aforementioned criteria are among the considerations enterprises should research when purchasing SD-WAN infrastructure, but some features and functions will be more important than others for individual customers. Organizations should always think about what business need they have and then consider what solution will best meet those needs.
Cisco is positioned in the Leaders category in the 2023 IDC MarketScape for worldwide SD-WAN infrastructure.
Cisco is a multinational communications company headquartered in San Jose, California, with a broad product portfolio across networking, security, collaboration, computing, application performance, and more. Cisco SD-WAN is composed of two products: Cisco Catalyst SD-WAN and Cisco Meraki SD-WAN. Cisco Catalyst SD-WAN is based on technology from the company’s 2017 acquisition of Viptela, one of the initial start-ups in the SD-WAN market. Cisco Catalyst SD-WAN is offered via both cloud and on-premises management versions. Cisco Meraki SD-WAN is a simplified, cloud-managed platform that includes zero-touch provisioning and an intuitive web interface.
Architectural principles of Cisco SD-WAN include creating secure, end-to-end virtual overlay networks that are flexible and scalable; centralized management and orchestration of globally distributed SD-WAN deployments; integrated visibility, analytics, and AIOps; multicloud optimizations; and a focus on security, including integrated security capabilities and hosted security tools, as well as integrations with third-party security tools.
Notable features of the Cisco SD-WAN portfolio include advanced multicloud access capabilities, including software-defined interconnect and cloud backbone; application experience optimization, including for Microsoft 365 and Webex; security innovations, including embedded security tools such as Umbrella and Duo; and integrations with the recently enhanced Cisco Security Cloud. The company also offers Cisco+ Secure Connect for a managed SASE offering. Other areas of recent innovation have been in AIOps, including advanced visibility and analytics capabilities — for example, in the Predictive Path Recommendations (PPR) feature. Cisco SD-WAN has deep integrations with the ThousandEyes visibility and analytics platform. Cisco SD-WAN also has an industrial IoT routing extension for extending enterprise policies to the industrial edge. The company supports hybrid work experiences via a compact form factor offering that optimizes secure connectivity.
Cisco’s approach to SD-WAN and security is multifaceted: The company offers a range of integrated security capabilities with its SD-WAN, including embedded SSL decryption, and an enterprise firewall, intrusion prevention, and URL filtering. It also offers integrations with Cisco Umbrella to provide services such as DNS layer security, secure web gateway, cloud access security broker, and a cloud-delivered firewall. Cisco SD-WAN leverages the Talos Threat Intelligence platform. In addition to native security capabilities, the company also integrates its SD-WAN with third-party security tools, including those from Zscaler, Cloudflare, Netskope, and Palo Alto Networks.
Cisco has about 48,000 SD-WAN customers across a range of customer sizes and verticals. Top verticals for Cisco SD-WAN include retail, manufacturing, professional services, financial services, and government. Cisco Catalyst SD-WAN is ideal for customers looking for a full-featured and programmable SD-WAN offering, while Cisco Meraki SD-WAN is ideal for customers that prioritize simplicity in deployment and ongoing management.
This research includes the analysis of 12 SD-WAN infrastructure vendors spanning IDC’s research coverage. This assessment is designed to evaluate the characteristics of each firm across a set of criteria broken into two major buckets: current and future capabilities of the SD-WAN infrastructure and current and future strategy of the SD-WAN infrastructure offering.
IDC used a variety of primary research methods to produce this document including interviews with vendors and customers, a detailed questionnaire all vendors completed, and detailed product briefings from each vendor. This evaluation should not be considered a final judgment of firms to consider for a project, however. An enterprise’s specific objectives and requirements will play a significant role in determining which firms should be considered as potential candidates for an engagement.
For inclusion in this IDC MarketScape, vendors had to:
This document also includes a profile of three companies in the Vendors to Watch section. These companies did not meet our criteria for full inclusion in the research but are important SD-WAN infrastructure vendors in the market today.
For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies.
Positioning on the y-axis reflects the vendor’s current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today. Under this category, IDC analysts look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market.
Positioning on the x-axis, or strategies axis, indicates how well the vendor’s future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-to- market plans for the next three to five years.
The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed.
IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor’s characteristics, behavior, and capability.
IDC’s definition for software-defined wide area network (SD-WAN) infrastructure encompasses the hardware and software infrastructure products offered commercially by vendors.
SD-WAN provides automated management of hybrid WANs, defined as at least two WAN connections from each branch office leveraging two or more underlying transport networks (e.g., MPLS, broadband internet, 4G/LTE/5G).
SD-WAN includes a centralized, application-based policy controller; a software overlay that abstracts underlying networks; analytics and/or telemetry for application and network visibility; and an optional SD-WAN forwarder (routing capability). Together, these provide an intelligent path selection across WAN links, based on the application policies defined on the controller.
Accordingly, SD-WAN software and hardware infrastructure includes the following:
As such, the SD-WAN infrastructure addressed in this IDC MarketScape excludes the following: