In today’s fast-paced digital landscape, having a robust and efficient SD-WAN to connect your sites, data centers, Azure, AWS and GCP is more than a luxury—it’s a necessity. Many businesses deployed their first SD-WAN a decade ago and realized initial benefits. But as the years have passed, technology has continued to advance, and a number of vendors have been acquired or exited the market. How do you know when it’s time to upgrade or replace your legacy SD-WAN solution?
In this post, we’re going to dive into the telltale signs that it’s time to consider a new SD-WAN. We’ll explore the key indicators that your current SD-WAN solution or vendor might be falling short, and why it’s time to switch.
-
Your SD-WAN vendor is no longer innovating
If your SD-WAN vendor was acquired in the past few years, you might be in for some rough times. Most of the large technology acquirers in the industry focus on building a portfolio of solutions to maximize their “share of wallet”, but they often struggle with product innovation, integration, and team retention. They operate like private equity firms, slashing costs like crazy and chasing payback and increased market value, instead of continuing to invest in innovation. Even the best-intentioned acquirers still need to “rationalize” (eg. reduce) R&D costs, customer support, and channel programs to justify their acquisitions. These changes can mess up the vibe and spirit of the company that built the products, and many teams lose their best people who leave for higher salaries and more challenging or cutting-edge work. Plus, as acquirers skimp on research and development or consolidate customer support, say goodbye to tech advancements, timely product updates and skilled technical support. But maybe this time its different…
-
You need more powerful security capabilities in your SD-WAN
Back in the day, when SD-WAN was new, most of the vendors were focused on delivering a reliable, functional SD-WAN point product. This left customers scrambling to stitch together their own “bespoke” security stack, including stateful and next-gen firewalls, SSL proxy, IPS/IDS, antivirus/anti-malware, and sandboxing/advanced threat protection. Bolting these security products onto an SD-WAN deployment often created a complex network that required Internet-bound traffic to be routed through a central firewall – impacting user experience. The name of the game for SD-WAN today is simplification through solution consolidation, including a robust perimeter security stack, robust routing, and unified policy management, all in a single integrated solution. If your SD-WAN vendor STILL has not delivered natively-integrated security and routing with your SD-WAN solution, maybe its time to look around.
-
Your vendor is forcing you into expensive upgrades or extended support
There is a long and sordid history of vendor lock-in with forced hardware and software upgrades in the SD-WAN space. Customers get entangled in a web of proprietary technology that’s difficult and costly to escape, as they find themselves handcuffed to a single vendor’s ecosystem with every network upgrade or expansion becoming a pricey toll gate. Stories abound about forced upgrades, planned obsolescence, and additional fees for extending hardware or software support. And as the economy starts to slow down, and hardware-centric vendors start to see their orders slow, be on the lookout for “exciting” new (proprietary) hardware announcements. If you see the next round of forced upgrades coming, maybe it’s time to look around at alternative vendors.
-
Your SD-WAN continues to get hit with security vulnerabilities
The business cost of security incidents and vulnerability remediation is significant. Over the past two years, vulnerabilities have been announced for SD-WAN products from several vendors, including a number of flaws that could be chained for remote code execution:
- directory traversal issues leading to SSH key extraction,
- shell injection vulnerabilities,
- privilege escalation bugs,
- authentication bypass issues,
- backdoor, SQL injection, and file inclusion weaknesses
These vulnerabilities highlight the ongoing security challenges in the SD-WAN market, and reinforce the need for continuous vigilance and timely updates in network security management. If your SD-WAN vendor is experiencing vulnerabilities, it might be worthwhile looking at alternatives.
-
Your vendor gave you their SD-WAN product for ‘free’
A few large networking or security companies have historically given away their SD-WAN solution for “free”, as part of their broader product suite. Threatened by competitors encroaching into their cash cow business, they use the SD-WAN as a “loss leader” by bundling it into the purchase/renewal of their core products, making the SD-WAN solution look free. BUT “free” is not always free, and can eventually hurt the business. A sub-par SD-WAN solution can end up being less reliable, less flexible, and more expensive – you may need to cut corners in design, or take longer to roll it out, or hire more people to run it. Unfortunately for those that need to deploy and operate these solutions, senior executives and procurement teams sometimes only look at the “free” message, and don’t necessarily understand the true lifecycle challenges of running these simplistic or poorly designed products. So if your network is built on the sub-par foundation of a “free” SD-WAN, you may want to take a look at alternative solutions.
-
Your vendor forgets about the ticking time bomb of expiring certs
The little things matter – when one vendor’s cryptographic certificates expired, it was like a digital time bomb detonating across their customers’ networks. And turning the equipment off and back on again only made things worse. This oversight led to widespread outages, throwing businesses into chaos as critical network infrastructure suddenly became unresponsive. If your gateway was bricked by an expired hardware cert, maybe its time for you to look for another SD-WAN solution.
-
Your SD-WAN does not offer Zero Trust
Zero Trust is widely considered to be the future of security, but today it’s only used to protect remote workers. As hybrid work grows and people return to the office, many users and security teams are asking if they can use Zero Trust for their branch offices and campus sites as well. Here’s the problem – most Zero Trust solutions today are cloud delivered. So when users come to the office, private application traffic is sent to a cloud security gateway, only the be “hair-pinned” back to the enterprise data center or cloud. This impacts user experience. In a unified Zero Trust solution, the SD-WAN appliances can perform double-duty as on-premises zero-trust enforcement devices, to ensure a high quality user experience. So if your current SD-WAN is not providing you with a path to Zero Trust deployment across your entire enterprise, then maybe it’s time for you to look for another solution…
-
Your SD-WAN has limited automation and observability, and is way behind on AI.
Managing your network without real-time insights is like driving a car blindfolded. Without real time information about the state of network, administrators are not able to address critical performance issues quickly enough, leading to network bottlenecks and downtime that can cripple business operations. And legacy SD-WAN solutions that lack automation and advanced AIOps capabilities leave network administrators in a constant fire fight, reacting to critical issues at all hours and manually tweaking and troubleshooting the network, a process as time-consuming as it is error-prone. In a world where network agility and intelligence are paramount, clinging to these antiquated systems is a recipe for inefficiency and potential disaster. Maybe its time to look for an alternative SD-WAN solution…
-
Your SD-WAN lacks support for IoT devices.
With the rapid expansion of IoT in various sectors like healthcare, manufacturing, retail, and smart cities, the need to effectively manage and secure these devices has become crucial. IoT devices are often seen as vulnerable points in a network due to inconsistent security features and firmware updates. Networks can become highly complex due to the sheer number of connected IoT devices, and with the volume of data being transmitted. Because of these challenges, many organizations either bolt on external IoT security products, or stand up completely separate IoT network infrastructure, which is expensive and resource-intensive.
SD-WAN solutions should be able to help with this challenge, but not all SD-WAN are equal. The level of integration, security, and management capabilities can differ significantly. Ask your vendor if they support advanced IoT capabilities like
- IoT device discovery and SCADA protocol recognition
- IoT device fingerprinting to identify and group devices
- IoT-based traffic control, QoS, and analytics
- AI-based behavioral analysis to identify anomalous behavior and compromised devices
- the ability to run IoT networks on existing infrastructure using multi-tenancy and adaptive micro-segmentation
Of course, you should also look for a single point of management and visibility across your entire network, including OT and IoT networks. If your current vendor can’t provide you these capabilities, it might be time to look around.
-
Your SD-WAN struggles to support high latency/low bandwidth media like 5G and satellite
New network connectivity alternatives like 5G wireless and LEO/MEO/GEO satellite networks are becoming more available, performant, and cost effective. They promise to deliver high bandwidth connectivity in remote areas where traditional alternatives are scarce, ensuring global coverage and essential redundancy, serving as backups to terrestrial links, and even offering high-performance primary connectivity in the case of LEO satellite connections. SD-WAN offers a tremendous opportunity for organizations to start taking advantage of these cost and performance benefits. But to do this, some new tools and innovations are needed. So check to see if your SD-WAN offers advanced connectivity-enabling capabilities like
If it does not, then maybe you should see what else is out there.
-
Your SD-WAN doesn’t offer a path to convergence and Unified SASE
Enterprise network and security teams are worn out from “bolting together” multiple point products into a complete solution that securely connects users and sites to apps and data. Integrating and maintaining SD-WAN, firewall, and SSE products can be challenging, involving sophisticated API-level integrations, firewall gymnastics, different application identification engines, multiple management consoles and data lakes, different policy engines and policy languages, and tons of IPSec tunnels between solutions. But there is a better way!>
A “Unified SASE” solution promises a single platform for SD-WAN, routing, firewall, SSE, and data lake, all managed through a single pane of glass. Security and network policies are centrally defined, and consistently applied at the SSE gateway, WAN edge, and cloud. Multi-tenancy is easy, and connectivity to Azure, AWS and GCP is elegantly supported. Rather than building lots of IPSec tunnels, cloud resources and SSE gateways participate in the SD-WAN overlay and multi-tenancy. Note that this vision is different than “single vendor” SASE, where a vendor may have bolted together disparate SD-WAN, firewall and SSE products under a single “badge”. Even if your vendor offers a “single pane of glass” management, it’s often still multiple different data planes.
If your goal is to evolve to a converged networking and security infrastructure, then ask your vendor if they can deliver a truly UNIFIED SASE platform. If you get a blank stare, maybe its time to look at other solutions.
As you see the refresh date for your SD-WAN deployment approaching, you should think about whether you’re getting what you need from your platform. If you feel that your legacy SD-WAN meets any of the criteria listed above, it may be time for you to look for your “next generation” SD-WAN solution. There are definitely some good products on the market – we of course feel partial to Versa Secure SD-WAN, but at the end of the day you need to find the solution that fits your requirements, resources and budget. Good luck!
