E-Handbook: SD-branch devices promise network, security benefits Article 4 of 4



The convergence of networking and security at the edge

Networking and security are converging with offerings like SD-WAN and SD-branch. But enterprises and vendors must overcome IT silos that delay innovation and decision-making.

Advances in software virtualization and the migration of intelligence to the cloud are driving the convergence of networking and security functionality at the network edge.

The software-defined branch (SD-branch) model provides an example of how IT organizations can consume a product or service at the branch edge, including a range of WAN, LAN and network security functions. Despite this trend, IT organizations should be cautious about deploying converged network and security offerings for complex requirements.

Networking and network security remain highly specialized with multiple market categories and suppliers. Most converged offerings, such as SD-branch, have functionality that is strong in one area -- like Wi-Fi, software-defined WAN (SD-WAN) or firewalls -- but weak in others. Literally dozens of suppliers are available for converged offerings -- none with a commanding lead in technology -- so it will take years for clear leaders to emerge.

Technology and service delivery models remain in flux among appliances, software and cloud intelligence. To truly offer IT customers flexibility and customization, vendors will need to further develop their ecosystem of technology partners among LAN, WAN and security suppliers. Channel organizations -- including communications service providers, managed service providers and systems integrators -- will need training and experience with delivering converged edge offerings as a service.

IT trends driving network and security convergence

IT organizations are rethinking their edge network and security architectures. With cloud and SaaS applications leading the way, traffic now flows from the branch to the cloud, not to an organization's central data center.

The complexity and diversity of organizational requirements for network and security at the edge are challenging for any single supplier to deliver.

IoT and other edge computing applications require intelligence and rapid performance, which best fit with a distributed IT model. The lack of a security perimeter means network security intelligence needs to be deployed at the edge and use cloud-based intelligence to meet the evolving threat environment.

Networking at the edge

Advances in network software with cloud-based intelligence have enabled new network edge offerings that are quick to deploy, scalable, flexible and simple to manage. This innovation is most notable in the highly dynamic SD-WAN market, which has dozens of suppliers, a highly fragmented market share and no dominant supplier. The network edge -- including Wi-Fi, SD-WAN and SD-branch -- will continue to see innovation in terms of breadth of functionality, cloud-based intelligence, native security functionality and security partnerships.

Innovative SD-WAN suppliers include Aryaka, Cisco, CloudGenix, Hewlett Packard Enterprise (HPE) Aruba Networks, Oracle, Riverbed, Versa Networks and VMware.

Key network security trends

Most IT organizations use an in-depth defense strategy with multiple network security elements at various points in their architecture, often with multiple suppliers. Network security intelligence is moving to the cloud -- i.e., cloud access security brokers -- and as-a-service offerings are growing rapidly. Many network security suppliers have started to add basic routing and SD-WAN features to their products.

network security elements
These areas make up the essential and emerging elements of network security, but converging them can be tricky.

Network security has dozens of suppliers, many specialized offerings and a highly distributed market share with no dominant vendor. Network security encompasses a wide array of functionality across eight distinct segments. This makes it difficult for IT and security teams to agree to consolidate network security designs around a single supplier.

Read more about the different segments of network security.

Innovative network security suppliers include Cisco, Fortinet, Palo Alto Networks, Privafy, Tempered Networks and VMware.


SD-branch combines LAN, Wi-Fi, SD-WAN, routing and security functionality in an integrated offering. During 2020, SD-branch vendors will improve their SD-branch options by providing better functional integration between technology elements -- e.g., LAN and WAN -- and offering IT end-to-end quality of service, security policies and unified management.

Read more about SD-branch developments in 2020.

Innovative SD-branch suppliers include Cisco, Fortinet, HPE Aruba and Versa Networks.

IT and security organizational silos impede progress

Small and midsize organizations can rapidly adopt converged network and security offerings, especially in an as-a-service model. Large organizations with distinct IT and security teams will be challenged to migrate to a converged model.

Organizational silos have long deterred data center convergence among network, compute, storage and security. Dedicated security teams with their specified requirements and favorite suppliers are unlikely to approve new comprehensive edge security offerings, especially from network suppliers. Network teams will remain skeptical about network security suppliers' ability to meet their sophisticated LAN and WAN requirements.

The concept of network and security convergence is currently in vogue among suppliers in response to changing IT requirements. The new requirements to secure and accelerate cloud-based applications, deploy IoT and meet edge security threats are real.

The complexity and diversity of organizational requirements for network and security at the edge are challenging for any single supplier to deliver. The sheer number of incumbent LAN, WAN and network security suppliers in larger organizations results in difficult technological evaluations. And the real divide between IT and security teams will delay strategic decision-making.

Lean IT organizations are starting to deploy converged network and security products in the form of SD-branch and as-a-service offerings for greenfield deployments, architectural refresh projects and agile branch locations. The broader migration to converged network and security at the edge will take three to five years -- or longer -- for other IT deployments.

Next Steps

How SASE architecture integrates with network infrastructure

NetSecOps best practices for network engineers

Dig Deeper on Network security

Unified Communications
Mobile Computing
Data Center