How to take SASE from a buzzword to a plan

Whether you are talking to your leadership or external auditors, it’s always best to be able to explain that your cybersecurity program is based on a framework utilizing industry best practices.

SASE

A recent framework by Gartner is one that I recommend having as part of your toolkit: Secure Access Service Edge (SASE), as outlined in their November 2019 “The Future of Network Security is in the Cloud” report.

The idea was to develop a single strategy that combined both perform (network architecture) and protect (security) functions under one cloud-based service provider platform.

I think this captured a trend that was prevalent across major enterprises – the move to vendor consolidation. In my experience working with peers of Fortune 500 enterprises, they can have over 100 security vendors, which creates a nightmare when attempting to manage and correlate them into a single risk profile.

The SASE framework is in line with vendor rationalization and the trend to reduce complexity, while also increasing visibility and ease of management. This is not a solution for your entire program, as it is currently designed to focus on protecting the company and employees.

Additionally, it is focused on the edge, so you would need platforms for areas like endpoint protection and network / incident response. The days of picking the best tool for each problem is ending and this trend of moving away from best athlete to best teammate reminds me of this quote by Michael Jordan, “Talent wins games, but teamwork and intelligence win championships.”

I also like the fact that SASE encompasses both perform and protect functions as I have scar tissue from when I had designed my security environment. I discovered some of the applications I needed to protect were moving to a cloud infrastructure. SASE ensures that both teams are talking to each other. This is key because if 2020 has taught us anything, it is that we need to be flexible and rapidly adapt to changing business models. That requires tightly integrated strategies.

While SASE outlines several tools that can be used to combine perform and protect functions on a single platform, it doesn’t have a single recommended solution. Instead, it talks about what could be used for different business models. It also highlights that no single vendor has all the tools you need. Finally, Gartner acknowledges that this will be a journey as many of the tools will already be part of your environment, so it will take time to migrate onto fewer platforms.

As we look at building a strategy, the first challenge is to define your “edge”. For some companies their edge is their data center. Still, for others it is their cloud infrastructure. Realistically, for most large enterprise environments, it will be hybrid and potentially multi-could.

For performance, the SASE report lists capabilities like SD-WAN and CDNs. When thinking about your SASE strategy you should think about where you have your interface with employees / users and where your security controls are integrated. As always, analyze both current and future state.

Once you have an edge in mind, it’s time to decide on your perform capabilities and the Network as a Service (NaaS) tools that are core to your strategy. Next comes locking in protect capabilities, and the Network Security as a Service (NSaaS) tools you want to focus on. Finally, you must look at what features are critical for your business model that were not included in Gartner’s report, for example securing your JavaScript environment based on the recent Magecart form-skimming attacks.

Let’s start by listing the different NaaS tools:

  • Content Delivery Network (CDN)
  • Software Defined – Wide Area Network (SD-WAN)
  • Carriers
  • Wide Area Network (WAN) Optimization
  • Network as a Service
  • Bandwidth Aggregators
  • Networking Vendors

Depending on your end state goal, you will need to focus on different capabilities. If you are trying to move to a borderless architecture, you will focus on CDN. If you are looking to stay with branches and remote workers leveraging a main office, you will focus on SD-WAN. Software as a Service (SaaS) will most likely be part of either of these approaches.

Additionally, each of these will need to have their own evaluation criteria. For example, with CDN you would want to focus on factors like location/number of POPs and peering relationships, ability to scale, international presence, and capabilities based on your business needs like image management, caching at edge and route optimization/acceleration.

Next, let’s review the security tools mentioned throughout the report:

  • Zero Trust Network Access (ZTNA)
  • Cloud Access Security Broker (CASB)
  • Secure Web Gateway (SWG)
  • Web Application and API Protection as a Service (WAAPaaS)
  • Domain Name System (DNS) security and protection
  • Data Loss Prevention/Protection (DLP)
  • Security Network Security
  • Virtual Private Network (VPN)
  • Firewall as a Service (FWaaS)
  • Intrusion Prevention System (IPS)
  • Software-Defined Perimeter (SDP)
  • Remote Browser Isolation (RBI)
  • Sandbox

There are a lot of capabilities here and unlike the network section many large enterprise environments will need all of them. Many of these are combined today such as SWG that have DLP and sandboxing.

Like networking, you will need to have evaluation criteria for these, such as: do they have consolidated agents, do they integrate with your Security Information and Event Management (SIEM) and do they offer services like engineering support? Also don’t be limited by this list as countering threats like Magecart were not included in the report.

Now that you have some idea on what you will need, you will need to conduct an internal review to determine your current capabilities and gaps. This should include measuring the maturity of your tools and quantifying your technical debt (i.e., tools that have been customized and can’t be updated).

With both end state and current situation in mind, it’s time to map out a strategy. As we mentioned before, this will be a journey, so it will be a multi-phased project. On the security side, a generic prioritization would look like:

  • Establish ZTNA (most companies will start with use cases like external partners, Mergers & Acquisitions or access to most sensitive information)
  • CASB (this depends on how heavily dependent you are and how much critical data is on SaaS systems)
  • SWG (we need to protect outbound traffic from employees going to phishing sites or malware command and control systems phoning home)
  • DDoS and DNS protection (DDoS and Ransom/Extortion DoS threat actors are becoming more active)
  • FWaaS and WAAPaaS (while this should top the list, most companies have something in place so they would transition as part of the normal contract life cycle)

Generally, you will find that many of the other capabilities listed are part of these controls
Each company will need to customize their strategy based on their risks and capabilities of their current security controls.

Here are some factors to consider including in your broader evaluation criteria. Do they support a multi-tenant model? Do they address compliance issues across all the geographic areas you operate in? What is the level of effort to both deploy and operate the platform? What services do they support? How likely are they to be around in 5 to 10 years? Do they have a history of delivering on their roadmaps?

As you build out your business case some of the benefits of combining both protection and performance in one vendor platform include:

  • Reduction in complexity and costs though vendor consolidation
  • Increasing situational awareness though a single threat portal
  • Moving to latest generation of protections designed for your edge
  • Simplifying vendor management, while improving compliance
  • Preventing engineer bloat, while optimizing capabilities
  • Reducing latency and improving user experience by executing at the edge
  • Enable new digital business scenarios though greater flexibility and resiliency

There are some risks. The most common concern is “all my eggs in one basket”. This is what has driven us to environments that have so much complexity and cost that companies are reversing their approach. Another is around the amount of turmoil in the market with acquisitions and capabilities that are new to market. Finally, the issue of determining when it is the right time to move to a platform with nobody today offering all the capabilities needed. My only caution is beware of analysis paralysis.

In summary: SASE is a powerful tool that you should consider adding to your toolbox. It will provide you the framework to define your edge and integrate, perform and protect controls into one platform. We have looked at the journey and outlined some evaluation criteria. Finally, we looked at some of the benefits and risks for your business case.

I strongly believe that complexity is the enemy of security – this tool will help you eliminate it while improving user/employee experience.

Worldwide SD-WAN market to reach $43 billion by 2030

Due to the rising adoption of IoT and the growing utilization of big data, the valuation of the global SD-WAN market is predicted to increase from $1.4 billion to $43 billion from 2019 to 2030. Further, the market will demonstrate a CAGR of 38.6% between 2020 and 2030, according to ResearchAndMarkets.

worldwide SD-WAN market

Big data and IoT help businesses in monitoring the utilization of their products by consumers and gaining valuable insights from the analysis of this information, offering a customized customer experience, and tracking their various operations. Additionally, the adoption of these technologies allows the real-time monitoring of company assets.

As the big data and IoT technologies bring them a host of numerous challenges such as data handling and management, security concerns, data privacy, demand for advanced technical expertise and knowledge, and high implementation costs, the rising integration of these technologies is massively boosting the progress of the SD-WAN market.

SD-WAN effectively resolves these issues with the help of risk minimization, centralized management and control, and zero-touch provisioning.

In addition to this, SD-WAN solutions simplify device and network security management, provide deep visibility into network performance, which allows the IT professionals to easily detect network problems and security threats, and integrate application filters, firewalls, and UTM functionality.

The pandemic severely affecting the progress of the SD-WAN market

The current COVID-19 crisis is severely affecting the progress of the SD-WAN market. This is because businesses operating in various sectors have had to either scale down or shut down their operations because of the lockdown initiated in several countries for controlling the spread of the virus.

Because of this reason, companies are incurring huge financial losses and are therefore, reducing their IT spending, including their expenditure on SD-WAN solutions. Moreover, as most of the employees are working remotely (from home), the requirement for advanced networking solutions is very low.

Between the solution and service categories, under the offering segment of the SD-WAN market, the former is expected to register higher revenue growth in the market in the coming years.

This is ascribed to the rapidly rising popularity of multi-cloud ecosystems, rising compliance requirements, increasing procurement of connected and IoT devices, and the growing requirement for secured network infrastructure and application optimization. These factors are fueling the adoption of SD-WAN solutions in the BFSI (banking, financial services, and insurance), healthcare, and IT & telecom sectors.

Under the deployment segment, the on-premises category recorded the highest growth in the SD-WAN market in the last few years, mainly because the SD-WAN solutions come with various security concerns.

Additionally, the on-premises deployment method helps in the management of large volumes of unstructured data. Moreover, the usage of physical devices is usually preferred for the effective management of network in the corporate sector.

The bright future of the network operations visibility category

In the future years, the network operations visibility category, based on use case, would exhibit the fastest growth in the SD-WAN market. This is credited to the rising requirement for real-time insights for resolving the issues arising in SD-WAN and making its operation hassle-free.

Historically, under the industry segment of the SD-WAN market, the IT & telecom classification had the highest share, mainly because of its rapid expansion and digitization and the high requirement for a better customer experience in this industry. In addition to this, the rising usage of mobile phones in offices, development and penetration of 5G, increasing adoption of IoT, and mushrooming utilization of big data are boosting the demand for SD-WAN solutions in the industry.

Globally, the North American SD-WAN market is currently the most prosperous one, on account of the presence of several well-established SD-WAN solution providing firms, favorable government policies for 5G adoption, quick integration of various advanced technologies, and the increasing need for simple and hassle-free networking operations in the region.

In the near future, the market will demonstrate the highest CAGR in the Asia-Pacific region. This is because of the rising investments being made in the IT sector, increasing implementation of supportive government policies for 5G, rapid digital transformation in enterprises, expanding operations of market players, and the ballooning popularity of cloud computing and connected devices in the region.

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.

vulnerabilities ESXi hypervisor

Vulnerabilities in ESXi hypervisor exploited during a hacking competition

During the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month, Xiao Wei and Tianwen Tang, two researchers from the Qihoo 360 Vulcan Team, exploited two previously unknown vulnerabilities to thoroughly compromise VMWare’s ESXi hypervisor:

  • CVE-2020-4004, deemed “critical”, is a use-after-free vulnerability in XHCI USB controller that can be used by attackers with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host
  • CVE-2020-4005, deemed “important”, is a VMX elevation-of-privilege vulnerability that can be used by attackers with privileges within the VMX process to escalate their privileges on the affected system

CVE-2020-4004 affects various versions of ESXi, but also VMware Fusion (Mac virtualization solution), VMware Workstation Player (desktop hypervisor application) and VMware Cloud Foundation (ESXi). CVE-2020-4005 affects ESXi and VMware Cloud Foundation. Most patches are already available, but those for Cloud Foundation are still pending.

Users are advised to peruse this advisory and see whether they should update their installations.

VMware SD-WAN Orchestrator vulnerabilities

VMware has also released security updates for both supported branches (3.x and 4.x) of SD-WAN Orchestrator, its enterprise solution for provisioning virtual services in the branch, the cloud, or the enterprise data center.

They fix six vulnerabilities, including SQL injection vulnerabilities, a directory traversal file execution flaw, and default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. In that last instance, the update does nothing – it’s on administrators to change the default passwords of the preconfigured accounts on SD-WAN Orchestrator before production use.

The vulnerabilities are not deemed to be critical, as attackers need to be authenticated in order to exploit them.

Nevertheless, admins have been advised to upgrade their SD-WAN Orchestrator installations to version 4.0.1, 3.4.4, or 3.3.2 P3.

Half of the vulnerabilities have been discovered and reported by Ariel Tempelhof of Realmode Labs, the other half by Christopher Schneider, Cory Billington and Nicholas Spagnola, penetration test analysts at State Farm.

There are currently no reports of these vulnerabilities being exploited in the wild.

Global WAN optimization market to reach $4.88 billion by 2027

The global wide area network optimization market size is estimated to reach $4.88 billion by 2027, registering a CAGR of 9.5% from 2020 to 2027, according to Grand View Research.

global WAN optimization market

The growing need for efficient network optimization across business organizations is the major factor in driving the market growth. Moreover, in a bid to achieve improved Quality of Service (QoS) and productivity on their existing network, companies across the globe are increasingly deploying network optimization solutions, thereby supporting the market demand.

The ongoing COVID-19 pandemic has compelled several business organizations and educational institutions to shut their operations temporarily. The closure of educational institutes has necessitated students to use virtual offerings (example – Google Classroom) for learning.

In a bid to offer a unified digital learning experience to students, universities and institutions have been forced to deploy robust network infrastructure, necessitating the need for network monitoring and thereby driving demand for wide area network (WAN) optimization solutions.

Similarly, several enterprises have allowed their employees to work from home till the pandemic is contained, thereby necessitating a reliable and effective network monitoring solution to help minimize latency in the network and deliver an agile response to employees and clients. Therefore, the COVID-19 outbreak is expected to have a positive impact on market demand.

Global WAN optimization market: Key suggestions

  • In 2019, North America accounted for a market size of $914.60, attributed to the presence of a number of large enterprises and data centers.
  • The SD-WAN optimization solution segment is estimated to witness significant growth from 2020 to 2027, owing to the rapid deployment of SD-WAN across enterprises globally. The SD-WAN helps businesses to enhance their application performance and offers an enhanced user experience.
  • Cloud-based WAN optimization solutions segment is expected to witness remarkable growth over the forecast period on the back of benefits associated in terms of accessibility offered and infrastructure cost.
  • Increasing awareness regarding cost-benefit associated with a cloud-based business model has led to the increasing adoption of cloud-based WAN optimization solutions across large, medium, and small enterprises in the Asia Pacific. Increasing adoption of cloud-based solutions, especially across verticals including IT and telecom, healthcare, and retail is expected to help the region expand at a CAGR of 10.5% over the forecast period.
  • Prominent players such as Cisco Systems; Citrix Systems; and Vmware are strategically focusing on establishing partnerships to strengthen their client base and increase overall revenue share in the market.

With the introduction of the next-generation 5G network, many businesses and service providers are investing heavily in high-speed cloud-RAN (C-RAN) and core network deployments.

While C-RAN helps service providers to reduce huge costs associated with the infrastructure, the high-speed network needs continuous monitoring to ensure operational performance through minimal downtime. Thus, imminent need to minimize the downtime and thereby improve operational performance is expected to drive demand for WAN optimization solutions among business organizations.

With the advent of edge computing and its increased adoption across industry verticals, small-scale data center establishments are on the rise. To attain optimal computation and ensure unified communication during the data exchange process between data centers, businesses are increasingly deploying WAN optimization solutions.

Moreover, the key market players are significantly focusing on partnerships and collaborations with large service providers to capture market share.

Key players in the WAN optimization market
  • Cisco Systems
  • HPE (Silver Peak)
  • Riverbed Technology
  • Citrix Systems
  • Fortinet
  • Vmware
  • Broadcom (Symantec Enterprise)
  • FatPipe Networks
  • Versa Networks
  • Exinda
  • Blue Coat System
  • Infovista Corporation
  • NTT Communications
  • Aryaka Networks
  • Circadence Corporation
  • Array Networks
  • Sangfor Technologies

SD-WAN: A key enabler for remote workforces and enhanced security

For the third year SD-WAN adoption continues to grow with an ever-increasing interest in managed and co-managed offerings to navigate through the complexities of an integrated network and security solution, Masergy reveals.

SD-WAN adoption

Single strategy

The timing of the survey during the global pandemic uncovered the challenges posed in a work-from-home environment with security and business continuity rising as top priorities.

The study analyzes responses from IT decision makers in global enterprises across a variety of industries. Findings reveal that security and network infrastructure are the top two areas of focus to ensure business continuity and enable remote work.

Converging the network and security into a single strategy is also important today, as is having a managed service provider for assistance.

SD-WAN adoption: Key findings

  • Enabling remote work and collaboration tools are now top IT investments with 44 percent of respondents prioritizing the support of their homebound workforces.
  • 64 percent of survey participants report they are investing more in network infrastructure than they did last quarter, and SD-WAN adoption trends have continued to rise with each study. This year, 56 percent of respondents said they are piloting, installing, or upgrading SD-WAN installations. In 2017, that number was 35 percent.
  • Security remains an overwhelming focus with 91 percent of survey participants expressing interest in services that converge SD-WAN and security – also known as secure access service edge (SASE) solutions.
  • Multi-cloud connectivity ranks as the top SD-WAN capability (66 percent) as IT leaders look to address the challenges of cloud application performance and communications continuity.
  • Enterprises are shifting more toward wanting a managed SD-WAN solution with 45 percent opting for a fully-managed approach, and 29 percent opting for co-managed, while just 25 percent prefer a do-it-yourself approach.

SD-WAN adoption

“With working from home emerging as the ‘new normal,’ supporting remote workers has increased the urgency with which IT departments are approaching their network, security, and cloud infrastructures,” said Becky Carr, CMO, Masergy.

“As such, it is not surprising to see the transformative impact of SD-WAN and SASE solutions become the new necessity for achieving secure remote access and reliable performance for cloud applications.”

Cisco fixes critical flaws in data center and SD-WAN solutions

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software.

Cisco data center flaws

Cisco Data Center Network Manager flaws

Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

These latest updates fix:

  • One critical authentication bypass vulnerability (CVE-2020-3382) in the solution’s REST API that could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device
  • Five high-risk flaws that could allow an authenticated, remote attacker to inject arbitrary commands on the affected device, write arbitrary files in the system with the privileges of the logged-in user, perform arbitrary actions through the REST API with administrative privileges, and interact with and use certain functions within the Cisco DCNM
  • Three medium-risk bugs (XSS, SQL injection, information disclosure)

The vulnerabilities affect various versions of the Cisco Data Center Network Manager software and their exploitability occasionally depends on how the Cisco DCNM appliances were installed. But the fixes are all included in the latest Cisco DCNM software releases: 11.4(1) and later.

The flaws were either reported by security researchers or found by Cisco during internal security testing, and there is no indication that any of them are actively exploited.

The Cisco SD-WAN Solution software flaws

Cisco SD-WAN gives users the ability to manage connectivity across their WAN from a single dashboard: the Cisco vManage console.

The company has found:

  • A critical buffer overflow vulnerability (CVE-2020-3375) affecting Cisco SD-WAN Solution software that could be exploited by sending crafted traffic to an affected device and could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user
  • A critical vulnerability (CVE-2020-3374) in the web-based management interface of Cisco SD-WAN vManage Software that could be exploited by sending crafted HTTP requests to it and could allow the attacker to access sensitive information, modify the system configuration, or impact the availability of the affected system.

Again, there is no indication that these flaws are being exploited, but Cisco urges admins to implement the security updates as soon as possible, as there are no workarounds for addressing these flaws.

Security advisories for all of the fixed flaws can be found here.

Global WAN optimization market forecast to reach $1.4 billion by 2025

The WAN optimization market is expected to grow from $1,047.1 million in 2020 to $1,446.2 million by 2025, at a Compound Annual Growth Rate (CAGR) of 6.7% during the forecast period of 2020-2025, according to ResearchAndMarkets.

WAN optimization market

Most cloud-based applications need good bandwidth and low latency for effective utilization. In large-scale WAN deployments, latency, bandwidth constraints, and packet losses are inevitable.

WAN optimization enables enterprises and service providers to save money and reduce costs with reduced bandwidth requirements and increased user efficiency by alleviating the effects of latency and distance between branch offices, data centers, and cloud.

Customer experience is a critical and important factor in this application era. Digital transformation fails to produce the desired business impact, unless application performance is protected and delivered optimally to all users.

The important challenge of IT teams of every organization is to dynamically orchestrate the performance and user experience of every application in real-time, irrespective of the size, location, and complexity of network environments, which can be solved with the help of WAN optimization solutions.

Banking, finance, and insurance to hold highest market share

Based on verticals, the banking, financial services, and insurance (BFSI) segment of the WAN optimization market is projected to hold the highest market share during the forecast period. The BFSI vertical is adopting innovative technologies, primarily due to changes in the centralized and computerized process in this vertical.

The vertical includes commercial banks, non-banking financial organizations, and insurance companies. It is witnessing the rapid growth of new technologies related to financial security and data due to the confidential nature of the data that needs to be always secured.

Online banking, mobile banking, and electronic payments are growing at a rapid pace as banks evolve from a traditional payment processing and enquiry-based business to digital banking. The volume, geographical reach, and accessibility of retail environments are vital.

The quick adoption of WAN optimization is expected in the financial services vertical due to the need to connect all the remote branches of companies to a core banking system, which is not possible without Application Delivery Controller (ADC).

With the introduction of WAN optimization-as-a-service, financial services institutions are able to do cost-savings as the services get billed on the basis of their usage. Financial firms do not have to invest in new hardware and software.

The flexibility of cloud-based operating models also enables financial institutions to experience shorter development cycles for new products.

Large enterprises segment to record a higher market share in 2020

Large enterprises are organizations with the employee strength of more than 1,000 employees and annual revenue higher than one billion. These organizations need the expertise of IT staff to manage specific applications and IT infrastructure due to the large amount of data they generate.

They always focus on the adoption of those industry solutions that can help them in increasing their operational efficiency. WAN optimization solutions help large enterprises motivate and encourage employees by offering enhanced user experience.

They also assist large enterprises in increasing client base with the help of innovative and exciting gamified techniques. Enterprises are expected to continue to adopt on-premises and cloud-based WAN optimization solutions at a faster pace.

Cloud segment to hold a higher market share

The cloud deployment model is gaining traction in the market due to its several advantages, such as cost-savings for additional hardware and software, and scalability, over the on-premises deployment model.

In the cloud deployment method, vendors such as Aryaka Networks offers WAN optimization as a cloud-based service. One of the other important advantages of WAN optimization-as-a-service is that enterprises can customize solutions according to their requirements, whenever new applications are installed.

This cloud-based service provides benefits, such as reduced licensing costs, ability to cut out unnecessary IT staff, focus on maintenance, and flexibility in expansion of businesses. However, for cloud deployment enterprises need to analyze the benefits of their existing set up as well as those that a cloud-based service can give them.

North America to record the highest market share in 2020

The North American region is a receptive market toward the adoption of WAN optimization solutions. The region is witnessing huge demands for SD-WAN solutions due to the rising demand for the next-generation 5G network.

Enterprises in the region are shifting to managed SD-WAN services due to the rapidly changing technological landscape. Telecom providers in North America are providing services for both accelerating and monitoring application performance by integrating different toolsets.

Major North American WAN optimization vendors are developing new technologies, which are making the WAN optimization process much efficient and cost-effective. North America mainly consists of the US and Canada.

In terms of market size, the US is expected to hold a larger market size in the region. The US is witnessing heavy investments in the broadband infrastructure in the country and is contributing to the growth of the WAN optimization market in the region.

Application performance becoming a key concern, influenced by increasing SD-WAN complexity

Application performance, impacted by network complexity at the edge and in the cloud, is the key enterprise concern this year for organizations implementing SD-WAN, according to Aryaka.

SD-WAN complexity

The study surveyed over one thousand global IT and network practitioners at companies across all verticals, headquartered in NA, APAC and EMEA. The survey asked respondents about their networking and performance challenges, priorities and their plans for 2020 and beyond.

“Modern applications are being distributed across on premises data centers, multiple public clouds (IaaS & SaaS) and edge locations. This is creating more complexity and greater dependency on the network to ensure optimal application performance as confirmed by the Aryaka report,” said Bob Laliberte, Sr. Analyst and Practice Director at ESG.

“Organizations need WAN solutions that deliver performance, flexibility and simplicity to overcome that complexity. This is driving interest in managed SD-WAN offerings that combine application optimization and secure connectivity, to any location, from any location, including access and support for remote workers.”

SD-WAN complexity

Enterprise complexity at the edge and within the cloud are creating a challenging environment for IT organizations. IT managers identify complexity and slow performance of both on-prem and cloud-based applications as their biggest concerns.

Complexity (37 percent) replaces cost as the number one concern, followed by slow on-prem performance (32 percent) and slow access to cloud and SaaS apps (32 percent). Security (31 percent) and long deployment times (30 percent) are also in the top four.

With so many applications in use, many of which are cloud-based, IT is consumed by managing application performance and access to the cloud. And it’s only getting more complex, highlighting the need for a managed service for many organizations.

The biggest IT time consuming issues identified by respondents were remote and mobile (47 percent), application performance at the branch (43 percent) and accessing the cloud, which doubled from 20 percent in 2019 to 42 percent in 2020.

Challenges surrounding UCaaS

The survey showed that while network managers have high expectations as performance, UCaaS is still challenging to deploy globally, and, once again, complexity is the culprit.

Respondents identified set-up and management as the number one challenge for voice and video (48 percent in 2020; 27 percent in 2019), highlighting the need for managed solutions that hide the complexity. Lag/delay was a close second (43 percent in 2020; 30 percent in 2019), which illustrates network performance issues. This was followed by dropped calls (39 percent).

It’s all about the apps and where they’re connecting from

Most of the enterprises surveyed are leveraging over 10 SaaS applications (51 percent in 2020 versus 23 percent in 2019), which speaks to the criticality of cloud performance. In terms of where these SaaS apps are hosted, it’s a multi-cloud world, with AWS, Azure, Google, IBM, Oracle, and Alibaba Cloud all well represented.

What’s more, enterprises are continuing to increase the number of applications deployed. A growing number of companies are deploying 100+ applications: 59 percent in 2020 compared to 43 percent in 2019. Please refer to the report for more detailed, per-vertical data and year-on-year comparisons.

What’s being done to reduce complexity

To address increased complexity and the time spent managing the WAN, enterprises regardless of size are undergoing major initiatives that include automation, the cloud and newer areas of interest such as IoT, AI/ML and blockchain.

For broad IT initiatives, automation grew substantially to 41 percent of respondents in 2020 from only 31 percent in 2019, as did IoT (29 percent in 2020 from 18 percent in 2019), AI/ML (27 percent in 2020 from 12 percent in 2019), and blockchain (21 percent in 2020 from only five percent in 2019).

On the cloud front, regardless of company size, upgrades and management are important as well as a keen interest in 5G. This last initiative reflects the interest in 5G as a future primary connectivity option for SD-WAN.

Respondents identified cloud upgrades (37 percent) and management (38 percent) as top networking initiatives. A whopping 42 percent of respondents also named 5G as a top initiative for this year.

Barriers and expectations for today’s SD-WANs

Buyers are at various stages of their SD-WAN evaluation, but most are still gathering information or evaluating vendors. Forty-four percent of respondents are gathering information, 23 percent are evaluating SD-WAN vendors, 11 percent are building a business case, 13 percent are in the middle of deploying, six percent have deployed and assumed to be happy while only two percent are deployed, but not happy.

When evaluating SD-WAN, the top three potential barriers include application performance, knowledge gaps and complexity. Overall, cost seems less a consideration this year versus performance and complexity, with SD-WAN ROI better understood and valued than in previous years.

Beyond the barriers mentioned above, SD-WAN planners have certain expectations they’d like met. Respondents said, the cloud and WAN optimization are still key requirements to a successful SD-WAN solution, but NFV, support for remote workers and the desire for a managed service have grown substantially. Add in security, and all of these features illustrate the many moving parts critical to a successful SD-WAN deployment.

Their top SD-WAN features wish lists included expected responses such as security, cloud and WAN optimization, but also network functions virtualization (NFV), which more than doubled from 2019 (35 percent in 2020 from 13 percent in 2019) and support for remote employees, which also grew by over 50 percent (33 percent in 2020 from 21 percent in 2019). Organizations are increasingly expecting the mobile workforce to be included as part of the total SD-WAN solution.

The desire for a fully managed SD-WAN also increased to 37 percent in 2020 from 28 percent in 2019. This aligns with a growing acceptance for managed offerings, likely in response to the increasing complexities and challenges detailed earlier, with 87 percent of respondents saying they would consider a managed SD-WAN as compared to 59 percent in 2019.

“We are living in a complex multi-cloud and multi-SaaS application world. As global enterprises continue to innovate by embracing new technologies and migrating to the cloud, they also face new challenges, and the network is increasingly a strategic asset” said Shashi Kiran, CMO of Aryaka.

“Whether it’s an increasing number of global sites through expansion, poor performing cloud-based applications, increasing costs or the time it takes to manage multiple vendors, many organizations are at an inflection point: transform the WAN now or risk falling behind and losing out to competitors.”

Cisco fixes root privilege, command injection vulnerabilities in Cisco SD-WAN solution

Cisco has fixed five security vulnerabilities in its Software-Defined WAN (SD-WAN) Solution, two of which could allow an authenticated, local attacker to either gain root privileges on the underlying operating system or to inject arbitrary commands that are executed with root privileges.

Cisco SD-WAN vulnerabilities

While there is no indication that these flaw are being actively exploited, no workarounds addressing the vulnerabilities exist so upgrading to the Cisco SD-WAN Solution software release 19.2.2. is advised.

About the vulnerabilities

SD-WAN is a software-defined approach to managing the wide-area network (WAN), which allows companies to scale cloud-based applications across thousands of endpoints in the branch, campus, or SaaS and public cloud applications at distance.

CVE-2020-3265 is a privilege escalation vulnerability that can be exploited by sending a crafted request to an affected system. CVE-2020-3266 is a command injection vulnerability that can be exploited by submitting crafted input to the CLI (command line interface) utility. CVE-2020-3264 is a buffer overflow vulnerability that could be exploited by sending crafted traffic to an affected device, and ultimately lead to information disclosure or tampering with the underlying system.

All of these are considered to be high-risk, as they can only be exploited by local, authenticated attackers.

Affected products

Cisco lists among the affected products (if they are running a vulnerable Cisco SD-WAN Solution software release):

  • vBond Orchestrator Software
  • vEdge 100 Series Routers
  • vEdge 1000 Series Routers
  • vEdge 2000 Series Routers
  • vEdge 5000 Series Routers
  • vEdge Cloud Router Platform
  • vManage Network Management Software
  • vSmart Controller Software

More patches

Two additional flaws have been patched in Cisco SD-WAN Solution vManage Software release 19.2.2:

  • CVE-2019-16010, a cross-site scripting (XSS) vulnerability that could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information
  • CVE-2019-16012, a SQL injection vulnerability that could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.

These are considered to be medium-risk for a variety of reasons: to exploit them, the attacker needs to authenticate to the system first and, in CVE-2019-16010’s case, persuade a user of the interface to click a crafted link. Also, these can’t be used to completely compromise the underlying system.