SD-WAN Security – The Impact of Orchestrated Services Multiplicity

SD-WAN Security – The Impact of Orchestrated Services Multiplicity

Communications service providers (CSPs) are looking to leverage SD-WAN services to increase their revenues by broadening their range of Network-as-a-Service (NaaS) offerings while upselling new value-added network and security services to both new and existing enterprise customers. These CSPs are looking to differentiate their offering and increase their value proposition by creating managed SD-WAN and security services bundles utilizing best-of-breed security vendors solutions. But what is the

Jim Hodges

24 Feb 2020

SD-WAN Security – The Impact of Orchestrated Services Multiplicity

Layout canvas

The pace of software-defined wide-area network (SD-WAN) deployments has experienced strong growth over the past 4 years.

As a result, the SD-WAN has already become a strategic component of many communications service provider (CSP) networks. One reason for this growth is that the service richness of SD-WANs continues to evolve, such as with the integration of security services into SD-WAN deployments. Increasingly, SD-WAN security services are becoming an important differentiator, playing a major role in the managed SD-WAN service provider selection process. As the SD-WAN security service portfolio continues to evolve, CSPs will continue to commercialize 5G networks that utilize an application-centric services model. Thus, SD-WAN security services will only expand in value and relevance.

In order to understand the business drivers and technical requirements, Heavy Reading launched the SD-WAN Security Market Leadership Study (MLS) with collaboration partners Amdocs, Fortinet, Lavelle Networks, and Nuage Networks in Q4 2019. The survey attracted 90 qualified global respondents and documented SD-WAN security service use cases, implementation timelines, the impact of virtualization, automation, and analytics, as well as technical requirements, including orchestration strategies.

Virtualization and the Security Bundle

A key opportunity associated with applying virtualization (via virtualized network functions [VNFs]) to managed SD-WAN security services is the ability to bundle them into flexible configurations to enhance service differentiation.

As captured in Figure 1, there is substantial interest in adopting this approach, in large part because it helps CSPs differentiate on many levels. It enables the delivery of tailored security services with multiple appearances supported by flexible security service bundles.

Examples of this broad services multiplicity approach can be seen in the range of “we have implemented” (10%-32%) responses, which provides a view of the number of security-based VNFs that have already been deployed. The “plan to implement in 12 months” (27%-40%) responses also indicate substantial interest. Based on these inputs, it is readily apparent that CSPs are strongly in favor of bundling VNFs. Of all the possibilities, the top three priorities are vFirewall (32% + 27%), intrusion prevention (25% + 30%), and DDoS detection & mitigation (24% + 33%).

However, there is considerable support for other services such as web filtering (40%), packet filtering (35%), and application control (30%) based on “plan to implement in 12 months” inputs. This support confirms that SD-WAN security service portfolio richness and multiplicity will drive strong services growth in the next 12 months.

Figure 1: SD-WAN VNF-Based Service Bundle Implementation Status
SD-WAN VNF-Based Service Bundle Implementation Status

Question: Do you plan to support service bundles/offerings of virtual network functions with your SD-WAN service? (N=88) Source: Heavy Reading

Orchestrating Security Services: Farewell to the Status Quo

A significant number of service providers are focused on introducing best-of-breed security services into their SD-WAN portfolio. One important consideration that must be addressed is how to orchestrate these security VNFs and bundle managed SD-WANs with value-added network and security services.

A key finding from the research in this regard is that CSPs’ focus on integrating security services into their SD-WAN portfolio will also affect their network functions virtualization (NFV) orchestrator vendor selection strategies.

For example, as shown in Figure 2, more than a third of the respondents (34%) prefer to utilize a third-party open-source orchestrator that is SD-WAN vendor-agnostic and can be deployed in multiple service environments. In second place (30%) is support for a third-party but proprietary NFV orchestrator. In third place is the “status quo” option of utilizing the SD-WAN orchestrator supplied by the SD-WAN vendor (25%).

In a multi-vendor environment of SD-WANs and various VNFs, the orchestration function is essential to the agility and flexibility of CSPs’ service deployments. Heavy Reading believes that the number one ranking of the open-source vendor-agnostic orchestration option versus the status quo vendor-supplied approach is significant. It confirms that CSPs have sharpened their focus on open solutions to minimize vendor lock-in and enable them to seamlessly orchestrate the rich security services portfolio their enterprise customers now demand.

Figure 2: Security NFV Orchestration Preferences
Security NFV Orchestration Preferences

Question: What is your preferred approach for orchestrating security VNFs in an SD-WAN network? (N=89)Source: Heavy Reading

Looking for more information?

SD-WAN Security Services White Paper

SD-WAN Security Services: Implementation, Integration & Impacts Webinar

Amdocs NFV SD-WAN package solution brief


make it

Your future looks
breath-taking from here


Embrace the cloud and together we’ll see your business agility, innovation and scalability soar to new heights.

Simplify the complex,
deliver the brilliant


Discover the streamlined, cost-efficient and intelligent answer to increasingly complex customer, IT and network demands.

Fill your customers’ day
with content they love


Build an irresistible content proposition and experience that keeps your customers coming back for more.

Reinvent the customer
experience. Every day.


Discover the agility to deliver a jaw-dropping digital experience that always exceeds expectations.

Make today’s impossible
tomorrow’s possible


Unlock the full potential of 5G and shape the network to create new capabilities, unique business models and game-changing opportunities.


about Amdocs

Discover how Amdocs can help your business.


Your future looks breath-taking from here.


Simplify the complex, deliver the brilliant.


Fill your customers’ day with content they love.


Reinvent the customer experience. Every day.


Make today’s impossible tomorrow’s possible.



Apologies, our website does not support this browser