Tag Archives: softwaredefined

Aruba SD-Branch gets intrusion detection, prevention software

Wireless LAN vendor Aruba has strengthened security in its software-defined branch product by adding intrusion detection and prevention software. The vendor is aiming the latest technology at retailers, hotels and healthcare organizations with hundreds of locations.

Aruba, a Hewlett Packard Enterprise company, also introduced this week an Aruba SD-Branch gateway appliance with a built-in Long Term Evolution (LTE) interface. Companies often use LTE cellular as a backup when other links are temporarily unavailable.

The latest iteration of Aruba’s SD-Branch has an intrusion detection system (IDS)  that performs deep packet inspection in monitoring network traffic for malware and suspicious activity. When either is detected, the IDS alerts network managers, while the new intrusion prevention system (IPS) takes immediate action to block threats from spreading to networked devices. The IPS software takes action based on policies set in Aruba’s ClearPass access control system.

Previously, Aruba security was mostly focused on letting customers set security policies that restricted network access of groups of users, devices and applications. The company also provided customers with a firewall.

“But this IDS and IPS capability takes it a step further and allows enterprises that have deployed Aruba to quickly detect and prevent unwanted traffic from entering and exiting their networks,” said Brandon Butler, an analyst at IDC.

The latest features bring Aruba in line with other vendors, Butler said. In general, security is part of a “holistic” approach vendors are taking toward SD-branch.

Other features vendors are adding include WAN optimization, direct access to specific SaaS and IaaS providers, and a management console for the wired and wireless LAN. Software-defined WAN (SD-WAN) technology for traffic routing is a staple within all SD-branch offerings.

Aruba LTE gateway

The new gateway appliance is a key component of Aruba’s SD-Branch architecture. The multifunction hardware includes a firewall and an SD-WAN.

The device integrates with Aruba’s ClearPass and its cloud-based Central management console. The latter oversees the SD-WAN, as well as Aruba access points, switches and routers.

The new SD-Branch gateway with an LTE interface is the latest addition to the 9000 series Aruba launched in the fourth quarter of last year. The hardware is Aruba’s highest performing gateway with four 1 Gb ports and an LTE interface that delivers 600 Mbps downstream and 150 Mbps upstream.

Certification of the device by all major carriers will start this quarter, Aruba said.

Other network and security vendors providing SD-branch products include Cisco, Cradlepoint, Fortinet, Riverbed and Versa Networks. All the vendors combine internally developed technology with that of partners to deliver a comprehensive SD-Branch. Aruba, for example, has security partnerships with Zscaler, Palo Alto Networks and Check Point.

The vendors are competing for sales in a fast-growing market. Revenue from SD-branch will increase from $300 million in 2019 to $2.6 billion by 2023, according to Doyle Research.

Go to Original Article
Author:

4 SD-WAN vendors integrate with AWS Transit Gateway

Several software-defined WAN vendors have announced integration with Amazon Web Services’ Transit Gateway. For SD-WAN users, the integrations promise simplified management of policies governing connectivity among private data centers, branch offices and AWS virtual networks.

Stitching together workloads across cloud and corporate networks is complex and challenging. AWS tackles the problem by making AWS Transit Gateway the central router of all traffic emanating from connected networks.

Cisco, Citrix Systems, Silver Peak and Aruba, a Hewlett Packard Enterprise Company, launched integrations with the gateway this week. The announcements came after AWS unveiled the AWS Transit Gateway at its re:Invent conference in Las Vegas.

SD-WAN vendors lining up quickly to support the latest AWS integration tool didn’t surprise analysts. “The ease and speed of integration with leading IaaS platforms are key competitive issues for SD-WAN for 2020,” said Lee Doyle, the principal analyst for Doyle Research.

By acting as the network hub, Transit Gateway reduces operational costs by simplifying network management, according to AWS. Before the new service, companies had to make individual connections between networks outside of AWS and those serving applications inside the cloud provider.

The potential benefits of Transit Gateway made connecting to it a must-have for SD-WAN suppliers. However, tech buyers should pay close attention to how each vendor configures its integration.

“SD-WAN vendors have different ways of doing things, and that leads to some solutions being better than others,” Doyle said.

What the 4 vendors are offering

Cisco said its integration would let IT teams use the company’s vManage SD-WAN controller to administer connectivity from branch offices to AWS. As a result, engineers will be able to apply network segmentation and data security policies universally through the Transit Gateway.

Aruba will let customers monitor and manage connectivity either through the Transit Gateway or Aruba Central. The latter is a cloud-based console used to control an Aruba-powered wireless LAN.

Silver Peak is providing integration between the Unity EdgeConnect SD-WAN platform and Transit Gateway. The link will make the latter the central control point for connectivity.

Finally, Citrix’s Transit Gateway integration would let its SD-WAN orchestration service connect branch offices and data centers to AWS. The connections will be particularly helpful to organizations running Citrix’s virtual desktops and associated apps on AWS.

Go to Original Article
Author:

IDC: SD-WAN market spend to top $5B in 2023

The global software-defined WAN infrastructure market will grow an average of nearly 31% annually through 2023 as vendors feed enterprise hunger for technology that connects employees to applications running on multiple cloud service providers.

That’s one of the findings of IDC’s latest SD-WAN forecast. The research firm said the market would reach $5.25 billion in 2023 from $1.4 billion in 2018, the beginning of the forecast period.

Enterprises have found SD-WAN a necessary technology for connecting branch locations and remote offices with SaaS applications and software running on public clouds, such as AWS and Microsoft Azure. Traditional WAN technology lacks most of the features needed for connecting to cloud and SaaS applications, such as simplified management, cost-effective bandwidth utilization and WAN flexibility, efficiency and security, IDC said.

The demand for SD-WAN will fuel a continuation of market consolidation through acquisition as companies with stronger business models buy weaker vendors for their intellectual property, customer base or presence in specific geographical regions, IDC said.

SD-WAN market consolidation

The SD-WAN market today has more than three dozen vendors, which is more than the market can support, analysts have said. The most significant acquisitions to date include VMware purchasing VeloCloud in 2017 and Cisco Systems acquiring Viptela and Oracle picking up Talari Networks in 2018.

Other trends spotted by IDC include SD-WAN evolving from a standalone product to a key feature within a broader SD-branch platform that encompasses additional network and security services.

“Vendors will compete intensely on this front during the next few years,” the IDC report said.

Businesses with lots of branch and remote offices are deploying SD-branch technology to simplify network operations through consolidation of WAN connectivity, network security, LAN and Wi-Fi in a unified platform, according to Lee Doyle, principal analyst for Doyle Research. Network and security vendors offering SD-branch options include Cisco Meraki, Cradlepoint, Fortinet, Hewlett Packard Enterprise’s Aruba Networks, Riverbed and Versa Networks.

Market share leaders

IDC defines SD-WAN infrastructure as comprising edge routing software or hardware and traditional routers and WAN optimization technology if they are an in-use and integrated component of an SD-WAN product.

Other infrastructure components include SD-WAN controllers for centralized implementation of application policy and WAN routing, network visibility and analytics.

Based on IDC’s definition of SD-WAN infrastructure, Cisco’s broad portfolio of hardware and software made it the market leader with a 46.4% share, the researcher said. VMware, which sells only software, was second with an 8.8% share, followed by Silver Peak, 7.4%; Nuage Networks, a Nokia company, 4.9%; and Riverbed, 4.3%.

Go to Original Article
Author:

Nuage Networks, Talari SD-WAN tack on multi-cloud connectivity

Software-defined WAN vendors are rushing to enhance their SD-WAN platforms with multi-cloud support, as more enterprises and service providers migrate their workloads to the cloud. This week, both Nuage Networks and Talari made multi-cloud connectivity announcements of their own.

Nuage Networks, a Nokia company, updated its SD-WAN platform — Virtualized Network Services — to better support SaaS and multi-cloud connectivity.

The platform enhancement moves to address three specific pain points among customers, according to Hussein Khazaal, Nuage’s vice president of marketing and partnerships. The three points, multi-cloud connectivity, value-added services and end-to-end security, are already available to customers.

“It’s a single platform that you can deploy today and get connectivity to software as a service,” Khazaal said. “We support customers as they send traffic directly from the branch to the SaaS application.”

In addition to multi-cloud connectivity, Nuage VNS offers customers the option to add value-added services — or virtual network functions (VNFs) — that can be embedded within the SD-WAN platform, hosted in x86 customer premises equipment (CPE) or through service chaining (a set of network services interconnected through the network to support an application). These VNFs are available from more than 40 third-party partners and can include services like next-generation firewalls, voice over IP and WAN optimization, Khazaal said.

While many service providers are leaning toward the VNF and virtual CPE approach, the process isn’t simple, according to Lee Doyle, principal analyst at Doyle Research.

“Many service providers are finding the vCPE and VNF approach side to be challenging,” Doyle said. “Those with the resources can, and will, pursue it, and that’s where Nuage could be a piece of the puzzle.”

When it comes to enterprise customers, however, the VNF approach is less attainable, both Doyle and Khazaal noted.

“Nuage is one piece of the puzzle that a customer might add if they’re able to do it themselves,” Doyle said. “But most customers don’t want to piece together different elements.”

For smaller enterprise customers, Khazaal recommended using the option with embedded features, like stateful firewall and URL filtering, built into the SD-WAN platform.

Although Nuage has more than 400 enterprise customers, according to a company statement, its primary market is among service providers. Nuage counts more than 50 service providers as partners that offer managed SD-WAN services — including BT, Cogeco Peer 1, Telefónica and Vertel — and has been a proven partner for service providers over the years, Doyle said.

“Nuage is a popular element of service providers’ managed services strategies, including SD-WAN,” he said. “These enhancements will be attractive mainly to the service providers.”

Nuage VNS is available now with perpetual and subscription-based licenses, and varies based on desired features and capabilities.

Talari launches Cloud Connect for SaaS, multi-cloud connectivity

In an additional multi-cloud move, Talari updated its own SD-WAN offering with Talari Cloud Connect, a platform that supports access to cloud-based and SaaS applications.

Talari also named five accompanying Cloud Connect partners: RingCentral, Pure IP, Evolve IP, Meta Networks and Mode. These partners will run Talari’s Cloud Connect point of presence (POP) technology in their own infrastructure, creating a tunnel from the customer’s Talari software into the cloud or SaaS service, according to Andy Gottlieb, Talari’s co-founder and chief marketing officer.

“The technology at the service provider is multi-tenant, so they only have to stand up one instance to support multiple customers,” Gottlieb said. Meantime, enterprises can use the Cloud Connect tunnel without having to worry about building infrastructure in the cloud, which reduces costs and complexity, he added.

Talari’s partner list reflects the demands of both customers and service providers, he said. Unified communications vendors like RingCentral, for example, require reliable connectivity and low latency for their applications. Meta Networks, on the other hand, offers cloud-based security capabilities, which enterprises are increasingly adding to their networks. Talari SD-WAN already supports multi-cloud connectivity to Amazon Web Services and Microsoft Azure.

Talari Cloud Connect will be available at the end of October. The software comes at no additional charge for Talari customers with maintenance contracts or with subscriptions, Gottlieb said. Also, Cloud Connect partners can use the Cloud Connect POP software free of charge to connect to Talari SD-WAN customers, he added.

Are SD-WAN security concerns warranted?

Are software-defined WAN security features sufficient to handle the demands of most enterprises? That’s the question addressed by author and engineer Christoph Jaggi, whose SD-WAN security concerns were cited in a recent blog post on IPSpace. The short answer? No — primarily because of the various connections that can take place over an SD-WAN deployment.

“The only common elements between the different SD-WAN offerings on the market are the separation of the data plane and the control plane and the takeover of the control plane by an SD-WAN controller,” Jaggi said. “When looking at an SD-WAN solution, it is part of the due diligence to look at the key management and the security architecture in detail. There are different approaches to implement network security, each having its own benefits and challenges.”

Organizations contemplating SD-WAN rollouts should determine whether prospective products meet important security thresholds. For example, products should support cryptographic protocols and algorithms and meet current key management criteria, Jaggi said.

Read what Jaggi had to say about the justification for SD-WAN security concerns.

Wireless ain’t nothing without the wire

You can have the fanciest access points and the flashiest management software, but without good and reliable wiring underpinning your wireless LAN, you’re not going to get very far. So said network engineer Lee Badman as he recounted a situation where a switch upgrade caused formerly reliable APs to lurch to a halt.

“I’ve long been a proponent of recognizing [unshielded twisted pair] as a vital component in the networking ecosystem,” Badman said. Flaky cable might still be sufficient in a Fast Ethernet world, but with multigig wireless now taking root, old cable can be the source of many problems, he said.

For Badman, the culprit was PoE-related and once the cable was re-terminated and tested anew, the APs again worked like a charm. A good lesson.

See what else Badman had to say about the issues that can plague a WLAN.

The long tail and DDoS attacks

Now there’s something new to worry about with distributed denial of service, or DDoS, attacks. Network engineer Russ White has examined another tactic, dubbed tail attacks, which can just as easily clog networking resources.

Unlike traditional DDoS or DoS attacks that overwhelm bandwidth or TCP sessions, tail attacks concentrate on resource pools, such as storage nodes. In this scenario, a targeted node might be struggling because of full queues, White said, and that can cause dependent nodes to shut down as well. These tail attacks don’t require a lot of traffic and, what’s more, are difficult to detect.

For now, tail attacks aren’t common; they require attackers to know a great deal about a particular network before they can be launched. That said, they are something network managers should be aware of, White added.

Read more about tail attacks.

Talari SD-WAN targets mobile with Meta Networks integration

Talari Networks’ customers can now combine their software-defined WAN service with a network-as-a-service platform from Meta Networks.

The platform offered by Meta Networks, an Israel-based NaaS startup, targets remote and mobile users who need to access data center and cloud applications. While SD-WAN technology offers remote connectivity to an extent, it is limited in its flexibility to connect individual remote and mobile BYOD users, as most can’t deploy a physical or virtual SD-WAN appliance. With Talari’s support for Meta Networks’ NaaS software, Talari customers located outside the software-defined WAN perimeter can connect using one of Meta’s multiple points of presence (POP) worldwide.

With the platform, user devices connect to the closest Meta POP to access corporate resources. Instead of applying policies based on site location, Meta Networks takes a user-centric approach by specifying policies and application authentication based on individual user permissions. Network administrators, for example, can create policies that deny mobile users access to certain websites or cloud applications.

The integrated offering is now available for Talari SD-WAN customers.

Versa Networks adds managed SD-WAN partner

Versa Networks added another service provider to its managed SD-WAN partner list. California Telecom, headquartered in Chino, Calif., joins existing Versa Networks partners CenturyLink, China Telecom Global, Comcast Business and Verizon in adding managed SD-WAN services to its portfolio.

California Telecom customers can choose from three available purchasing options: SD-WAN standard, SD-WAN advanced and SD-WAN secured. Load balancing, automated failover, error correction and circuit monitoring, among other features, are included in all three options. Customers can add additional features, such as firewalls, antivirus and content filtering and advanced routing.

“We spent over a year looking for an SD-WAN platform we could integrate into our existing MPLS infrastructure that could offer all the features that were being promoted in the industry,” said Jim Gurol, California Telecom’s CEO, in a statement. Versa’s Cloud IP Platform paired well with California Telecom’s infrastructure, he added, allowing the service provider to go to market immediately.

Customers can deploy California Telecom’s managed SD-WAN service to create various WAN designs, including hybrid MPLS, cloud-based SD-WAN and security-focused models, Gurol said.

SD-WAN adoption impeded by available options

Enterprises are investigating SD-WAN, but the technology is still being adopted relatively slowly, according to a report conducted by Sapio Research at the request of Teneo, a consulting firm and technology integrator.

While almost half of the 200 senior IT and networking managers surveyed said they were investigating SD-WAN in some form, only 20% said they’ve deployed the technology. A third of the respondents hadn’t yet evaluated SD-WAN technology. Part of the reason for SD-WAN’s slow adoption is the large number of available SD-WAN options and variants, according to Marc Sollars, CTO of Teneo, based in Dulles, Va.

“Many firms are clearly putting a toe in the water on SD-WAN or doing a proof of concept, but it’s still very hard to say when this test phase will start to translate into enterprise-level implementations,” Sollars said in a statement. “In many ways, the broad range of choice that SD-WAN brings is what’s causing companies to hesitate over their decisions.”

Respondents indicated the primary driver to consider SD-WAN deployment is to help address the growing complexity of network infrastructure and performance tasks. Cutting network costs and better infrastructure management followed behind.

Cisco refused to participate in NSS Labs report on SD-WAN

Cisco refused to activate the Viptela software-defined WAN product NSS Labs bought for testing, leaving the research firm with a noticeable hole in its recent comparative report on SD-WAN vendors.

Cisco did not provide a reason for refusing to activate the product NSS Labs had purchased for between $30,000 and $40,000, NSS Labs CEO Vikram Phatak said this week. “There was no reason given other than, effectively, they didn’t want to be tested (for the NSS Labs report).”

Cisco’s action marked the first time a vendor had refused to turn on a product NSS Labs had bought for evaluation, Phatak said. Cisco’s Viptela team had initially told NSS Labs it would support the test, which led the firm to buy the product.

“That’s a first for us, candidly,” Phatak said. “And given Cisco’s ethical rules and so on — rules of conduct — I’m in shock because normally, they’re pretty straightforward to work with.”

Cisco refused to discuss the matter, saying in a statement “We believe our customer traction, standing in the market and the continued productive innovation we’re driving speak for themselves.”

NSS Labs wants a refund

NSS Labs wants Cisco to refund the money spent on Viptela. It is hoping it can get the money back without going to court.

“I hope it doesn’t come to that,” Phatak said. “We haven’t talked to any lawyers. I’m assuming that we’ll be able to have the conversation and get our money back.”

Typically, NSS Labs buys products, and the vendors turn them on like they would for any other customer.

“If someone says they don’t want to be tested, we say, ‘That’s great, but if a product is good enough to be sold to the public, it’s good enough to be tested,'” Phatak said. “We’re going to buy it, and we’ll report to the public.”

That’s a first for us, candidly. And given Cisco’s ethical rules and so on — rules of conduct — I’m in shock.
Vikram PhatakCEO, NSS Labs

NSS Labs noted Cisco’s refusal to activate the Viptela purchase in its SD-WAN Comparative Report, which was the company’s first SD-WAN test. Not having Cisco in the evaluation left out one of the largest SD-WAN vendors and a major tech company.

In the first quarter, London-based IHS Markit listed Cisco as No. 4 in the SD-WAN market, just behind Silver Peak. VMware was first with a 19% share, followed by Aryaka with 18%.

The NSS Labs report, released this month, compared the products of nine vendors, including VMware’s NSX SD-WAN, formerly VeloCloud. VMware is Cisco’s largest competitor.

NSS Labs had also planned to include Silver Peak in the comparison but noted it was unable to obtain the product in time for testing.

Tech companies often cite recommended ratings in NSS Labs reports in marketing materials. In April, Cisco highlighted in a blog post the organization’s “recommended” rating for the Cisco Advanced Malware Protection for Endpoints product.

Based on its recent SD-WAN tests, NSS Labs recommended products from VMware, Talari Networks and Fortinet and listed products from Citrix Systems, FatPipe Networks, Forcepoint and Versa Networks as “verified.” Tech buyers should consider recommended and verified products as candidates for purchase, according to NSS Labs.

The company issued “caution” ratings for Barracuda Networks and Cradlepoint, which means companies should not deploy their products without a comprehensive evaluation, NSS Labs said.

Cisco Viptela integrated with IOS XE on ISR, ASR

Cisco has integrated its Viptela software-defined WAN with the company’s IOS XE network operating system, effectively making the cloud-controlled SD-WAN product an option for distributing network traffic from Cisco ISR and ASR routers.

Announced this week, the integration means companies using Cisco’s legacy SD-WAN product, Intelligent WAN — often used with the Integrated Services Router (ISR) — can switch to a much simpler system. IWAN’s complexity precluded broad market adoption, so when Cisco acquired Viptela last year for $610 million, many analysts predicted the company would eventually migrate customers to Viptela.

Connecting Cisco Viptela to IOS XE adds a cloud-controlled element to IOS XE hardware through the SD-WAN product’s vManage console. The cloud-based software is the centralized component for configuration management and monitoring network traffic going to and from the ISR and Aggregation Services Router (ASR) hardware.

As a router network operating system, IOS XE includes dozens of services beyond routing and switching, such as encryption, authentication, firewall capabilities and policy enforcement.

Next for Cisco Viptela

In March, Cisco launched cloud-based predictive analytics for Viptela, called vAnalytics. The software, which companies access through vManage, provides network managers with answers to what-if scenarios.

Over the next 18 months, Cisco plans to merge vManage into DNA Center, a centralized software console for managing campus networks built on top of Cisco’s Catalyst 9000 campus switches. The integration would provide network managers with a single view of their LAN, WAN and campus networks.

Companies use SD-WAN for traffic distribution across broadband, Long Term Evolution and MPLS links connecting campuses and remote offices to the internet and the corporate data center. In the first quarter, companies refreshing their campus and branch networks contributed to a more than 5% increase year to year in 1 Gb Ethernet revenue and a nearly 16% rise in port shipments, according to IDC.

Cisco claimed organizations use more than 1 million ISR and ASR routers globally. ASR routers are designed for high-bandwidth applications, such as video streaming, while ISR systems are for small or midsize networks found in small businesses and branch offices.

Fortinet transitions from partner to FortiGate SD-WAN vendor

Fortinet, a security vendor that has established partnerships with many software-defined WAN vendors, opted last week to start selling FortiGate SD-WAN, its own proprietary SD-WAN service.

In its previous SD-WAN partnerships, Fortinet offered its security services as a virtual network function or integrated into other vendors’ SD-WAN products. To make this transition, Fortinet upgraded its existing next-generation firewall product, FortiGate, to make SD-WAN available as an integrated feature, releasing an updated operating system to support the move. Fortinet’s website states the SD-WAN feature comes at no additional cost with a FortiGate license.

FortiGate SD-WAN includes security features such as application control, web filtering, antivirus, intrusion prevention and cloud advanced threat detection. FortiGate SD-WAN customers have access to FortiManager to monitor and configure deployed appliances, which are available as hardware appliances, virtual machines or cloud instances.

Fortinet counts Alorica, Edward Jones and the Upper Grand District School Board in Guelph, Ont., as FortiGate SD-WAN customers.

Cato Cloud SD-WAN adds identity-aware routing

Cato Networks made a series of upgrades to its SD-WAN-as-a-service product, Cato Cloud, which includes the introduction of what Cato calls identity-aware routing.

According to a Cato statement, identity-aware routing goes deeper than application-aware routing, which directs traffic based on application type. Instead, Cato said identity-aware routing assigns networking and security policies that “direct traffic or restrict resource access based on team, department and individual users.”

To do this, Cato Cloud accesses company data from Microsoft Active Directory, distributed repositories and real-time logins to identify each packet flow. This allows Cato Cloud to prioritize traffic on business processes, Cato said.

Cato also added or enhanced its SD-WAN features for real-time network analytics, failover options and multisegment, policy-based routing.

Aryaka expands global private network to Canada

Aryaka Networks added its twenty-seventh point of presence (PoP) to extend the reach of its SD-WAN-as-a-service offering. The latest PoP is located in Toronto and is the first PoP Aryaka has in Canada, although it previously offered its SD-WAN service in Canada through channel partners.

Aryaka also introduced its new director of business development for Canada, Craig Workman, who joins Aryaka from Gigamon, a network visibility provider.

“The PoP in Toronto will further enhance our software-defined network optimization and access capabilities in the region and open up new markets for our partners,” Workman said in a statement.

Aryaka uses its global private network as the basis for its SD-WAN service, which IHS Markit listed as a notable SD-WAN product generating revenue in 2018.

Fortinet transitions from partner to FortiGate SD-WAN vendor

Fortinet, a security vendor that has established partnerships with many software-defined WAN vendors, opted last week to start selling FortiGate SD-WAN, its own proprietary SD-WAN service.

In its previous SD-WAN partnerships, Fortinet offered its security services as a virtual network function or integrated into other vendors’ SD-WAN products. To make this transition, Fortinet upgraded its existing next-generation firewall product, FortiGate, to make SD-WAN available as an integrated feature, releasing an updated operating system to support the move. Fortinet’s website states the SD-WAN feature comes at no additional cost with a FortiGate license.

FortiGate SD-WAN includes security features such as application control, web filtering, antivirus, intrusion prevention and cloud advanced threat detection. FortiGate SD-WAN customers have access to FortiManager to monitor and configure deployed appliances, which are available as hardware appliances, virtual machines or cloud instances.

Fortinet counts Alorica, Edward Jones and the Upper Grand District School Board in Guelph, Ont., as FortiGate SD-WAN customers.

Cato Cloud SD-WAN adds identity-aware routing

Cato Networks made a series of upgrades to its SD-WAN-as-a-service product, Cato Cloud, which includes the introduction of what Cato calls identity-aware routing.

According to a Cato statement, identity-aware routing goes deeper than application-aware routing, which directs traffic based on application type. Instead, Cato said identity-aware routing assigns networking and security policies that “direct traffic or restrict resource access based on team, department and individual users.”

To do this, Cato Cloud accesses company data from Microsoft Active Directory, distributed repositories and real-time logins to identify each packet flow. This allows Cato Cloud to prioritize traffic on business processes, Cato said.

Cato also added or enhanced its SD-WAN features for real-time network analytics, failover options and multisegment, policy-based routing.

Aryaka expands global private network to Canada

Aryaka Networks added its twenty-seventh point of presence (PoP) to extend the reach of its SD-WAN-as-a-service offering. The latest PoP is located in Toronto and is the first PoP Aryaka has in Canada, although it previously offered its SD-WAN service in Canada through channel partners.

Aryaka also introduced its new director of business development for Canada, Craig Workman, who joins Aryaka from Gigamon, a network visibility provider.

“The PoP in Toronto will further enhance our software-defined network optimization and access capabilities in the region and open up new markets for our partners,” Workman said in a statement.

Aryaka uses its global private network as the basis for its SD-WAN service, which IHS Markit listed as a notable SD-WAN product generating revenue in 2018.