Insights from SDWAN and SASE 2023 Paris

Antonio Sardinha and I spent 2 enjoyable days in Paris exchanging insights with our industry peers. Antonio covered Cavell Group’s experiences in deploying SD Wan and SSE.  Some highlights of his observations:

  • Best of breed Security and Networking. While a few enterprises we work with have chosen SASE from one vendor, most are still choosing best of breed strategy with different vendors for SSE and SD-WAN

  • Internet First: The SD-WAN deployments are increasingly relying on Internet for underlay. The industry has gone full circle, with very early SD-WAN emphasizing Internet, then the era of hybrid MPLS/Internet as large enterprise de-risked their deployments, now enterprise is increasingly comfortable with internet only deployments.

  • Multi-cloud and CSPs replacing traditional service provider networks is nascent. Hyperscaler involvement in enterprise wide area networking is starting. We have deployed one global customer on internet underlay with Azure routers and inter-regional bandwidth for the backbone. We have also used Equnix’s service. In both cases, the solutions had some teething issues, but were eventually stable enough for production environments.

  • Transformation still requires careful design. While the future state of networking means easier network changes, getting there is still complex for most large enterprise.

I participated on 2 panels covering security and AI. Some of my key take-aways: 

  • Transition to Zero Trust security architecture is well underway. While the industry has started and stopped many times on adoption of Zero Trust, consensus at the show is that it finally has significant momentum. The change in urgency is driven both by governments (see US Executive order 14028), the increasing lack of relevance of traditional perimeters, and by the need for micro segmentation. 

  • Single Vendor SASE. Platform providers are investing heavily in consolidation of security and networking functions and believe this consolidation plus AI will yield significant gains to Enterprise security. As mentioned above, we don’t yet see this as a dominant view in the enterprise. At the show Service Providers also stated they don’t see a clear case for single vendor SASE, as there are considerable operational barriers to overcome. In their view best of breed (SSE) + SD WAN will be a viable alternative in many scenarios.

  • AI NetOps and SecOps. AI use cases are in production and expanding rapidly. Large Language Models will help expand these capabilities, but many of the use cases are based on narrow machine learning techniques. AI has long been in use in the security world to identify changes in behavior to spot zero-day attacks. It’s also being used for network operations to aid in configuration, help automate application performance optimization, and to supplant rule-based trouble shooting in a drive to significantly reduce ticket volumes.

  • Digital Twins. A new term for me was digital twin. It’s an expansion of virtual test environments, using AI to model things like environmental conditions, radio interference, and traffic patterns. Carriers like KPN are creating digital twins to help network planning and to test AI driven automations prior to rolling them out on the production network.

  • AI as a threat. AI of course is a double-edged sword. There is much trepidation as to new threats the hackers may create with AI. Its already very visible in the social engineering space with both audio and video deep fakes becoming prevalent. This Team’s video deep fake happened after the show, but illustrates how real is the threat. There are many more mundane use cases for AI misuse – like writing hacking code more quickly, automating searches of social media, and testing a wider range of domains for weaknesses.

Accelerating your transformation

Company

© 2024 Cavell Group. All rights reserved.

  • Clients
  • Services
  • Knowledge Hub
  • About