Much like Blockbuster Video, who paid a final late fee, most SD-WAN vendors will soon pay for ignoring the market’s demand for security integrated within their SD-WAN appliances.

The video rental business was a thriving industry in the early 80s and Blockbuster Video was its undisputed leader. Through years of high-resolution technology innovations, Blockbuster Video kept pace with market demands, upgrading its inventories from the early VHS videos to DVDs and ultimately to Blu-rays. Modernizations on its content delivery process, on the other hand, was a bust. Customers had to visit a video store to rent a movie and return it before a certain deadline. Many factors like an uncomfortable rental process, late fees, limited rentals times, too few copies of new releases per stores, and the occasional bad quality of the rented movies all contributed to customers searching for a better solution.

Fast forward to the present and the complex process and experiences that customers are going through with securing their SD-WAN solutions are very similar to the Blockbuster Video rental process. Over the past few years, there has been an increased interest within enterprise organizations in migrating from traditional WAN to software-defined WAN (SD-WAN). A significant appeal of SD-WAN, for many organizations, is the ability to establish a direct branch-to-cloud and branch-to-Internet connectivity. The direct internet access (DIA) from branches, using less-expensive broadband services, requires deploying strong security at each branch.

Adding Up the Costs

It was estimated that late fees contributed to a substantial amount of Blockbuster’s yearly revenues.  In fact, in 2000 they earned over $800M, or roughly 16% of their revenue, out of late fees alone. Like Blockbuster’s late fees which could have added up to several times of the rental price, a common two-box set for connectivity and security in most of today’s SD-WAN solutions makes the overall platform more expensive to implement and maintain.

But why a two-box solution?

SD-WAN’s direct internet access exposes branches to the outside world’s threats and risks. As more sophisticated threats are emerging from the application level (layer-7), customers are looking for defenses against these advanced threats at layer-7 plus better visibility and control. The majority of current SD-WAN vendors are not inherently built to provide such a granular security and are forced to use an additional security device for their branch connectivity.

Adding the costs of an extra security appliance, its license fee and support, its management tool, and the expertise to install and manage it could easily surpass the forecasted operational expenses.

End-Users’ Experience

Blockbuster’s movie renting process was lengthy and cumbersome for everyone. Customers had to physically go to the store, find a movie, rent a movie, and then return the movie back to the store within a small-time frame. Depending to the location of a video store, just renting a movie could have taken hours instead of minutes. What an inferior content delivery process compared to the modern online rental process that takes just a few clicks!

Similar to the agility of a modern movie streaming experience, distributed organizations using SD-WAN solutions have the dexterity to open two or more new offshore sales offices or store branches in no time. It’s vital for IT teams to deploy, provision, and dynamically scale new branches from any location without requiring physical presence in every location. However, remotely deploying a two-box solution does not seem to be a straight forward and easy task.  The configuration and deployment of additional infrastructure using separate management tools could easily turn the provisioning process from a zero-touch into a many-touch one.

Almost every article written about SD-WAN solution benefits, one way or another, talks about delivering the best user experience. However, many of the considerations focus on the networking side to provide the best application quality of experience for end users. A subject that often gets ignored is the customer experience associated with the complexity of deploying, managing, and monitoring the additional security box at the branch with an SD-WAN solution. Integration of multiple boxes at a branch makes the deployment process complex and lengthy and the overall manageability difficult and costly.

Cisco SD-WAN Security: The Next Netflix

Cisco is taking a new leadership position in SD-WAN solutions by integrating enterprise firewall, intrusion prevention, and URL filtering capabilities directly into its SD-WAN appliance. By integrating WAN router connectivity and security capabilities into a single box, the overall complexity associated with deployment can be eliminated and its manageability made easier. 

This innovative and unified solution uses Cisco Talos – the industry-leading threat intelligence group – for its threat prevention and provides faster security deployment with Cisco Umbrella’s cloud security service in order to protect connections to the cloud. And secure access to every application by verifying users’ identities, checking devices’ hygiene, and enforcing adaptive multi-factor authentication policies via Duo Security (recently acquired).

It’s time to get rid of the old SD-WAN “VCR” box and embrace the future with Cisco SD-WAN security “streaming” box.

Who likes late fees anyway?

To learn more about Cisco SD-WAN security, please visit our product page.




Reza Koohrangpour

Product Marketing Manager, SD-WAN Security

Cisco Security