* [Blog](https://www.paloaltonetworks.com.au/blog)
* [SASE](https://www.paloaltonetworks.com.au/blog/sase/)
* [Uncategorized](https://www.paloaltonetworks.com.au/blog/category/uncategorized/)
* Taking on the Secure SD-W...

# Taking on the Secure SD-WAN Fight

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Ftaking-on-the-secure-sd-wan-fight%2F)  
[](https://twitter.com/share?text=Taking+on+the+Secure+SD-WAN+Fight&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Ftaking-on-the-secure-sd-wan-fight%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Ftaking-on-the-secure-sd-wan-fight%2F&title=Taking+on+the+Secure+SD-WAN+Fight&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/sase/taking-on-the-secure-sd-wan-fight/&ts=markdown)  
\[\](mailto:?subject=Taking on the Secure SD-WAN Fight)  
Link copied  
By [Jason Georgi](https://www.paloaltonetworks.com/blog/author/jason-georgi/?ts=markdown "Posts by Jason Georgi")  
Dec 02, 2021  
6 minutes  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)  
[Gartner](https://www.paloaltonetworks.com/blog/tag/gartner/?ts=markdown)  
[SASE](https://www.paloaltonetworks.com/blog/tag/sase/?ts=markdown)  
[SD-WAN](https://www.paloaltonetworks.com/blog/tag/sd-wan/?ts=markdown)

As we're all now well aware, traditional hardware-based approaches to direct network traffic, connecting employees and offices to necessary resources and applications, simply doesn't cut it anymore. Backhauling traffic to a central data center is inefficient, costly and impacts the user experience due to performance issues when accessing cloud and SaaS resources. However, these centralized data centers are often where the full security stack resides, creating the uncomfortable debate of security versus performance. Work is an activity, not a place, and inconsistencies in network performance, visibility and security for users at home or in offices are challenges for our cyber and IT teams.

**Why Secure SD-WAN is Important**

While [software-defined wide area network](https://www.paloaltonetworks.com/cyberpedia/what-is-a-sd-wan) (SD-WAN) was a revolutionary way to replace the traditional costly [multiprotocol label switching](https://www.paloaltonetworks.com/cyberpedia/mpls-what-is-multiprotocol-label-switching) (MPLS), those legacy SD-WAN solutions lack the necessary security required when connecting users from remote locations and branch offices to corporate applications and data. Some SD-WAN solutions that are delivered as a service (SD-WANaaS) can extend the fabric to employees at home and mobile devices. As seen in the diagram below, legacy SD-WAN gateways used across the organization's connection points open up an organization's attack surface.

![Illustrations of a Typical WAN Design](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image.png)

With legacy SD-WAN solutions, all those vectors - endpoints and employees at home, on the road, at branch office or in HQ - lack the necessary security like firewalls, zero trust, web gateways and cloud security when connecting to corporate resources. In order to provide secure SD-WAN to your branches, organizations should consider the following.

**Don't Leave the Branch Behind**

Visibility and security go hand-in-hand. If you can't see something, how can you secure it? [Next-generation SD-WAN](https://start.paloaltonetworks.com/why-next-gen-sd-wan-is-the-solution-for-you.html) takes an application-centric approach to traffic steering. Having Layer 7 visibility for network policy creation and traffic engineering is necessary for network teams to deliver SLAs for all apps, including Cloud, SaaS and UCaaS. A [next-generation SD-WAN](https://www.paloaltonetworks.com/cyberpedia/what-is-next-generation-sd-wan#:~:text=Next%2Dgeneration%20SD%2DWAN%20offers,be%20used%20via%20API%20integrations.) can offer the Layer 7 visibility organizations need to adequately secure their branches and apps. Securing legacy SD-WAN internet traffic is possible by forwarding it to an upstream cloud-delivered security solution. However, this often winds up being an "all or nothing" approach of sending all internet-bound app traffic out of the SD-WAN forwarding interface. This is problematic when the security cloud is only capable of securing web traffic, thus requiring a security bypass for the non-web apps. This action introduces brand new security risks.

A next-gen SD-WAN, like [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan), uses app-based policies to intelligently send desired traffic (even private apps) to a security cloud for security inspection, or direct-to-app. This ensures optimal performance and security. Integration with a true layer 7 [Security Service Edge (SSE)](https://www.paloaltonetworks.com/cyberpedia/what-is-security-service-edge-sse), like [Prisma Access](https://www.paloaltonetworks.com/sase/access), inspects any public or private applications sent to it for threats and data loss. Prisma Access offers the most comprehensive security platform in the industry, providing best-in-class security from the cloud, and protecting branch offices worldwide.

A next-gen SD-WAN solution should also include advanced capabilities like machine learning (ML) and artificial intelligence (AI) to simplify network and security operations, and [autonomous digital experience management](https://www.paloaltonetworks.com/sase/adem) (ADEM) to provide full visibility of the application delivery path. With ML and data science, network trouble tickets can be reduced by 99%, as proven in this [case study](https://www.paloaltonetworks.com/customers/aarons). With [artificial intelligence of IT operations](https://www.paloaltonetworks.com/cyberpedia/aiops-next-generation-sd-wan) (AIOps), event correlation and analysis with policy control can reduce and even eliminate repetitive, manual tasks for admins.

[Autonomous digital experience management](https://www.paloaltonetworks.com/sase/adem) (ADEM) assists IT Operations teams with ensuring a good user experience by providing full visibility of the application delivery path, scoring app performance based on real user and synthetic monitoring, and instantly identifying the cause of service disruption. Resolving issues quickly minimizes or prevents impact to all other users. Additionally, next-gen SD-WAN customers can reduce outages by [90% and improve end-user experience](https://www.paloaltonetworks.com/customers/autonation) by taking advantage of a 10x increase in bandwidth with an application-centric approach to traffic steering.

According to [Gartner](https://start.paloaltonetworks.com/gartner-magic-quadrant-for-wan-edge-infrastructure-2021.html), by 2024, more than 70% of software-defined wide-area network (SD-WAN) customers will have implemented a secure access service edge (SASE) architecture, compared with 40% in 2021. [SASE](https://www.paloaltonetworks.com/cyberpedia/what-is-sase)is the convergence of networking and security services into a single cloud-delivered solution. Organizations are turning to SASE to consolidate multiple point products, including [zero trust network access](https://www.paloaltonetworks.com/sase/ztna) (ZTNA), [cloud secure web gateway](https://www.paloaltonetworks.com/sase/secure-web-gateway) (SWG), [cloud access security broker](https://www.paloaltonetworks.com/content/pan/en_US/sase/integrated-casb) (CASB), [firewall as a service](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-as-a-service) (FWaaS), and [SD-WAN](https://www.paloaltonetworks.com/sase/branch-sd-wan), into a single integrated service, reducing network and security complexity while increasing organizational agility.

**SD-WAN, Say Hello to SASE**

With SASE, organizations get secure SD-WAN, protecting all vectors, no matter where users are connecting from, as seen in the diagram below.

![WAN Design Incorporating SASE](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-1.png)

According to [Gartner](https://start.paloaltonetworks.com/gartner-best-security-practices-sd-wan.html), by 2024, at least 60% of global SASE services will be offered integrated with an optimized internet backbone to ensure performance of global internet WAN connectivity, up from less than 10% year-end 2020. There are only a few vendors out there that can offer an integrated SASE solution. Palo Alto Networks is one of them, offering the industry's most complete SASE solution, converging network security, SD-WAN, and ADEM into a single cloud-delivered service.

[Prisma Access](https://www.paloaltonetworks.com/sase/access) offers the industry's most complete cloud-delivered security platform that protects all application traffic so organizations can safely enable hybrid workforces. [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan) is the industry's first next-generation SD-WAN solution that makes the secure cloud-delivered branch possible, delivering an ROI of up to 243%. Together they make [Prisma SASE](https://www.paloaltonetworks.com/sase), which converges best-of-breed networking and security into a single solution purpose-built for agile, cloud-enabled organizations.

Gartner's **[Best Security Practices for SD-WAN](https://start.paloaltonetworks.com/gartner-best-security-practices-sd-wan.html)** provides insight for security and risk management leaders as they look to secure their branch offices and remote users. Learn why Gartner analysts recognized Palo Alto Networks as one of only eight vendors that can deliver a single SASE solution.**Read the** [**full report with your complimentary copy today**](https://start.paloaltonetworks.com/gartner-best-security-practices-sd-wan.html)**.**

*Gartner, Best Security Practices for SD-WAN, Bjarne Munch | Craig Lawson, 23 June 2021*

*Gartner, Magic Quadrant WAN Edge Infrastructure, 20 September 2021, Jonathan Forest | Naresh Singh*

*Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner's research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and MAGIC QUADRANT are registered trademark and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.*

*** ** * ** ***

## Related Blogs

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Realizing the Best ROI for Your Digital Transformation Journey](https://www.paloaltonetworks.com.au/blog/sase/realizing-the-best-roi-for-your-digital-transformation-journey/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Helping Retail Keep their Lights On this Holiday Season with SD-WAN](https://www.paloaltonetworks.com.au/blog/sase/helping-retail-keep-their-lights-on-this-holiday-season-with-sd-wan/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Don't be a Dinosaur, Upgrade Your WAN Optimization](https://www.paloaltonetworks.com.au/blog/sase/wan-optimization/)

### [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Secure SD-WAN Is Your SASE Secret Weapon](https://www.paloaltonetworks.com.au/blog/sase/8-2021-secure-sd-wan/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Exceptional User Experience with Prisma SD-WAN's App-Defined Fabric](https://www.paloaltonetworks.com.au/blog/sase/exceptional-user-experience-with-prisma-sd-wan-app-defined-fabric/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Prisma SD-WAN Wins CRN's 2022 SD-WAN Product Of The Year Award](https://www.paloaltonetworks.com.au/blog/sase/prisma-sd-wan-wins-crns-2022-sd-wan-product-of-the-year-award/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language