Fotolia

Palo Alto SD-WAN gets analytics, Prisma security

The Prisma integration and root cause analysis in the Palo Alto SD-WAN could help it standout in a market packed with competitors. Palo Alto also launched two SD-WAN appliances.

Palo Alto Networks has made good on its promise to integrate its cloud-based security suite, Prisma, with the recently acquired CloudGenix software-defined WAN.

Along with bolstering CloudGenix security this week, Palo Alto added machine learning for root cause analysis and broadened the SD-WAN's use cases. Companies typically use SD-WAN in branch offices, but Palo Alto introduced appliances for large campuses and home offices.

Palo Alto announced the $420 million acquisition of CloudGenix in late March, saying it would integrate the company's SD-WAN with Prisma Access. Companies use Access to secure branch connections to applications running on AWS, Google Cloud or Microsoft Azure. Access is one of four core security platforms within Prisma.

The integration is essential because the CloudGenix SD-WAN lacked security features native to the product, Gartner reported in its 2019 Magic Quadrant for WAN Edge Infrastructure. CloudGenix also lacked WAN optimization, which Gartner pointed out was in competitors' products. Palo Alto did not add that feature in the latest release.

Palo Alto, a security specialist, is likely to add more security features to CloudGenix in time. Besides Access, the Prisma suite also provides compliance monitoring, risk discovery and data loss prevention for cloud applications.

The Prisma integration is a differentiator among competitors because of the technology's quality, said Shamus McGillicuddy, an analyst at Enterprise Management Associates.

"It's a leader in the industry," he said. "This gives the CloudGenix SD-WAN business an advantage over SD-WAN vendors partnering or developing their own to fill out their security architecture." 

CloudGenix network analytics

Palo Alto added machine learning to the analytics within the CloudGenix SD-WAN to improve network operations. Features include the identification and remediation of common traffic problems that often trigger multiple alerts. Other features let operators determine which WAN connections are in use and the applications using them.

Palo Alto SD-WAN appliances, the ION 1000 and the ION 9000
Palo Alto's latest SD-WAN appliances, the ION 1000 and the ION 9000.

The analytics could be a differentiator, "depending on how good it is," McGillicuddy said. "Automated root cause analysis is a big opportunity."

EMA research has shown that the lack of root cause analytics is a critical weak spot in network management tools.

The latest appliances are called the CloudGenix Instant-ON (ION) 1000 and the ION 9000. The former is for retail and small or home offices, while the latter is for campus environments.

The ION 1000 establishes the service standards for security, path selection and application performance. Companies can manage the device through the cloud-based CloudGenix portal.

Palo Alto did not release pricing. SD-WAN appliances for work-from-home use tend to be too expensive for most companies, according to analysts.

The ION 9000 becomes the highest-performing appliance in the CloudGenix portfolio. The hardware establishes SD-WAN connectivity to the data center network and exchanges routing information. It terminates VPNs for all branch offices with a CloudGenix SD-WAN, maintains path symmetry and ensures that applications use the best network path.

Dig Deeper on Network infrastructure