Region Focus: Worldwide

SD-WAN Infrastructure 2023 Vendor Assessment

September 2023 | us50471623
Brandon Butler

Brandon Butler

Research Manager, Enterprise Networks

Product Type:
IDC: MarketScape
This Excerpt Features: Cisco

IDC MarketScape: Worldwide SD-WAN Infrastructure 2023 Vendor Assessment

Capabilities Strategies Participants Contenders Major Players Leaders


CiscoFeatured Vendor


HPE Aruba Networking


Palo Alto Networks

Major Players




Juniper Networks





IDC MarketScape Methodology

IDC Opinion

This IDC study represents a vendor assessment model called the IDC MarketScape, which is a quantitative and qualitative research assessment of vendors’ present and future offerings, for the software-defined wide area network (SD-WAN) infrastructure market. This study assesses the capability and business strategy of 12 SD-WAN infrastructure vendors. The evaluation is based on a comprehensive framework and a set of parameters expected to be most conducive to success in providing SD-WAN infrastructure solutions.

The SD-WAN infrastructure market is highly competitive and undergoing important strategic shifts. Key findings include:

  • SD-WAN remains an important network infrastructure technology for enterprises due to its ability to improve user and application experiences, provide integrated connectivity and security, and enable seamless connectivity to the cloud and hosted applications, all while optimizing costs.
  • Key components of SD-WAN infrastructure include a centralized policy controller, automatic management of hybrid wired and wireless WAN connections, dynamic path selection of application traffic, and optional programmability, security, and analytics of wide area network (WAN) traffic.
  • For organizations, SD-WAN enables myriad benefits including, but not limited to, improving reliability by augmenting existing WAN connectivity with redundant failover across dual links, setting application traffic steering via automated software management tools and ensuring that sensitive traffic is prioritized over noncritical traffic, and the ability to provide more direct connections between users and devices and the distributed applications they’re accessing.
  • In 2022, the SD-WAN infrastructure market grew 25.0%. IDC estimates that through 2027, the market will grow at a compound annual growth rate of 10.1% to reach $7.5 billion.
  • The need for intelligent, adaptable, and pervasive connectivity has become a mandatory requirement for businesses to operate and for people, processes, and things to connect with one another. IDC’s Future of Connectedness research shows the strategic importance of a wireless-led and cloud-enabled connectivity strategy that removes network and IT silos, automates critical business processes, empowers employees to become more productive, and ensures a continuous digital experience for employees, customers, and partners.

Tech Buyer Advice

SD-WAN infrastructure is a compelling technology for any organization looking to improve WAN reliability and cost, optimize network performance, and enhance user experiences for applications accessed via the WAN. IDC’s 2022 Global SD-WAN Survey of existing and prospective SD-WAN users asked respondents how much savings they expect to derive from deploying SD-WAN. The median response rate was 15.0%, but almost one-third of respondents (31.8%) said they expect to save more than 20% on WAN costs from deploying SD-WAN.

Another survey question asked what respondents believe are the most important features of a modern, enterprise-grade SD-WAN platform. Figure 2 shows the responses, with the top answers being integrated security, ability to provide robust network and application performance assurance, and integrated machine learning/artificial intelligence (ML/AI)-enhanced SD-WAN management capabilities.

All SD-WAN products featured in this IDC MarketScape have a core set of features. These include WAN routing, management of multiple WAN links (e.g., broadband, MPLS, and 4G/LTE), dynamic WAN path selection, application-based policy controls, and application steering and prioritization. Beyond these features, most SD-WAN offers on the market today include additional features such as direct connections to public clouds (IaaS and SaaS), WAN link visibility and analytics, end-user experience monitoring, zero-touch provisioning, integrated security, and cellular routing options.

Other factors SD-WAN buyers should consider are discussed in the sections that follow.

Figure 2: Most Important Features of a Modern Enterprise-Grade SD-WAN Platform

Q. What features do you believe are most important in a modern, enterprise-grade SD-WAN platform? (Select up to two responses.)

n = 1,044
Base = respondents currently use or plan to use SD-WAN technology solutions in the next two years
Source: IDC’s Software-Defined WAN (SD-WAN) Survey, November 2022

SD-WAN + Security

One of the most significant developments in the market in recent years has been the advancement of integrated security functionality in SD-WAN products. Security is an important part of any networking investment, but there are multiple dimensions to the trend of more integrated management of SD-WAN and security. One aspect concerns the natively integrated security capabilities offered by SD-WAN vendors. Common security features in SD-WAN products include intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and content/web/URL filtering.

A second aspect of this trend is toward secure access service edge (SASE) architectures, which combine SD-WAN with cloud-based network edge security as a service (NESaaS) tools, such as a secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA). SD-WAN customers can work with their existing SD-WAN vendor to consume NESaaS and build a SASE architecture or use a multivendor approach.

It’s important for SD-WAN buyers to consider what security capabilities they value from an SD-WAN today and into the future. As SD-WANs control connectivity from the enterprise edge across the wide area network, it’s beneficial to have on-premises or cloud-based security integrated with the SD-WAN. But IDC research shows there is a significant portion of SD-WAN buyers that continue to evaluate SD-WAN infrastructure for the networking-specific capabilities of the SD-WAN. This research focuses on the networking strategy and capabilities of SD-WAN vendors, while also taking into account integrated and partner-led security approaches of SD-WAN vendors.


Another important trend is the software-defined branch (SD-Branch), which refers to integrated management of SD-WAN with LAN/WLAN networks. SD-Branch architectures create an opportunity for enterprises to have centralized visibility, analytics, and management of their network, across the LAN/WLAN and SD-WAN. Other benefits of SD-Branch include the ability for advanced ML/AI-enhanced management and leveraging a cloud-based platform. SD-Branch is ideal for customers that want to consolidate management across their campus and branch for ease of management.

SD-WAN Deployment Options

Most SD-WAN vendors offer customers various deployment options, including integrated hardware — typically a router or firewall, or both — along with virtualized versions of the SD-WAN software that can be deployed on existing infrastructure or hosted in a public IaaS cloud. Organizations also have a choice related to architectural designs of their wide area network. For example, from a multicloud access perspective, many SD-WAN vendors offer integrations with IaaS provider WANs, such as AWS Cloud WAN or Azure Virtual WAN. Many SD-WAN vendors also offer integrations with colocation vendors such as Equinix and Megaport, which provide direct connections from the colocation vendor into IaaS and SaaS clouds. Alternatively, many SD-WAN vendors are building software-defined cloud interconnect (SDCI) services that utilize a series of points of presence (POPs), usually hosted in colocation facilities, that provide access to IaaS and SaaS clouds.

Customers have a choice for the SD-WAN management platform being hosted on premises or from the cloud. Most SD-WAN vendors offer a cloud-hosted management plane, but some offer on-premises management too. Enterprises may also consider existing relationships they have with SD-WAN vendors across other product areas and what sorts of licensing discounts they may be able to receive as part of a longer-term subscription package.

Another consideration is what type of partner would organizations like to purchase SD-WAN infrastructure from. Some SD-WAN vendors have value-added resellers (VARs), others rely on communication service providers (SPs) that bundle WAN connectivity (e.g., MPLS, broadband, or cellular) with an SD-WAN service. Many managed service providers bundle and integrate the requisite underlays (transports) with an SD-WAN overlay.

Visibility and Analytics

Other factors enterprises should consider are what sort of visibility and analytics platforms they require from their SD-WAN vendor. Some vendors have robust platforms that monitor not just WAN link health, but application and user experiences too; others offer visibility platforms that extend into the local area network. Increasingly, visibility and analytics platforms feed data into AI/ML-enhanced SD-WAN management platforms, which can recommend ways to optimize user and application experiences or automatically fix problems that arise.

The aforementioned criteria are among the considerations enterprises should research when purchasing SD-WAN infrastructure, but some features and functions will be more important than others for individual customers. Organizations should always think about what business need they have and then consider what solution will best meet those needs.

Featured Vendor


Cisco is positioned in the Leaders category in the 2023 IDC MarketScape for worldwide SD-WAN infrastructure.

Cisco is a multinational communications company headquartered in San Jose, California, with a broad product portfolio across networking, security, collaboration, computing, application performance, and more. Cisco SD-WAN is composed of two products: Cisco Catalyst SD-WAN and Cisco Meraki SD-WAN. Cisco Catalyst SD-WAN is based on technology from the company’s 2017 acquisition of Viptela, one of the initial start-ups in the SD-WAN market. Cisco Catalyst SD-WAN is offered via both cloud and on-premises management versions. Cisco Meraki SD-WAN is a simplified, cloud-managed platform that includes zero-touch provisioning and an intuitive web interface.

Architectural principles of Cisco SD-WAN include creating secure, end-to-end virtual overlay networks that are flexible and scalable; centralized management and orchestration of globally distributed SD-WAN deployments; integrated visibility, analytics, and AIOps; multicloud optimizations; and a focus on security, including integrated security capabilities and hosted security tools, as well as integrations with third-party security tools.

Notable features of the Cisco SD-WAN portfolio include advanced multicloud access capabilities, including software-defined interconnect and cloud backbone; application experience optimization, including for Microsoft 365 and Webex; security innovations, including embedded security tools such as Umbrella and Duo; and integrations with the recently enhanced Cisco Security Cloud. The company also offers Cisco+ Secure Connect for a managed SASE offering. Other areas of recent innovation have been in AIOps, including advanced visibility and analytics capabilities — for example, in the Predictive Path Recommendations (PPR) feature. Cisco SD-WAN has deep integrations with the ThousandEyes visibility and analytics platform. Cisco SD-WAN also has an industrial IoT routing extension for extending enterprise policies to the industrial edge. The company supports hybrid work experiences via a compact form factor offering that optimizes secure connectivity.

Cisco’s approach to SD-WAN and security is multifaceted: The company offers a range of integrated security capabilities with its SD-WAN, including embedded SSL decryption, and an enterprise firewall, intrusion prevention, and URL filtering. It also offers integrations with Cisco Umbrella to provide services such as DNS layer security, secure web gateway, cloud access security broker, and a cloud-delivered firewall. Cisco SD-WAN leverages the Talos Threat Intelligence platform. In addition to native security capabilities, the company also integrates its SD-WAN with third-party security tools, including those from Zscaler, Cloudflare, Netskope, and Palo Alto Networks.


  • Cisco has a strong heritage in enterprise routing and enterprise networking in general, which the company has leveraged to build a prominent market share position in SD-WAN infrastructure. Cisco continues to build on-ramps for existing routing customers using the ISR and Catalyst 8000 routing platforms to upgrade to SD-WAN.
  • Cisco has two SD-WAN offerings in the market: Cisco Catalyst SD-WAN and Cisco Meraki SD-WAN. Each is aimed at a different customer profile: Cisco Catalyst SD-WAN is a more full-featured and programmable SD-WAN offering, while the Cisco Meraki SD-WAN focuses on simplicity of deployment and operations. Combined, the Cisco SD-WAN offering provides a comprehensive SD-WAN solution in the market that meets a wide range of customer use cases and requirements.
  • Cisco has a strong go-to-market channel with a large network of resellers, managed service providers, and value-added resellers, along with partnerships with leading communication service providers.
  • Cisco also has a strong and diversified supply chain, which the company leveraged during the COVID-19-induced component shortage crisis.
  • Cisco has prominent market share positions in important adjacent enterprise networking domains, including wireless local area networking and datacenter and non-datacenter Ethernet switching; the company also has integrations of its SD-WAN with its Webex collaboration and IoT portfolios.
  • Cisco SD-WAN has strong visibility and analytics capabilities via the ThousandEyes platform, which is licensed separately from SD-WAN.


  • While Cisco’s dual SD-WAN products in the Catalyst and Meraki portfolio are a strength for meeting a range of customer types, having two offerings causes some confusion in the market and for customers about which platform is best for which use case.
  • Cisco has evolved its security strategy with the introduction and continued development of the Cisco Security Cloud. The company also has strong integrations with Cisco Umbrella and Duo, along with the Talos Threat Intelligence platform and third-party security platforms. But the company has an opportunity to further simplify its SD-WAN and security portfolios into more streamlined product offerings.
  • In May 2023, Cisco SD-WAN experienced a certificate expiration issue that caused some Cisco Catalyst SD-WAN customers — specifically certain legacy Viptela and vEdge and cEdge customers — to experience downtime. Cisco quickly and effectively responded to the issue.
  • Cisco has an opportunity to further build integrations across its WAN and LAN portfolios, including across its SD-WAN portfolio and its popular Catalyst switches, WLAN equipment, and DNA Center software.
  • Cisco Catalyst SD-WAN is often considered a “premium” option and may not be ideal for price-conscious SD-WAN buyers; for more price-conscious buyers or those in the midmarket and below, Cisco Meraki SD-WAN may be a better option.

Consider Cisco When

Cisco has about 48,000 SD-WAN customers across a range of customer sizes and verticals. Top verticals for Cisco SD-WAN include retail, manufacturing, professional services, financial services, and government. Cisco Catalyst SD-WAN is ideal for customers looking for a full-featured and programmable SD-WAN offering, while Cisco Meraki SD-WAN is ideal for customers that prioritize simplicity in deployment and ongoing management.


IDC MarketScape Vendor Inclusion Criteria

This research includes the analysis of 12 SD-WAN infrastructure vendors spanning IDC’s research coverage. This assessment is designed to evaluate the characteristics of each firm across a set of criteria broken into two major buckets: current and future capabilities of the SD-WAN infrastructure and current and future strategy of the SD-WAN infrastructure offering.

IDC used a variety of primary research methods to produce this document including interviews with vendors and customers, a detailed questionnaire all vendors completed, and detailed product briefings from each vendor. This evaluation should not be considered a final judgment of firms to consider for a project, however. An enterprise’s specific objectives and requirements will play a significant role in determining which firms should be considered as potential candidates for an engagement.

For inclusion in this IDC MarketScape, vendors had to:

  • Demonstrate two years of general worldwide availability of an SD-WAN infrastructure offering. ▪ Derive at least $30 million per year in SD-WAN infrastructure revenue.
  • Have material SD-WAN infrastructure revenue in more than two global regions of the world.

This document also includes a profile of three companies in the Vendors to Watch section. These companies did not meet our criteria for full inclusion in the research but are important SD-WAN infrastructure vendors in the market today.

Reading an IDC MarketScape Graph

For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies.

Positioning on the y-axis reflects the vendor’s current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today. Under this category, IDC analysts look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market.

Positioning on the x-axis, or strategies axis, indicates how well the vendor’s future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-to- market plans for the next three to five years.

The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed.

IDC MarketScape Methodology

IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor’s characteristics, behavior, and capability.

Market Definition

IDC’s definition for software-defined wide area network (SD-WAN) infrastructure encompasses the hardware and software infrastructure products offered commercially by vendors.

SD-WAN provides automated management of hybrid WANs, defined as at least two WAN connections from each branch office leveraging two or more underlying transport networks (e.g., MPLS, broadband internet, 4G/LTE/5G).

SD-WAN includes a centralized, application-based policy controller; a software overlay that abstracts underlying networks; analytics and/or telemetry for application and network visibility; and an optional SD-WAN forwarder (routing capability). Together, these provide an intelligent path selection across WAN links, based on the application policies defined on the controller.

Accordingly, SD-WAN software and hardware infrastructure includes the following:

  • SD-WAN controller for centralized implementation of application policy, intelligent WAN path selection, and network visibility/analytics
  • SD-WAN edge routing software or hardware infrastructure
  • Traditional routers and WAN optimization products (hardware/software) — only when they are integrated into and deployed as an “in use” component of the SD-WAN solution

As such, the SD-WAN infrastructure addressed in this IDC MarketScape excludes the following:

  • All standalone routers that are not encompassed by “in use” SD-WAN deployments
  • Security products that are part of a network edge security as a service, Secure Services Edge (SSE), or secure access services edge (SASE) deployment
  • SD-WAN managed services (i.e., setup, operations, and support)

Related Research

  • Worldwide SD-WAN Infrastructure Market Shares, 2022: Growth Continues, Driven by Cloud and Security (IDC #US50604223, May 2023)
  • SD-WAN and Security Convergence: Are Enterprises Looking for SD-WAN Integrations with Existing Security Tools or Best-of-Breed Security Solutions? (IDC #US50528623, March 2023)
  • Five Key Enterprise Networking Trends Driving Connectedness Strategy in 2023 (IDC #US50412923, March 2023)
  • Worldwide Multicloud Networking Forecast, 2023–2027 (IDC #US50470923, March 2023)
  • Global Cloud Networks: Cloud WANs as Digital Infrastructure (IDC #US50438623, March
  • Worldwide vCPE/uCPE Forecast, 2023–2026 (IDC #US47851822, February 2023)
  • Top Features of a Modern, Enterprise-Grade SD-WAN: Integrated Security, Network/App Performance and Assurance, and ML/AI-Enhanced Automation (IDC #US50049523, January 2023)
  • Worldwide SD-WAN Infrastructure Forecast, 2022–2026 (IDC #US48793922, June 2022)

IDC MarketScape: Worldwide SD-WAN Infrastructure 2023 Vendor Assessment