Why Prisma SD-WAN

Is The Solution You’ve

Been Looking For
Next-gen SD-WAN provides connectivity
for your cloud-delivered branch, simplifies
network operations, and enhances user experience.
Table of Contents
3 CIOs Shift Left
4 Talkin’ About My (Next) Generation
5 Anybody Seen My App?
6 All Hands On Deck
7 Bolt-On Security Isn’t Secure
8 Prisma SD-WAN: The Next Generation
9 Layer 7 Visibility: Monitor the Network End to End
10 AIOps: Make Life Easier for Your IT Team
11 Security in the Cloud: Operate With Confidence
12 The Cloud-Delivered Branch: Gain ROI and Peace of Mind
13 Your Turn

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 2
CIOs Shift Left
Over the last decade, the mandate for the
CIO and other IT executives has transitioned
from keeping the lights on to keeping the
cash flowing. As a result, these leaders find
themselves grappling with complex business-
level challenges unrelated to their technical
backgrounds. Add in the accelerating pace of
change in the marketplace, rapidly evolving IT
technology, and perennial shortages for key IT
skills, and it’s no wonder that today’s CIOs are
under enormous pressure to perform.
Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For
A critical tool in the CIO’s toolbox is the wide-
“SD-WAN adoption is expected to
area network (WAN), which unites branch
rise to 92% of companies and 64%
offices and remote workers with centralized
of sites by 2026, with most adopting
data centers to form a single interconnected
it for efficiency (38%), cost savings
organization. Enterprises have traditionally
(38%), and agility (34%).”
implemented WANs as Multiprotocol Label
Switching (MPLS) networks using hardware Altman Solon
routers and manual configuration. However,
WAN architectures create debilitating limitations
when organizations attempt to migrate to the
cloud or utilize commodity Internet connections
in their branch offices. The software-defined
WAN (SD-WAN) was the solution that promised
to enable this network transformation.
3
Talkin’ About My (Next) Generation
Now those legacy SD-WANs are beginning
to show their age. Designed to help network
managers optimize the flow of packets, legacy
SD-WANs make it difficult to meet service-
level agreements (SLAs) based on application
performance, especially with the increasing
adoption of cloud applications. In addition, they
require a lot of time to manage, much of which is
spent on routine tasks that could be automated.
Legacy SD-WANs also lack integrated security, a
liability for the modern dispersed enterprise.
Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For
As these limitations become steadily more
apparent, IT decision makers seek an SD- “According to a recent survey of
WAN solution that is more attuned to business IT leaders, the top initiatives for
challenges such as revenue generation and 2021 are digital transformation,
compliance as well as ensuring the best cybersecurity and cloud. 86 percent
performance and user experience. This next- of respondents expect the pace of
generation SD-WAN must enable strategic digital transformation to continue
initiatives such as expanding into new accelerating.”
geographies, developing innovative offerings Flexera
that drive new revenues, and ensuring an
excellent experience for users, customers, and
partners.
To better understand the requirements for the
next generation, let’s examine the ways in which
today’s SD-WANs fall short in three key areas:
application performance, IT operations, and
branch office security.
4
Anybody Seen My App?
When SD-WANs were first introduced, network The next generation of SD-WAN needs to support
managers focused on key performance indicators proactive application-level monitoring and 7. Application
(KPIs) at Layers 2 and 3, for example, latency, policy-based management of business-critical
packet loss, and jitter. However, these packet- applications. Using application defined policies,
level metrics do not always correlate to the user organizations can gain deeper application 6. Presentation
experience, which is shaped primarily visibility and leverage Layer 7 intelligence to
by the availability and responsiveness of create excellent user experiences and better
No 5. Session
business-critical applications. compliance with KPIs. visibility
To better monitor application performance,
network managers need Layer 7 visibility. Legacy 4. Transport

SD-WANs only have visibility up to Layer 3,

which makes it difficult or even impossible to see 3. Network
application-related KPIs such as response time,
throughput, and user satisfaction.
2. Data Link

Visibility
1. Physical

ISO Stack

Legacy SD-WANs only provide

visibility up to Layer 3

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 5
All Hands On Deck
In addition to hardware savings, SD-WAN
eliminates the need for the constant maintenance
that is required for MPLS-based WANs. However,
SD-WANs also require manual interventions
for the day-to-day running of the network.
This shift creates substantial administrative
overhead for networking and operations teams
already stretched thin. Furthermore, SD-WAN
management calls for a different skill set than
WAN maintenance. Hiring new people is an
obvious answer, but CIOs struggle to find and
retain IT professionals with the necessary
education and experience.
Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For
Many IT decision makers realize that their
SD-WAN needs to do more. They need the next
generation of SD-WAN that uses automation
and artificial intelligence to lessen the time that
network managers now devote to routine tasks.
These enhancements free IT talent to work on
more complicated troubleshooting as well as
initiatives that add value to the organization.
For CIOs with staffing headaches, this next
generation SD-WAN can’t come soon enough.
“The competition for needed talent
in cybersecurity is fierce. It is
virtually impossible to hire people
with security skills for public cloud
computing and other newer digital
domains.”
Gartner
6
Bolt-On Security Isn’t Secure
Traditional WANs route all branch traffic through
the main data center, even traffic that flows Data center Data center
between the branch and Software as a Service
(SaaS) applications—so-called hairpinning. In
this configuration, security can be centralized
because everything goes through the center.
In contrast, SD-WANs connect remote users
directly to SaaS applications, eliminating
hairpinning. This architecture improves the
performance of connections to branches but also
bypasses the security at the data center.
Branch SaaS app Branch SaaS app
As a result, security architects have been forced
to cobble together branch security systems from
products designed for other use cases. These Application traffic with Application traffic with SD-WAN
“bolt-on” solutions are prone to gaps and traditional WAN (hairpinning)
vulnerabilities and are a headache to manage.
While there is no shortage of products on the SD-WAN solves the problem of hairpinning that occurs
market that can secure parts of the branch in traditional WAN architectures.
infrastructure, getting them to work together is
challenging. In the next-generation SD-WAN
solution, policies and network access controls
should work as a unified system to provide strong
security for branch deployments.

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 7
Prisma SD-WAN: The Next Generation
Palo Alto Networks takes a fundamentally
different approach with the industry’s first
next-generation SD-WAN solution, Prisma SD-
WAN. Unlike the legacy SD-WAN design, Prisma Layer 7 Cloud-delivered
visibility AIOps branch services
SD-WAN addresses the unique requirements of
cloud architectures, especially those with branch
offices. It overcomes the limitations of legacy
solutions including poor application visibility,
time-consuming manual operations, and bolt-
on branch security. Prisma SD-WAN incorporates
advanced technologies such as automated
response, machine learning, and application
defined policies to increase ROI, simplify network
operations, and improve the end-user experience.
Prisma SD-WAN provides three capabilities that
are lacking in legacy SD-WANs: Layer 7 visibility,
AIOps, and cloud-delivered branch services.
Branch

Prisma SD-WAN delivers a comprehensive set

of capabilities for the branch.

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 8
Layer 7 Visibility: Monitor the Network End to End
If you can’t see it, you can’t manage it. Prisma
SD-WAN takes off the blinders by providing
Layer 7 visibility, the key to managing the
performance of the application itself. Armed with
this application visibility, network architects
can create policies based on application-related
metrics such as responsiveness and availability,
which are nearly impossible to accomplish at
Layer 2 and Layer 3.
With Prisma SD-WAN, network managers now
have the power to engineer traffic to enhance 7. Application
network quality, availability, and reliability and
reduce operating costs. Compared to legacy SD-
WANs, Prisma SD-WAN can improve network 6. Presentation
performance as much as tenfold. Most of all, IT
groups can meet application-level KPIs directly
5. Session
tied to user satisfaction no matter where they
may be located.
4. Transport
Complete
visibility
3. Network

2. Data Link

1. Physical

ISO Stack

Prisma SD-WAN provides complete

visibility across the entire stack.

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 9
AIOps: Make Life Easier For Your IT Team
The manual tasks associated with managing Prisma SD-WAN analyzes historical data and
legacy SD-WAN drains staff time, and will only continually learns which incidents are important
get worse as network traffic grows. The solution enough to alert the IT team right away and which
is not hiring more staff but rather finding ways to ones can be safely postponed until scheduled
offload routine tasks with automation, often the maintenance. An independent study found that
lion’s share of network management time. replacing a traditional SD-WAN with Prisma SD-
WAN can reduce network trouble tickets by 99%.
Unlike legacy solutions, Prisma SD-WAN
incorporates artificial intelligence for IT
operations (AIOps), a ground-breaking approach
to IT operations. Using a supervised learning Supervised learning
methodology, Prisma SD-WAN provides visibility
into performance data and dependencies,
analyzes the data to identify events such as
network bottlenecks, and automatically alerts
IT staff to problems, their root causes, and This happened That happened User impact
recommended solutions. And it gets better—
thanks to machine learning, Prisma SD-WAN
continues to improve accuracy of event detection • Pre-trained to find correlation
and remediation suggestions. • Full problem context
• Root cause identification
• Faster time to resolution

Prisma SD-WAN uses the supervised learning model for AIOps.

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 10
Security in the Cloud: Operate With Confidence
The current approach to branch security is In short, Prisma SD-WAN eliminates the security Internet

prone to coverage gaps and requires significant gaps caused by security that is bolted onto the
management of disparate security solutions. branch. Now CIOs and other IT executives can
Prisma SD-WAN protects branch offices with be confident that their dispersed operations are
comprehensive, cloud-delivered security secure and available, regardless of location.
wherever it is needed. By connecting branch ION
appliance
offices to a nearby cloud gateway, network
architects can provide secure access to all
applications, something that legacy SD-WANs
just cannot offer.
Prisma SD-WAN provides full visibility and
traffic inspection across all ports and protocols. Data center/HQ Branch
With Prisma SD-WAN, policies are applied in
the cloud, not at the central office. As a result, Branch
Prisma SD-WAN protects traffic to and from the
Internet, SaaS applications, other branches, and
the main data center.
Prisma SD-WAN optimize all branch traffic
to provide the best user experience.

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 11
The Cloud-Delivered Branch: Gain ROI and Peace of Mind
As organizations expand geographically, the However, there’s more to life than numbers.
resources required to set up and manage branch CIOs and other IT executives need solutions (and
networks can be a drain on staffing and the
bottom line. Prisma SD-WAN takes aim at this
vendors) that they can count on. With Prisma SD-
WAN, IT leaders can be confident that they can
243%
challenge by enabling the cloud-delivered support the organization’s goals for geographic
branch, a revolutionary architecture that expansion without needing to hire staff or incur
provides connectivity at the branch without hardware expenses. They can rest assured in the Return on investment
the hassle and cost of additional hardware and ability to provide secure, anytime, anywhere
multiple site visits. With Prisma SD-WAN, access to applications located on-premises,
organizations can now deploy branch networks public and private clouds, and SaaS providers.
in minutes, not days or weeks as before. 45%
The cloud-delivered branch has significant
advantages over the traditional MPLS-based
WAN approach. But don’t take our word for it— Reduction in branch breaches
listen to the experts. A recent Total Economic
Impact (TEI) report from Forrester quantified
these benefits:
• 243% return on investment (ROI) with an 50%
average payback of six months
• 45% reduction in branch breaches
• 50% reduction in time required to manage Reduction in time
branch security

Prisma by Palo Alto Networks | Why Next-Gen SD-WAN Is The Solution You’ve Been Looking For 12
Your Turn
This ebook has clearly shown the limitations of legacy SD-WANs and explained how the next
generation—spearheaded by Prisma SD-WAN—can overcome those obstacles and deliver
tangible business value and peace of mind.
If you’re ready to take the next step, visit our website or test it out with our free trial.

3000 Tannery Way
Santa Clara, CA 95054
Main: +1.408.753.4000
Sales: +1.866.320.4788
Support: +1.866.898.9087
© 2021 Palo Alto Networks, Inc. Palo Alto Networks is a registered t­ rademark of Palo Alto Networks. A
list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html.
All other marks mentioned herein may be trademarks of their respective companies.
prisma-sdwan-Why-Prisma-SD-WAN-Is-The-Solution-Youve-Been-Looking-For-92021

www.paloaltonetworks.com