SD-WAN Secure Over the Top: Internet strategies built for security and choice

Overlay solutions work with your existing network

One of the key benefits of SD-WAN is the ability to build high-performance WANs using relatively low-cost and commercially available broadband Internet links. Using an internet-only approach for data transport has become known as SD-WAN “over the top” (OTT), because your corporate IP traffic runs over a secure connection using cost-effective public internet access, rather than “on-net” solutions that run over the service provider’s private network. OTT strategies are also known as overlay solutions or secure overlay networks.

Masergy has OTT solutions, helping companies of all sizes take advantage of an internet-only approach for data transport. It’s ideal for businesses that want a low-cost broadband backbone and also works well for those locked into a long-term contract for network connectivity. With OTT you can:

  • Cut costs by trading private network connections for more cost-effective public ones
  • Choose the local internet service provider that works best for your business locations
  • Leverage your existing corporate network and take full advantage of your bandwidth

How SD-WAN Secure OTT works

Masergy creates an overlay network on top of any public or private network and sends encrypted application traffic via IPsec tunnels to Fortinet-powered endpoints over the public internet (“over the top”) for your secure, agile, and scalable corporate network. The SD-WAN management portal provides a single view across your network with AI-powered service control and real-time analytics including AIOps and Shadow IT Discovery tools. Located on three continents, Masergy’s own NOCs provide a best-in-class managed service, as evidenced by our industry-leading client retention rates and Net Promoter Scores.

Key features of Masergy's OTT service

Built-in security

  • End-to-end IPsec data encryption to protect SD-WAN traffic between all endpoints
  • Integrated next-generation firewall to protect sites and users directly exposed to the internet via broadband connections with SD-WAN

Superior application performance

  • Forward Error Correction (FEC) to lower overall packet loss ratio and improve data integrity over public bandwidth
  • Fast, automated application routing using an optimization database of more than 5,000 enterprise applications

Consolidated management portal

  • Holistic visibility and control with real-time insights available on any desktop or mobile device
  • Industry-leading capabilities including AIOps, Shadow IT Discovery, and Identity-Based WAN Analytics

Determine the underlying network — you can even bring your own

The first step of designing an OTT solution is to identify the underlying network, and Masergy offers the flexibility to work with any public or private network. Locked into a contract with a third-party MPLS provider but want to immediately move to an SD-WAN solution? No problem. Masergy’s “bring your own network” (BYON) option allows you to overlay Masergy’s SD-WAN Secure OTT solution on top of your existing third-party network.

As shown in the diagram, when you bring your own network, the SD-WAN Secure OTT solution establishes secure IPsec tunnels between SD-WAN endpoints through your existing third-party MPLS network.

Choose your public connectivity types

Beyond just broadband, Masergy’s SD-WAN Secure OTT solution allows for other connectivity options. Choose from any of these third-party services:

  • Direct internet access (DIA)
  • Fixed wireless (5G or LTE)
  • Public internet access (broadband)

Yes, of course you can mix and match the options above!

Don’t forget you  can tap into Comcast Business’ network services to leverage the nation’s largest gig-speed broadband network. Plus, when you bring your own network, you can also route traffic via your existing private network backbone.

Work with any internet service provider

Know which third-party internet service providers you want to use? You can bring your own broadband, DIA, and wireless connections. Not sure which service to use? You can leverage Masergy’s network of 300 global access partners, allowing us to procure any combination of public connectivity services on your behalf.  And, Comcast Business offers the nation’s largest gig-speed broadband network. No matter which type of public connectivity services you choose or which providers you want to use, Masergy will deliver secure and agile connectivity with real-time performance visibility in one SD-WAN management portal.

Built-in security capabilities

81% of IT leaders say security is their top factor in selecting SD-WAN. That’s why security features and services are embedded into every Masergy SD-WAN solution, meeting the key tenets of the SASE model. Three-tiered options include next-gen firewalls for superior perimeter protection and 24/7 SOC services that alleviate your team of monitoring and threat response. Plus you can enforce a consistent security policy across all SD-WAN devices and get security alert metrics within the SD-WAN management portal.

Choose the security service below that best matches your desired level of protection and support.

Service Unified Threat Protection Threat Monitoring & Response Managed Security Services
Next-generation firewall (NGFW) with UTP
Enhanced anti-malware, IDS/IPS, app control, web filtering, and DLP
Built-in AIOps, Shadow IT Discovery, and per-user WAN analytics
Log reporting and alerting
SOC Services: 24/7 monitoring and incident response
Cloud Security: AWS®, Azure®, CASB, Office 365™, 3rd party integration*
Security analytics: Machine learning and behavior analytics
Advanced IDS and raw packet capture
Network visibility (flow data)
Endpoint detection and response
Threat intelligence and hunting
Vulnerability scanning and management

Learn more about managed sd-wan

Extend the benefits of SD-WAN to your remote workforce

or power users needing uncompromising connectivity from their home offices

for mobile knowledge workers needing secure access to corporate and cloud applications

Select your management model and avoid vendor sprawl

Not every IT department is comfortable handing the management of their WAN to a third-party provider. That’s why Masergy empowers your organization with the option to retain 100% control over specific aspects of your SD-WAN service using a co-managed model. The Masergy SD-WAN Secure OTT solution can be set up as a fully managed service or a co-managed solution, where you have the ability to self-manage configurations and policies unique to your corporate network.

The number of offices you have and the miles between them will dictate how many internet service providers your OTT solution will need. Last-mile vendor sprawl can cause management complexities and troubleshooting issues, because patchworked services come with traffic handoffs that can lead to finger-pointing frustrations. Masergy is here to relieve your IT team of this problem. If you choose a Masergy-provided internet connection, we’ll also monitor and manage the performance of your service to ensure maximum uptime for your business-critical apps.

Get real-time visibility and control in one portal

All you need is one portal for end-to-end visibility and total control over your SD-WAN environment. Masergy’s cloud-based SD-WAN management portal offers:

  • Real-time identity-based WAN edge analytics in a customizable dashboard
  • An AIOps virtual assistant for automated network and cloud application performance
  • A Shadow IT Discovery solution that increases your security by automatically finding unsanctioned cloud apps on your network

Learn more about sd-wan portal

Keep exploring

Interested in learning more about Managed SD-WAN Secure OTT?

Call us now to arrange a consultation (855) 238-1463.
Or arrange for a consultation through our request form.