There are plenty of good reasons for deploying software-defined WAN (SD-WAN). Reductions in bandwidth spending, improved application performance and increased visibility into the WAN are just a few. But none of those are as likely to protect your job as being able to segment traffic crossing the wide area network (WAN).
All SD-WANs protect data inflight with a secure overlay (marketing’s way of saying a mesh of IPsec tunnels between SD-WAN nodes), but traffic can still be sent in a common tunnel across the WAN. Network segmentation goes a step further and provides end-to-end isolation between services (or more likely, groups of services) within the SD-WAN. Without SD-WAN, enterprises would need to use a protocol, such as Virtual Route Forwarding-lite (VRF-lite), which is difficult to scale in large enterprises, requiring the participation of every intervening router in a path….(continue reading here)