SASE Rules the Network

Happy New Year! Your network’s obsolete.

Or it probably is, anyway, if you’re an SMB. Barring a major recent overhaul, you’re most likely using network gear designed principally to keep traffic flowing among devices and applications inside an office.

Yet as we’ve discussed before, networks spend most of their time these days moving traffic between SaaS solutions (which will account for some two-thirds of all SMB business app spending this year, per Analysys Mason) and endpoints in a hybrid mix of offices, homes, coffee houses, airports, and other locations. Different use case, different requirements.

Banyan Security, as it happens, has been warning conference audiences about that approaching use case since its founding in 2015. “We would go around saying, ‘people are going to work remotely all the time. There’s going to be this hybrid workspace,’” recalls Tarun Desikan (pictured), the security service edge (SSE) vendor’s COO and co-founder. “People just kind of politely clapped and moved on to other things.”

Not so much anymore. “The market has matured,” Desikan observes. “Especially after Covid, pretty much every organization realizes they need a hybrid strategy.”

Which is why global outlays on single-vendor SASE solutions, which combine SSE and SD-WAN technology to make connectivity and cloud-based security available everywhere users are, will grow at a 30% CAGR through 2027, according to Dell’Oro Group. And why Cytracom’s biggest product launch since the debut of its flagship unified communications solution was a SASE system introduced in 2022. And why Cisco rolled out a SASE partner specialization over a year ago. And why Aryaka will report record growth in partner-led sales of its managed SASE and SD-WAN solutions next Tuesday (you heard it here first).

And also why SonicWall, just weeks after announcing its acquisition of MDR vendor Solutions Granted, has now acquired Banyan too.

“Think about the thousands of firewalls we ship every month,” says Bob VanKirk, the company’s CEO. They’ve had embedded SD-WAN for years, he notes. Drop the Banyan client on there too and you’ve got yourself something akin to a plug-and-play SASE solution.

“That’s what our customers and partners are asking for,” VanKirk says.

They’re asking for something else too though, he continues—platforms rather than point solutions.

“A platform is not just providing single stovepipes,” VanKirk says. It’s providing an integrated family of products, like the network, endpoint, cloud, and email security solutions SonicWall was already offering when VanKirk stepped into his current role late in 2022, plus the SASE and MDR it offers now. All with consolidated management, reporting, and threat intelligence on one bill from one vendor with a newly MSP-friendly partner program.

In fact, integrated, bundled everything is increasingly in vogue in security, as recent moves by OpenText and ThreatDown, not to mention Veeam and Sophos, suggest. SonicWall is moving fast in pursuit of that same vision.

“We started a pretty significant transformation a year and a half or so ago,” VanKirk says. “Ninety percent of our leadership is new. Banyan is playing, and will play, a huge role as we take that transformation to the next level.”

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

It’s crystal ball time again

If you write about the tech industry, receiving a boatload of new year predictions from vendors is about as reliable a holiday season ritual as carolers and candy canes. I didn’t keep an exact count, but probably received well north of 100 such prophesies from more than 25 companies this time around. Needless to say, there’s no room here to do more than scratch the surface a little with some especially interesting examples.

1. Generative AI will make a dangerous threat landscape dangerouser.

I’ve been troubled for a while by the prospect of GenAI effortlessly drafting the world’s most targeted, convincing BEC messages and phishing lures. People you should actually pay attention to on this topic however—i.e. security experts—generally seem less concerned.

“Content creation, while a risk to cybersecurity, is one that our modern solutions can address,” says Adrien Gendre (pictured), chief product and technology officer at email security vendor Vade.

If you want an AI-related risk to worry about, though, Gendre has a suggestion. What if threat actors start using artificial intelligence the way more and more legitimate users do: as a hyperautomated, increasingly autonomous tool for planning and executing complex procedures all on their own.

“If generative AI can orchestrate attacks, it would shift the balance of power dramatically,” Gendre says. “Today, it takes hackers weeks to discover our vulnerabilities. Tomorrow, AI could do the same in a matter of seconds or minutes. And rather than requiring a team of hackers with diverse skill sets, it could only take just one person working with AI.”

Or possibly zero people. Voice phishing, or “vishing,” attacks featuring fake callers and voicemail are nothing new. The scary place autonomous AI could take them is.

“WatchGuard predicts that the combination of convincing deepfake audio and LLMs capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls,” the company writes. “What’s more, they may not even require a human threat actor’s participation.”

(And in case you’re wondering, you can use “dangerouser” in a blog post but not Scrabble. I checked.)

2. AI riches will reach the edge of the network

We in the media spoke endlessly last year about the torrents of money that AI players like Microsoft and NVIDIA stand to make on AI. Much smaller companies could start cashing in this year too though, according to multiple vendor prognosticators, albeit in lower margin markets like storage.

“Businesses will need their own proprietary data to train the AI systems they use, and this all needs to be stored somewhere,” observes Kevin Dunn, country manager for the UK/Ireland & Nordics at cloud storage vendor Wasabi.

It must be processed somewhere too, and Intel believes some of that processing will occur on “AI PCs” powered by the Intel Core Ultra chips unveiled last month. So does Canalys, which expects nearly 20% of PCs shipped in 2024 to qualify as “AI-capable.” TD SYNNEX thinks that could trigger additional follow-on edge spending.

“As we see AI at the desktop, that may open up more opportunities around AI devices, better networking and more innovation in mobility,” writes Steve Jow, the distributor’s executive vice president of sales.

3. Channel partners will emphasize solutions…or else

This prediction from Object First, the backup storage vendor I’ve written about a few times before, dovetails with something else I’ve been talking about lately.

“To survive in 2024, partners will need to shift portfolio offerings,” says Vitaly Sukhovsky (pictured), the vendor’s VP of channel. “The emphasis on delivering tangible business outcomes will necessitate a shift from individual product sales to comprehensive solution offerings.”

And “necessitate”, it turns out, is a gentler way of indicating this is do-or-die stuff. “For those accustomed to selling point products, survival is uncertain,” Sukhovsky says. “Customers now demand a holistic, full-stack approach, and partners must understand their space to address and solve end-users’ problems. Otherwise, interest is lost.”

And so are you.

My turn

As long as I’m quoting everyone else’s predictions for 2024, I might as well offer up a few of my own.

1. Big, familiar SMB security vendors will face more competition from even bigger, more familiar vendors

I’m a guy who knows how to have fun on vacation, so I spent a sliver of my holiday break listening to a podcast interview featuring George Kurtz, the CEO of XDR titan CrowdStrike, which was the third best performing Nasdaq 100 stock in 2023 and reported 35% year-over-year annual recurring revenue growth, to $3.15 billion, in its most recent fiscal quarter. One couldn’t help but be struck by how much Kurtz emphasized CrowdStrike’s relevance to SMBs (at around the 05:20 mark) and SMB momentum (at about 12:06), which he credits at least partly to a recent alliance agreement with Pax8.

Cisco, another big name, seems to be taking SMBs more seriously right now too. Microsoft, which Cisco considers one of its few real rivals in security, has a footprint with SMBs so huge that even companies that arguably compete with it some in security, like ConnectWise, can’t help but play the co-opetition game instead.

I’m looking for 2024 to be the year that SMB security leaders like Fortinet, Sophos, and Trend Micro start feeling tangible pressure from enterprise security leaders moving downmarket.

2. AI will turn networking into a money-maker for SMB channel partners

I’m drafting off Steve Jow at TD SYNNEX a little here, but if there will soon be armies of AI PCs doing inference processing (per Canalys) and data centers are rapidly filling with AI-friendly infrastructure (per Dell’Oro), it stands to reason there’s going to be a lot of GenAI traffic transiting back and forth between endpoints and cloud. If you’re an IT provider trying to work out where the AI opportunity is for you today, good old fashioned network upgrades might just be a near-term answer.

3. Quantum computing will start transitioning from the whiteboard to the real world

Several of the predictions I received this year were about quantum computing, a technology that most people still regard as an interesting topic of speculation unlikely to be real and big any time soon. In fact, however, it’s real and big enough already to have NIST finalizing algorithms capable of withstanding quantum’s awesome encryption-cracking power.

“By 2024, we will see more widespread adoption and standardization efforts for these algorithms and a transition phase where systems support both classical and quantum-resistant algorithms to ensure compatibility and security,” predicts Chandrodaya Prasad, EVP of product marketing at SonicWall.

My own, broader, prediction is that 2024 is the year that vendors, MSPs, and scribes like me need to start thinking about quantum computing as both threat and opportunity, rather than musing about it as sci fi stuff arriving someday.

And while we’re on the topic, here’s one last prediction: the Microsoft Partner Network, which became the Microsoft Cloud Partner Program in 2022 and then the Microsoft AI Cloud Partner Program last year, will become the Microsoft Quantum AI Cloud Partner Program round about, oh, 2026. I’m accepting wagers on how many more technologies get packed into the name from there.

Speaking of podcasts

I’m co-host of a new one. Listen in!

Also worth noting

Microsoft has one last holiday gift for you, higher margins on Windows 365 Business, Enterprise, and Frontline.

Google’s Chrome browser has taken its first step toward freedom from cookies. Bad news for marketers. Good news for you.

SentinelOne is buying PingSafe, a cloud native application protection platform (CNAPP) vendor.

Another sign of the SASE times: IGEL’s new Preventative Security Model is designed to support zero-trust and SASE initiatives.

Congrats to Staci Corbett, of Fusion Connect, for being the Alliance of Channel Women’s Big Impact Winner for Q3 2023.

Procure IT’s new CMO is channel veteran Brian Leonard, formerly of RapidScale.