Open Systems SD WAN & SASE Cybersecurity Solutions

Open Systems SD WAN Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Open Systems and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Open Systems is ideally suited for large, multi-location enterprises that require advanced security and visibility into business application performance. The offering includes security (SASE, MDR, EDR), networking (SD WAN) and managed services, making the company an ideal choice for those who require a security, networking and managed services solution from a single vendor. 

The company has a history of expertise in managed services and security products and this shows as their customer support teams (SOC and NOC) have been noted to be fast acting and professional with good communication between client and the vendor. 

As with a majority of vendors, underlay is sourced via third party providers, allowing SD WAN to be delivered across multiple connection types such as DIA and MPLS. 

Open Systems are an excellent choice for firms that are looking to migrate services to the cloud and leverage hybrid networks in a simple and flexible solution. The company have very strong SASE and managed security services, backed up by decades of cybersecurity experience to provide comprehensive security from edge to cloud with support from SOCs and NOCs.

About Open Systems

Open Systems was founded in Basel, Switzerland in 1990 by Florian Gutzwiller. They provide AI based, cloud-delivered security solutions from an integrated NOC and SOC, as well as SD WAN managed services. The company has a Net Promoter Score of over 70, 98% customer retention and 97% customer satisfaction rates. They operate in over 180 global markets, with 10,000 deployments and over 3 million users. Their offering is particularly aimed at the following industry verticals: Financial Services, Healthcare, Insurance, Manufacturing, Chemicals, Higher Education and Non-Government Organizations (NGOs). They have accumulated expertise in cybersecurity and now offer a strong SASE solution.

Historically, Open Systems began as a managed services provider, transitioning to become a security and networking vendor later on. The company's North American headquarters is in Silicon Valley, California and their EMEA headquarters is in Zurich, Switzerland and extra offices in Düsseldorf, Germany, Vienna, Austria and Noida, India. 

What is the Open Systems SD WAN Solution?

The Open Systems SD WAN offering aims to provide users with a secure way to connect all of their branches, clouds and networking operations and technologies using one set of monitoring and policies for all endpoints and users. They provide SD WAN overlay which allows clients to apply pre-existing network architectures. The company also offer their SD WAN Connect product as an optional extra in their SASE+ Service Plans. The product provides users with a comprehensive managed service solution, supported by a team of network design consultants who help to design, configure, test and provide network support on one platform (See, What is the Open Systems managed, co-managed and DIY services solution?).

Configuration-Based Key Features:

• Multi-Cloud Connectivity: Multi-Cloud Connect allows users to connect to multiple cloud providers such as Azure and Equinix.
• Network Functions: Includes network functions such as policy-based and application-aware routing, bandwidth control and path selection.
• Mobile Entry Point: Remote access/VPN supports teleworking by enforcing security policies for off-site employees. (See, How does Open Systems support remote users?).
• Line Operations Service: Provides clients with constant monitoring and alerts using a team of specialists who can correct access issues and provide connectivity notifications throughout any incidents that may occur. This provides real-time visibility into bandwidth usage. 

Security-Based Key Features:

• Encryption and Routing: Traffic is authenticated and encrypted automatically between sites, securing business-critical data across public and private networks and between service providers. 

Performance-Based Key Features:

• Bandwidth Control: Bandwidth usage can be controlled by using tools and metrics to control by application, location and connection.
• Path Selection: Improves performance of business-critical applications by routing them across optimal paths and, should connections be dropped, defining per-app orders of preference.
• Application Optimization: Application visibility is improved by allowing users to view network traffic usage (including encrypted traffic) per application. From this, users can control bandwidth usage by setting routes to prioritize traffic in line with business needs.

What is the Open Systems SASE security solution?

Open Systems offer SASE+ which is a strong, cloud-delivered, automated and policy driven solution backed by a team of security experts that constantly monitor and assist networks. Using Open Systems’ network of global access points users are offered secure connections to cloud and internet services, in-office and in remote locations. Clients have the choice of adding ZTNA+ (zero trust network access), to extend SASE+ to accommodate a larger number of users with a broader range of devices.

SASE Features: 

• Managed Detection and Response (MDR): Part of Open Systems managed services offering, MDR+ monitors alerts constantly (See, What is the Open Systems managed, co-managed and DIY services solution?). 
• Endpoint Detection and Response (EDR): Allows security experts to respond to security breaches quickly, by continuously scanning for and reporting suspicious events in real-time. Data logs of endpoint activity are maintained to increase response effectiveness. 
• Network Detection and Response (NDR) - IDS/IPS: Searches for malware and security threats within the kill chain and blocks communications with suspicious activity. By assigning threat scores to internal assets, NDR protects against existing intrusions.  
• Managed Security Information and Event management (SIEM): A service designed to cope with large amounts of threat data by analyzing and correlating the data. To see more go to What is the Open Systems managed, co-managed and DIY services solution?. 
• Cloud Access Security Broker (CASB): Offers increased visibility across cloud applications and monitors the use of cloud applications within the network, producing detailed risk assessments in real-time. 
• Advanced Threat Protection (ATP): Designed to block malicious URLs, domains and IPs whilst delivering indicators of compromise (IOCs) in real-time. This protects business-critical and sensitive data  by adding extra layers of protection. 
• DNS Filter: Includes Secure Web Gateway-based SSL scanning and authentication as well as malware protection and runs on a firewall to allow for URL filtering applications and built-in threat protection. 
• Cloud Sandbox: Determines the presence of malware by using 8,600 file attributes and an intelligent neural network, with machine learning to speed up analysis of new files.
• Secure Web Gateway: Includes category-based URL and DNS filtering, TLS interception, malware protection and certificate validation to prevent security breaches. 
• Next Generation Firewall (NGFW): Protects end-user machines network servers by filtering traffic and leveraging multiple security zones within the network. 
• Secure Email Gateway: Prevents attacks from phishing links in emails, by serving as an entry point for mail traveling from outside of the organization.

How does Open Systems access cloud vendors?

Open Systems partners with Microsoft Azure Secure Start and Equinix to access cloud vendors. Equinix provides secure and reliable multi-cloud access whereas Azure is used to integrate Open Systems cloud solutions into the Microsoft global network. Azure secure start is used to create a secure Azure cloud platform in which to migrate applications. Open Systems is a Microsoft Gold Partner in: Application Development, Cloud Platform, Cloud Productivity, Collaboration & Content and Data centers. Open Systems Cloud solutions are secured with a cloud native Managed Threat Detection and Response service, which combines a Microsoft Security Stack (Azure Sentinel), AI Automation and 24/7 monitoring from expert security engineers through their global Security Operations Centers. Open Systems accesses Cloud Vendors through their Mobile Entry Points that can be deployed to existing or new SD WAN edge devices. Mobile Entry Points can be purchased as a standalone product or added to an existing SASE security plan. Access is then routed through the nearest Mobile Entry Point to provide a secure connection to resources on Corporate WAN.

Does Open Systems offer WAN acceleration and optimization?

Open Systems offer an Application Optimization solution. The product is an optional extra available with Enterprise and Enterprise+ SASE+ Service Plans (See, What is the Open Systems SASE security solution?). Application Optimization is designed to build knowledge of enterprise network assets and prioritizes and protects business-critical programs with the option to create a custom solution. 

Caching temporarily stores data blocks to improve performance. It does this by identifying suitable blocks for caching and replaces them with smaller block references for uploads and downloads. Compression similarly compresses data blocks and sends them across the network whilst avoiding data loss by reducing statistical redundancy. Once the data crosses the network, it is decompressed. Finally, protocol optimization improves the speed of poor performing applications, and can be customized to suit business needs. It does this by writing ahead/reading behind for common internet file systems (CIFS) and encoding large header information for HTTP traffic whilst avoiding data loss. TCP traffic uses control windowing to reduce congestion in the network.

How does Open Systems support remote users?

Open Systems provides mobile and remote users access to secure networks with granular controls. Remote users are secured through a Secure Web Gateway via Mobile Entry Points for internet breakout and are able to access company resources in the corporate network. Mobile Entry Points can be added to existing SD WAN edge devices, providing global coverage for mobile users that require a secure corporate WAN connection.Global security policies and configurations can be set up using central policies, whilst Open Systems engineers handle monitoring and incident management 24/7. Open Systems support remote users using: Access Point Selection, Authentication, Datagram Transport Layer Security (DTLS) Secure Connection, Zero Trust Network Access and Granular Access Control through the use of Firewalls. Multi-Factor Authentication can also be applied in combination with identity providers such as Azure to meet customer needs.

What is the Open Systems managed, co-managed and DIY services solution?

Open Systems have a granular managed services offering which combines SASE and SD WAN products on to one service plan. SASE+ Service Plans come in three different offerings: Business, which is suited to performant networks; Enterprise, for secure networks; and Enterprise+ for both secure and agile networks. 

SD WAN Connect is an optional extra available with all three managed services offerings. A team of network design consultants are deployed to source connectivity worldwide on behalf of a client. They will manage the design of the network as well as the selection of as few  internet service providers (ISPs) as possible to provide greater application performance - these partners are selected based on their availability and technical service offering. 

Open Systems offer Managed Detection & Response (MDR+) as-a-service. Deployed by cloud based security information and event management (SIEM) service, Microsoft Azure Sentinel and using a DevOps model to protects networks and systems from advanced threats. Open Systems are a Microsoft Threat Protection Advanced specialist with over 30 years of operational experience. MDR+ services include monitoring of all digital assets through advanced threat detection, technology and human expertise. This helps to identify real threats, prioritizing those with the highest potential for damage which leads to more positive outcomes with fewer false positives. 

Open Systems offer a SIEM service that leverages both a SOAR (security, orchestration, automation and response) service to deal with low threat issues and SOX-as-a-service, which is a security operations center (SOC) staffed with Level 3 security engineers for more complex issues. The service is designed to analyse large amounts of threat data - a task that originally had to be done manually. The data is collected, analyzed, correlated and normalized before being sent to IT professionals who study the final results and decide what action to take, if any. The service is also available as a cloud-based product, which collects threat data on a cloud-scale from all users worldwide. The service features: data aggregation, data correlation, forensic analysis, alerting, dashboards for visibility, compliance, and retention. 

Services Available with SASE+ Service Plans:

Products Available with SASE+ Service Plans:

What Reporting and Management is available via the Open Systems Portal?

The Open Systems Portal provides a single pane dashboard into all network reporting and management:

• Customer Portal: Allows for trend analysis and provides operational key figures, tickets, tools and statistics. The portal also provides anytime service status, analysis of network performance and real time current threat details.
• Security Compass: Provides a dashboard which helps facilitate collaboration with Open Systems SOC engineers. This ensures a co-ordinated response and shows incident updates using ‘at a glance’ investigation information.
• SASE Atlas: Uses security and network analytics to provide health maps of business systems that require attention. Location and host data is provided to improve the efficiency of fixes and the speed of issue resolution.

What is the Open Systems SLA?

At the time of writing no Service Level Agreement was available. This may be because Open Systems products are available through third-party master agents who will support their own individual SLAs.