SOFTWARE-DEFINED WAN
Your network is the new perimeter.
MPLS won’t get you there.
SD-WAN and SASE advisory for mid-market companies. We help you clarify your traffic patterns and security posture first — then evaluate SD-WAN and SASE providers and select the vendor stack you can defend in front of a board.
By Chris Gerhardt · Liftoff Consulting
Vendor-independent evaluation. Carrier-neutral comparison. Grounded in your real traffic patterns.
Why Traditional WAN Is Breaking
The assumptions networks were designed around five years ago no longer hold.
☁️
Apps Live in the Cloud
When the destination is SaaS and IaaS, backhauling traffic to a data center adds latency, cost, and frustration. SD-WAN was built for this; legacy WAN was not.
🏠
Users Are Everywhere
Hybrid work means your network edge is now a coffee shop, a home office, and a hotel. Security and performance have to follow the user, not the building.
🛡️
Security Has to Move to the Edge
SASE—SD-WAN plus cloud-delivered security—is becoming the default. The transition has real architectural and operational implications.
What You Get
A clear set of requirements, a vendor recommendation, and a selection plan that fits your business and your team.
01
Traffic & Architecture Assessment
We map your real traffic patterns, application dependencies, and edge locations to clarify the network requirements that fit how your business actually works.
02
SD-WAN / SASE Vendor Selection
Vendor-neutral evaluation across the major platforms. We optimize for fit, not for partner economics.
03
Carrier & Circuit Evaluation
Carrier-independent evaluation of underlay circuit options — typically surfacing costs well below what your current account team is quoting.
Frequently Asked Questions
What’s the difference between SD-WAN and SASE?
SD-WAN is intelligent network transport. SASE adds cloud-delivered security — identity-aware access, secure web gateway, CASB, and zero-trust network access — on top of and alongside it. SASE is what SD-WAN is becoming as security and networking merge.
Which SD-WAN/SASE vendor is best?
There is no universal best. Cisco, Fortinet, Palo Alto, Cato, Versa, Aryaka, HPE Aruba — they each win in different shapes of organization. We evaluate against your real traffic, sites, applications, and security posture — not against partner spiff sheets.
Do we still need MPLS?
Most mid-market companies don’t. A well-chosen SD-WAN platform over diverse broadband and LTE/5G typically meets or exceeds MPLS performance at a fraction of the cost. The cases where MPLS still wins are getting narrower every year.
How long does an SD-WAN deployment take?
For 5–25 sites: 3–6 months including circuit ordering. For 50+ sites or international: 6–12 months. Circuit lead times often dominate the schedule, which is why we start carrier evaluation on day one.
Can you help us evaluate the underlying internet circuits too?
Yes. We do carrier-neutral evaluation across all major US and international carriers. Coordinating provider selection and circuit evaluation in one engagement usually shaves cost and weeks off the project.
Related Services
Most engagements touch more than one of these. Here’s how they connect.
Ready to Modernize the Network?
If your WAN was designed before the cloud, before hybrid work, or before SASE, it’s probably costing you more than you think. Let’s talk.
Frequently Asked Questions
What is SD-WAN and what problem does it actually solve?
SD-WAN replaces traditional MPLS-based wide-area networks with software-defined connections that can use any combination of broadband, fiber, and cellular. The real problem it solves is performance, cost, and flexibility: applications that live in the cloud or in SaaS perform better, branch offices come online faster, and you stop paying carrier-grade premiums for what is now mostly internet traffic.
What is SASE and how is it different from SD-WAN?
SASE (Secure Access Service Edge) combines SD-WAN with cloud-delivered security — identity-based access, secure web gateway, cloud firewall, zero-trust network access — into a single service. SD-WAN is the connectivity. SASE is the connectivity plus the security, delivered as one architecture instead of bolted-together point products.
Do mid-market companies actually need SASE, or is it enterprise overkill?
Mid-market companies need it more than enterprises do, because they have remote workers, cloud apps, and branch offices — without the staff to manage a stack of separate security tools. SASE consolidates the architecture into something a small team can actually operate. The technology was originally enterprise-priced; that is no longer true.
How do we choose between SD-WAN vendors?
Most of the differences between major SD-WAN vendors are smaller than the sales decks suggest. The decisions that actually matter: how the platform handles your specific application mix, how the security stack is delivered, how managed services are priced, and whether the operational model fits your team. Vendor selection should be driven by your workloads, not by who got to your CIO first.
What does an SD-WAN or SASE engagement with Liftoff look like?
We start by looking at your current network spend, application performance, security posture, and business needs — offices, remote workers, cloud usage, M&A pipeline. Then we build a vendor-neutral recommendation with the trade-offs and the numbers, run the selection process, and oversee the rollout. We do not take referral fees from carriers or platforms.
How much can SD-WAN actually save us versus our current network?
For most mid-market companies still on legacy MPLS, the savings are real but uneven — somewhere between 20% and 50% on connectivity costs is common, with better application performance as the bigger prize. The honest answer requires looking at your current contracts and traffic patterns. We will not promise a number we cannot defend.