In many companies, mornings always start the same way: a location that “has gone down,” a VPN that’s acting up, an ERP that doesn’t load at a branch… It’s not just a feeling; it’s statistics. According to a global study by Kaspersky, 40% of companies with distributed locations experience network issues related to their multisite structure at least twice a month. And more than half acknowledge recurring network failures or “blackouts”.
In this context, Kaspersky has announced hardware and software improvements in its Kaspersky SD-WAN solution, aiming to provide more stable, observable, and scalable networks for organizations with multiple offices, remote facilities, extended telecommuting, or ATMs / service points in distant locations.
The message is clear: if the network is the company’s circulatory system, it cannot allow a branch to “fall asleep” repeatedly.
A concerning snapshot of multisite networks
To understand the scope of the problem, Kaspersky commissioned a global investigation with 1,000 network and security managers (CISOs, NOC/SOC managers, etc.) in medium and large companies, across:
- Americas (U.S., Brazil, Chile, Colombia, Mexico).
- Europe (France, Germany, United Kingdom, Spain).
- Middle East, Turkey, and Africa.
- Russia.
- Asia-Pacific (Singapore, China, Japan, India, Indonesia, Malaysia).
The sample reflects organizations with at least 500 employees, mostly with more than 1,000, operating in three or more locations, with almost half having more than five sites.
Some key data:
- 37% cite maintaining a consistent IT infrastructure across all sites as their main challenge.
- 24% rank ensuring information security across all assets and processes as second.
- 55% have experienced network failures or blackouts, and 45% have faced connectivity loss and poor service or application performance.
- 82% need more than an hour to restore network functionality after an outage, with 12% stating it takes a full day or more.
- Only 38% believe all their locations are genuinely well protected against cyber threats; in many organizations, head offices are secured, but branches are less so.
The outcome: business interruptions, operational costs, data breach risks, and a clear gap between perceived control and actual network issues.
SD-WAN and Kaspersky’s role
In this landscape, companies turn to a variety of technologies. VPN remains nearly universal (75%), but SD-WAN, SIEM, and XDR are still adopted by less than half of organizations (49%, 41%, and 39%, respectively). However, among companies with dedicated cybersecurity specialists, SD-WAN adoption rises to 65%.
Kaspersky SD-WAN positions itself as the layer unifying communications and security in geographically distributed networks. The solution is designed to:
- Manage multiple communication channels (MPLS, Internet, LTE) from a central console.
- Optimize cloud connectivity and prioritize application traffic.
- Integrate with security solutions (such as XDR or cloud workload protection).
- Enable faster deployment of new sites or services with zero-touch approaches.
The latest version introduces enhancements across five areas: hardware, DNS, routing diagnostics, LTE, and CPE scalability.
New KESR devices: from SMBs to large enterprises
Kaspersky adds two new hardware models to its SD-WAN range, designed to cover from SMBs to large corporations:
- KESR Model 1-GA
Aimed at small and medium-sized businesses, this entry-level device offers sufficient features at a competitive price. Ideal for medium-sized offices, stores, franchises, or branches with moderate traffic needing stability and security without breaking the budget. - KESR Model 2-GL
Targets medium and large organizations seeking a balance between cost and performance. With greater capacity than the entry model, it supports consolidating more services and traffic without compromising user experience quality.
Both models integrate into the managed CPE ecosystem controlled via the SD-WAN orchestrator, allowing for remote policy application, monitoring, and updates without on-site intervention.
Smarter DNS: conditional routing by location or domain
The DNS conditional forwarder feature in Kaspersky SD-WAN enables routing DNS requests to different servers based on specific conditions (e.g., internal domains, regions, or service types).
This helps to:
- Provide faster resolution for critical services.
- Maintain logical separation between internal and external domains.
- Improve performance in distributed networks by avoiding unnecessary detours when a site can resolve locally.
In multisite environments where DNS is often an underestimated pain point, this feature offers extra control and optimization.
New BGP and OSPF diagnostics tools
Another significant update is the enhanced centralized troubleshooting for BGP and OSPF, two of the most used routing protocols in complex enterprise networks.
With these capabilities, devices can:
- Define detailed debug parameters with filters directly from the SD-WAN orchestrator.
- Reduce dependence on direct console access to each CPE or router.
- Speed up detection of misadvertised routes, flaps, neighbor conflicts, or convergence problems.
This results in less time spent connecting to each device and greater ability to diagnose global routing issues from a single view.
LTE under the spotlight: real-time remote monitoring
Many remote sites rely on LTE/4G/5G connectivity as primary or backup links. When signal quality is unstable, application performance suffers.
The Kaspersky SD-WAN upgrade incorporates improvements in LTE module diagnostics, including:
- Remote monitoring from the orchestrator.
- Real-time access to key parameters like signal strength and other quality indicators.
- The ability to make proactive decisions, such as repositioning CPEs or adjusting antennas, without immediate physical intervention.
This leads to more proactive management of mobile links, crucial for maintaining performance where “copper” or fiber connections are unreliable.
CPE scalability and scheduled updates
In large multisite networks, the number of managed CPEs can grow rapidly. Kaspersky addresses this by expanding capacity:
- The maximum number of CPEs per cluster controller increases to more than 2,000 devices, enabling mass deployments without unnecessary fragmentation of control.
Additionally, a very practical enhancement is introduced: configuration updates for these CPEs can be scheduled during low-activity windows, reducing operational impact.
- Fewer disruptions during critical hours.
- Policies and network adjustments applied more systematically and transparently.
- Lower risk of manual interventions during sensitive times.
A targeted response to very specific problems
The improvements are grounded in real data. Connecting the study’s findings with the new features:
- If 40% of multisite organizations face network issues at least twice a month and 55% experience outages, enhanced routing diagnostics and LTE monitoring are highly valuable.
- If only 18% can restore the network in under an hour, centralized troubleshooting tools and change planning shorten recovery times.
- If only 38% believe all their sites are well protected, solutions like SD-WAN—combined with XDR and cloud workload protection—allow for comprehensive security policies and visibility to extend across branches and remote offices.
As Maxim Kaminsky, Senior Business Development Manager for Secure Access Service Edge at Kaspersky, summarizes, the priority is listening to clients and “prioritizing features that enable seamless and secure connectivity, helping them stay ahead in an increasingly connected world.”
Who benefits from Kaspersky SD-WAN?
The solution is designed for organizations of various profiles, united by geographical distribution:
- Enterprises with offices and branches spread across one or multiple countries.
- Industrial companies with remote factories, warehouses, or plants.
- Financial entities with branch and ATM networks.
- Organizations with extended telecommuting and hybrid locations.
In all cases, the promise remains the same: manage the corporate network from a single console, optimize link usage, apply consistent policies, provide visibility to the central team, and anticipate issues before they bring down a site.
Frequently Asked Questions
What is Kaspersky SD-WAN, and how does it differ from traditional VPNs?
Kaspersky SD-WAN is a solution to manage multisite networks using multiple links (MPLS, Internet, LTE, etc.) with traffic prioritization, integrated security, and centralized orchestration. Unlike a “classic” VPN, it not only encrypts traffic but also optimizes routes, applications, and policies to enhance performance and resilience.
What benefits do the new KESR models 1-GA and 2-GL provide?
The KESR 1-GA offers an entry-level device for SMEs, with good price-to-performance ratio, ideal for small to medium branches. The KESR 2-GL provides more performance for medium and large enterprises seeking to consolidate traffic without compromising quality, both integrated into Kaspersky SD-WAN’s central management.
How do the new diagnostics tools help reduce downtime in multisite networks?
Improvements in BGP/OSPF troubleshooting and LTE diagnostics enable viewing and filtering issues from the central console, eliminating the need to access each CPE individually. This speeds up identifying misconfigured routes, flaps, or weak mobile signals, shortening recovery time after incidents.
Why is the extension to over 2,000 CPEs per controller and scheduled updates significant?
In large networks with many sites, managing >2,000 CPEs per controller avoids network fragmentation and simplifies architecture. Scheduled configuration updates minimize operational disruptions during peak hours and support orderly change management, lowering the risk of outages from unsynchronized adjustments.
via: kaspersky