Published: December 2025 | Updated March 2026
Locking your security into your SD-WAN vendor’s proprietary stack is a single point of failure disguised as convenience. Nepean Networks’ Cyber Intelligence framework decouples security from the network fabric entirely, allowing businesses to integrate any firewall — from enterprise platforms to open-source tools — without constraints. This post explains how the service chain model works and why it’s the architecture MSPs should be demanding from every SD-WAN vendor.
Nepean Networks’ Cyber Intelligence
In our interconnected world, where cyber threats evolve at an unprecedented pace, securing business networks is a critical priority. Nepean Networks’ Smart SD-WAN strategy introduces Cyber Intelligence, a transformative approach to network security that leverages a vendor-agnostic service chain model. By decoupling security from SD-WAN and integrating seamlessly with a wide range of commercial and open-source firewalls, Cyber Intelligence empowers businesses and managed service providers (MSPs) to tailor security solutions to their specific risk profiles, compliance requirements and budgets. This open, flexible and resilient framework ensures robust protection without the constraints of vendor lock-in, redefining how businesses safeguard their networks.
The Foundation of Cyber Intelligence: Vendor-Agnostic Security
At the heart of Nepean Networks’ Cyber Intelligence is its commitment to an agnostic architecture. Traditional SD-WAN solutions often embed proprietary security mechanisms, forcing businesses into rigid, single-vendor ecosystems that limit adaptability and increase costs. Nepean Networks breaks this mold by adopting a service chain model, allowing seamless integration with virtually any security solution—whether centralized at the data center or distributed at the network edge. This approach not only enhances security but also aligns with modern frameworks like Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA).
Cyber Intelligence supports an extensive array of firewalls, including:
Commercial Firewalls: Clavister, WatchGuard, Check Point, Fortinet, Cisco, Palo Alto, Sophos, Juniper Networks and more.
Open-Source Firewalls: pfSense, OPNsense, OpenWrt, IPFire, MikroTik RouterOS and others.
Proprietary and Custom Solutions: Any Linux-based binary or virtualized firewall instance.
This flexibility enables businesses to mix and match security tools, combining high-end commercial firewalls at the core with cost-effective open-source solutions at the edge. For example, a business might deploy a Check Point firewall at its data center for advanced threat prevention while using pfSense at remote sites for cost-efficient protection. This hybrid approach ensures optimal security without unnecessary expenditure.
The Service Chain Advantage: Flexibility and Resilience
Nepean Networks’ service chain model is a cornerstone of Cyber Intelligence, allowing security functions to operate independently of the SD-WAN fabric. Unlike traditional SD-WANs that tightly couple security and networking, Nepean’s approach separates these layers, providing several strategic advantages:
Unrestricted Access to Best-in-Class Security: Businesses can select the most suitable security solutions for their needs without being tied to an SD-WAN vendor’s proprietary offerings. This freedom enables rapid adoption of cutting-edge tools to address emerging threats.
Layered Security Architecture: By deploying multiple firewalls—such as a Clavister at the core and an OPNsense instance at the edge—businesses create a multi-layered defense that mitigates risks more effectively. This redundancy ensures that a failure in one security layer doesn’t compromise the entire network.
Scalability and Cost Efficiency: Security and networking can be scaled independently, eliminating the need for costly infrastructure overhauls. Businesses can upgrade firewalls or add new security tools without disrupting SD-WAN operations, optimizing both performance and budget.
Alignment with Modern Security Models: The service chain model supports next-generation frameworks like SASE and ZTNA, which require a segregated security control plane. This ensures Nepean’s SD-WAN is future-proof and adaptable to evolving business needs.
This decoupled architecture eliminates the single point of failure inherent in monolithic SD-WAN solutions, where a vendor’s security flaw can expose the entire network. By integrating with diverse security tools, Cyber Intelligence enhances resilience and ensures comprehensive threat detection.
Seamless Integration with Existing Workflows
Cyber Intelligence is designed to integrate seamlessly with existing business security workflows, making it an ideal choice for organizations with established IT environments. Whether a business relies on Cisco, Fortinet, Zscaler, or open-source solutions like WireGuard, Nepean’s SD-WAN ensures full compatibility. This interoperability extends to third-party optical network terminals (ONTs), customer premises equipment (CPE), routers, switches and access points, allowing businesses to preserve their existing infrastructure while adopting Nepean’s Smart SD-WAN.
For MSPs, this compatibility is a game-changer. They can onboard clients with diverse ecosystems—common in mergers, acquisitions, or multi-vendor environments—without requiring costly hardware replacements. Nepean’s Juggler zero-touch provisioning tool further simplifies deployment, enabling rapid setup of SD-WAN nodes and security configurations using pre-configured templates and MAC address-based provisioning. This plug-and-play approach reduces operational complexity and accelerates service delivery, particularly for small businesses or remote sites with limited IT resources.
Enhancing Security with Illuminate’s Real-Time Insights
Cyber Intelligence is amplified by Nepean Networks’ Illuminate platform, which integrates AI-driven Deep Packet Inspection (DPI) to provide real-time visibility into network traffic. Unlike static firewall validation checks, Illuminate continuously monitors and analyzes traffic, offering actionable insights through over 40 real-time dashboards. Key security features include:
Anomaly Detection: Machine learning identifies unusual traffic patterns, flagging potential threats like malware, unauthorized VPNs, or rogue DHCP services. This out-of-band analysis detects sophisticated malware that disables endpoint security agents, providing early warnings against ransomware or botnet activity.
Cyberthreat Forensics: Illuminate’s advanced filters and forensics tools allow IT teams to trace security incidents back in time, identifying the source of breaches or policy violations. For example, it can detect access to command-and-control servers or dark web connections, with IP addresses verifiable via tools like IBM X-Force.
Data Leak Protection: Illuminate identifies “call home” behaviors from IoT devices, browsers, or operating systems, preventing unauthorized data exfiltration to unknown jurisdictions.
Protocol and Application Analysis: Real-time protocol analysis and hostname visibility ensure accurate identification of applications and encrypted connections, flagging outdated protocols (e.g., SMBv1) that are vulnerable to exploits like WannaCry ransomware.
These capabilities ensure that firewalls remain vigilant, addressing the “set it and forget it” mindset that leaves networks exposed. By combining Illuminate’s analytics with the Antares portal’s Grafana-based metrics, Cyber Intelligence provides comprehensive visibility into security and performance metrics like latency, packet loss and link stability, enabling proactive threat mitigation.
Strategic Benefits for Businesses & MSPs
Cyber Intelligence delivers significant advantages for both businesses and MSPs, aligning security with business objectives:
For Businesses:
Tailored Security: Organizations can customize their security stack to match their risk appetite and compliance needs, such as PCI DSS or HIPAA, without relying on suboptimal embedded firewalls.
Freedom from Lock-In: Swap security vendors without reconfiguring SD-WAN, ensuring agility and control.
Cost Efficiency: Independent scaling of security and networking avoids unnecessary investments in bundled features.
Enhanced Resilience: Multi-layered security reduces the risk of systemic failures, improving overall network reliability.
For MSPs:
Competitive Differentiation: Offer vendor-agnostic SD-WAN and security services, standing out in a crowded market.
Operational Efficiency: Simplified deployments via Juggler and centralized management through Antares reduce costs and improve service delivery.
Flexible SLAs: Tailor service agreements to client-specific requirements, enhancing customer satisfaction.
A real-world example illustrates the impact: An international MSP managing multiple retail stores reduced public IP usage, simplified security deployments and eliminated downtime for critical applications by adopting Nepean’s Cyber Intelligence. The service chain model allowed them to integrate WatchGuard firewalls at the core with pfSense at the edge, delivering robust protection tailored to each site’s needs.
A Future-Proof Approach to Network Security
Nepean Networks’ Cyber Intelligence redefines SD-WAN security by embracing a vendor-agnostic, service chain-based approach. By supporting a wide range of firewalls, integrating seamlessly with existing workflows and leveraging Illuminate’s AI-driven analytics, it empowers businesses to build resilient, adaptable and cost-effective security architectures. This approach not only mitigates the risks of vendor lock-in and single points of failure but also positions organizations to thrive in an era of increasing cyber threats and technological complexity.
As businesses and MSPs navigate the challenges of cloud-based applications, remote work and IoT proliferation, Nepean Networks’ Cyber Intelligence offers a future-proof solution that combines flexibility, security and performance. Embrace the power of agnostic security and elevate your network today.
Key Takeaways:
- Nepean Networks’ Cyber Intelligence supports commercial firewalls (Clavister, WatchGuard, Check Point, Fortinet, Cisco, Palo Alto, Sophos) and open-source options (pfSense, OPNsense, MikroTik RouterOS, OpenWrt)
- The service chain model allows security functions to operate independently — firewalls can be upgraded or changed without disrupting the SD-WAN fabric
- A layered security approach (e.g. enterprise firewall at the core, open-source at branch sites) delivers maximum protection without unnecessary spend
- Illuminate provides real-time anomaly detection, cyberthreat forensics, and data leak protection using AI-driven DPI across all 40+ dashboards
- The architecture aligns with SASE and Zero Trust frameworks without requiring a full infrastructure replacement
- MSPs can onboard clients with diverse existing security environments without requiring hardware replacements
Written by
Ronald Bartels
Director: South Africa · Nepean Networks · Johannesburg, South Africa
Ronald has over 30 years of hands-on networking experience spanning financial services, ISPs, and enterprise technology. He led infrastructure at Investec for nearly eight years, managed core IP networks at iBurst, and served as a solutions architect designing data centre migrations for governments and financial institutions. Since joining Nepean Networks in 2019, he has been the driving force behind SD-WAN adoption in South Africa — engineering resilient connectivity solutions purpose-built for the realities of the local market, including load shedding, mixed-quality last mile, and infrastructure variability. Ronald holds a BSc in Computer Science from Stellenbosch University and is a Certified Data Centre Professional (CDCP).