Nail Your MVP
Our emphasis on data path is part of a stepped approach that begins with perfectly executing SSE’s “minimum viable product” (MVP). Typically with an MVP, the goals are to get user traffic flowing, make sure DLP and authentication are working, and then—and only then—start layering on more advanced capabilities. The MVP is about narrowing your scope and focusing on getting that first meaningful win.
Your MVP should account for the real-world connectivity challenges that arise for security teams. If these aren’t addressed early, you’re setting yourself up for delays, frustration and even abandonment. Here are three challenges we see often, and what your MVP can do about it:
-
Diverse environments and agent deployment
Acquisitions, geographic differences and legacy systems create a diverse environment for enterprise security teams to manage. That means you’ll need to plan for flexible connectivity and traffic-routing strategies upfront. Your MVP should reflect the diversity of your environment—not just your most modern or centralized users.
Deployments often struggle when there’s an assumption that a single approach will work for all users. Broadcom’s Agent Traffic Manager (ATM) feature can be leveraged here for easier control and condition-setting for mixed environments like roaming users, virtual desktop infrastructure (VDI) and regional deployments.
-
Load balancing for multi-gig traffic
Enterprises have very large traffic flows (think: data center backups, scaled video conferencing, large file transfers and cloud app usage) that put a strain on traditional tunnel-based architecture. These multi-gigabit workloads often exceed a single tunnel’s capacity (typically 1-2Gbps), causing latency, packet loss or failure.
A 10-gig workload might require five to 10 tunnels with a load balancer. That’s a complex setup, and if discovered after deployment is already underway, it can cause headaches. Keep this consideration top of mind in your MVP so you’re not blindsided by infrastructure limitations.
Meanwhile, back at Broadcom, we’re already working to make your life easier. In partnership with Google, Symantec Cloud SWG Express Connect, currently in preview, allows you to onboard 100Gbps workloads to SSE—without tunnels or load balancing.
-
Logging and SIEM integration
Another often-overlooked blocker in early SSE adoption is logging and visibility—specifically, the amount of log data generated and its management. Network and proxy logs can scale quickly, and many teams underestimate what it takes to feed that data into their Security Information and Event Management (SIEM).
If the MVP doesn’t have the proper storage and bandwidth, teams risk bottlenecks, unexpected costs and gaps in visibility. To address this, Broadcom is rolling out capabilities like event streaming and Kafka-based integrations that allow teams to manage log data more efficiently without flooding their existing tools.