Managed SD-WAN / SASE provider
Comcast Business / Masergy
Comcast sources evidence SASE combining SD-WAN and security, available fully managed or co-managed; press release evidences managed SD-WAN market position.
Netify profile
Comcast Business / Masergy in depth
Platform and architecture
Comcast Business pairs the largest US cable access network with the Masergy acquisition's global software-defined platform, delivering managed SD-WAN domestically and internationally. Platform options span VeloCloud and Fortinet alongside Masergy's own service fabric, with 4G LTE backup widely bundled at US sites. The Masergy digital twin AIOps capability monitors estates predictively.
Security and SASE capability
Managed SASE builds on Fortinet and partner SSE stacks with Masergy's managed detection and response heritage providing security operations. Depth follows the platform; the AIOps layer and unified global service management are the distinctive contributions.
Service, support and channel
Fully managed and co-managed with 24x7 operations. The US access estate gives on-net economics domestically; international delivery rides Masergy's established global footprint with UK presence. Mid-market and enterprise both served well, a Masergy signature.
Commercials and the Netify verdict
Per-site managed pricing, quote based, often compelling where Comcast access is on-net. The Netify verdict: shortlist Comcast Business for US-weighted estates with international spokes, mid-market multinationals wanting enterprise-grade managed service without incumbent-carrier overhead, and buyers valuing AIOps-driven proactive operations.
Questions
Comcast Business / Masergy: common buyer questions
What did Masergy bring to Comcast Business?
A global managed SD-WAN and security platform with a strong mid-market enterprise reputation, international delivery, and the digital twin AIOps capability for predictive operations: effectively Comcast's enterprise WAN engine beyond the cable footprint.
How good is the international coverage?
Masergy's software-defined platform reaches major global markets with UK presence included. The deepest economics remain US on-net; international sites are delivered credibly via the global fabric and partners.
Is 4G backup really standard?
Widely bundled at US sites, giving day-one resilience against access cuts. For UK and international sites, confirm equivalent cellular resilience options during design.
Key differentiators
- SASE combining SD-WAN and security available fully managed or co-managed, drawing on Masergy AIOps heritage.
- Recognised as a leading managed SD-WAN provider by industry analysts.
- Strong North American underlay ownership with international delivery via partners.
Best fit for
- North American enterprises wanting managed or co-managed SD-WAN and SASE from a single carrier.
- Buyers attracted to the AIOps capabilities inherited from the Masergy acquisition.
- Organisations prioritising co-managed delivery with shared operational control.
Watch-outs
- International delivery depth depends on partnerships outside North America.
- Underlying platform choice should be confirmed; service depth varies by selected platform.
- Commercial model bundles access, SD-WAN, SASE and SOC elements; explicit line-item costing required.
40 features, 6 categories
Capability matrix
Each capability is graded against public source evidence. Hover any status grade for a definition. Where evidence is limited, the grade reflects that uncertainty rather than assuming the capability is present.
Service delivery and operating model
| # | Capability | Status | Definition |
|---|---|---|---|
| F01 | Fully managed service | Yes | Provider designs, deploys, monitors, changes, supports and reports on the service. |
| F02 | DIY / self-managed model | Partial | Customer operates SD-WAN controller, policies, updates and incident response. |
| F03 | Co-managed service | Yes | Provider runs platform/support while customer retains selected policy or change rights. |
| F04 | Multi-tenant MSP / white-label support | Yes | Tenant isolation, delegated administration, branded portals, templates and service-provider scale. |
| F05 | Professional services and migration support | Yes | Discovery, design, pilot, staging, migration runbooks, rollback and training. |
| F06 | Last-mile circuit management | Yes | Sourcing, monitoring and support for broadband, DIA, LTE/5G, MPLS and cross-connects. |
| F07 | Lifecycle management | Yes | Hardware replacement, firmware upgrades, patching, renewals and EoL planning. |
| F08 | Flexible commercial model | Yes | Per-site, per-bandwidth, per-user, per-device, consumption, NaaS or bundled pricing. |
Network architecture and transport
| # | Capability | Status | Definition |
|---|---|---|---|
| F09 | Encrypted overlay fabric | Yes | Secure tunnels across broadband, DIA, MPLS, LTE/5G, satellite or private WAN. |
| F10 | Dynamic path selection | Yes | Real-time routing based on latency, jitter, packet loss, brownouts, MOS and policy. |
| F11 | Active-active link utilisation | Yes | Use multiple links concurrently rather than passive backup only. |
| F12 | Application-aware routing | Yes | Identification and routing for SaaS, UCaaS, ERP and custom applications. |
| F13 | QoS and traffic shaping | Yes | Per-application and per-class prioritisation, reservation and policing. |
| F14 | Packet loss remediation | Yes | FEC, packet duplication, jitter buffering, TCP optimisation and WAN optimisation. |
| F15 | Local internet breakout | Yes | Secure direct internet access from branch sites. |
| F16 | MPLS coexistence and migration | Yes | Hybrid MPLS/internet/cellular during transition. |
| F17 | Cellular and 5G support | Yes | Integrated/external modem, SIM management, signal monitoring and failover. |
| F18 | Cloud on-ramp | Yes | Automated/simplified connectivity to AWS, Azure, Google Cloud, Oracle, Equinix, Megaport and SaaS. |
Gateway, PoP and backbone design
| # | Capability | Status | Definition |
|---|---|---|---|
| F19 | Public cloud gateways | Partner / integrated | Vendor-operated gateways/PoPs for SaaS optimisation, remote access or security enforcement. |
| F20 | Private PoPs / dedicated PoPs | Partner / integrated | Customer-hosted, dedicated or sovereign PoP options. |
| F21 | Private global backbone | Yes | Vendor-owned or controlled backbone between PoPs. |
| F22 | Regional breakout and data residency | Yes | Pin traffic to countries, regions or approved inspection locations. |
| F23 | Multi-cloud transit fabric | Yes | Branch-to-cloud, cloud-to-cloud and user-to-cloud connectivity under common policy. |
| F24 | Flexible edge form factors | Yes | Physical, virtual, cloud marketplace, container or uCPE. |
| F25 | High availability design | Yes | Dual appliances, dual circuits, dual power, HA clustering and gateway redundancy. |
| F26 | SLA-backed service fabric | Yes | SLA for uptime, response, change handling and possibly latency/jitter/loss. |
Security and SASE capability
| # | Capability | Status | Definition |
|---|---|---|---|
| F27 | Integrated next-generation firewall | Partner / integrated | Stateful firewall, app control, IPS/IDS, malware inspection and URL filtering. |
| F28 | Full SASE platform | Yes | SD-WAN plus SWG, CASB, ZTNA, FWaaS, DLP, RBI, DNS security and threat prevention. |
| F29 | SSE ecosystem integration | Yes | Interoperation with Zscaler, Netskope, Palo Alto Prisma Access, Cisco Secure Access, Cloudflare etc. |
| F30 | Zero Trust Network Access | Yes | Identity and posture-based access to private applications. |
| F31 | Secure web gateway | Yes | URL filtering, SSL inspection, malware scanning and acceptable-use controls. |
| F32 | CASB capability | Yes | SaaS discovery, sanctioned/unsanctioned app control and SaaS policy enforcement. |
| F33 | Data loss prevention | Partial | Data classification, inspection, blocking, alerting and exception workflow. |
| F34 | Remote user access | Yes | Client or clientless access for remote workers, contractors and mobile users. |
| F35 | SOC/SIEM/SOAR integration | Yes | Syslog, APIs, event export, threat intelligence and workflow integration. |
Operations, assurance and automation
| # | Capability | Status | Definition |
|---|---|---|---|
| F36 | Centralised orchestration | Yes | Templates, intent-based policy, zero-touch provisioning and configuration compliance. |
| F37 | Customer portal and RBAC | Yes | Real-time status, role-based access, reporting, tickets and change requests. |
| F38 | Observability and digital experience monitoring | Yes | App experience, user experience, device health, SaaS telemetry and path analytics. |
| F39 | APIs and automation | Partial | REST APIs, Terraform, webhooks, event streaming and ITSM integration. |
| F40 | Managed service assurance | Yes | 24/7 NOC/SOC, proactive monitoring, incident ownership, RCA, service reviews and change governance. |
Commercial
Cost model and pricing visibility
Public pricing visibility
Quote-based. No complete public enterprise price was found in reviewed sources.
Cost model
Quote-based managed/co-managed service; access, SD-WAN, SASE and SOC/AIOps elements drive cost.
Evidence
Primary sources
Every capability grade traces back to one of these sources. Reviewed 2026-05-22.
- https://business.comcast.com/~/media/business_comcast_com/PDFs/SDN---SD-WAN/Masergy/Product%20Brief%20%20Secure%20Access%20Service%20Edge.pdf
- https://markets.financialcontent.com/stocks/article/bizwire-2025-5-6-comcast-business-recognized-as-1-provider-for-managed-sd-wan-by-vertical-systems-group-for-the-first-time
Verification notes
Capability matrix sourced from Netify internal vendor research (May 2026). Status grades reflect public source evidence only. Confirm via RFP. Qualitative fields (differentiators, best fit, watch-outs) are Netify editorial synthesis based on the evidence summary and capability profile; review before publishing. Extended dimensions (regions, clouds, AI, resilience, deployment speed, sectors, organisation fit, identity, platforms, support, logging) are indicative desk research grades from June 2026; confirm via RFP.