SASE

What is SASE?

SASE (Secure Access Service Edge), SASE, is a technology that combines network-as-a-service with security-as-a-service capabilities. SASE is delivered through the cloud as an as-a-service consumption model, to support access for today's distributed and hybrid enterprise networks.

The Issue with the Expending Thin Edge?

Network security is a top priority for most organizations, however as the market is expending new challenges have emerged.

Digital Innovation has brought on:

• Expending thin edge: Thin Edge is small branches by different locations, attached to the core network.

• Growing amount of off-network users accessing the central data center.

• A challenging user experience for off-network users.

• Expending attack surface.

• Multilevel compliance requirements.

• Increasingly sophisticated cyber threats.

As work environments have evolved, so to have user behavior and endpoint protection requirements, Users no longer access information from a dedicated station within a pre-defined network perimeter confined to a corporate office. Instead, users access information from a variety of locations, such as in the home, in the air, and from hotels. They also access that information from different devices, such as desktop workstations, laptops, tablets, and mobile devices. Adding to this network complexity is the rise of Bring-Your-Own-Device, where users access enterprise systems through personal devices that are not part of the enterprise infrastructure.

Organizations today require that their users have immediate, continuous secure access to network and cloud-based resources and data, including business-critical applications, regardless of location on any device, and at any time. Organizations must provide this access in a scalable and elastic way that integrates thin edge network sites and remote users into the central infrastructure, and that favors a lean operational, as-a-service model.

While networks have evolved to support the workflows for remote endpoints and users, many outdated network security solutions remain inflexible and do not extend beyond the data center to cover the ever expending network perimeter and, therefore, the attack surface. With the emergence of novel thin edge networks, this obstacle has been amplified.

Users no longer access information from a dedicated station within a predefined network perimeter confined to a corporate office. Users access information from a variety of devices, such as their phone's tablet's and other computing devices, they also access it from a variety of different places, such as their home or coffee shop.

Secondly, these solutions to converged networking and security oversight require that all traffic, whether coming from thin edge locations or off network users, runs through the core data center for inspection. This results in:

• High cost

• Complexity

• Elevated risk exposure

• Latency and a poor experience when accessing multi cloud based applications and data

Finally, the multi edge network environment of today has exposed the limitation of VPN-only solutions, which are unable to support the security, threat detection, and zero-trust network access policy enforcement present at the corporate on premise network. VPN-only solutions cannot scale to support the growing number of users and devices, resulting in inconsistent security across all edges.

The Solution SASE Provides?

A new scalable, elastic, and converged solution is required to achieve secure, reliable network access for users and endpoints. One which addresses the security of many hybrid organizations, defined by systems and users spread across the corporate, and remote network. That solution is SASE.

A SASE solution provides integrated networking and security capabilities, including:

• Peering, which allows network connection and traffic exchange directly across the internet without having to pay a third party.

• A Next-Generation Firewall NGFW or cloud-based Firewall-as-a-Service FWaaS, with security capabilities Including Intrusion Prevention System IPS, Anti-Malware, SSL Inspection, and Sandbox.

• A Secure Web Gateway to protect users and devices from online security threats by filtering malware and enforcing internet security and compliance policies.

• Zero-Trust Network Access, ZTNA, which ensures that no user or device is automatically trusted. Every attempt to access a system, from either inside or outside, is challenged and verified before granting access. It consists of multiple technologies, including multifactor authentication MFA, secure Network Access Control NAC, and access policy enforcement.

• Data Loss Prevention DLP prevents end-users from moving key information outside the network. These systems inform content inspection of messaging and email application operating over the network.

• Domain Name System, DNS, which serves as the phone book of the internet and provides SASE with threat detection capabilities to analyze and assess risky domains.

These services deliver:

• Optimized paths for all users to all clouds to improve performance and agility

• Enterprise-grade certified security for mobile workforces

• Consistent security for all edges

• consolidated management of security and network operations

Although classified as cloud-based, there are common SASE use cases, which may require a combination of physical and cloud-based solutions. For SASE to be effectively deployed in this scenario, secure connectivity with network access controls must be extended from the physical WAN infrastructure to the cloud edge. For example, to roll out access to SASE at branch offices, you may see SASE reliant on physical networking appliances, such as wireless (LTE and 5G), and wired (Ethernet) extenders or Wi-Fi access points.

The goal of SASE is to support the dynamic, secure access needs of today's organizations. Proper SASE service allows organizations to extend enterprise-grade security and networking to the:

• Cloud edge, where remote, off-network users are accessing the network

• Thin edge, such as small branch officers