What is SASE and why is it needed?

Recently, SASE has been actively gaining momentum – this is one of the upward trends in the network industry. What it is? In short, it is an enterprise technology strategy that combines network and security functions with the capabilities of the global network. What for? To meet the network access needs of today’s organizations, access must be both reliable and secure.

Overall, it can be said that SASE is a kind of amalgamation of SD-WAN capabilities and network security services, including Next Generation Firewall (NGFW), Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and intermediary services. cloud security (CASB) into a unified service model. In short, the details are under the cut.

Who needs it and why?

In general, the answer remains unchanged – SASE, first of all, is needed for companies, mainly medium and large. They always need reliable and, most importantly, continuous access to cloud resources and data that are in the “clouds”. All of this information is business critical, so problems are not allowed.

Unfortunately, most modern security solutions fail to provide the level of speed, performance, security, and access control that organizations and their users need. We can say that SASE is a qualitative, not a quantitative stage in the development of network technologies and business strategies that are based on them.

The term SASE itself appeared only in 2019 – its author can be considered the company Gartner, which used term in his report “The Future of Network Security in the Cloud.” Agency experts in this response indicated that SASE is one of the most important market trends. In particular, this is discussed in the section “Customer Requirements for Simplicity, Scalability, Flexibility, Low Latency, and Continuous Convergence of WAN Network Security and Network Security Markets.”

The report defines the strategy as follows: “SASE combines network security functions (such as SWG, CASB, FWaaS, and ZTNA) with WAN capabilities (ie SD-WAN) to meet the needs of organizations for dynamic, secure access to IT resources. These capabilities are provided primarily in the form of -aaS and are based on the definition of accounts, current context, and security and regulatory compliance policies. Basically, SASE is a new technology package that includes SD-WAN, SWG, CASB, ZTNA and FWaaS as core capabilities, with the ability to identify sensitive data or malware, as well as the ability to decrypt content at linear speed, with continuous monitoring of sessions on subject to an adequate level of risk and confidence. “

SASE features

The main difference between SASE and other technology strategies is the placement of network security management mechanisms at the perimeter – in the border area with the cloud. In most traditional models, security is managed centrally. As a result, SASE eliminates the need for services that need individual configuration and management. Instead, SASE provides a standardized set of network and security services that enable you to create a reliable and efficient network architecture across the network and cloud convergence zone.

SASE strategy components

It is impossible to name a simple strategy, it includes several components. But the goal of all of this is to provide secure corporate access to resources.

Main components:

  • SD-WAN protection. Includes core WAN capabilities such as dynamic path selection, self-healing WAN capabilities, support for demanding high-performance applications, and consistent user experience.
  • Zero Trust access. The main task of this component is multi-factor user authentication. Here, among other technologies, role-based identification is used.
  • NGFW (physical) or FWaAs (cloud) firewall. Provides security for edge and cloud-delivered offerings. This is necessary to protect peripheral devices and users, not only on the company’s network, but also outside it. This component provides internal segmentation that helps prevent threats to guests and / or the IoT while providing consistent security policies for users who are offline.
  • Secure web gateway… This component is required to protect users and devices from external threats. It ensures compliance with the regulatory requirements of the Internet connection. In addition, potentially harmful Internet traffic is filtered.
  • CASB… This component is a service that enables companies to control their own SaaS applications, including secure application access. CASB and DLP provide combined protection for critical data. The component performs several security functions for cloud services at once, including detecting shadow activity, protecting data privacy and ensuring compliance with data protection regulations.

What are the advantages of a SASE company?

In general, there are a lot of them. There are four main advantages in total.

  • Flexible and consistent security. The strategy provides a wide range of security capabilities, from threat prevention to NGFW policies, for any edge, providing zero-trust network access. As a result, the company always knows who is in the company’s network and for what purpose. In addition, all company resources, both online and offline, are protected, and employees have access.
  • Reduced overall infrastructure cost. SASE is a single strategy that combines several solutions at once. This eliminates the need to use isolated products and a zoo of a wide variety of solutions. Accordingly, capital and operating costs are reduced.
  • Reduced infrastructure complexity. SASE simplifies solution architecture by consolidating key network and security functions from disparate systems and solutions into a coherent whole. They are all controlled from a single center.
  • Optimizing performance. Thanks to the availability of cloud technologies, all employees of the company can easily connect to internal or external resources without fear of all sorts of cyber threats.

What should you pay special attention to?

As with any situation, SASE implementation requires careful architecture and software choices. A company should be wary of vendors that offer many features based on VM chaining. Yes, all this speeds up the deployment of infrastructure, but at the same time the infrastructure is divided into segments, it will be quite difficult to manage it. Your best bet is to select those SASE providers that offer account-based licensing across all products.

What about Zyxel?

In particular, the Zero Trust principle, which we wrote about above, which allows you to effectively control the security of the network even with a large number of remote devices, is implemented in Zyxel Nebula Centralized Network Management System… The system offers a unified, convenient management of a distributed enterprise network, as well as remote locations and employees. All network components are in one ecosystem, managed from the cloud: security, switching, wireless. The basic free version does most of the functionality that is suitable for most networks. In particular, in one of the hotels in Holland, the basic version works on more than 300 devices.

Nebula will have a big update on April 12, 2021, so many of the data in the link above will be changed. You can find out the latest information about the new Zyxel Nebula and ask your questions in our series of webinars.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *