Introduction to SASE
Currently, teleworking, the use of the cloud to store data and the constant applications of digital transformation are leaving behind the idea of limiting networks to an internal and limited perimeter.
We are talking about the combination of cybersecurity and network management, identified with the name Secure Access Service Edge (SIX) by GARTNER in your technical documentation. SASE is the evolution of the traditional “network edge” and that it is transforming towards a new model safe y gestionable.
Conventional security and privacy measures assumed that applications and users would be within this traditional network perimeter., what is no longer true with the new professional realities. Definitively the time, offices are transformed and professionals demand be able to work and carry out their activities anywhere, what's more, new business opportunities based on digital technologies come up fast; so the IT Department must adapt its management to all these new realities and capitalize on the digital transformation or adaptation.
As a result, the perimeter of this traditional network is being diluted and asks new models of access control, data protection and threat protection. In light of these changes, IT departments are discovering that their range of devices and services such as firewalls, gateways, dlp y casb, are no longer applicable in a world where the cloud is a priority.
We develop and implement SDWAN as efficiently and safely as possible, but the new term we have to focus on is called SIX and it's emerging in a way too important to miss!
Definition of Secure Access Service Edge (SIX)
We combine the functions of network security (as SWG, CASB, FWaaS y ZTNA) with capabilities WAN (namely, SDWAN) to support the needs of dynamic secure access of organizations. These capabilities are delivered primarily aaS and are based on the identity Of the entity, the context in real time and the policies of security / compliance.
Basically, SIX is a new package technologies what includes SD-WAN, SWG, CASB, ZTNA y FWaaS as core features, with the ability to identify sensitive data o malware and the ability to decipher contents at line speed, con continuous monitoring of sessions at the established risk and confidence levels.
Most suppliers and equipment manufacturers are already marketing their solutions for SASE. In our case, as you already know, We have investigated them and we have already selected the SASE providers with whom we are already working with the LOOPS methodology..
What technologies does SASE include?
A SASE architecture is capable of identify users and devices, apply policy-based security controls and provide secure access to applications and data. SIX provides secure access regardless of where users are, data, apps or devices. So, we can ensure telecommuting, face-to-face work and the mix of both efficiently.
Some of the incorporated technologies in a SASE solution could be the following:
- Cloud-native microservices in a single platform architecture
- Ability to inspect SSL/TLS encrypted traffic at cloud scale
- Inline proxy capable of decoding cloud and web traffic (OF SWG)
- Firewall and intrusion protection for all ports and protocols (FWaaS)
- Managed cloud service API integration for data-at-rest (CASB)
- Public cloud IaaS continuous security assessment (CSPM)
- Advanced data protection for data-in-motion and at-rest (DLP)
- Advanced threat protection, including AI/ML, UEBA, sandboxing, etc. (ATP)
- Threat intelligence sharing and integration with EPP/EDR, SIEM, and SOAR
- Software defined perimeter with zero trust network access, replacing legacy VPNs (SDP, ZTNA)
- Protection for the branch, including support for branch networking initiatives such as SD-WAN
- Carrier-grade, hyper scale network infrastructure with a global POP footprint
Benefits of incorporating SASE
We can think of SASE as the perfect match between a multi-site intelligent network and comprehensive cybersecurity., that speeds up access to your network, improve your security model, drive optimal performance of your network and reduce the number of vendors and devices your IT staff has to deal with. Some of the benefits it offers are:
- Flexibility: Allows direct access from the network or the cloud from anywhere vs. traditional hair-pinning back to the data center
- lower cost: Eliminate investments in fixed assets (CapEx) of the physical infrastructure and instead offers an operating cost (OpEx) low and predictable
- less complexity: Enables organizations to shift security staff from device management to focus on policy-based security service delivery; unified policy implementation simplifies SecOps
- Better performance: Improves and accelerates access to internet resources through a global network infrastructure optimized for low latency, high capacity and high availability
- lit “Zero trust”: Provides contextual and secure access to private applications in public/private clouds
- Threat Protection: Stops cloud and web attacks like phishing (identity fraud), malware or ransomware.
- Data Protection: Protect data wherever it goes, both inside and outside the organization, including within public clouds as well as enterprise and individual instances of cloud applications
LOOPS y SASE
But the most important thing about this concept, in our opinion, is what will allow us to do. From the point of view of the Technology Manager, through SASE solutions we will be organized with the most advanced technology, more flexible and more efficient.