SASE (pronounced “sassy”) is a cybersecurity framework by Gartner that combines network security functions with WAN capabilities to support the dynamic secure access needs of organizations. These capabilities are unified under a global cloud-native architecture and factor in endpoint identity, real-time context, and security/compliance policies.
SASE eliminates multiple point products, enabling organizations to cut costs and complexities around technical, human, and financial resources. It helps simplify management, get consistent visibility, and maximize network protection across users, devices, and applications, regardless of their location. An effective SASE solution is characterized by the following key elements:
SD-WAN allows for the use of local internet breakout as an alternative to costly MPLS connections. Securing the SD-WAN fabric is challenging and requires multiple overlays. A SASE solution enables dispersed edge devices to be connected to a cloud-based infrastructure instead of physical hubs in data centers or colocation facilities. A unified framework for SD-WAN services enables interconnectivity without the complexity of deploying or managing multiple physical hubs.
The “never trust, always verify” paradigm requires endpoints to authenticate themselves by establishing credentials before communicating with the network. Mere SDP solutions do not provide content inspection, creating discrepancies in the types of protection extended. On the contrary, SASE incorporates Zero Trust and other security services for consistent enforcement of DLP and threat prevention policies.
Organizations use the Domain Name System (DNS) to translate domain names into IP addresses. As an open service, DNS doesn’t include threat detection by default. An effective SASE solution comes with DNS security features delivered within the cloud environment as part of network access.
While it has the same features as a next-generation firewall, Firewall as a Service (FWaaS) is implemented in the cloud so that organizations need not incur expenses from having security hardware installed on-prem. By implementing network security policy in the cloud, SASE incorporates such a Distributed Firewall into its unified platform such that deployments can be managed from a single platform.
While essential, security tools such as anti-malware, IDS/IPS, SSL decryption, and file blocking, constitute separate solutions and this complexifies management as well as integration. SASE consolidates these point products and services into a single cloud platform to simplify oversight of network-wide vulnerabilities and expedite response mechanisms.
Crucial for compliance (HIPAA, PCI, and others), DLP is a composite solution for monitoring sensitive data both in the environments where it is deployed and through their egress points. Key stakeholders are alerted when policies are violated. However, legacy on-prem solutions don’t scale economically for the dispersed edge. Under SASE, DLP is an embedded, cloud-delivered service centered around the data itself, everywhere such that policies are applied consistently to data, at-rest, in-motion and in-use, regardless of location.
In conclusion, a comprehensive SASE solution can solve both networking and networking security needs for organizations embracing edge computing. However, in highlighting the importance of software architecture and implementation, Gartner warns organizations to “be wary of vendors that propose to deliver services by linking a large number of features via VM service chaining, especially when the products come from a number of acquisitions or partnerships. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency.”
The Edge Network Fabric is essentially Xaptum’s SASE fabric, designed to meet the demanding needs of the dispersed, mobile edge. It provides not only the essential functionality but also the scalability and interoperability desired for edge computing.