Contact Us
back

Cloud-Delivered Secured Access Service Edge (SASE): Comprehensive network security with WAN capabilities

Published On: 
Feb 15, 2020

Barbara M. Hunt

Founder and Chief Executive Officer
145 Views    10 Comments

Barbara Hunt

Founder and CEO, NetAbstraction
VPN Web
SD-WAN
SASE

Gartner Group has recently published research and thought leadership pieces that discuss SASE (pronounced “sassy”) and why this emerging technology needs to be considered by enterprises operating in the cloud and on the Internet. Its worth a look at the drivers behind SASE and why network decisions should include the SASE concept.

Gartner’s Market Landscape

Traditional network offerings are not suited to delivering reliable, agile, cost-effective and high-performing solutions in support of hybrid cloud IT architectures.

Planning Assumptions:

  • 30-25% of large enterprise traffic is shifting to the cloud, changing traffic flows and making the traditional WAN suboptimal.
  • 20% increase in enterprises WAN bandwidth per year at the branch. Network traffic is doubling every three years.
  • Through 2021, organizations that isolate and remove digital business communications services from direct public internet access will experience 70% fewer successful attacks than organizations that didn’t adopt isolation.
  • By 2023, 30% of enterprise locations will use internet-only WAN connectivity, up from less than 10% in 2019, to reduce bandwidth costs.
  • By 2024, at least 80% of enterprises will have moved branch office security to cloud-based or hosted services, up from less than 20% in 2019.
  • By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.

SASE is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions to support the dynamic secure access needs of digital enterprises.


SASE Defined

The secure access service edge is an emerging offering that combines comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA), with comprehensive WAN capabilities to support the dynamic secure-access needs of organizations.

SASE capabilities are delivered as cloud-based services driven by the identity of the entity, real-time context, organization security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, internet of things (IoT) systems or edge computing locations.

SASE Capabilities

  • Core Capabilities: SD-WAN, SWG, CASB, ZTNA, and FWaaS, all with the ability to identify sensitive data or malware, and the ability to decrypt content at line speed, at scale with continuous monitoring of sessions for risk and trust levels.
  • Recommended Capabilities: Web application and API protection (WAAP), remote browser isolation, recursive DNS, network sandbox, API-based access to SaaS for data context, and support for managed and unmanaged devices.
  • Optional capabilities: Wi-Fi hotspot protection, network obfuscation/dispersion, legacy VPN and edge compute protection (offline or cached protection).

SASE is in the early stages of development. Although adoption of SASE will occur over the next several years, successful vendors will be easy to identify within three years.  

Both network and security vendors should remember:

  • End-user demand will continue to ramp quickly for SASE, especially as SD-WAN expands to an even broader offering of multiple security services.
  • Slower moving incumbents that do not pivot to SASE quickly enough will be displaced.

It is critical that SASE providers be able to terminate and inspect encrypted sessions, where required, based on policy with a scalable (ideally, software-based) architecture.

Other important services include DNS protection, remote browser isolation, Wi-Fi hot spot protection, traditional VPN services, and web application and API protection services. Some vendors will offer network privacy-as-a service, hiding enterprise network infrastructure from visibility when using SASE services.

The Problem We Solve

Public cloud computing has rendered traditional enterprise wide-area networks (WANs) suboptimal, from a price, performance and security perspective. Software-Defined Wide-Area Networks (SD-WAN) have revolutionized how enterprises manage their wide-area networks. However, SD-WANs increase the enterprise’s public exposure and therefore its cyber profile, rendering traditional security methods inadequate. NetAbstraction provides the protection lacking in the traditional SD-WAN and is the next generation of wide-area networking.  

NetAbstraction provides a simple but very effective solution that obfuscates and anonymizes WAN traffic, enables private browsing and privatizes application-to-cloud connections.

While SD-WAN has made the enterprise’s use of their WAN more efficient, it has not solved some of the fundamental issues in today’s WAN. Leased lines and MPLS services are static and make a fixed target for cyber attack. They also limit the ability to elastically meet bandwidth demands. When considering the use of the Internet or cloud, there are significant cost savings, but performance and security are key concerns.

NetAbstraction is a natural fit in Gartner’s new SASE category, providing the network security that enterprises need as part of the digital transformation.

Relevant Gartner Research:

2019 Strategic Roadmap for Networking, dated 10 April 2019

Jonathan Forest, Neil Rickard


Market Trends: How to Win as WAN Edge and Security Converge into the Secure Access Service Edge, dated 29 July 2019

Joe Skorupa, Neil MacDonald


5 Options to Secure SD-WAN Based Internet Access, dated 28 August 2019

Bjarne Munch, Craig Lawson


The Future of Network Security is in the Cloud, dated 30 August 2019

Neil MacDonald, Lawrence Orans, Joe Skorupa


Forecast Analysis: Enterprise Networking Connectivity Growth Trends, Worldwide, dated 20 September 2019

Gaspar Valdivia, Lisa Unden-Farboud, To Chee Eng, Gigory Betskov, Susanna Silvennoinen


Emerging Technology Analysis: Cloud-Delivered Network Security is an Essential Step in SASE Transformation, dated 4 October 2019

Nat Smith


Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security, dated 22 October 2019

Nat Smith, Neil MacDonald, Lawrence Orans, Joe Skorupa


Emerging Technologies and Trends Impact Radar:  Security, dated 13 November 2019

Lawrence Pingree, Nat Smith, Elizabeth Kim, John A. Wheeler, Ruggero Contu, Eric Ahlm, Mark Driver


Critical Capabilities for WAN Edge Infrastructure, dated 26 November 2019

Jonathan Forest, Mike Toussaint, Mark Fabbi

Featured Blogs

Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Related Content
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More

Ad Space

Barbara Hunt

Founder and CEO, NetAbstraction

Barbara is a recognized expert , information, and telecommunications technology and operations, based on her extensive experience in the Intelligence Community (IC). She is a sought-after speaker and presenter in the cyber communications market.

Related Content
Do network layer and application layer DDoS attacks differ?

Network layer and application layer DDoS attacks are significant threats. Know the differences between them and what you can do to reduce their effects.

READ MORE
DHS Alerts to Remote Vulnerabilities in Multiple VPN Applications

According to a recent alert from Homeland Security, a remote attacker could exploit vulnerabilities found in three VPN applications to take control of an affected system.

READ MORE
Researchers Expose VPN Flaws That Let Hackers Infiltrate, Eavesdrop on Corporate Networks

Critical vulnerabilities in enterprise virtual private network (VPN) solutions…allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications, researchers warn.

READ MORE

Subscribe

Sign up for the latest posts and updates from NetAbstraction.

Subscribe

Related Blogs

Category
Best practices for Mobile Device Security

This article appeared in Security Brief, New Zealand and is republished here with their permission.Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.

Read More
Category
Watch Compelling Keynotes and Sessions from the Fal.Con for Public Sector Conference

rowdStrike’s first Fal.Con for Public Sector cybersecurity conference — held last week at the new International Spy Museum in Washington D.C. — brought together.

Read More
Category
ITProPortal: CrowdStrike Discusses Life Beyond Malware

This article, “Life Beyond Malware,” originally appeared on ITProPortal and is published here with their permission.

Read More
2020
NetAbstraction