Introducing SASE, a new generation of cloud network security
SASE is a relatively new networking term that’s generating plenty of buzz in the IT community. But, what is it and why is it important? The term SASE was coined in 2019 by Gartner to describe a new networking model that combines SD-WAN (software-defined wide area network) with cloud security. SASE stands for Secure Access Service Edge and is pronounced ‘sassy.’
SD-WAN has been around for a number of years. It is a “software-defined” way to manage a WAN while leveraging various transport types (e.g., MPLS, LTE, broadband) to reduce costs and improve application performance. An SD-WAN intelligently routes traffic across multiple links, delivering a higher-quality user experience, and simplifies operations with a cloud-based management system.
With traditional WAN, network security typically requires all traffic be routed through a corporate firewall for inspection. However, in recent years companies have moved more applications and data to the cloud and the number of endpoints/users outside a standard enterprise facility has grown significantly. The challenges with traditional network firewalls is they don’t scale well to increase bandwidth, and they are complex to configure and maintain. The need arose for network security to evolve to a cloud-first architecture that’s simple, scalable, and designed for cloud workflows.
The introduction of cloud-based SD-WAN has simplified network orchestration and improved application performance by using cloud gateways to optimize user quality of experience. Building on this success, SASE expands the benefits of SD-WAN by using cloud gateways to enforce network security policies. Consolidating the management of network security into the SD-WAN cloud orchestrator increases efficiency and enables real-time security policy updates. Meanwhile, embedding the firewall into the SD-WAN cloud gateways streamlines traffic flows and scales easily to increase network throughput with the simplicity of a managed service.
SASE solutions provide secure access to users from the cloud instead of their individual devices, this improves efficiency and lowers capital costs. This solution is provided as-a-service by a SASE vendor and is centrally managed so security policy can be easily updated in real-time. SASE expands the value of SD-WAN by adding various network security services, such as:
- Zero Trust Network Access (ZTNA): ZTNA was developed from the realization that most security systems assumed that once access was granted to a network, that entity was allowed to go anywhere and use any application within that network. ZTNA eliminates this assumption, giving access to data and applications only if the specific user has been granted permission to use. Trust is given on a granular level to users and devices, significantly reducing access to the network and considerably improving security. ZTNA’s philosophy is “Never trust, always verify.”
- Web Filtering: prohibits users from viewing specific websites. This is usually done by accessing databases of known web pages that contain viruses, malware, other detrimental items, and sites off-limit to employees. Web filtering stops the browser from loading any part of the URL in question. Inclusion on one of these databases is often called ‘blocklisting’ or ‘blacklisting.’ Filters can also be created on specific keywords not relevant to a business. With an estimated 7% of web requests leading to malware, web filtering is essential to network security.
- Sandboxing: A sandbox is an isolated part of a network in which suspicious files, code, or URLs can be opened to test for malicious behavior, including zero-day threats. If a threat is discovered, it can be observed in a safe, distinct, virtual environment that won’t harm the central network or users.
- Gartner defines a Secure Web Gateway (SWG) as “a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance.” An SWG prevents data breaches, unauthorized transfer of data, and malware by enabling web filtering, detecting and blocking files with suspicious code, and controlling web-based applications.
- Firewall-as-a-service (FWaaS): A firewall is an application or server that acts as a go-between separating the network and the outside world. It prohibits unwanted traffic and controls access. FWaaS is a cloud-based version of a firewall that includes security features such as URL filtering, domain name system (DNS) security, and intrusion prevention systems (IPS). FWaaS has several advantages over traditional firewalls, including the ability to scale quickly, eliminate capital costs, accelerate policy updates, and simplify network management, as the vendor handles support.
With the steady movement of data applications from corporate data centers to the cloud, the need for cloud-based security has accelerated significantly over the past few years, and projected revenues for SASE bear that out. The global SASE market was roughly $665 million in 2020 and is projected to grow to $7.9 billion by 2028, with Gartner estimating that half of all new SD-WAN purchases in 2025 will be part of a SASE offering, up from 10% in 2022.
Whether or not you have existing firewalls, Adaptiv offers simple and affordable solutions to improve your cloud performance and cloud security. Adaptiv SD-WAN creates a secure branch network with a “zero trust” philosophy that prevents unknown or unauthorized traffic. All traffic flows between your branch office and the secure cloud gateway are encrypted. Adaptiv SD-WAN provides the flexibility to work with any existing firewalls, so you can retain current security policies and have the option to move to SASE at your own pace.
Adaptiv Web Protect offers simple and affordable cloud-security that’s focused on web-filtering. This solution is designed for businesses with no exiting firewalls, and for those whose firewalls are not properly configured and maintained.
Adaptiv also offers Network Protect, a SASE solution that adds more advanced SWG and FWaaS features powered by deep content inspection. Network Protect also uses AI for real-time threat detection that constantly protects users, applications, and data from zero-day attacks. With Adaptiv Networks, you can continue work management, and reduce costs. Contact Adaptiv Networks today to learn more about your options for SD-WAN and SASE!