Network Security SASE

Network Security: What is SASE?

Over the past few years, companies and service providers have started to consider Network Security more and more crucial. But why is this? Well, with a growing number of people working from home, and the increased reliance on cloud based applications, it’s necessary to have more security options in place, and they all need to be able to communicate to maximize their potential.

Networking, security, and WAN have always had their crossover elements, but now that crossover is more important than ever. It’s now common to see networking solutions branching out into security (think of IPS and antivirus solutions) and the same is true for the opposite – security companies are branching out into the world of networking.

It’s vital that companies start looking at network security as a key component of networking. It’s also important that networking providers start to come round to security. If this doesn’t happen, customers may look elsewhere for their services, as they aren’t getting a full package.

SASE Defined

The tech company Gartner recognizes SASE to mean ‘Secure Access Service Edge’, and defines it based on how it comes from network as a service, and network security as a service, converging in the market.

SASE is the combination of these two functions. Gartner explains that they are built out of various parts: 

  • Network as a service includes things like Carriers, CDN and WAN optimization, and SD WAN
  • Security as a service features components including Cloud Secure Web Gateway, Firewalls, WEB Security (DNS), and Zero Trust Network Access

Is the Concept a Recent Innovation?

While the term may sound unfamiliar, the concepts it is based on have existed for some time now. A certain well known provider of SD WAN has previously championed the cause for needing security as a service together with their SD WAN service, but has only recently begun to use the term SASE to refer to the two together. The company Cisco has also been providing SD WAN with Secure Web Gateway for a while now.

SASE is recently becoming more common as a single offer from providers, and this is likely to increase in the future. It’s also looking likely that we’ll see SASE come into its own a bit more in terms of platforms.

The networking solutions that businesses are offered are constantly evolving. SD WAN took over from traditional MPLS based methods, and now with the need for security increasing, SASE seems to be the way forward.

Also, Read: Which Certification Is More Authoritative, CCIE Security or CISSP?

What Has Made People Want SASE?

Numerous changes in the business world have caused a push for SASE. These include changes to how businesses create and find applications, as well as how they gain access to them. Read on for a look at these changes, as applied to a medium-sized (or enterprise) business, with an MPLS based WAN:

Work Going Remote

Working from home has become much more common recently, especially during lockdown. The internet was crucial in achieving this, and it saw a huge increase in traffic which wasn’t being overseen by a Datacenter, or in-house security system.

Many remote workers don’t need to use a company VPN, as their applications aren’t within the corporate network firewall – and those who do need to use apps on the network could use a VPN which can route only the relevant traffic to them with split tunneling.

Networks Using Apps in the Datacenter

Traditionally, networks essentially used primary circuits, with rarely used backup circuits. All network traffic from each site was routed to the Datacenter, or HQ. Only around 20% of that traffic would go on towards the internet, with the rest just travelling around the business network. 

Businesses often used the internet for their backup, so they’d have a path to the Datacenter/HQ if their MPLS system failed. This meant that generally a direct to internet route for applications wasn’t provided.

The Introduction of SD WAN

SD WAN gave businesses a direct route to the internet for their primary circuit. It could improve a network’s performance by routing traffic for cloud-based apps directly over the web. The traffic intended for apps within the Datacenter could continue using the MPLS circuit, and the bandwidth of these circuits could then be lowered, as they’d have less traffic. SD WAN helps send traffic down the most efficient route, helping avoid congestion or failure – but necessitates security, as information is passing through the internet.

Security Gaps

All of this has led to gaps in security. A lot of business traffic is simply not protected by the Datacenter/HQ’s security systems. Plus, many email services are now cloud-based, so they need more security too – essentially, a lot of security isn’t where it needs to be.

SASE addresses these issues. SASE brings businesses cloud-based firewall and web security – sometimes referred to as a Secure Internet Gateway.

What’s in the Future for SASE?

As mentioned previously, SASE collates numerous security products, and all the corresponding alerts and information can become a nuisance for IT managers. What they need is a context for issues, created by a correlation, to help them fix key issues.

Think of it this way: you’ve lost your car keys. You think you might have left them by the front door. You go to the door, only to find it open, with no car keys in sight. The correlation of these events provides you with the necessary context to be concerned you’ve had your car stolen, but they don’t mean so much on their own.

SASE provides the isolated information, but with further integrated security, we’ll be able to see these correlations. These systems could detect threats and respond to them automatically. Email security and endpoint protection is a good example of one of these integrated solutions – with these features, if an email is found to contain a possible phishing attack, the SASE system would block any future emails from the domain it originated from, and it would also prevent all web traffic from browsers from accessing said domain.

With its ability to assess context and correlation, integrated security will surely make the networking ecosystem a whole lot smarter.

Next, you can consider reading: Know Everything About Web Security Testing