What is SASE?
What is SASE?
So, why is there a need for a Secure Access Service Edge or SASE type solution? For years in technology, most of the traffic was going between locations for an enterprise or organization. There were branch offices and then over time, as the expanding of more roaming or remote users, but the vast majority of the applications were at the data center or the headquarters of the organization. So most of the traffic was going back and forth, the enterprises started to set up our networking and security infrastructure to sort of reflect that.
But the network requirements have changed within the last five years, with cloud adoption and organizations becoming more digital and where that data is has changed the type of traffic, that goes across the network or out to the internet, has changed. Todays, many organizations are hosting most of their applications even the ones that used to be held internally. So, there are private clouds and then there’s obviously an increased amount of browsing activity.
This complete inversion and what this does, changes the dynamic of how you can and should set up your network as well as secure your environment and specially to secure that internet traffic, as there is where most of the malicious files and activity takes places on the internet.
The more modern approach to address these challenges is to look at direct internet access if the majority of your traffic needs to go from branches out directly to the internet whether applications that are in infrastructure-as-a-service (IaaS) or whether SaaS apps such as office 365 or even A cloud storage like box or drobox. So, we’re seeing is the networks are becoming more decentralized and still a robust set of security functionality is required.
SASE, or Secure Access Service Edge, is a cloud-based architecture that converges an organization’s network and security services. SASE, a term coined by Gartner, combines network security functions with WAN capabilities, such as SD-WAN. The idea is that SASE targets networking and security shortcomings that traditional WAN and SD-WAN architectures can’t fully address. While SD-WAN solves many connectivity issues related to MPLS, it doesn’t account for the fact that enterprise architectures center not only on the data center, but also on the cloud. And for security, SD-WAN must still backhaul traffic to the data center for inspection.
SASE, on the other hand, brings inspection engines closer to the traffic entry points, after which, traffic can then be forwarded to the internet or other SASE clients. Ultimately, it converges previously separated networking and security capabilities into one service.
SASE touts four main attributes: a global SD-WAN footprint, meaning it includes an SD-WAN service that operates over a private backbone to keep enterprise traffic off the internet and overcome latency problems; distributed inspection and policy enforcement to protect and connect devices; A cloud-native architecture with no specific hardware dependencies to enable cost effective scaling as needed; And the ability to provide services based on the identity and context of the connection source, user devices and location. SASE brings benefits like reduced complexity and cost, improved performance, better security, and improved IT operations. But it is still an emerging market and will likely take a few years to mature.
The SASE model provides various networking and security functions in a single, integrated cloud service. By consolidating with SASE, enterprises can:
- Reduce costs and complexity
- Enable centralized orchestration and real-time application optimization
- Provide secure seamless access for users
- Enable more secure remote and mobile access
- Restrict access based on user, device, and application identity
- Improve security by applying consistent policy
- Increase network and security staff effectiveness with centralized management
Cisco SASE Solutions
With Cisco you can converge security and networking through a flexible integrated approach that meets multi-cloud demands at scale. Cisco is modernizing the Wide Area Networking with Cisco SD-WAN.
Cisco SD-WAN for SASE
As a networking solution, Cisco SD-WAN is a cloud-delivered, overlay WAN architecture that provides the building blocks for cloud transformation at enterprises. Customers can benefit from Cisco secure edge devices such as Cisco Catalyst 8000 Edge Platforms and ISR 4000 routers to enable a secure gateway for their branches. Moreover, Cisco SD-WAN powered by Viptela/IOS XE is a highly secure, cloud-scale architecture that is open, programmable, and scalable. Through the Cisco vManage console, you can quickly establish an SD-WAN overlay fabric. Moreover, Cisco c8000 edge platforms are designed for leveraging SASE purposes.
Cisco Umbrella for SASE
For cloud security, Cisco Umbrella is a smart and effective way to improve both security and performance without backhaul. Umbrella delivers multiple security functions in a single, simple to manage cloud service sometimes referred to as SASE solution. It enforces security at the DNS and IP layers to block malware, ransomware, phishing and botnets. Stopping threats before they reach your network or endpoints. Umbrella’s secure web gateway logs and inspects all web traffic for greater transparency and control. You can decrypt and inspect HTTP traffic, block specific HTTPS traffic, block specific URLs that violate policies, and protect against advanced malware with antivirus detection, file type controls, and sandboxing.
Cisco Zero Trust Network Access for SASE
Cisco’s Duo and Software-Defined Access (SD-Access) enable a zero trust network access architecture to be extended anywhere people work. Zero trust network access verifies users’ identities and establishes device trust before granting them access to authorized applications. It helps organizations prevent unauthorized access, contain breaches, and limit an attacker’s lateral movement on your network.
Cisco SASE Enabled Devices
Customer can enable SASE features using the following devices:
- Cisco Catalyst 8000 edge platform
- Cisco ISR 1000 Series
- Cisco ISR 4000 Series