What Security Components Comprise A SASE Solution?

It’s been nearly a year since Gartner introduced Secure Access Service Edge (SASE). The architecture sees the convergence of enterprise networking and security into a single solution. It’s become the predominant approach for the future of enterprise networking and security. Every major enterprise networking and security vendor today has claims to offer SASE if not as a product then as a stated strategy. But what security components actually comprise SASE? Here’s a quick rundown on SASE’s security features: 

Next-generation firewall (NGFW) restricts access to other locations. Unlike legacy stateful firewalls, NGFW will provide application awareness and control to protect against the spread of malware and other application-layer attacks. NGFW can be delivered as an on-premises solution or from the cloud in which case its a firewall as a service (FWaaS)

Secure Web Gateway (SWG) restricts access to Internet and cloud resources and provides advanced threat protection against malware in user-initiated Web/Internet traffic. All SWGs will inspect HTTP/HTTPs traffic, but some will also include all ports and protocols. 

Software Defined Perimeter (SDP), also called zero trust network access (ZTNA) restricts access to applications based on identity and real-time context. While thought of as applying to remote and mobile users, SDP/ZTNA is seen as extending to network users as well. Rather than connecting to the network, users of SDP/ZTNA first authenticate with a broker who then provides a portal of permitted applications and network resources. As such, users have application access but not general network access, preventing minimizing lateral movement across the network. 

Intrusion Detection/Prevention Systems (IDS/IPS) analyze network flows for signatures of known cyberattacks. IDSs detect attacks, IPSs stop attacks. Because IPSs impact the flow, not merely monitor it, enterprises need to be particularly careful that adding signatures won’t result in false positives, unnecessarily interfering with user workflows. 

Remote Browser Isolation (RBI) protects users from Web-based attacks by shielding them from the Internet. An RBI system sits between the users and the websites they browse, sending a user’s browser an image of the browsed site. No content is executed on user machines, protecting them from most Web threats. 

Cloud Access Service Brokers (CASBs) identify and protect data in the cloud. CASBs provide a central point to enforce policies and provide visibility into user activities. CASBs generally include DLP to enforce policies, threat protection to prevent users from accessing specific cloud services, and compliance capabilities. 

Web Application and API Protection delivers multiple security modules for inspecting and protecting at the Web layer. WAAP’s core features include WAF, bot mitigation, protection against DDoS, and API protection, with a variable depth of security available for these for each module. 

Continue reading