Gartner introduced the term SASE (Secure Access Service Edge) relatively recently in its 2019 report. It was quickly picked up by vendors of network solutions and security mechanisms, who initially simply began integrating SD-WAN systems, secure SWG Internet gateways, and access security brokers Cloud CASB, FWaaS firewalls and trustless network access mechanisms. ZTNA. This integration of proprietary products or systems consisting of solutions of other independent companies gave the basis for product identification as SASE-compliant.

Gartner analysts believe that it will take a long time for organizations to transition to a full SASE model, but by 2025 at least 60% of companies will have established strategies and timelines for implementing the SASE architecture. The speed of transformation will be affected by many factors, such as: hardware update cycles, remote branch update projects, as well as the need to train IT staff and integrate teams dealing with network security and management. However, this topic should not be postponed, and it is worth starting preparations for the implementation of the SASE system today. That is why we present some companies from different market segments that are already proclaiming themselves as SASE solution providers

However, be aware that at the moment, few suppliers have a full and mature SASE offering, yet at least a dozen companies are already advertising their solutions consistent with this concept. Gartner analysts caution that “not every vendor claiming to offer a SASE product currently offers all required and recommended SASE features, and otherwise, often not all are at the same level of functionality and maturity” ( SASE Convergence 2021 Strategic Roadmap Report ).

SAS It is not a product, but rather an architecture, platform or set of integrated functions that combine security and software mechanisms for monitoring and managing a network system. The goal of integration is to ensure that users, anywhere and with any device, can safely and efficiently use applications and data located anywhere, i.e. in the cloud or on-premises data center.

Expert Comment

 

The SASE (Secure Access Service Edge) solution has been gaining popularity recently, although it is not fully defined, and each resource understands and implements it differently. What is the SASE phenomenon behind it and is it able to stay in the market permanently?

Due to the very large number of functions that can be performed using this solution, it is difficult to clearly identify the main advantages over other services. Undoubtedly, with the distributed SASE architecture, security functions are very important, and they are implemented close to the end user; Simplify connection with applications, especially those in the cloud; Central management covering network and security aspects; Remote workers access to resources regardless of their location. SASE, like SD-WAN, is based on a distributed architecture with centralized management, which leads to increased efficiency. All these elements undoubtedly make SASE a key factor in building solutions to access corporate resources. However, it is more important to build a corporate network using the ZTNA (Zero Trust Network Access) mechanism, especially nowadays, where the threat of cyber attacks is increasing. The ZTNA mechanism, which is part of SASE, assumes that all users, devices and systems, regardless of their location, are treated as a potential threat to the network. The possibility to use this mechanism and other rich functionality gives SASE an edge over other solutions on the market.

One might wonder if, with such extensive functionality, SASE might have any drawbacks. And it seems that too large a set of possibilities and management of many elements, which are often implemented by independent teams in companies, such as the network team and the security team, will slow down the implementation of this solution. In addition, it must be remembered that SASE is a set of technologies and principles, and not one specific product, which will make it difficult to understand the possibilities and adapt to specific needs and requirements.

In addition, attention should also be paid to the possibility of integrating SASE with a network built using SD-WAN (Software Defined Network) technology, which allows optimization of traffic and full use of centralized management mechanisms.

Finally, attention should be paid to issues related to access to comprehensive analytics, which allows not only to monitor the retail environment of the SASE environment, but, above all, to make decisions about development, applications used, user behavior and security.

One might wonder if, with such extensive functionality, SASE might have any drawbacks. And it seems that too large a set of possibilities and management of many elements, which are often implemented by independent teams in companies, such as the network team and the security team, will slow down the implementation of this solution. In addition, it must be remembered that SASE is a set of technologies and principles, and not a single specific product, which will certainly make it difficult to understand its capabilities and adapt to specific needs and requirements.

Undoubtedly, SASE will develop dynamically in the future. It is worth watching this development closely to select the most important functions for your organization. A great facility may be to implement the service in a model managed by a proven partner.

SASE Loyalty Ltd Gartner

As defined by Gartner, SASE is an integrated, centrally managed system that contains a set of basic functions such as:

• SD-WAN (Software Defined WAN) . A software-controlled network technology that aggregates, secures, and optimizes all types of WAN traffic.
• FWaaS (Firewall as a Service) . Next-generation firewalls as a service replace traditional hardware solutions. It is their software equivalent which is the easiest to implement and manage. FWaaS typically includes IPS/IDS systems and antivirus software.
• SWG (Secure Web Gateway) . Content filter that blocks malicious traffic and helps enforce content and data access policies. SWG capabilities include URL filtering, SSL checking, and DNS monitoring.
• CASB (Cloud Access Security Broker) . Cloud access security brokers monitor outgoing and inbound traffic for security and policy compliance. CASB also allows you to monitor and ensure the security of SaaS applications.
• ZTNA (Zero Trust Network Access) . The Zero Trust network concept assumes that all users and devices, regardless of location, should be treated by default as an untrusted party, requiring authentication at every login, and their activity monitored for unauthorized or suspicious activity throughout the session. Zero Trust network deployment methods include multi-factor authentication, micro-accurate access control, and network segmentation.

In addition to these basic SASE options, there are other features that can be the basis of your purchasing decision for certain services. These are: remote browser isolation mechanisms, network sandboxing, the ability to support unmanaged devices, protection for web applications and APIs, as well as Wi-Fi hotspots or support for legacy VPNs.

IDC and IHS Markit criticized the term SASE introduced by Gartner, asserting that it is not a new market segment, or a new product or service, but only the integration of existing and used technologies in a way that ensures a unified management system. In addition, analysts at IHS Markit note that Gartner omitted analytics, artificial intelligence and machine learning, without including them in the definition of the concept of SASE. According to IDC, SD-WAN technology will evolve towards SD-Branch solutions, which is defined as a system that allows for centralized deployment and management of virtual SD-WAN functions and security mechanisms in multiple locations.

Who Provides SASE Solutions

It seems that the list of companies offering SASE is increasing day by day. The main categories of SASE vendors are presented below.

Network hardware and software producers

Cisco, Extreme, VMware, and others are looking to add a full suite of SASE features to their offerings through strategic acquisitions or partnership agreements.

For example, in August 2021, Extreme bought Ipanema Technologies, a supplier of SD-WAN / SASE systems. Cisco is integrating several technology acquisitions under the Umbrella SASE umbrella, including solutions developed by Viptel and Meraki (SD-WAN) and Duo Security (Zero Trust Networks and Multifactor Authentication Mechanisms). In return, VMware has acquired VeloCloud SD-WAN and is integrating the company’s technologies with the NSX Network Security and Virtualization System. VMware has also partnered with Menlo Security and Zscaler to expand the functionality of the SASE offerings.

Sellers of traditional security tools

Palo Alto, McAfee, Forcepoint, Barracuda or Fortinet also build SASE solutions, by developing their own technologies and acquiring other companies and their solutions.

على سبيل المثال ، اشترت Palo Alto CloudGenix ، مزود SD-WAN ، Fortinet ، شركة OPAQ التي تطور حلولًا لشبكة Zero Trust ؛ استحوذت Barracuda على شركة Fyde الناشئة ، وتقدم أيضًا آليات لبناء شبكة Zero Trust ؛ اشترت McAfee Light Point Security ، وهو مزود لميزات عزل المستعرض ، واستحوذت Forcepoint على Bitglass.

موفرو آليات الأمان العاملة في السحابة

تقوم بعض الشركات التي أنشأت شبكاتها السحابية العالمية الخاصة بتوسيع وظائفها بوظائف SASE. وتشمل هذه شبكات Cato و Netskope و Versa و Zscaler. مثل بائعي الأمان التقليديين ، يقومون بتطوير تقنياتهم الخاصة أو إقامة شراكات مع شركات مستقلة. على سبيل المثال ، أعلنت شركة Cato Networks في عام 2021 أنها ستحصل على ما يقرب من 200 مليون دولار من التمويل الجديد لتسريع تطوير CASB ، وهو عنصر مهم في نظام SASE.

CDN (content delivery) providers such as Cloudflare and Akamai have built SASE functionality into their global clouds. On the other hand, providers of cloud-based systems with high computing power, including AT&T and Verizon offer SASE functionality in conjunction with other companies. AT&T offers a SASE service that uses Palo Alto solutions. On the other hand, Verizon uses technologies developed by Versa and Zscaler. IBM is also working with Zscaler to deliver SASE functionality in the cloud