SASE - Secure Access Service Edge

There are lots of useful tools for securing the endpoint. We know lots of tools for securing servers. There are lots of tools for securing the company as well as the data which are used by employees, customers and providers. We may think we know everything for securing companies such as firewall, antivirus, SIEM, etc but the pandemic is changing companies and how we work today. There are lots of people working from home, consequently, there are new technologies for securing companies.

One of the new technology that companies are installing lately with the pandemic is SASE. This is not a product but a new architecture in security and networking. Actually, SASE consolidates several security and networking technologies, which were usually deployed one at a time. However, SASE intetrages all of them. The SASE primary functions are SD-WAN, FWaaS, SWG, CASB and ZTNA.

Components of the SASE Model

SD-WAN is one of the SASE primary function. I installed SD-WAN for the first time six years ago when a customer needed to connect eight WAN routers to a firewall. They wanted to create rules by applications in the firewall because some applications had to use specific WAN links. For instance, there was a link for VPN, another link for the webpage, another for mail and another for Internet access. SD-WAN for SASE is similar than that but for endpoints. The remote laptops, computers and smartphones are going to know whether they have to access to the datacenter throught VPN or access to SaaS applications directly. This is a great benefit because endpoints won’t have to access to the datacenter to access to SaaS applications and there is an important bandwidth savings. 

Secure SD-WAN + CASB

Most operating systems have a firewall by default which provides control for outbound and inbound internet traffic across all ports and protocols, but if we need visibility, reporting and application control, we’ll have to disable the default firewall to install a new powerful firewall. In addition, centralized management from the cloud is really useful. Therefore, Cloud-delivered firewall (CDFW) or FWaaS is another primary function in SASE architectures.

Firewall as a Service

I’ve configured lots of web filtering profiles in UTM firewall. They are useful to block access to malicious websites. We can even configure SSL inspection to protect the organization from hidden attacks. This is another primary function for SASE. We should be able to configure a Secure Web Gateway (SWG) to protect enpoints to access to malicious websites. This is another feature which requires visibility, reporting and configuration from a centralized management system when we have lots of devices.

Secure Web Gateway

The Cloud Access Security Broker (CASB) functionality and the Zero Trust Network Access (ZTNA) functionality are also two primary function of the SASE architecture. The aim of CASB is to extend visibility into cloud applications in use as well as application details and risk information. On the other hand, ZTNA has a strategic approach of eliminating trust, as a result, all resources are considered external and continously verifies trust before granting only the required access.

A typical ZTA user identity and access management implementation

Be happy my friends! Did you know SASE?