Single-Vendor Secure Access Service Edge
What is SASE?
Secure Access Service Edge
Secure Access Service Edge, or SASE, is an enterprise networking and security category introduced by Gartner. SASE converges SD-WAN, a Cloud Network, and Security Service Edge (SSE) functions, including FWaaS, CASB, DLP, SWG, and ZTNA, into a unified, cloud-native service.
With SASE, enterprises can eliminate the effort and costs required to maintain complex and fragmented infrastructure made of point solutions, reduce the risk for breach and data loss with optimal security posture, enable secure work from anywhere, and improve access to global applications on premises and in the cloud
How Does SASE Work?
The Key Components of SASE
Software-defined WAN (SD-WAN)
Firewall as a Service (FWaaS)
Secure Web Gateway (SWG)
Zero-Trust Network Access
Cloud Network
Cloud Access Security Broker
Security Service Edge (SSE)
SSE is a subset of the security layer of SASE that can be deployed as a standalone capability or as a step in a full SASE transformation journey. SSE converged SWG, CASB/DLP, and ZTNA, into a single cloud service.
Software Defined WAN
(SD-WAN)
SD-WAN enables optimal WAN management. SASE leverages SD-WAN capabilities to provide optimized network routing, global connectivity, WAN and Internet security, cloud acceleration, and remote access.
Firewall-as-a-Service (FWaaS)
(FWaaS) is a new and revolutionary way of delivering firewall and other network security capabilities as a cloud service. It eliminates the constraints and complexities of legacy physical and virtual firewalls, and makes network security consistently available everywhere
Secure Web Gateway (SWG)
SWG enhances security by providing an additional layer of protection from Internet threats, enforcing corporate standards for web site access based on their content and risk categorizations.
Intrusion Prevention System (IPS)
IPS provides organizations with real-time protection against advanced threats and attacks that utilize known and unknown exploits. IPS protection applies to all traffic including Internet, WAN, and Cloud, preventing ransomware delivery and propagation and data theft.
Next-Generation Anti-Malware (NGAM)
(NGAM) protects organizations from malware in real-time as files are transmitted across the Internet or corporate WAN. Malware is identified with advanced heuristics and highly-trained machine-learning algorithms.
Zero Trust Network Access (ZTNA)
ZTNA allows organizations to create a single access policy to enterprise resources based on risk and least privilege principles, and enforce it on all users regardless of location – in the office, at home, or remote.
Connect users anywhere to private resources ensuring fast and direct application connectivity and superior user experience.
Cloud Access Security Broker (CASB)
CASB provides IT managers with comprehensive insight into their organization’s cloud application usage, covering both sanctioned and unsanctioned (Shadow IT) applications.
It enables the assessment of each SaaS application to evaluate its potential risk, and the definition of highly granular and flexible access rules to ensure the least-privilege and minimal risk exposure.
Data Loss Prevention (DLP)
DLP empowers organizations to consistently protect sensitive data across users, locations, and clouds. Comprehensive DLP control is essential to ensuring compliance with regulations such as GDPR, PCI DSS, HIPAA, and protecting intellectual property and proprietary information.
The Benefits of SASE
