SASE

[rainit2006]

[rainit2006]

SASE platforms typically include the following technology components:

• Zero Trust Network Access (ZTNA): The Zero Trust security model assumes threats are present both inside and outside a network; therefore, strict contextual verification is required every time a person, app, or device tries to access resources on a corporate network. Zero Trust Network Access (ZTNA) is the technology that makes the Zero Trust approach possible — it sets up one-to-one connections between users and the resources they need, and requires periodic reverification and recreation of those connections.
• Secure web gateway (SWG): A SWG prevents cyber threats and protects data by filtering unwanted web traffic content and blocking risky or unauthorized user behavior online. SWGs can be deployed anywhere, making them ideal for securing hybrid work.
• Cloud access security broker (CASB): Using the cloud and SaaS apps makes it harder to ensure that data stays private and secure. A CASB is one solution to this challenge: it provides data security controls over (and visibility into) an organization’s cloud-hosted services and applications.
• Software-defined WAN (SD-WAN) or WANaaS: In a SASE architecture, organizations adopt either SD-WAN or WAN-as-a-Service (WANaaS) to connect and scale operations (e.g., offices, retail stores, data centers) across large distances. SD-WAN and WANaaS use different approaches:
• SD-WAN technology uses software at enterprise sites and a centralized controller to overcome some of the limitations of traditional WAN architectures, simplifying operations and traffic steering decisions. WANaaS builds on the benefits of SD-WAN by taking a “light branch, heavy cloud” approach that deploys the minimum required hardware within physical locations and uses low-cost Internet connectivity to reach the nearest “service edge” location. This can reduce total costs, offer more integrated security, improve middle mile performance, and better serve cloud infrastructure.
• Next-generation firewall (NGFW) An NGFW inspects data on a deeper level than a traditional firewall. For instance, NGFWs can offer application awareness and control, intrusion prevention, and threat intelligence — which allows them to identify and block threats that may be hidden in normal-seeming traffic. NGFWs that can be deployed in the cloud are called cloud firewalls or firewall-as-a-service (FWaaS).