What is a SASE Service?
SASE Service Defined
Secure Access Service Edge, or SASE, is a framework that delivers better networking and security for modern IT environments and workforces. SASE combines Software-Defined Wide Area Networking (SD-WAN) capabilities with cloud-native security functions like Cloud Access Security Broker, Secure Web Gateways and Zero Trust Network Access.
As a result, organizations can provide faster connectivity for highly distributed workforces while moving security functions to the cloud – and closer to users, devices and applications that may reside anywhere in the world.
Offered by a technology provider, a SASE service delivers access to one or more of the core technologies in a SASE platform. Some SASE providers offer comprehensive technology that combines all the core networking and security components. In contrast, others offer one or more features or partner with other vendors to provide a complete solution. Deciding on a single vendor vs. multi-vendor approach to procuring SASE services is one of the first decisions IT teams must make when adopting the SASE framework.
How a SASE Service Improves Security
The SASE framework is being rapidly and widely adopted because it provides security and connectivity for modern IT networks and workforces. With the rise of cloud services and work-from-anywhere workforces, traditional network security models need to be revised.
Routing all traffic through a centralized data center for inspection is too costly and prone to latency, causing network performance issues that prevent users from accessing the resources and cloud services they need. For IT teams, managing connectivity and security in this traditional model is overly complex and burdensome.
SASE services offer a vast improvement by improving connectivity with SD-WAN technology and moving security functions to the cloud. Rather than focusing on inspecting traffic, SASE software focuses on authenticating identities. In this way, SASE makes cloud-based security functions available wherever users, devices, applications and other IT resources require them. SASE services also reduce the complexity of managing networking and security for IT teams, who can set and enforce policies from a single console.
Types of SASE Services
Because SASE is a philosophy or approach rather than a specific architectural model, every deployment may differ slightly. However, several core technologies are usually part of any SASE service, including technologies for networking and several security technologies known collectively as the Security Service Edge (SSE).
- Software-Defined Wide Area Networking (SD-WAN) uses software-defined networking technology to efficiently and cost-effectively distribute network traffic across a vast area network. SD-WAN automates and centralizes WAN management by creating an overlay that virtualizes network connections and allows organizations to use multiple, low-cost commodity connections like fiber and DSL in addition to standard MPLS connections.
- Cloud Access Security Broker (CASB) functions as a security checkpoint between cloud-based resources and an organization’s users and infrastructure. CASBs enforce security policies and practices that include authentication, authorization and encryption. CASBs also offer security prevention, monitoring and mitigation, warning administrators of malicious activity and blocking malware and other threats.
- Secure Web Gateway (SWG) prevents unwanted internet traffic from entering an organization’s network and blocks users from accessing malicious websites or resources with viruses, malware and other cyber threats. Secure Web Gateways provide technology for URL filtering, application control, malicious code detection and filtering, data loss prevention, antivirus measures and more.
- Zero Trust Network Access (ZTNA) solutions enable remote users to gain secure access to a company’s applications and IT resources. ZTNA trusts nothing by default and grants access to IT resources only after strong authentication and continuous authorization of devices and users. Users are granted strictly on a need-to-use, least-privileged basis and cannot see or access any other resources on the network. For this reason, ZTNA technology is highly effective at stopping lateral movement attacks.
The Value of a Single-Vendor SASE Service
As the marketplace for SASE products and services evolves, organizations can procure solutions from multiple providers or choose to work with a single SASE provider, which can offer significant benefits.
- Reduced complexity. With SASE applications from a single provider, security teams can eliminate the complexity and shortcomings of managing, coordinating and integrating individual point solutions from multiple vendors.
- Greater visibility. Single-vendor SASE services increase visibility by providing a unified solution administrators can manage, maintain and update from a central console.
- Enhanced user experiences. With a single-vendor approach, organizations can count on a more predictable user experience across all environments and locations.
- Simpler policy enforcement. Single-vendor SASE improves security posture by enabling teams to establish, manage and enforce security policies and access control from a single console.
Forcepoint: A Data-First SASE Service
Providing market-leading solutions to protect the modern enterprise, Forcepoint offers a data-first SASE service that combines SASE control and protection with industry-leading data security.
Forcepoint enhances SASE’s identity-centric security by collecting contextual information from sources throughout the IT environment and dynamically calculating risk for each user through an automated behavioral intelligence system. With Forcepoint’s SASE technology, security teams can:
- Discover data everywhere – on-premises or in the cloud – and classify it by applying tags.
- Leverage advanced detection and forensics like fingerprinting, OCR and machine learning to identify sensitive data.
- Eliminate endpoint sprawl with a unified agent that makes it possible to enforce the same policies in different places.
- Enable behavior-centric, continuous, risk-based enforcement and apply automated personalization of security controls wherever needed.
- Visualize the entire IT environment from a single pane of glass.
- Integrate easily with all solutions in the security stack, from identity providers and device telemetry to SIEM and other tools.