What is a SASE Platform?
SASE Platforms Defined
Secure Access Service Edge (SASE) is a cloud-based IT model that converges networking and security functions to modernize connectivity and simplify security management for highly distributed organizations.
A SASE platform combines Software-Defined Wide Area Networking (SD-WAN) with various security services to deliver security functions via the cloud to wherever the user is. Known as the Security Service Edge (SSE), these security services include Zero Trust Network Access (ZTNA), a Secure Web Gateway (SWG) and a Cloud Access Security Broker (CASB).
A SASE platform provides adequate security for modern networks and workforces that are highly distributed. Workers and offices today are located anywhere, and IT assets reside both on-premises and in the cloud.
In this environment, legacy security solutions focused on inspecting traffic at centralized hubs are too costly, difficult to manage and leave too many vulnerabilities for attackers. SASE services solve this challenge by making network connectivity faster and easier to manage and moving security functions to the cloud so users and devices can access security no matter where or how they’re connected. A SASE platform also centralizes networking and security administration, reducing the effort and complexity for IT teams.
Elements of a SASE Platform
Organizations architect their SASE platforms in slightly different ways, but nearly all will include these core SASE services offered by most Secure Access Service Edge vendors.
- Software-Defined Wide Area Networking (SD-WAN) uses software-defined networking principles to distribute and manage network traffic across a wide area network. SD-WAN architecture contains networking with a virtual overlay that allows organizations to keep their public WAN connections while adding options for using low-cost commodity connections like fiber and DSL. By centralizing network control and enabling real-time application traffic management, SD-WAN automates processes, centralizes management and adds resiliency to wide-area networking.
- Cloud Access Security Broker (CASB) is a technology that manages access between users and cloud service providers. Along with delivering visibility into the usage of cloud assets, CASBs may provide data loss prevention, threat prevention, malware detection, data encryption and key management, SSO and IAM integration, cloud governance and risk assessment, and other cloud-related security functions.
- Secure Web Gateway (SWG) protects organizations and users from security threats, malware and other risks by filtering internet traffic and enforcing policies around acceptable use. Residing between users and the internet, a SWG inspects web requests, compares them to company policy and blocks malicious applications or websites. SWGs include essential security functions such as URL filtering, application control, antivirus measures, data loss prevention and HTTPS inspection.
- Zero Trust Network Access (ZTNA) solutions provide secure remote access to applications and services based on pre-defined policies. ZTNA technology uses a Zero Trust approach to network access, allowing users to access only the services they have been explicitly granted permission for. By preventing users from seeing or accessing any other applications or services, ZTNA solutions help to stop attackers from moving laterally through a network environment.
The Benefits of SASE Solutions
A SASE platform offers significant benefits for organizations over traditional network and security technology.
- Stronger security. A SASE platform is highly effective at blocking malware-based attacks, data exfiltration, DDoS attacks, account takeover, data breaches and other advanced threats.
- Better user experiences. By eliminating VPNs and the need to backhaul traffic through a central data hub for inspection, SASE technology moves security close to users and devices to reduce latency and optimize connections to cloud applications.
- Less complexity. A SASE platform consolidates multiple solutions to provide a simpler network and security stack, reducing the number of security products IT teams must manage and update.
- Reduce risk. SASE supports a Zero Trust approach to security that minimizes the attack surface, prevents lateral movement and reduces risk.
- Lower costs. Organizations can achieve significant cost savings by using a single platform rather than purchasing, deploying and managing multiple-point products.
- Seamless scalability. The cloud-based elasticity of a SASE platform makes it easy to scale up and down to meet changing requirements.
Characteristics of a SASE Platform
While the specifics of a SASE platform differ for each organization, most share several common characteristics.
- Converged networking and security. By combining networking and security functions, a SASE platform makes it easier to deliver the security, simplicity and speed organizations need to compete.
- Edge-based security functions. The SASE framework eliminates the need to route traffic through a central hub for security inspection. Instead, a SASE platform moves security functions close to the users, applications and devices that require them to reduce latency and improve performance.
- Identity-focused. SASE technology enables a more flexible approach to security by focusing on authenticating the identity of users and devices requesting access to connections and resources.
- Cloud-native solutions. As a cloud-native technology, a SASE platform is elastic and self-maintaining, making it easier to provide low-latency networking and exceptional security services on a global basis.
Forcepoint: A Data-First SASE Platform
As a leading user and data security company, Forcepoint offers a SASE platform that blends proven networking capabilities with cutting-edge security service edge (SSE) technologies.
Combining secure SD-WAN with ZTNA, CASB and SWG solutions, Forcepoint offers SASE applications that deliver more robust security, easier management, and a better user experience.
Believing that SASE solutions should be focused on data security, Forcepoint offers a data-first SASE platform that integrates best-in-class data security and malware protections with adaptive Zero Trust gateways. Forcepoint’s SASE platform intelligently distributes enforcement of security policies based on where each user works and covers both managed and unmanaged devices to close any gaps in security coverage.
As a leading SASE provider, Forcepoint provides the following:
- Integrated capabilities that deliver centralized visibility and control for safely accessing sensitive data everywhere, even on unmanaged, agentless devices.
- Safe, controlled use of any cloud application, even from personal devices, with a CASB that features a reverse-proxy approach. Forcepoint’s hyperscaler architecture removes fragility and delivers maximum performance even for organizations with a vast list of apps and a dispersed workforce.
- Access to private apps with ZTNA. Forcepoint allows employees to use the devices that work best for them – even their smartphones and tablets. A reverse proxy allows security teams to support unmanaged devices without an agent. Identity-based access controls enable users to access internal and cloud apps through a Single Sign-On (SSO) webpage for a more effortless user experience.
- Protection from dangerous and inappropriate web use. Forcepoint ONE SWG delivers the most secure browsing experience for hybrid workforces. Zero Trust web access enables safe access to any website and downloaded document. Integration with Remote Browser Isolation (RBI) technology lets users access even risky and compromised sites safely by remotely rendering content in a secure container.
- Consistent DLP. Forcepoint’s industry-leading DLP technology uses agentless deployment to secure all employees, contractors, guests and devices at each site without requiring endpoint software.
- Improved security and connectivity at remote sites. Forcepoint FlexEdge Secure SD-WAN integrates network security, intrusion detection and threat prevention with centralized management in the cloud. Application-aware routing prioritizes traffic to mission-critical applications. Forcepoint’s SASE platform simplifies and eliminates the complexity of wide-area networking and manages connections and security with simplicity and efficiency.