What is a SASE Vendor?

Secure Access Service Edge, or SASE, is a framework for a network security architecture that combines networking and security technologies in a single, scalable cloud service. A SASE architecture delivers better connectivity and security for today’s highly distributed IT environments and workforces.

Secure Access Service Edge vendors offer some combination of the technologies that form the core of a SASE solution. These include software-defined wide area networking (SD-WAN) along with security technologies known collectively as the Secure Service Edge (SSE): a Secure Web Gateway (SWG), a Cloud Access Service Broker (CASB) and Zero Trust Network Access (ZTNA).

SASE Vendors vary widely in the types of SASE services they offer. Some vendors offer comprehensive, integrated SASE products, while others with only partial SASE capabilities may partner with other companies to attempt to fill the gaps. Along with core functionality, vendors seek to differentiate themselves by offering additional features such as data loss prevention, remote browser isolation, and other capabilities. Additionally, SASE Vendors can be categorized as having access-centric or data-centric SASE solutions. 

When choosing a SASE Vendor, organizations can compare providers on multiple criteria.

• Integrated vs. patchwork solutions. SASE converges networking and security into a single cloud-native service. Some providers offer complete solutions, including enterprise-grade networking and security services, while others only partially or partner with other providers.
• Limited vs. global scale. SASE Vendors with a worldwide network backbone provide reliable performance around the globe. At the same time, solutions that provide connectivity through the public Internet or MPLS lines may be too unreliable and latency-prone for use cases with global scope.
• Ease of management. While almost every SASE Vendor will provide some version of the core SASE technologies – SD-WAN, SWG, CASB, and ZTNA – only a few will offer an intuitive, easy-to-use interface that minimizes the complexity of managing SASE environments.
• Privately-run data centers vs. hyperscalers. Some SASE platforms are built on privately-run cloud data centers, while others leverage global hyperscaler clouds like AWS and Google Cloud Platform. SASE solutions running on hyperscaler platforms are far more likely to support an organization’s growth and security needs than SASE Vendors that provision servers and networking equipment in their data centers.

Organizations choosing a SASE Vendor will want to understand whether the provider offers an application-centric or data-first approach to SASE technology.

Application-centric SASE focuses primarily on safely connecting users to applications and data. This type of SASE offers centralized control over who can use essential business systems and protects against attacks from malware, ransomware, and other advanced threats. While application-centric SASE focuses on getting users connected to the applications they need, it doesn’t provide continuous control over the usage of that data. Some solutions even act as loosely managed point products, requiring multiple endpoint agents for different security services, resulting in sprawl and conflicts between agents.

Data-first SASE provides users with safe access to data and exerts continuous control over how data is used. Data-first SASE solutions have evolved to understand how users interact with data and digital and physical systems. By monitoring usage and identifying the behaviors that create risk and could lead to breaches, data-first SASE automates the enforcement of security policies based on each user’s risk. Data-first SASE aims to provide uniform enforcement across an IT environment – in the cloud, the web, the network and endpoints. Data-first solutions are ideal for highly distributed enterprises where employees work and use cloud services outside corporate walls.
 

Several criteria are critical to consider when evaluating data-first SASE Vendors.

• Data protection. Superior solutions will offer a single set of data security policies that can be enforced uniformly from the endpoint through the network and into the web and cloud. Enterprise-class controls help prevent data from being misused, printed or moved to a USB stick or a cloud service.
• Threat protection. To defend against a wide range of threats, data-first SASE solutions should offer layered defenses that combine edge protection, advanced malware detection, deep content inspection and Remote Browser Isolation.
• Application security. Solutions should provide visibility and control of applications, shadow IT, and manage unmanaged devices. Cloud app visibility, URL filtering and deep content inspection can help block the use of unsanctioned apps and cloud services.
• Network security. The best solutions provide cloud- and site-based firewall services that enable inspection of encrypted traffic, protection against advanced threats, and safe access to the internet.
• Network connectivity. Data-first SASE Vendors should offer SD-WAN solutions to connect branch offices directly to the internet and endpoint agents that can connect remote employees.
• Next-level features. Top SASE Vendors will offer additional features such as unified data security policies, unified agents, flexible deployment features, and risk-based policy enforcement that automatically personalizes security according to the risk each user’s behavior warrants.
   

As a global security leader, Forcepoint offers a single-vendor SASE solution that combines the Forcepoint ONE SSE platform and FlexEdge Secure SD-WAN. Forcepoint’s SASE software enables distributed businesses and government agencies to connect and protect their hybrid workforces with a broad array of managed networking and security solutions sourced and supported by a single SASE Vendor.  

Forcepoint’s SASE applications can help organizations to: 

• Simplify the adoption of Zero Trust security. Forcepoint data-first SASE builds advanced data security into adaptive-access gateways to intelligently distribute enforcement of security policies based on each user’s role.
• Centrally manage and enforce the security policy. By combining Zero Trust web access and a Secure Web Gateway (SWG), Forcepoint enables web security policies to be configured centrally and enforced in the cloud for sites or on the endpoint for users working remotely.
• Deliver better user experiences. Forcepoint’s endpoint-based web security eliminates latency to provide remote workers with secure web browsing that runs up to twice as fast.
• Protect against advanced threats. Forcepoint combines cloud-based and endpoint-based web security with advanced threat protection and data loss prevention capabilities to route risky and unknown websites through the platform’s Remote Browser Isolation (RBI) service, even if they harbored malicious code. Advanced Content, Disarm, And Reconstruction (CDR) technology sanitizes documents as downloaded.
• Make remote access easy. Forcepoint ONE ZTNA cloud service enables users to safely access apps without VPNs’ complexity, bottlenecks, and risks.