What are Secure Access Service Edge Vendors?

Secure Access Service Edge (SASE) is a cloud-based model for IT environments that converges networking and security functions in a single, scalable cloud service. 

By improving network performance and moving security from the data center to the cloud, SASE environments increase security for highly distributed networks and workforces while allowing users to securely access IT assets and cloud applications from any location.

Secure Access Service Edge vendors offer a variety of solutions and software that form the core of a SASE platform. These include Software-Defined Wide Area Networking (SD-WAN) along with security technologies known collectively as the Security Service Edge (SSE): a Secure Web Gateway (SWG), a Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA). 

Secure Access Service Edge vendors offer various SASE services and products. While some provide comprehensive and integrated platforms that leverage the power of global hyperscalers, others offer only partial SASE capabilities from privately run data centers. In addition to the core SASE software solutions, Secure Access Service Edge vendors may provide additional capabilities like remote browser isolation, content disarm and reconstruction, and data loss prevention tools.

Secure Access Service Edge vendors typically offer some combination of the core SASE technologies.

• Software-Defined Wide Area Networking (SD-WAN) uses software-defined networking to route traffic more intelligently and cost-efficiently across a vast area network. Using a virtual overlay to manage network connections, SD-WAN enables organizations to use a broader selection of connections, including low-cost commodity connections like fiber, DSL and standard MPLS connections. By centralizing management and offering application-aware routing, SD-WAN delivers better user experiences, improves application performance and minimizes IT costs.
• Secure Web Gateway (SWG) technology protects IT assets from attacks, malware and viruses and enforces acceptable use policies. Secure Web Gateways include technology for filtering URLs, detecting malicious code, preventing data loss, placing controls on the use of applications and other essential security tasks.
• Cloud Access Security Broker (CASB) solutions sit between cloud service providers and an organization’s internal infrastructure and users to monitor cloud usage and block cloud-related threats. CASBs may enforce policies around authentication, authorization, single sign-on, credential mapping, device profiling, encryption, tokenization and malware detection.
• Zero Trust Network Access (ZTNA) solutions apply a Zero Trust approach to providing network access to private applications for remote users. Zero Trust requires rigorous authentication and continuous verification for every user and device, blocking visibility and access to all other resources. In contrast to VPNs, which may grant access to the entire network or large portions, ZTNA solutions grant permission only to specific assets or applications for a limited time. 

As the marketplace for SASE products evolves, organizations face a dizzying array of choices among various Secure Access Service Edge vendors. Comparing vendors on the following criteria can help IT teams select a partner most aligned with their goals.

• Global vs. limited scale. Some Secure Access Service Edge vendors have a global network backbone that ensures reliable performance anywhere. Other vendors have limited coverage worldwide and may be too unreliable and latency-prone for global use cases. 
• Hyperscalers vs. private data centers. SASE platforms built on privately-run data centers – where servers and networking equipment are provisioned within the data center – may not support use cases that require extraordinary scalability. SASE providers that leverage global hyperscaler clouds like Google Cloud Platform or AWS may be a better option for businesses that anticipate rapid growth.
• Integrated solutions vs. patchwork collections. Some Secure Access Service Edge vendors offer solutions that have been built or acquired over time and may not provide complete capabilities. Providers that offer comprehensive solutions on an integrated platform are more likely to provide all the SASE services that organizations and IT teams require.
• Ease of use. While most Secure Access Service Edge vendors offer the core components of SD-WAN, SWG, CASB and ZTNA, a more limited number of vendors provide an intuitive interface that unites these technologies and simplifies the management of SASE environments.

One of the principal differences between Secure Access Service Edge vendors is a focus on access-centric SASE or data-first SASE.

Access-centric SASE is principally focused on safely connecting users to the applications and data they need on the web, in the cloud or private data centers. This type of SASE provides centralized control over who can use business systems and protects assets against attackers, malware, ransomware, and other threats. Once access-centric SASE solutions complete the connection, they don’t provide continuous control over how that data is used. Some of these solutions also function as loosely managed point products, where various security services require different endpoint agents that can conflict with each other.

Data-first SASE gives users safe access to data and provides continuous control over how data is used. Some data-first solutions can also identify how users interact with data, pinpointing risky behaviors that can lead to breaches. Data-first SASE solutions enable automated enforcement of security policies based on the risk that each user represents. Data-first SASE also makes enforcement uniform everywhere – in the cloud, the web, the network and at endpoints. For this reason, a data-first approach is best for distributed enterprises where users work and consume cloud services outside of a corporate office.
 

Recognized as a leader in cybersecurity by Gartner, Forrester and NSS Labs, Forcepoint builds market-leading solutions designed to protect the modern enterprise. 

As a leading Secure Access Service Edge vendor, Forcepoint offers data-first, Zero Trust SASE technology that combines control and protection with industry-leading data security and unified policy enforcement. 

Core capabilities of Forcepoint’s SASE service include:

• Central policy management and enforcement. Forcepoint enables web security policies to be centrally configured and pushed uniformly across the web, cloud and in private apps. 
• Fast connections. Forcepoint’s endpoint-based web security eliminates the latency of cloud-only approaches, enabling secure web browsing to run up to twice as fast.
• Zero Trust Web Access. Advanced threat protection capabilities automatically route risky or unknown websites through Forcepoint Remote Browser Isolation (RBI), enabling users to safely access sites, even when they’re potentially harboring malicious code. Zero Trust Content, Disarm, And Reconstruction (CDR) technology sanitizes documents to ensure they can’t deliver known or unknown malware.
• Secure remote access. Forcepoint ONE ZTNA enables workers to securely connect to private business applications without VPNs’ complexity, bottlenecks and risks.
• Network security. Forcepoint provides comprehensive protection that enables safe access to the internet, with the inspection of encrypted traffic and defenses against advanced network threats.
• Network connectivity. FlexEdge SD-WAN connects branch offices directly to the internet with networking that automatically balances loads and proactively points out performance issues before they interrupt productivity.