Recently, SASE has been actively gaining momentum - this is one of the upward trends in the network industry. What it is? In short, it is an enterprise technology strategy that combines network and security functions with the capabilities of the global network. What for? To meet the network access needs of today's organizations, access must be both reliable and secure.
Overall, it can be said that SASE is a kind of amalgamation of SD-WAN capabilities and network security services, including Next Generation Firewall (NGFW), Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and intermediary services. cloud security (CASB) into a unified service model. In short, the details are under the cut.
Who needs it and why?
In general, the answer remains unchanged - SASE, first of all, is needed for companies, mainly medium and large. They always need reliable and, most importantly, continuous access to cloud resources and data that are in the "clouds". All of this information is business critical, so problems are not allowed.
Unfortunately, most modern security solutions fail to provide the level of speed, performance, security, and access control that organizations and their users need. We can say that SASE is a qualitative, not a quantitative stage in the development of network technologies and business strategies that are based on them.
The term SASE itself appeared only in 2019 - its author can be considered the company Gartner, which used the term in its report "The Future of Network Security in the Cloud." Agency experts in this response indicated that SASE is one of the most important market trends. In particular, this is discussed in the section "Customer Requirements for Simplicity, Scalability, Flexibility, Low Latency, and Continuous Convergence of WAN Network Security and Network Security Markets."
The report defines the strategy as follows: โSASE combines network security functions (such as SWG, CASB, FWaaS, and ZTNA) with WAN capabilities (ie SD-WAN) to meet the needs of organizations for dynamic, secure access to IT resources. These capabilities are provided primarily in the form of -aaS and are based on the definition of accounts, current context, and security and regulatory compliance policies. Basically, SASE is a new technology package that includes SD-WAN, SWG, CASB, ZTNA and FWaaS as core capabilities, with the ability to identify sensitive data or malware, as well as the ability to decrypt content at linear speed, with continuous monitoring of sessions on subject to an adequate level of risk and confidence. "
SASE features
The main difference between SASE and other technology strategies is the placement of network security management mechanisms at the perimeter - in the border area with the cloud. In most traditional models, security is managed centrally. As a result, SASE eliminates the need for services that need individual configuration and management. Instead, SASE provides a standardized set of network and security services that enable you to create a reliable and efficient network architecture across the network and cloud convergence zone.
SASE strategy components
It is impossible to name a simple strategy, it includes several components. But the goal of all of this is to provide secure corporate access to resources.
Main components:
- SD-WAN. WAN, , , WAN, .
- (Zero Trust). โ . , , .
- NGFW () FWaAs () . , . , . , / , , .
- -. . . , -.
- CASB . This component is a service that enables companies to control their own SaaS applications, including secure application access. CASB and DLP provide combined protection for critical data. The component performs several security functions for cloud services at once, including detecting shadow activity, protecting data privacy and ensuring compliance with data protection regulations.
What are the advantages of a SASE company?
In general, there are a lot of them. There are four main advantages in total.
- . , NGFW, , . , . , , , โ , .
- . SASE โ , . ยซยป . , .
- . SASE . .
- . , , .
?
As with any situation, SASE implementation requires careful architecture and software choices. A company should be wary of vendors that offer many features based on VM chaining. Yes, all this speeds up the deployment of infrastructure, but at the same time the infrastructure is divided into segments, it will be quite difficult to manage it. Your best bet is to select those SASE providers that offer account-based licensing across all products.
What about Zyxel?
In particular, the Zero Trust principle, which we wrote about above, which allows you to effectively control network security even with a large number of remote devices, is implemented in the Zyxel Nebula Centralized Network Management System . The system offers a unified, convenient management of a distributed enterprise network, as well as remote locations and employees. All network components are in one ecosystem, managed from the cloud: security, switching, wireless. The basic free version does most of the functionality that is suitable for most networks. In particular, in one of the hotels in Holland, the basic version works on more than 300 devices.
Nebula will have a big update on April 12, 2021, so a lot of the data in the link above will be changed. You can find out the latest information about the new Zyxel Nebula and ask your questions in our series of webinars.
Webinar # 1 - for the European part of Russia and Belarus
- April 14, 2021
- 15.00-16.00 Moscow time
- check in
Webinar # 2 - for Ukraine
- April 15, 2021
- 15.00-16.00 Kiev time
- check in
Webinar # 3 - for Kazakhstan, Siberia and the Far East
- April 21, 2021
- 9.00-10.00 Moscow time
- check in
Webinar # 4 - New Licensing Model and Related Nebula Functionality
- April 28, 2021
- 11.00-12.00 Moscow time
- check in
Welcome!