What is SASE?

What is SASE?

Secure Access Service Edge, known as “SASE” and pronounced “sassy,” is a term coined by Gartner in 2019 that describes a modern cybersecurity architecture. SASE focuses on bringing security services closer to users and granting them the appropriate level of access based on their risk level at that moment.

SASE is the embodiment of networking converged with security. It provides strong protection from attack regardless of the user’s location and ensures consistent enforcement wherever users are, without having to backhaul traffic to a corporate location. This process is transparent to users and delivers a more secure environment.

 

What Problems Does SASE Solve?

Many organizations have a complicated network infrastructure: distributed sites, remote users, too many appliances. The operational complexity of these elements creates significant management and maintenance challenges for SecOps teams.

Many security controls use their own security management system, each with their own configuration processes and interoperability challenges. This situation often produces visibility gaps, which can increase risk and overwhelm IT teams. On top of that, fluctuations in network traffic and application diversity require additional resources to accommodate usage spikes while minimizing latency.

Most IT teams have invested a lot of time and money preparing for traffic increases and the expected barrage of cyberattacks. They’re often forced to make tough decisions between accessibility and security. That’s because traditional architectures backhaul traffic to a centralized network hub for security inspection and then route it to the desired application or service. This process, while highly secure, negatively impacts performance and budget, especially when it becomes clear that additional capacity is needed.

A SASE architecture, by contrast, inspects traffic and makes services accessible at points of presence near the user’s geo-location. Extra resources can be elastically added to accommodate peak demand, then scaled down when demand decreases. By eliminating traffic backhauling, businesses no longer need to choose between security and accessibility, making the end-user experience seamless and reducing risk.

 

How Does SASE Create a ‘Threat-Aware’ Network?

SASE delivers networking and security together as one cohesive service that addresses an organization’s network and security management challenges. IT teams can use all points of connection on the network to see, automate, and protect against malicious activity, instead of being restricted to performing these tasks in a data center gateway or at the physical network perimeter.

These capabilities empower the network to be threat-aware—that is, able to detect threats and stop them from gaining a foothold in the network. As a result, safeguarding users, applications, and infrastructure becomes easier.

SASE delivers the threat-aware network for the cloud era and should ultimately improve security while reducing complexity and streamlining management. By making security easier to manage, SASE enhances the operational feasibility of the network.

SASE at a glance diagrm

SASE At-A-Glance

What Are the Benefits of SASE?

It’s essential to understand that SASE is not a single product; it’s an architectural shift in how networking and security technologies are implemented. A SASE architecture helps evolve today’s corporate networks with the following benefits:

  • Improved security. Bad actors use any means necessary to attack a network. It’s critical to have consistent security policies and services networkwide to safeguard users, infrastructure, and applications wherever they reside. SASE delivers enhanced security that’s easy to deploy and leverages distributed connection points to apply security policy and enforce threat prevention for stronger security end to end.
  • Greater operational agility. Networkwide visibility is critical to quickly assess application and network health and to identify potentially malicious activity. Through a reduction in complexity, existing resources can do more and see farther. The natural convergence of the network with security capabilities provides one clear focal point for system administrators. Policy consistency reduces configuration errors and enhances overall security efficacy.
  • Ease of use. Historically, organizations have had to deal with routing traffic through multiple layers of defense and primary “choke points” where firewalls are situated. There have been many other controls to manage, as well. However, with SASE, the focus is instead on the direct connection from the client device to the cloud.