SASE

SASE solutions are ideally delivered as services (says Gartner) but can be delivered as turn-key edge appliances. The use of networking technologies (SD-WAN, WAN optimization, Route optimization and more ) to deliver the best possible network experience to any connecting entity — group (a site), users, devices, applications, services, and IoT system — regardless of location.

At the same time, they also restrict restricted based on identity and real-time context (such as location) in accordance with enterprise security/compliance policies and continuously assessed throughout the session.

Although there are dozens of characteristics associated with SASE, four main attributes are essential:

Global SD-WAN Footprint. SASE service providers should provide, in effect, a global SD-WAN service with its own private network consisting of points of presence (PoPs) worldwide. Traffic is routed across their network, avoiding the global Internet’s latency problems.

Distributed Inspection and Policy Enforcement. Security inspection and policy enforcement are distributed across a SASE provider’s PoPs. Traffic is not backhauled for security inspection. Core security services include SWG, CASB, ZTNA, and FWaaS.

Cloud-native Architecture. A SASE service should use a converged, multi-tenant cloud-native software stack not discrete networking and security devices service chained together. SASE solutions delivered as a CPE should be turnkey boxes just “turn it on and forget it,” as Gartner says.

Identity-driven. Security and network access are delivered based on user identity, not an IP address. The identity can be the name of the user but will also consider the device being used and the user’s location.