What is Secure Access Service Edge (SASE)?

Secure Access Service Edge (SASE) is an emerging WAN model coined by Gartner in The Future of Network Security is in the Cloud that delivers network and security capabilities including SD-WAN, ZTNA, FWaaS, secure web gateway and CASB as services to protect connected entities with a zero-trust security model. Simply put Gartner says “The enterprise perimeter is no longer a location; it is a set of dynamic edge capabilities delivered when needed as a service from the cloud.”

Schedule a Demo ESG SASE Guide

SASE Security – What is Secure Access Service Edge?

The Need for Secure Access Service Edge (SASE)

It is an undeniable trend that workers are more mobile and applications are now delivered as software as a service (SaaS). Traditional network security models of backhauling traffic from branch offices and remote workers to the enterprise data center, where the Internet egress point was typically located, adds latency and results in a poor user experience.

SASE Definition

According to Gartner: “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/ compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”

How SASE Works?

SASE describes a change in architectural principles that moves away from a traditional enterprise delivery model to a decentralized cloud-delivery model.

The connected experience of remote entities such as people, devices, branch offices, applications, services, IoT systems and edge computing locations is greatly improved when connected via a single, global and cloud-centric solution.

Likewise, security can be consolidated to enforce user and device role-based access controls and continually assess risk and compliance-based upon real-time context throughout the duration of the connected session.

Companies are able to deliver services faster than it takes to provision similar physical systems and can scale up and down as services are needed. Companies also see an OPEX savings when the management of networking and security services is brought together under one umbrella.


What are the main Benefits of SASE?

Adopting a SASE framework has many advantages for today’s businesses.

Reduced Complexity: Numerous security capabilities can be combined including branch FWaaS, Secure Web Gateway, ZTNA, CASB and advanced threat prevention capabilities such as sandboxing, to name a few.

  1. Flexibility:a SASE architecture is platform agnostic, enabling the most flexible security infrastructure possible. This flexibility also makes it easy for businesses to scale up their security infrastructure as they grow.
  2. Cost Savings: consolidating security services introduces management efficiencies when there is no need for multiple disparate management consoles.
  3. Performance Improvements: users connecting to cloud SaaS applications and latency-sensitive apps such as collaboration suites, video, VoIP, and web conferencing will see a better quality of experience (QoE).
  4. Improved Security: connecting directly to the Internet and cloud applications decreases network latency, but comes with an added security risk. Cloud security services with advanced threat prevention such as sandboxing and CDR technologies close these security gaps.
  5. Zero Trust: ZTNA solutions implement and enforce an organization’s zero-trust policy. Users attempting to connect to an organization’s applications are only permitted to do so if they require that access to perform their duties.

Security Components of SASE

The ability to customize security settings and operational needs enables companies to create an architecture that meets their current and evolving business needs. Gartner says the following are the core capabilities of SASE and this includes the identification of sensitive data and malware and the ability to encrypt/decrypt content at line speed.

  • Firewall as a Service (FWaaS): a cloud-based Next-Generation Firewall is a scalable, application-aware solution allowing enterprises to eliminate the challenges of legacy appliance-based solutions.
  • Secure Web Gateway: secure Internet access to Web applications and resources leveraging unified Threat Prevention solutions, such as Application Control, URL Filtering, Antivirus, IPS, Anti-Bot, and Zero-Day attack prevention.
  • Zero Trust Network Access (ZTNA): replaces traditional remote access solutions where the VPN was terminated in an on-premises data center, SASE Remote access no longer requires the traffic to be backhauled, improving the user experience.
  • Cloud Access Security Broker (CASB): API-based content security for secure access to SaaS applications such as Office 365 and Google suite, using a CASB.

Nice to have or recommended are web application and API protection (WAAP), remote browser protection, recursive DNS, network sandbox, API-based access to SaaS for data context, and support for managed and unmanaged devices.


Network Components of SASE

SD-WAN – Optimize access to the corporate data center, the Internet and cloud applications by finding the optimal path and circuit using software-defined WAN (SD-WAN) technologies which significantly improves the overall user experience. Routing, dynamic path selection and latency optimization are all essential networking features of SD-WAN

SASE Solution With Check Point

When looking to adopt a SASE architecture for your company, there are several benefits to consider including: attaining cloud-centric technology, reducing the operational burden and cost, as well as improving security and reducing threats. To learn more about how SASE can benefit your business, contact Check Point today to explore secure internet access or secure remote access services. Our security experts can help you explore your options and take steps towards attaining a more robust cloud-based security infrastructure.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.