SASE and SD-WAN are both technologies for implementing a corporate wide area network (WAN) that connects remote users and branch locations to the enterprise network, cloud applications and the Internet. According to Gartner, SASE is the future of WAN technology, but what are SASE and SD-WAN, and how do they differ from one another?
SD-WAN and SASE are very similar, and, in fact, SD-WAN is a critical component of SASE solutions. However, the two solutions are different and are designed to meet slightly different goals and to operate in different deployment environments.
Software-defined wide area networking (SD-WAN) is a network solution designed to replace traditional WANs built using multi-protocol label switching (MPLS) technologies. It provides a solution for optimized, secure connectivity between any pair of SD-WAN appliances. MPLS is designed to provide dedicated, high-performance network links that offer reliable connectivity between two predefined sites. However, they have limited bandwidth, are expensive, and are geographically limited based upon where MPLS circuits are available.
SD-WAN is designed to provide the same level of network performance and reliability as MPLS without the reliance on dedicated circuits. It works using software-defined networking (SDN) to choose from a number of different transport media (broadband, mobile networks, MPLS, etc.) the optimal path for the traffic . SD-WAN abstracts away the underlying network infrastructure and manages the network connections applying a business intent policy model.
When presented with a connection request, an SD-WAN appliance chooses a routing option based upon the application’s needs (bandwidth, latency, etc.), predefined priorities (i.e. prioritizing corporate video conferencing over social media sites), and the current health of the available network links. This enables SD-WAN appliances to provide the best Quality of Experience (QoE) for latency sensitive applications like VoIP and video conferencing.
With the emergence of cloud security services, SD-WAN has converged and become what Gartner defines as Secure Access Service Edge (SASE). This evolution was designed to meet enterprises’ evolving security needs and address a major SD-WAN limitation.
This is that SD-WAN is designed as a networking solution, not a security one. Prior to SD-WAN, traffic destined to the Internet and cloud applications was backhauled to the corporate data center over an MPLS circuit and secured by a corporate firewall. With the emergence of SD-WAN, the optimal network path is direct to the Internet, bypassing the corporate security stack.
SASE addresses the limitations of SD-WAN by converging SD-WAN network optimization with security deployed as a service in the cloud. The convergence of network and security services means that content inspection and security policy enforcement delivered as a cloud service eliminates the need to divert traffic via the headquarters network. SASE solutions in the cloud can be deployed almost anywhere, making them convenient to an organization’s remote workers and cloud-based infrastructure and minimizing network latency.
SASE is a next-generation network and security solution that is based upon and incorporates SD-WAN functionality. The two main differences between SASE and SD-WAN are:
Enterprise networks are evolving rapidly, and organizations are increasingly leveraging cloud-based infrastructure and supporting remote workforces. These changes make it necessary for an organization to also upgrade its WAN infrastructure.
In a decision between SD-WAN and SASE solutions, it is important to consider the fact that SASE is the next generation and a superset of SD-WAN. Anything that an SD-WAN appliance can do, SASE can do as well. However, it also provides an integrated security stack – enabling an organization to efficiently and effectively deploy zero trust security – and is deployed in the cloud.
Check Point’s CloudGuard Connect SASE solution integrates the functionality of its leading security solutions into a single cloud-centric solution. This enables an organization to effectively and securely connect its branch and remote users to the enterprise WAN. To learn more about SASE and its capabilities, check out this webinar. You’re also welcome to request a demo of CloudGuard Connect to see how SASE can transform your corporate WAN and network security.