Network And Security Integration: Keeping Up With SASE

In today’s world of hybrid work, organizations seek better ways to securely connect network users with the applications, services, and data they need from wherever they are.

Secure Access Service Edge (SASE) continues to evolve as an integrated solution to deliver networking and security capabilities, reducing complexity while modernizing security architectures.

SASE: A Quick Refresher

Gartner coined the term SASE in 2019 as the consolidation of several security-as-a-service functions on one side and software-defined wide area networking (SD-WAN) on the other. 

Gartner’s current definition offers more specifics about SASE’s broad category of unified cloud services for both networking and security:

SASE delivers converged network and security as a service capabilities, including SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker(CASB), Next-Generation Firewall, and Zero Trust Network Access (ZTNA). …SASE is primarily delivered as a service and enables zero trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.

SASE enables organizations to connect and protect their users, including those in branch offices or working remotely, and control what those users can access. While primarily delivered as a service, SASE can be deployed on-premises. 

At a high level, Security Service Edge (SSE) plus SD-WAN equals SASE. Let’s break down those technology components:

• SSE, the security side of SASE: Network Security, CASB, SWG, ZTNA, Web Application and API Protection as a Service (WAAPaaS), Firewall as a Service (FWaaS), Remote Browser Isolation (RBI), and Domain Name System (DNS) Security.

• SD-WAN, the network side of SASE: SD-WAN, WAN Optimization, Bandwidth Aggregation, Networking as a Service, and Content Delivery Network (CDN).

SASE deployments also can include Digital Experience Monitoring (DEM) to provide a broader view of the user experience. 

Ken Wisniewski, Senior Security Architect at Sayers, says:

“What is SASE, if not another swing at vendor and functionality consolidation, like we’ve seen over and over in the IT and cybersecurity vendor landscapes.” 

Three Types Of SASE Deployments

Network and security vendors adapt and refine their offerings to keep pace with SASE demand and organizational needs. Deployments fall into three main camps:

Dual-vendor SASE: A networking (SD-WAN) vendor and security (SSE) vendor integrate their offerings.

Single-vendor SASE: One vendor provides all SASE functionality. The solution can include a single unified platform or multiple integrated products. Single-vendor SASE solutions typically include an edge device, which can be an SD-WAN appliance or software-based. The edge device onboards to a cloud backbone that applies the majority of the security functionality.

Managed SASE: A managed offering underpinned by a single or dual-vendor offering.

Current market trends see a shift toward single-vendor SASE platform solutions, with vendors such as Palo Alto Networks, Cato Networks, and Netskope leading the way. 

Gartner predicts: 

By 2026, the majority of SASE vendors will offer a completely converged single-vendor SASE offering. By 2027, 65% of new SD-WAN purchases will be part of a single-vendor SASE offering, an increase from 20% in 2024. 

Is SASE Right For Your Organization?

SASE can incorporate a variety of security and networking technologies, from CASB, SWG, and ZTNA to SD-WAN and firewall. Whatever your organizational size or industry, SASE merits consideration for a variety of uses. Wisniewski says:

“SASE is not a magic bullet, but it can fit into security architectures regardless of the particular size. Organizations of massive scale have different challenges than organizations with small infrastructure, but the core things SASE looks to solve for, such as complexity, modernization, and zero trust, are not exclusive to massive enterprise or mid-size or small organizations.”

Organizations turn to SASE for a variety of uses and benefits, among them:

• Reduce the complexity of managing multiple disparate tools

• Consolidate and reduce the number of vendors

• Align with organizational needs for hybrid work and cloud adoption

• Simplify your security infrastructure, such as VPN replacement for remote and roaming workers

• Replace a coffee shop networking approach and minimize the infrastructure involved with remote users and branch locations

• Improve control and visibility into network and security traffic

• Provide a zero trust platform with secure web and SaaS

SASE discussions should consider where your organization is today and where you’re looking to grow tomorrow. Jason Marocchi, Cybersecurity Architect at Sayers, says: 

“There might be a point where a full-fledged SASE vendor or SASE approach is correct. But if you’re only looking to do ZTNA, that can be accomplished in (other) ways that may be more simple. The conversation to have is, what are you looking to accomplish day one, and then year two, year three, and so on.”

Sayers has earned advanced technical support certifications with major SASE vendors, including Palo Alto Networks and Cato. Services include architecture, proof of concept, implementation, and first-call support.

Questions? Contact us at Sayers today to discover extensive technology solutions, services, and expertise to cover all areas of your business.