Secure Access Service Edge (SASE) is a security framework that converges network and security service that includes SD-WAN, SWG, CASB, NGFW and Zero Trust Network Access (ZTNA).
This article forms part of a series of articles that look at various acronyms used in cyber security, explain them and explore Microsoft’s solution. For more acronyms please visit: https://simonangling.com/cyber-security-acronyms
SASE Characteristics
SASE has four primary characteristics:
1. Its Identity Driven
Access to remote networks and resources is granted based on identity of user and device used
2. Its Cloud Native
The infrastructure and solution is delivered from the cloud
3. It supports all edges
Regardless of location or type – physical, digital, or logical – all edges are protected
4. It’s Globally distributed
Users are protected regardless of their location
SASE Components
The primary components of a SASE architecture are:
1. Software-Defined WAN (SD-WAN)
SASE leverages a SD-WAN overlay architecture that create virtual connections between all endpoints.
2. Firewall as a Service (FWaaS)
SASE moves the firewall to the cloud enabling consistent connections by a remote workforce regardless of location.
3. Zero Trust Network Access (ZTNA)
SASE utilises a zero trust methodology to all network connections.
4. Cloud Access Security Broker (CASB)
SASE provide security for cloud applications and as such CASB is an integral part of SASE.
5. Data Loss Prevention (DLP)
SASE leverages DLP to protect against data loss by controlling and monitoring the movement of data between all devices and cloud services
6. Secure Web Gateway (SWG)
A Secure Web Gateway (SWG) solution protects users against malware, phishing, and other Internet-borne threats.
7. Consolidated Management
One of the primary issues that SASE is intended to solve is the ability to monitor and management of networking and security for a unified console.