SASE: Securing Access and the Network Edge
One of the main reasons that the secure access service edge (SASE) is getting so much attention these days is that it combines several networking and security capabilities and functions normally carried in multiple, siloed point solutions into a single, fully integrated cloud-native platform. This allows organizations to overcome cost and performance issues, resulting in a more decentralized networking approach to optimize performance and increase security.
The challenge is that, like the blind men all trying to describe an elephant, it means different things to different people.
In this article, we’ll look at some of the commonly accepted elements of a SASE solution and also review the approach that Cisco is taking to securing access and the network edge. Following are the major elements of SASE:
- Software-defined wide area networks (SD-WAN)
- Domain name system (DNS) layer security
- Secure web gateway (SWG)
- Firewall as a service (FWaaS)
- Cloud access security broker (CASB)
- Zero trust network access
The Cisco Approach to SASE
Software-defined wide area networks (SD-WAN)
Cisco’s approach to SASE leverages a cloud-scale SD-WAN architecture designed to meet the complex needs of modern WANs through three key areas:
- Advanced application optimization that delivers a predictable application experience as the business application strategy evolves
- Multilayered security that provides the flexibility to deploy the right security in the right place, either on-premises or cloud-delivered
- Simplicity at enterprise scale, which enables end-to-end policy from the user to the application over thousands of sites
Cisco Umbrella multi-function cloud-native security
A foundational element of the Cisco SASE architecture, Cisco Umbrella helps businesses of all sizes embrace and secure direct internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices. Cisco Umbrella blocks requests to malicious and unwanted destinations before a connection is even established–stopping threats over any port or protocol before they reach your network or endpoints.
Domain name system (DNS) layer security
DNS-layer security provides the visibility needed to protect Internet access by:
- Logging and categorizing DNS activity by type of security threat or web content and the action taken
- Covering thousands of locations and users in minutes
Other elements of the Cisco SASE solution include:
Secure web gateway (SWG)
Cisco Umbrella includes a secure web gateway (SWG) that uses a cloud-based proxy to log and inspect all your web traffic for greater transparency, control and protection.
- Real-time inspection of inbound files for malware and other threats
- Advanced file sandboxing
- Full or selective SSL decryption to further protect against hidden attacks
- Blocking of specific user activities
- Content filtering by category
Cloud-delivered firewall as a service
With Cisco Umbrella’s cloud-delivered firewall, all activity is logged, and unwanted traffic is blocked using IP, port and protocol rules. Cisco Umbrella’s cloud-delivered firewall provides:
- Visibility and control for Internet traffic across all ports and protocols
- Customizable IP, port, and protocol policies in the Umbrella dashboard
- Layer 7 application visibility and control
Cloud access security broker (CASB) functionality
Cisco Umbrella exposes shadow IT by
- Page 1
- Page 2