SASE and what it can do for information security!

September 11, 2023

To talk about information security or cybersecurity is definitely not the easiest of tasks, as developments in this area seem to be happening at a speed that is difficult to keep up with. The cat-and-mouse race between hackers and information security experts is incessant and at a breathtaking pace. Something that appears to be novel today may already be outdated, because in another corner of the world a more efficient solution may have already been discovered or a flaw in the current solution may have been identified that makes it vulnerable.

There was a time, in the early days of the digital age, when the internet didn't even exist, and data subjects were only concerned with physical security of their stored data, thus implementing cameras (CCTV), armed security, locks and even safes. Later, with the adoption and popularization of the internet, attention shifted to the digital security of data storage, with the concepts of access control and cryptography gaining relevance.

But then came the concept of the cloud, which describes a system model that enables on-demand network access to a set of configurable computing tools, including networks, computers, tablets, cell phones, software, etc. The cloud model advocates some basic characteristics for it to be successful, namely on-demand self-service, location independence, Internet access from anywhere, customizable elasticity, concentration of resources and measurement of the service.

With the development of this concept, cloud models have been divided into three distinct types:

1. Software as a service in the cloud (SaaS) – use of a network to access applications from a host.

2. Cloud Platform as a Service (PaaS) – permission for customers to install their software in the cloud.

3. Infra-structure as a Service (IaaS) — renting of processing, storage, network bandwidth and other fundamental computing resources in the cloud.

Although a cloud system can be developed by a company for its own use, the high investment involved in creating and maintaining a data center, its servers and all the security measures necessary for its existence, justifies the demand for various companies that sell or charge for cloud infrastructure services, offering the security of their systems as the icing on the cake. On the other hand, the big challenge is to maintain an acceptable processing speed, since security measures generally imply a loss of processing speed.

With the arrival of cloud systems, there was a need to improve security measures, and in 2019 the concept of SASE (Secure Access Service Edge) emerged, which is a security system defined by Gartner, a renowned American information technology research and consulting company founded in 1979 by Gideon Gartner. The system is characterized by a converged network and security-as-a-service resources, including SD-WAN, SWG, CASB, NGFW and ZTNA. In this type of structure, security and network connectivity technologies converge on a single cloud platform to enable rapid and secure digital transformation.

Therefore, to better understand the scope of this concept, we need to understand each of the acronyms mentioned above, defined in detail in the table below:

INFORMATION SECURITY RESOURCE

MEANING OF THE RESOURCE

PURPOSE

SD-WAN

Software-defined Wide Area Network

It is a virtual WAN architecture that allows businesses to leverage any combination of carrying services—including MPLS, LTE, and broadband Internet services—to securely connect users to applications. Traditional WAN routers are replaced, as this technology provides dynamic, policy-based application path selection by relying on multiple WAN connections and supporting the chaining of services to additional services such as WAN optimization and firewalls.

SWG

Secure Web Gateway

It is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces compliance with corporate and regulatory policies, blocking risky or unauthorized user behavior. These gateways should, at a minimum, include URL filtering, malicious code detection and filtering, and controls for popular web-based applications such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.

CASB

Cloud Access Security Broker

It corresponds to on-premises or cloud-based security policy enforcement points, placed between cloud service customers and cloud service providers to combine and interpose corporate security policies as cloud-based resources are accessed. CASBs consolidate various types of security policy enforcement. Examples of security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention, etc.

NGFW

Next-Generation Firewall

These are deep packet inspection firewalls, adding defensive layers that go beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. Thus, next-generation firewalls can recognize applications regardless of port, protocol, evasive tactics, or SSL encryption and provide real-time protection against a wide range of threats, including those operating at the application layer. Firewalls, up to this point, were limited to providing security based on certain ports and protocols.

ZTNA

Zero Trust Network Access

It is a new cybersecurity model that creates a logical identity- and context-based access boundary around an application or set of applications. Applications are hidden and access is restricted through a trusted agent. The agent verifies the identity, context, and adherence to the policy of the specified participants before allowing access and prohibits lateral movement anywhere else in the network. This prevents access to the application by anyone who has not been authorized and significantly reduces the visibility of someone carrying out any attack.

SASE, therefore, is made up of two sets of technology, including WAN Edge Services (SD-WAN) and Security Service Edge (ZTNA, SWG, CASB and NGFW) which together allow information security professionals to enable a user, device or server to connect securely from anywhere, via any carrying method.

SASE has therefore become an indispensable technology for companies using cloud systems, in order to guarantee adequate information security without compromising the processing flow of users accessing applications and data remotely.

No items found.

RECENT POSTS

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

SASE and what it can do for information security!

No items found.

To talk about information security or cybersecurity is definitely not the easiest of tasks, as developments in this area seem to be happening at a speed that is difficult to keep up with. The cat-and-mouse race between hackers and information security experts is incessant and at a breathtaking pace. Something that appears to be novel today may already be outdated, because in another corner of the world a more efficient solution may have already been discovered or a flaw in the current solution may have been identified that makes it vulnerable.

There was a time, in the early days of the digital age, when the internet didn't even exist, and data subjects were only concerned with physical security of their stored data, thus implementing cameras (CCTV), armed security, locks and even safes. Later, with the adoption and popularization of the internet, attention shifted to the digital security of data storage, with the concepts of access control and cryptography gaining relevance.

But then came the concept of the cloud, which describes a system model that enables on-demand network access to a set of configurable computing tools, including networks, computers, tablets, cell phones, software, etc. The cloud model advocates some basic characteristics for it to be successful, namely on-demand self-service, location independence, Internet access from anywhere, customizable elasticity, concentration of resources and measurement of the service.

With the development of this concept, cloud models have been divided into three distinct types:

1. Software as a service in the cloud (SaaS) – use of a network to access applications from a host.

2. Cloud Platform as a Service (PaaS) – permission for customers to install their software in the cloud.

3. Infra-structure as a Service (IaaS) — renting of processing, storage, network bandwidth and other fundamental computing resources in the cloud.

Although a cloud system can be developed by a company for its own use, the high investment involved in creating and maintaining a data center, its servers and all the security measures necessary for its existence, justifies the demand for various companies that sell or charge for cloud infrastructure services, offering the security of their systems as the icing on the cake. On the other hand, the big challenge is to maintain an acceptable processing speed, since security measures generally imply a loss of processing speed.

With the arrival of cloud systems, there was a need to improve security measures, and in 2019 the concept of SASE (Secure Access Service Edge) emerged, which is a security system defined by Gartner, a renowned American information technology research and consulting company founded in 1979 by Gideon Gartner. The system is characterized by a converged network and security-as-a-service resources, including SD-WAN, SWG, CASB, NGFW and ZTNA. In this type of structure, security and network connectivity technologies converge on a single cloud platform to enable rapid and secure digital transformation.

Therefore, to better understand the scope of this concept, we need to understand each of the acronyms mentioned above, defined in detail in the table below:

INFORMATION SECURITY RESOURCE

MEANING OF THE RESOURCE

PURPOSE

SD-WAN

Software-defined Wide Area Network

It is a virtual WAN architecture that allows businesses to leverage any combination of carrying services—including MPLS, LTE, and broadband Internet services—to securely connect users to applications. Traditional WAN routers are replaced, as this technology provides dynamic, policy-based application path selection by relying on multiple WAN connections and supporting the chaining of services to additional services such as WAN optimization and firewalls.

SWG

Secure Web Gateway

It is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces compliance with corporate and regulatory policies, blocking risky or unauthorized user behavior. These gateways should, at a minimum, include URL filtering, malicious code detection and filtering, and controls for popular web-based applications such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.

CASB

Cloud Access Security Broker

It corresponds to on-premises or cloud-based security policy enforcement points, placed between cloud service customers and cloud service providers to combine and interpose corporate security policies as cloud-based resources are accessed. CASBs consolidate various types of security policy enforcement. Examples of security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention, etc.

NGFW

Next-Generation Firewall

These are deep packet inspection firewalls, adding defensive layers that go beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. Thus, next-generation firewalls can recognize applications regardless of port, protocol, evasive tactics, or SSL encryption and provide real-time protection against a wide range of threats, including those operating at the application layer. Firewalls, up to this point, were limited to providing security based on certain ports and protocols.

ZTNA

Zero Trust Network Access

It is a new cybersecurity model that creates a logical identity- and context-based access boundary around an application or set of applications. Applications are hidden and access is restricted through a trusted agent. The agent verifies the identity, context, and adherence to the policy of the specified participants before allowing access and prohibits lateral movement anywhere else in the network. This prevents access to the application by anyone who has not been authorized and significantly reduces the visibility of someone carrying out any attack.

SASE, therefore, is made up of two sets of technology, including WAN Edge Services (SD-WAN) and Security Service Edge (ZTNA, SWG, CASB and NGFW) which together allow information security professionals to enable a user, device or server to connect securely from anywhere, via any carrying method.

SASE has therefore become an indispensable technology for companies using cloud systems, in order to guarantee adequate information security without compromising the processing flow of users accessing applications and data remotely.

No items found.