One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2270485 |
| Date de publication | 2021-01-29 22:57:00 (vue: 2021-01-30 00:05:49) |
| Titre | What is Secure Access Service Edge? SASE Explained |
| Texte | This blog was written by a third party author Today’s “new normal” business environment is heavily focused on cloud. The ongoing trends we’re seeing today show no signs of letting up. Workloads moving to the cloud, an escalating number of devices accessing applications and data, and the more distributed nature of the workforce have been accelerated by last year’s global health events. While security centered on the data center makes deployment and management easy, in today’s modern environment this hub and spoke model isn’t as effective. With the increased amount of traffic flowing over the network links before heading out to the internet, combined with a growing number of employees working from branch office or remote locations, the latency is overwhelming. Secure access to services needs to be everywhere, not just at the datacenter. This is where Secure Access Service Edge (SASE) comes in. What is secure access service edge (SASE)? SASE (pronounced “sassy”) is a cloud-based model or architecture that addresses the limitations of the traditional ‘hub-and-spoke’ network infrastructure that connects users in multiple locations (spokes) to resources hosted in centralized datacenters (hubs), hosting the applications and data. Accessing those resources either requires a localized private network or a secondary network connecting to the primary network via secure leased line or VPN. Problems with hub-and-spoke In theory, the hub-and-spoke model is simple. However, the model cannot handle the complexities involved with cloud-based services like software-as-a-service (SaaS) and escalating distributed workforces. As more workloads, applications, and sensitive corporate data move to the cloud, organizations must re-evaluate how and where network traffic is inspected and how secure user access policies are managed. Rerouting all traffic through a centralized data center isn’t practical (due to latency) when many applications and data are hosted in the cloud. Adding to the latency issue, remote users may suffer when using a VPN to connect to a corporate network. It’s not uncommon for frustrated users to instead access company resources over an unsecured connection, exposing themselves to additional security risks. SASE to the rescue Enter SASE, which places network controls on the cloud edge as opposed to the corporate data center, closer to the service being accessed. SASE implementations do away with layered cloud services requiring separate configuration and management—streamlining network and security services to create a secure, seamless network edge. One of the key features of SASE is the use of identity-based, zero trust access policies on the edge network. With it, organizations can provide specific access to only the applications and data users need to complete their job duties, without having to connect to the network via VPN. The enterprise gains more granular control over network security policies and can do away with legacy hardware like VPNs and firewalls. The best of today’s security functions To support the ever-changing secure access needs of many organizations today, SASE incorporates various network security functions like secure web gateway (SWG), cloud access security brokers (CASB), firewall-as-a-service (FWaaS) and Zero Trust Network Access (ZTNA). These capabilities are delivered along with SDWAN and are primarily “as-a-service,” utilizing the identity of the connecting user or device, real-time context and security or compliance policies. Essentially, SASE is a new package of security functions that includes the aforementioned technologies as core abilities. Using these security functions, examples of what the SASE model can accomplish for organizations include identifying sensitive data or malware (using DLP), decrypting content at line speed (using NGF |
| Envoyé | Oui |
| Condensat | “as “new “verify ‘hub zero abilities ability accelerated access accessed accessing accomplish according across adaptive adding additional addresses adopt adopting adoption aforementioned against agentless agility aims all allow allows along already also amount any appliances application applications approach architecture are assemble assessment assets assume attain author automated automation away bandwidth based been before being benefits best between blog branch breaches broker brokers burden burdens business businesses but buy can cannot capabilities carta casb center centered centralized centric changing circuits closer cloud combined comes company complete complexities complexity compliance comply components compromised configuration connect connecting connection connectivity connects consolidate consolidating contain content context continuous continuously control controls core corporate cost costs create critical cyber cybersecurity data datacenter datacenters day decrypting decryption default defend delivered deployment device devices digital discovery distributed dlp does doing due duties easily easy edge effective effectively either employees enable encourages encryption end enforce enforcement ensure enter enterprise environment escalating essentially evaluate even events ever everywhere evolving examples explained exposing exposure features fewer firewall firewalls flexible flowing flows focused following framework from frustrated functions fwaas gain gains gartner gateway generation glass global goal goals granular growing handle hardware has have having heading health heavily help helps high hosted hosting how however hub hubs ideally identifying identity implement implementations implemented implementing important improve include include: includes incorporates increased infrastructure inspected inspection instead internet involved iot isn’t issue it’s job just keep key last latency lateral layer layered leased legacy less letting level levels leveraging like limitations line links local localized located locations lower main maintaining make makes malicious malware manage managed management management—streamlining many may micro model modern modernize monitoring more most move movement moving multiple must nature need need: needs network networks new next ngfw ngwf normal” not number obtain off office one ongoing only operational opposed optimized orchestration order organization organization's organizations out over overhead overwhelming package pane party perimeter physical places placing policies policies on policy portal possible posture practical premises primarily primary prioritize private problems processed products pronounced properly protect prove provide providers provides quicker range real reduce reduced reducing relying remediation remediation/control remember remote required requirements requires requiring rerouting rescue resources response risk risks routing saas sase saving say scenarios sdwan seamless secondary secure securely securing security see seeing segmentation sensitive separate servers service services sessions shelf should show signs simple single site sites software solution solutions something specific specifically speed spoke spoke’ spokes ssl/tls stacks strategic strategy strict such suffer support swg systems technologies technology themselves then theory these third this: those threats through tied time today today’s traditional traffic trends trust trust” trusting turn ultimate uncommon understand unified unsecured use user users using utilizing various vendor vendors verification viable virtual visibility vpn vpns wan ways we’re web well what when where wherever which who wide will wish within without work workforce workforces working workloads would written year’s your zero ztna |
| Tags | Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.