One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2610521 |
| Date de publication | 2021-04-09 10:00:00 (vue: 2021-04-09 11:06:10) |
| Titre | The difference between SASE and Zero Trust |
| Texte |
Customers often ask me: What is the difference between Zero Trust and SASE? My answer is almost always the same: Nothing….and, everything. Both have taken the industry by storm over the last couple of years, and even more so with the security and access demands on the business driven by the existing remote workforce, but both have different implementation approaches. It is important to understand, however, that one does not fully provide the other; in fact, they reinforce each other. As you read through Gartner’s research that introduced SASE to the network and cybersecurity world, you’ll note that there are a number of similarities that can lead you to believe that implementing SASE can also implement Zero Trust. While that may be the case in part, it is not a complete approach. And just as there is not one product that will get you to Zero Trust, there is also not one product that fully meets Gartner’s vision for SASE.
Zero Trust Network Access (ZTNA)
One key area of similarity is in ZTNA. ZTNA focuses in on providing whitelisting capability for access to services. This is undoubtedly why it is considered one of the core components of SASE. Zero Trust is based on a set of principles, or tenets. One of these tenets is that all network flows are authenticated before being processed, and that access is determined by dynamic policy. Another tenet requires authentication and encryption applied to all communications independent of location and that security must be performed at the application layer closest to the asset. These alone are foundational to ZTNA. ZTNA secures access to services at the application layer (layer 7), rather than a complete network, like traditional remote access VPN implementations. Therefore, it provides for the means to only provide authorized and authenticated users with access to approved applications.
Monitoring for risk and trust levels
Gartner lists core components of SASE to include SD-WAN, secure web gateway (SWG), ZTNA, firewall-as-a-service and cloud application security broker (CASB). One thing that often does get overlooked in their whitepaper is that a SASE solution needs to have the ability to identify sensitive data, and have the ability to encrypt and decrypted content with continuous monitoring for risk and trust levels. Zero Trust eliminates trust from all network communications and seeks to gain confidence that the communications are legitimate. This level of confidence is applied using trust levels (ironically) and scoring techniques. Therefore, the implementation of a trust / risk engine that applies contextual scoring capabilities is crucial in a Zero Trust Authorization Core , and SASE provides a means to accomplish this through core component technology.
Dynamic secure access
As stated earlier, a tenet of Zero Trust is that access is determined by dynamic policy. Another tenet of Zero Trust is that technology is utilized for automation in support of user/asset access and other policy decisions. This monitoring of user and device behaviors along with automation that drives p |
| Envoyé | Oui |
| Condensat | “capable “the and as zero ability able access accessed accessing accomplish adaptive algorithms align aligning all almost alone along also always among analytics analyzed analyzing another answer any appears application applications applied applies approach approaches appropriate approved architecture” are area around ask asset attempts authenticated authentication authorization authorized automation aware banking based before behavior behaviors being believe between beyond both broker built business but can cannot capabilities capability casb case cases centric changes closest cloud communications complete compliance component components confidence considered content context contextual continuous continuously core cornerstone cost couple crucial customers cybersecurity data day decisions decreases decrypted demands depicting design detailing determined developing device device’s difference differences different document does doesn’t done drive driven drives dynamic each earlier edge effective elements eliminate eliminates embrace emerging encrypt encryption engine engines ensure enterprise entity environment essentially establish evaluated even everything example existing fact factored falling fast firewall flows focuses foundational from fully future gain gartner gartner’s gateway get goes govern governance guidance have heart historical how however identified identify identity implement implementation implementations implementing important in their include increases independent industry introduced iot ironically just key knowing lane last latency layer lead leaders legitimate level levels like lists location maintenance making many may me: means meets mention monitoring monitors more most must needs network not note nothing… number often one only optimization order other other; outlines over overlooked part path perfectly performed pieces place plan play policies policy principles private processed product provide provides providing qos quality rather read recommended referencing reinforce remote require requirements requires research resource responses risk risk/trust role routing same: sase scored scoring secure secures security seeks seen selection sensitive sensitivity service services sessions set shaping short should significant similarities similarity since single solely solution solutions sources stated states: stops stores storm strategic strategy subsequent such support swg taken technical techniques technology tenet tenets than the ability then therefore these thing think threats through time times traditional traffic trust ueba understand undoubtedly upon user user’s user/asset user/device/service users using utilized vendors versus vision vpn wan web well what whereas which whitelisting whitepaper who why wide will within word workforce world writes years you’ll zero ztna |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.