Leading SASE Vendors

SASE, an acronym of Secure Access Service Edge, is a new cloud-based network security approach to support the Cloud era of rampant modern digital transformation and cloud-first businesses. With more cloud workload adoption and business agility, SASE software security gives IT teams

With more roaming/remote workforce or users vying for remote access to cloud applications, it comes with challenges like:

  • Infrastructure Complexity
  • increased traffic load
  • smooth, low-latency connectivity
  • uninterrupted access to network
  • Insider Threats
  • Identity & Access Management, and
  • Cloud Visibility etc.

What is SASE Secure Access Service Edge Solution?

With cloud adoption and remote workers rising, the traditional castle and moat approach towards securing your assets doesn’t work anymore.

A concept first developed by Gartner in 2019, secure access service edge, or SASE, has quickly taken center stage for IT and security professionals. As organizations have embraced the cloud, BYOD, and remote work more than ever before, SASE has emerged as the ideal solution for securing their entire IT ecosystems.

In this era, you need a security service delivered from the cloud and unified for ease of operations. Secure access service edge or SASE provides a unified networking and security service delivered from cloud architecture and provides you security for your users, applications, or assets anywhere.

Gartner’s “The Future of Network Security Is in the Cloud Report

SASE, for the first time, was mentioned in a report released by Gartner in August 2019. Two Gartner analysts, namely Neil McDonald and Joe Skorupa, alongwith VP analyst Lawrence Orans, paved way for this paradigm shift in networking and security for the modern enterprise.

Network security and Cloud are two key pillars of Digital business transformation. Gartner’s “The Future of Network Security is in the Cloud” defines The Secure Access Service Edge (SASE) and what it takes to safeguard digital business transformation vis-a-vis SD-WAN secure access. 

In other words, it lessens technical loads when security changes its posture from data center to a user or endpoint. 

Traditional hub-and-spoke architectures are not capable of meeting challenges of ever-growing trends of edge-driven computing

The Gartner SASE report recommends the following:

  1. What is SASE and what makes it a hotcake to secure network security services
  2. SASE security framework adoption
  3. The spectrum of managing boxes to delivering policy-based security
  4. Making the most from the combination of SD-WAN and old protocols like Multiprotocol Label Switching (MPLS) projects to pinpoint the effectiveness of combined network security offerings. 
  5. Getting best mileage from software-defined WAN and push successful network transformation
  6. Adoption of Cloud security features and offerings in terms of scalability and flexibility

SASE Definition

Going by the Gartner’s definition of SASE, Secure Access Service Edge, abbreviated as SASE and pronounced as “sassy, is a network architecture that merges SD-WAN with multiple security technologies ( like Secure Web Gateway SWG, cloud access security broker CASB, Firewall as a Service FWaaS and Zero Trust Network Access ZTNA) into a single and unified, global cloud-native offering. 

Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.

– Gartner, The Future of Network Security Is in the Cloud; 30 August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald

Let’s define SASE further and understand what Secure Access Service Edge environment means in simple terms.

IT architectures are evolving in the face of demand for scalability flexibility and increased security and network challenges such as requirements for low latency and WAN edge needs.

So, when a unified service model like SASE Secure Access Service Edge converge SD-WAN and cloud-based security like:

  • Secure Web Gateways
  • Cloud Access Security Brokers
  • Antivirus/malware inspection
  • Data Loss Prevention
  • Virtual Private Network
  • Zero-trust network access
  • Firewall as a service
  • Advanced Threat Protection etc.

Organizations are poised to apply end-to-end secure access to networking and security of its user base, workloads, endpoints, and network capabilities. 

Difference Between SASE and Traditional Network Security

5 Key SASE Components Capabilities:

SD-WAN 

Firewall as a service

Cloud Access Security Broker (CASB) 

Secure web gateway

Zero Trust network access

Top 5 Benefits of SASE

SASE Benefit #1Reduced IT cost

In today’s time when data is present across cloud applications and SaaS services, there is extra load on traditional network-based security models. It drives up both CAPex and OPex with the presence of vendors and tech stacks. 

With Application of SASE solution as a single platform approach, you get reduced Operational overhead without worrying about cost of deployment of new hardware or software. The Centralized and role-based management propels effectiveness without paying extra. 

It goes without saying that patching, updating software wont be a problem either.

SASE Benefit #2: Holistic and consistent security

Thanks to SASE solution’s comprehensive range of security features like URL filtering, anti-malware,  firewalling, IPS, NGFW policies and endpoint-specific security policies  Threat Prevention and Reducing Risk make SASE a flexible and holistic security choice. 

SASE Benefit #3: Simplified Easy management

The freedom of shifting from site-centric security to user-centric security and control the entire SWG, SD-WAN, NGFW, and VPN devices from a single point simplifies the process of managing less agents per device.

SASE Benefit #4: True improved network security

Using a single set of policies, SASE security all traffic flow is inspected at the source and the endpoint, it reduces downtime due to malicious behavior. 

SASE Benefit #4: True improved network security

SASE Architecture

Top 7 SASE Use Cases Architecture

SASE Use case 1: Securing BYOD

SASE use case 2: Securing the Web and Shadow IT

SASE use case 3: Securing the Remote Workforce

SASE use case 4: Fighting Malware

SASE use case 5: Preventing Data Leakage

SASE use case 6: Securing IaaS

SASE use case 7: Securing Branch Sites

SASE Gartner Quadrant Vendors

In the cybersecurity vernacular, Gartner coined the term Secure Access Service Edge, or SASE to bring network and security functions with WAN functionalities.  

In other words, Secure Access Service Edge (SASE) is an enterprise networking technology

Evaluation Criteria a SASE vendor

Choosing SASE Vendors Platform Solutions

If we talk about a user, a user can access:

  • Internet applications (Youtube or Facebook)
  • SAAS based service ( for example, Office 365, Box)
  • Public Cloud apps – private and public applications ( Azure, AWS or Google Cloud or any Public Cloud instance, etc.)

And he can also access applications in your private data centers.

To secure such users, who are now out of the premise, and accessing such services from cafes. Homes or unsecure networks, from their devices, what you need is the security services suite delivered from the cloud.

Here, we explain the list of services that can ensure user security when he is accessing all these services.

Zero trust Network Access or ZTNA

ZTNA service allows you to secure access to any private application hosted in a private or data center or public cloud.
If a user is accessing anything on the internet, he can use these services securely via a secure web gateway. If you require visibility and control in your SAAS application, what you can use is a CASB, and CASB can provide you security – both inline mode and in the API mode by which you can get to know the security levels of your data which is there at rest.

You can also leverage a next-generation firewall, which can be delivered from the cloud for egress traffic. From there, you can also enable SSL inspection, DNS security, and features like that.

And suppose you think that the users are at risk because their endpoints are not secure. What you can do is enable a remote browsing solution called a remote browser isolate service.
The user will browse any of these services not on his browser but on a remote browser that eliminates the risk of having malware infections and other infections on the host machine, which is on the endpoint.

The services come with flexibility in terms of deployment options. You can use an agent to provide access to your users, whether they are remote or sitting on-prem.

Or what you can do is also provide access to a site. This can be your remote branch, or this can be your head office as well. You can use your traditional methods like a GRE tunnel or an IPSec tunnel to connect. Suppose you have already migrated to a modern SD-WAN solution. In that case, these kinds of solutions or the SASE infrastructure provide you a native integration with the majority of these different hosting providers.With all of these solutions available in the cloud, what you get is a unified threat platform. This unified threat platform includes:

Advanced threat protection

UEBA features, which enables you to contextualize the threat.

And at the same time, it also enables you the DLP services delivered from the cloud, which will cut across all these services, which are listed on the board.

This enables one single console for operations to identify threats and for remediation of all of them. So I know that many things are ongoing here and today; if you talk to any vendor, they are trying to align their services with SASE. So when you look at a partner or a vendor to assess the SASE solution, you should look at the roadmap of the future-proofing. The vendor or the partner you select should have the correct roadmap that aligns with all these requirements. In addition to all this, you should also look at the feasibility of the location. There is a requirement for these kinds of clouds to provide lower latency, and at the same time, they should comply with the data regulations of the state. In addition to this, all these security controls were already present, on-prem, as part of your perimeter security controls.

So, the partner that you choose should be able to migrate those security controls into the cloud.
So please keep these things in mind when you are assessing a security vendor.

Top 10 SASE Vendors List

Perimeter 81 SASE (Secure Access Service Edge)

Zscaler SASE (Secure Access Service Edge)

Twingate SASE (Secure Access Service Edge)

Cato Networks secure access service edge (SASE)

NetSkope Secure Access Service Edge (SASE)

Fortinet Secure Access Service Edge (SASE)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Secure Access Service Edge (SASE) : A Primer

What is SASE?

  • What is SASE Security?
  • SASE Security Components
  • SASE & SD-WANs
  • Zero Trust Network (ZTN)
  • SASE Benefits
ZCyber Security

Brough to you by Perimeter 81

SASE Explained:

  • What SASE Security is.
  • What SASE includes.
  • SASE benefits.

and more...

Brought to you by Perimeter 81

SASE = the Future of

SD-WAN & Network Security

Discover  SASE news, reports, and tools such as webinars, ebooks courses, and events 

Scroll to Top