SD-WAN & SASE: Secure your network and your information at the Edge

By: Mark Abolafia, Chief Operating Officer, Datavision, Inc.

The advent of SD-WAN, enabled with APIs to orchestrate the controller and cloud-delivered security functions, offers an unprecedented level of control and management over your security environment. The connectivity cost reduction advantages of the SD-WAN approach are well known. But along with those reduced costs, SD-WAN, combined with SASE enables efficient zero trust networking security, zero touch provisioning efficiency and simplification and consolidation of network functions into a single appliance (uCPE containing routers, firewall, etc.). However, a bigger advantage lies within the ability of the technology to securely manage flows from an application perspective.

SD-WAN networks can be configured to prioritize critical traffic and real-time services and then have it transit over the most efficient route through a reliable, high performance connection using the best available path.

With SD-WAN, operators and enterprises can enable secure direct cloud access at the remote branch using local internet breakout methods, reducing or eliminating backhauling traffic, so that workers can directly access cloud applications regardless of location without consuming core network bandwidth with additional traffic to manage and secure. Further, SD-WAN improves cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to application targets through the Internet.

Costs are reduced when Networks and network management are simplified using SD-WAN, working together as part of SASE. Applications are more secure and more available.  Networks running Secure SD-WAN are more reliable due to path diversity and proactive self-healing networking. Additionally, when properly selected and deployed, SD-WAN functionality can be extended deep into the local branch wired or wireless LAN to ensure that security and network functionality can protect locally deployed devices and secure direct connections to SaaS applications and other online resources. Virtually eliminating network sprawl, reducing security risks, and improving inconsistent performance are among the advantages of migrating to SD-WAN. This End to End Secure Networking using SASE protects your information as well as your organization.  SD-WAN and SASE also protects your information when users are working remotely, giving you the same information security protection you have always built your business to rely on.

 

Recently, the driving forces of Digital Transformation and the need to more fully secure subscribers at the network edge, or when they are remote,  have given impetus to transitioning from discrete appliances and disparate hardware and software combinations to software services and cloud-based applications in what is being termed as “SASE” or Secure Access, Secure Edge technology. SASE is best described as the joining of SD-WAN and strong Network Security into one solution.

Growth of work-from-home and remote access present challenges to security needs that are not being met in some cases by the current traditional security perimeter devices and firewall technologies. SASE represents the architecture that helps organizations to create a total-security environment for all users from end to end,  that takes into account remote users and branches working with cloud-centric or data center hosted applications to give you a simplified and more effective security stance for network users anywhere they are working.

When considering the array of secure network services available such as Middle Box Functions, differing varieties of filtering (DNS, Port, etc), Security event notifications, DLP, Malware detection-removal, and more…  it is clear that in order for us to achieve the depth and breadth of management required, there must be a way to consolidate, simplify and manage (orchestrate) these disparate, but related, services across a unified network framework.  Improved Management from End to End optimizes and simplifies our secure networks.

In SASE, a user or agent on your network is known as an Actor and the applications they want to reach are known as Targets. SASE, as a secure network model, requires that the network devices (hardware or software) closest to the user devices are able to dynamically provide and support security services by discovering and securing endpoints, their privileges, and securing the traffic. Using SASE as the driving architectural structure to protect and prevent against cloud-based vectors or threats, security services can be consolidated and then managed centrally through a cloud-native architecture. Leveraging technology from companies such as 128T and Dispersive, the “old” VPN paradigm can be avoided through application-specific policy flows and session-based, zero trust security techniques that allow greater freedom to deploy a network architecture and make significant gains in security management.

When considering the array of secure network services available such as Middle Box Functions, differing varieties of filtering (DNS, Port, etc), Security event notifications, DLP, Malware detection-removal, and more…  it is clear that in order for us to achieve the depth and breadth of management required, there must be a way to consolidate, simplify and manage (orchestrate) these disparate, but related, services across a unified network framework.  Improved Management from End to End optimizes and simplifies our secure networks.

In SASE, a user or agent on your network is known as an Actor and the applications they want to reach are known as Targets. SASE, as a secure network model, requires that the network devices (hardware or software) closest to the user devices are able to dynamically provide and support security services by discovering and securing endpoints, their privileges, and securing the traffic. Using SASE as the driving architectural structure to protect and prevent against cloud-based vectors or threats, security services can be consolidated and then managed centrally through a cloud-native architecture. Leveraging technology from companies such as Cloud-based security Netskope, combined with Versa, Silver Peak, and 128T, the “old” VPN paradigm can be avoided through application-specific policy flows and session-based, zero trust security techniques that allow greater freedom to deploy a network architecture and make significant gains in security management.

For further information, please write us at info@datavision-inc.com