What is SASE?

Gartner coined the acronym SASE (pronounced "sassy") to define an information technology (IT) trend where cybersecurity vendors started bundling network and security functions together delivered as a unified cloud service. SASE blends software-defined area networking (SD-WAN) with security functions, provided as a service via the cloud, and managed through a single cloud-based management console. SASE delivers SD-WAN capabilities and requires minimal hardware and agents to offer these security functions and more:

Firewall-as-a-Service (FaaS)

Cloud Access Security Brokers (CASB)

Secure Web Gateways

Zero-trust Network Access

Endpoint Security

In short, SASE is a scalable software-as-a-service (SaaS) product for networking and security that uses a new network security architecture model. SASE is an approach particularly relevant to merchant environments such as retail stores and restaurant chains, as well as to enterprises with a large remote workforce.

How does SASE work?

SASE platforms can integrate SD-WAN , FaaS, CASB, secure web gateways, zero-trust network access control, endpoint security agents, and secure access to enterprise resources, irrespective of where employees, offices, data centers, and cloud applications reside. Its architecture relies on a grid of points of presence (PoP) to provide inspection and forwarding, instead of using inspection engines located in a data center. A SASE client can be branch office equipment, an IoT device, a mobile device with an agent, or one with clientless access.

SASE diagram

Key characteristics of the SASE model

Among the characteristics that make SASE innovative and unique is that it uses an SD-WAN service with a private backbone to connect the distributed PoPs. This way, the internet is only accessed when connecting to that private backbone, thus avoiding inherent latency risks. SASE connects edge devices and software agents to the backbone using the access brokers and encryption, therefore acting as a virtual private network (VPN) replacement of sorts and simplifying network management.

The SASE model is also user-centric or identity-driven, granting access upon the user and device location vs. the site's location. Policy enforcement is unified but distributed. Packet inspection, routing, and traffic encryption, and decryption, are also distributed. Multiple inspection engines, such as malware scanning and sandboxes, run in parallel, thus improving network performance. As such, SASE not only connects users and devices, but it also protects them against DDoS attacks and other network threats.

Finally, SASE is a cloud architecture that makes use of cloud resources with no specific hardware requirements. Ideally, it does not include service chaining, and the console is typically multi-tenanted. It helps IT teams to control and enforce the organization's policies through a single console, thus simplifying operations.

Why is SASE becoming a topic of conversation and research among IT teams?

While still in its infancy, SASE saw accelerated adoption by enterprises during 2020. The impact of COVID-19, when mid-size and large-size companies adopted work-from-home or work-from-anywhere models for its employees, drove interest in IT leaders in researching and evaluating this network architecture model. CIOs and CISOs are considering it to tighten cybersecurity by switching from a datacenter-centric networking model to a user-centric one and adopt, or maintain, a zero-trust networking strategy regardless of where enterprise data, applications, and users reside. As the pandemic drives the workforce to telecommute, the edge goes off-premises on a massive scale, driving the need to minimize exposure to cybersecurity threats by redesigning the network architecture.

Gartner estimated that SASE offerings would have matured by 2024, with 40% of enterprises adopting the model. The reality of the global pandemic of 2020 accelerated adoption and those estimates will need to be updated. Other research companies refer to SASE as SCAPE (Secure Cloud Access and Policy Enforcement), yet the Gartner definition will likely prevail.

How Netsurion can help

Netsurion is a cybersecurity company. We help organizations focus on their core businesses while we ensure their networks are easy to manage, protected from threats, and compliant with industry regulations.

Flexibility and security within the IT environment are two of the most important factors driving business today. Netsurion’s cybersecurity platforms enable companies to deliver on both. Netsurion’s managed platform approach of combining purpose-built technology and a team of cybersecurity experts gives customers and partners the ultimate flexibility to adapt and grow while maintaining a secure environment.

Netsurion’s BranchSDO delivers purpose-built technology with optional levels of managed services to multi-location businesses that optimize network security, agility, resilience, and compliance for branch locations.

Netsurion’s EventTracker cyber threat protection platform provides SIEM (Security Information and Event Management), endpoint protection, vulnerability scanning, intrusion detection and more; all delivered as a managed or co-managed service.

Customize Your Secure Edge Networking

Our managed platform approach to cybersecurity gives you unmatched flexibility and scalability. Check out our Solution Advisor Wizard to customize a managed secure edge networking solution that fits your business needs.

Solution Advisor Wizard

More Info and Pricing

Talk to one of our experts about your cybersecurity needs and find out how Netsurion can help you solve them.

Contact Sales