SASE and QoE: What you need to know

Since Gartner introduced the Secure Access Service Edge (SASE) concept last year, we see growing interest about it among our partners and customers across the globe.

However, quite a few people are missing some of the fundamental concepts that are important to consider as organizations all over the world work to efficiently navigate their way through this historic paradigm shift in network security architecture.

First and foremost, for the sake of clarity, let’s cover some basics.

 

What is Secure Access Service Edge (SASE)?

Secure Access Service Edge  (SASE) Is a network architecture that combines an application-aware WAN approach and security functions in one cloud-based service to support the dynamic secure access needs of digital enterprises.

In short, SASE is a cloud-based approach to securing corporate service access. Typically, it’s provided as a service by SASE vendors, which are rapidly growing in number.

SASE enables end-to-end security for branch and headquarters locations, as well as consumers and telecommuters, which is especially relevant now with the current work-from-home (WFH) trend, especially with applications hosted and accessed from outside the network.

One of the first things most people wonder, when hearing about SASE for the first time, is, “What about SD-WAN? How is SASE different?

 

SASE vs. SD-WAN: what’s the key difference?

The main differentiator when comparing SASE to SD-WAN is related to network security capabilities.

SD-WAN is an increasingly common way to approach routing in the world of cloud computing.

One of the strengths of SD-WAN is that it allows companies to build higher-performance WANs using low-cost, commercially available internet access appliances. Through this, it enables businesses to partially, or wholly, replace more expensive private WAN connection technologies, such as MPLS.

It’s crucially important to note that SD-WAN is merely a networking technology framework.  It doesn’t contain any native security capabilities, which are so vitally needed by enterprises today. Because of that, many companies have stepped in to address the need with a variety of SASE solutions.

Still, SASE, as an architecture, is in the early stages of development. According to Gartner, its evolution and demand are being driven by the needs of digital business transformation due to the adoption of SaaS and other cloud-based services accessed by increasingly distributed and mobile workforces, and to the adoption of edge computing. Early manifestations of SASE are in the form of SD-WAN vendors adding network security capabilities and cloud-based security vendors offering SWG, ZTNA and CASB services.

Because of this, when an organization undertakes the adoption of SASE architecture, there are some important risks to consider. As Gartner so astutely pointed out, “Some SASE offerings will be developed and delivered by network-centric providers that are new to the security protection market. Likewise, security-centric providers may not have the full SD-WAN functionality expected of a leading WAN edge solution.”

So, what are the main things an enterprise should be considering when evaluating SASE solutions?

 

Essential Security Requirements of SASE

First and foremost, it is important that SASE implementations don’t increase the organization’s exposure to cyberthreats.  From our perspective, there are three main areas to consider.

DDoS attack mitigation – The new SASE perimeter is now the core network of the organization and should be protected from DDoS attacks, as well, to retain availability. Adequate security measures should be in place to protect your network from small and large volumetric attacks, as well as short-lived attacks that can disrupt IT operations and your business. Some DDoS protection solutions offer zero-day protection with behavior-based detection to mitigate attacks of all sizes within seconds.

Network security – It is always important that organizations of all types are protected from malware and content deemed inappropriate and/or irrelevant to the business. The best network-based solutions have the power to protect networks, endpoints and users on virtually any architecture, implemented in the SASE, with features such as malicious site detection, URL categorization, and blocking download of malicious files.

IoT securityIoT devices are now inside your network as they are connected to the SASE. As such, it is critical to automatically profile and monitor them for malicious activity.

Furthermore, in addition to these security considerations, there are other important factors to consider when evaluating different SASE solutions. These other factors may have a dramatic impact on the quality of experience (QoE), one way or another.

 

SASE and the importance of QoE

As we published last year in “Driving QoE,” an enormous amount of money is being spent all over the world on bandwidth and network equipment as organizations strive to deliver optimal Quality of Experience (QoE) across a range of existing and planned services. Given the current circumstances, this rings true for all types of enterprises and large organizations, now more than ever.

To preserve hard-earned, world-class QoE while transitioning to the new SASE architecture, certain functions must be seriously considered, such as:

  • Traffic Shaping,
  • Application-aware route selection,
  • Bandwidth optimization, and
  • Congestion Management.

When it comes down to it, as support for the SASE paradigm grows in the industry, and the volume of associated network traffic increases, proper traffic management becomes more important than ever when working to ensure high QoS across the network.

As we wrote in the past, the ever-increasing volume and complexity of data traffic poses a constant challenge to large organizations, who must provide enough capacity to fulfill bandwidth demand and Quality of Experience (QoE) expectations.

Simply adding more bandwidth is not a cost-effective solution in the long run, especially with SASE implementations. No matter how much bandwidth you provide, today’s applications and users will demand more.

That’s why traffic management and congestion control solutions to optimize bandwidth utilization and network efficiency are so crucial. However, many network solutions can only give best effort, so – when network bandwidth is congested, users experience slow response time, excessive buffering, erratic video streaming, and other symptoms of poor service.

With SASE, to effectively manage QoE, you need to monitor and measure important indicators, such as low-latency, jitter, and availability, which reflect a smooth experience when working in a SASE environment. One must also be able to adjust service delivery parameters, for applications like Zoom, YouTube, and corporate email, to ensure optimal operation of the organization.

To summarize, as you transition to SASE, make sure your security solution can preserve network services, even while under attack, and make sure your traffic management solution can dynamically assure QoE during extreme usage.

 

Contact us to learn more.


*** This is a Security Bloggers Network syndicated blog from Allot Blog authored by Itay Glick. Read the original post at: https://www.allot.com/blog/secure-access-service-edge/