Can SASE fit into an adaptive security model?
Sort by:
All these network and SD-WAN vendors are suddenly, "Oh, we're not SD-WAN. Now we're SASE companies." But when you get down to it, they're an SD-WAN company but they offer integrations or APIs into their system to provide security. And I don't want to call it end-to-end security, but there’s some more security on top of the networking services they provide.
Let's say you get Versa networks. You deploy them, and then go to the integrations page within their console. You choose to integrate with this cloud access security broker (CASB) or proxy server, like Zscaler, and then you add those services on top of what you have. Now you're paying for SD-WAN but you're also paying for your Zscaler and you're paying for your CASB and everything else on top of that. It's a convenient way to have your networking and security in one box but just like any company that offers everything, they're not good at everything. So, it's a way to get best-in-breed networking and security in one solution, but it still doesn't work in that it doesn't address the internal issues and propagation.
It sounds like they delegate out—they have hooks into other things.
I’ve asked Versa how their CASB works and they said, "Well, it's not our CASB. You have to integrate with somebody else.” But then Netskope has the whole package. They have single sign-on, they have everything that Duo and Okta do, and they have SD-WAN now. It's interesting how their path is coming along and it'll be interesting to see where they go.<br><br>And there some CASBs are agentless and some are not. I went through this whole journey to get Zscaler, Netskope, SD-WAN, and some other things to work and had to create this big PAK file. You have to get your config file right before you push it out through GPO or DP because if you put the PAK file stuff in the wrong order, it doesn't work. So if you get it wrong, then you have to reissue all the agents and it's a pain. Agents are a step back, period. Nobody wants to manage agents or anything on laptops. GPOs, all this stuff, those are all 20-year-old technology. Why use it anymore?
We’re in a dynamic, ever-moving world that requires an adaptive security model. I don't know if SASE does that. One of the things we're playing with is constantly assessing who you are, where you are, how you are. If you’re on an airplane, no, you can't look at that file now. It’s not happening.
A true SASE solution is an adaptive security model, but it should also be able to integrate with your existing security strategy.
The majority of players in the SASE space today are just riding the Gartner hype train, and are actually point-product solutions just deployed in the cloud. It’s a chaos of integrations, API hooks and disjointed context. The reason for this? SASE is sexy, and they want a slice of that pie.
If you look at the SASE originators (no naming here), you will see that the platforms are designed with scale and adaptation in mind. In the event that you need to add or remove services/rules/policies etc, it’s a couple of clicks instead of a couple of deployments.
You want CASB? Check the toggle and get it working. You need DLP? Sure! RBI? Deployed worldwide in 5 minutes.
This is one of the powers of a true SASE approach. You don’t need to kill your existing architecture, but instead you can adopt one that collapses your vendor sprawl, and scales to your business need