1970s: The birth of computer security
The proper beginning of computer security was in 1972 with a research project called ARPANET (The Advanced Research Projects Agency Network). It was the first development of a protocol for remote-computer networking.
The initial realization regarding the need for security arose when a researcher, Bob Thomas, invented a program called Creeper that was able to traverse across the network of ARPANET freely while leaving a trail of breadcrumbs on every single traversal route. The program also had a mocking end-note that read:
"I'm the creeper, catch me if you can."
In response to Creeper, the program Reaper was created by Ray Tomlinson, the creator of e-mail. Reaper was the first program that took on the title of computer worm. Let alone the fact that it was the first instance of antivirus software, it was also the first program with a self-replicating operational nature.
1980s: The internet and emergence of cybersecurity
Remote network devices during the 1980s were usually telephones. As those were the emerging years of cybersecurity, the protection of every entry point (each piece of hardware is considered an entry point) was crucial. The significance of cybersecurity has gained recognition by both the government and IT enterprises as a result of the unprecedented growth of reliance on computers and networking.
While there are conflicting claims as to who the inventor of the first antivirus software was, the fact that the year of emergence was 1987 remains unambiguous. Historically, there were three of these claims made by individuals from different enterprises:
- The first antivirus product for AtariST was created by Andreas Lüning and Kai Figge.
- The first version of NOD antivirus was created by three Czechoslovakians.
- The first release of McFree product (eventually a part of I NTEL Security) was created by John Mcafree.
1990s: Prelude to the digital age
During its first emergence, antivirus technology was purely signature-based. Binaries were just compared with a system that housed a database of virus "signatures." Because this early antivirus technology was new and it emerged before the digital revolution, it was inaccurate due to false positives while also consuming a large amount of computational power.
As more antivirus software was introduced to the market, hackers actively responded by creating more effective methods and malware viruses. According to the history of cybersecurity, "new viruses and malware numbers exploded in the 1990s, from tens of thousands early in the decade growing to 5 million every year by 2007."
IT leaders and organizations were well aware by the mid-90s that in order to provide sufficient protection, cybersecurity needed to be commercialized. Incidentally, this is when a researcher at NASA created the first firewall program. A firewall program is formulated around the physical structures that stop an actual fire from spreading in different areas of a building.
Over time, signature-based threat detection lost its value because of its gullible nature. In its place, a new method emerged—heuristic detection. This method was even able to detect viruses hidden in meaningless codes. Gradually, antivirus software started using generic signatures (like containing wildcards).
2000s: The rise of cyberthreats
By the early 2000s, the availability of the internet was widespread, and an increasing number of homes and businesses had started to use the internet. As internet technology was very young at that point of time, hackers had a plethora of loopholes to exploit. Threats like infected websites emerged, and security concepts like zero-day attacks made antivirus even less effective. It was a delicate period for technology as a whole, let alone the new concept of cybersecurity. Attack methods were diversified and viruses were modified by hackers to remain undetectable even by new security tools.
2010s: The shift to cloud and next-generation cybersecurity
At the beginning of the mass digitization of organizations around 2010, hackers sought and found a new plaything—data infiltration of remote networks spread across multiple locations. In the early 2010s, the number of high-profile breaches and cyberattacks had begun to affect national security and were already costing businesses millions. The increase in cyber-threats led to the shift from typical methods of detection to next-generation innovation, which involves demanding features such as:
- Multi-factor authentication (MFA)
- Network behavioral analytics (NBA)
- Update automation
- Sandboxing
- Web application firewall (WAF)
2020s: Road to SASE
Network security methods have undergone numerous changes as a result of the evolution of hacking techniques and the increasing level of cyberthreats. The reasons behind the multiple transformations of network security methods are diverse. Not all organizations have been digitized, and not all organizations use the same services and applications for their environment. Some use methods that are industry-specific, while others use widespread productivity applications for simple and convenient environments.
The introduction and implementation of technologies such as intrusion prevention systems (IPSs), firewalls, Secure Web Gateway (SWG), and software-defined wide area networks (SD-WANs) cannot be efficiently carried out without expert guidance. Moreover, as a consequence of digitization, the IT industry has gone through a massive shift from traditional technological services to cloud-hosted services. Without a doubt, one of the best contenders for delivering these services is the vendors themselves who develop, deploy, and manage them. This concept has gone from having no name to officially being known as Gartner's® secure access service edge (SASE).
Understanding these conceptual factors that have a concurrent effect on industry-specific environments can clarify how to secure an organization's infrastructure, which is one of the objectives of SASE.
SASE explained
In its 2019 report, Gartner defined the SASE framework as a cloud-based cybersecurity solution: "The Future of Network Security is in the Cloud," which offers "Comprehensive WAN capabilities with comprehensive network security functions such as SWG, CASB, FWaaS, and ZTNA, to support the dynamic secure access needs of digital enterprises."
SASE is different from security service edge (SSE); according to Gartner, SSE is a subset of SASE that purely focuses on the security services required from a SASE-based cloud platform. It is important to remember that SASE does not refer to a specific technology but to the entire framework.
The interesting aspect of SASE is that it barely needs any hardware and uses ubiquitous connectivity based on cloud technology to merge SD-WAN capabilities with network security functions, including Firewall-as-a-Service (FWaaS), Software-as-a-Service (SaaS), SWG, cloud access security brokers (CASBs), and Zero Trust Network Access (ZTNA). Moreover, network and security tools are bundled together and delivered in a single management console, thereby unifying their network. This gives way to a simple security and networking tool that is independent of employee and resource locations.
Unlike traditional network security models, SASE offers scalable SaaS products for networking and security that are convenient, swift, and cost-effective. Furthermore, in this time of rapid change, SASE showcases itself as an attractive option as it can be readily scaled up or down and can be billed based on usage.
Relevance
Traditionally, most of the employees worked on-premises, and traffic was sent to organizational networks (the location of the required security services). However, the industry gradually felt and experienced a considerable shift towards cloud services. This means that network security has grown exponentially complicated, rendering the traditional security models inefficient.
Inherent relevance
According to Gartner analyst Nat Smith, SASE is more of a philosophy and a direction than a checklist of features.
SASE also enables the implementation of network security and allows a legion of different vendors to be substituted with a single unified platform. The following points are some of the key reasons behind the necessity of SASE:
- Scalability with business
- Enables work-from-home
- Evolves in tandem with cyber-threats
- Provides an IoT base for adoption
Gartner also stated that, "By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018."
Industrial relevance
Research And Markets stated in its report that, "In the post-COVID-19 scenario, the global SASE market size is projected to grow from USD 1.2 billion in 2021 to USD 4.1 billion by 2026, recording a Compound Annual Growth Rate of 26.4% from 2021 to 2026."
The IT industry has seen a shift from site-centric to user-centric security protocols over the past couple of years. This shift means that when it comes to remote network access, standard hardware security applications are no longer sufficient. This is where one of the functions of SASE lies. It offers a platform that runs consolidated and unified policy management based on the identity of the user. As a result, organizations can seriously consider user-centric services that are independent of the location of organizational data and/or resources.
Apart from the consolidation and unification of security services, the dependence on cloud-based resources has increased owing to the needs of the Internet of Things (IoT) and edge computing.
As the legacy or traditional security models are hampered by the increase in complications and delays, SASE presents itself as a solution for addressing issues relating to complexity and latency.
How SASE operates
To remain competitive, organizations must secure and manage all endpoints with the same security and networking policies as their on-premises infrastructure, regardless of the location.
As mentioned before, to secure network traffic as the sum of the following functions, SASE uses an architecture that essentially merges SD-WAN or other WAN with various security capabilities.
Lawrence Orans, Joe Skorupa, and Neil McDonald stated in The Future of Network Security In The Cloud, "Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be—a dynamically created, policy-based secure access service edge."
Components of SASE
According to Gartner, SASE has five core components in regard to its capability and technology:
- SWG
- SD-WAN
- CASB
- FWaaS
- ZTNA
This provides a secure path for employees and/or users to avoid accessing or coming into contact with internet threats such as viruses, malware, and suspicious web traffic. It also denies authorization for unsecured traffic to enter a user's inner network.
An SD-WAN is an overlaying architecture that has the properties of speed and optimization meshed with simplification actions in order to decrease complexity and improve the user experience. It prefers to choose the best route to navigate the internet, cloud application, and data center traffic. In addition to the scope of benefits, SD-WANs help with enforcing policies across unspecified locations by allowing the swift deployment of services.
This ensures the safety of the usage of cloud applications or services by shielding the system against malware infection, data infiltration, and lack of visibility. Services such as Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) are secured by a CASB.
Traditional firewall services are no longer effective in the ever-evolving age of digitization. In SASE, FWaaS is replaced with cloud-firewalls, delivering advanced Layer 7, next-generation firewall capabilities like access controls (via an IPS), URL filtration, and advanced threat protection. These cloud firewalls also include DNS security options.
Based on granular policies, a ZTNA integrated model assumes and deems all the devices and users to be untrustworthy as a means to protect the network (least-privilege concept). A core policy is that users are connected securely and are not placed on the organizational network. Organizational apps are therefore prevented from being exposed over the network.
An additional component of SASE is the provision of Centralized Management. Challenges relating to control optimization, patch management, and policy management can be eliminated by centralized management, which uses a single console to manage all these components.
Functionality of SASE
Most employees were working on-premises a decade ago. At that time, inspection and verification approaches by forwarding traffic through a MultiProtocol Label Switching Service (MPLS) to a firewall seemed to be quite optimal and effective. However, in today's hybrid work landscape, much of the workforce is either working from home or another location besides their company's.
The process of MPLS, which involves forwarding remote user traffic to the data centers, inspecting and verifying it, and then relaying it back to the user, is now a hassle and deemed unproductive in the prevailing trend of work from home. This renders MPLS ineffective, reduces productivity, and hurts the experience of end users.
SASE operates in a highly secure and direct manner. Network traffic is inspected from the user's device and at a close point of enforcement instead of depending on the security of data centers. The data is also relayed to its destination from the user's close point of enforcement. This way of operation makes SASE a superior option for the protection of a diverse and distributed workforce. Additionally, it protects the data stored in the cloud as well. All this leads to greater efficiency when accessing applications, services, and stored data.
SASE security policy factors
SASE combines SD-WAN capabilities and network security functions based on security policies to deliver dynamic access to users in a hybrid organization. Mentioned below are four factors on which the security policies enforced on user sessions (customized to each) are based on.
- The connecting entity's identity
- The context (status and behavior of the device, the sensitivity of the resources being accessed)
- The security and compliance policies
- A prevalent assessment of risk during each session
Convergence of SASE and Zero Trust
At first glance, one might not see any major differences between SASE and Zero Trust, but there is a thin line that differentiates them. Both of these concepts have gained sufficient traction over the last few years to take the industry by storm, driven by the prevailing trend of work from home.
Zero Trust in reference to SASE
While a traditional network security model (commonly known as the castle-and-moat approach) trusts and provides access to anyone within its network perimeter, Zero Trust is built around the principle of least privilege. Therefore, in contrast to the castle-and-moat approach, Zero Trust can be defined as a security model that demands strict identification and verification of every single user or device attempting to gain access to the organizational resources in a private network (independent of the location of the user or device).
How Zero Trust integrates with SASE:
- Focuses on providing greater insights from by SASE and logs and displays all attempts to access a network. It also decreases the amount of manual work required by IT teams by using artificial intelligence and enforcing automation.
- Outlines the requirements for effectual monitoring of threats; constant enhancements to the network environment and solution alignment to governance and compliant requirements. All these requirements cannot be achieved by a stand-alone solution.
SASE in reference to Zero Trust
In order to implement a Zero Trust architecture across an organization, Gartner introduced SASE. Unsurprisingly, SASE can be functionally split into two major parts according to its abbreviation:
SASE: Under the secure access component of SASE, Zero Trust policies across user devices and applications (data center and cloud traffic) are defined.
SASE: Under the service edge component of SASE, all traffic is configured using secure access controls to travel through a secured tunnel without being relayed back to the data center.
How SASE integrates with Zero Trust:
- Focuses on the management of all aspects of technology, referring to specific guidance for tech vendors to use in their products.
- Outlines a solution's requirement to have and support secure access edge.
Remember that implementing one of the two (i.e., only SASE or only Zero Trust) does not guarantee automatic and easy implementation of the other. Multiple initiatives are required to be undertaken by an organization to implement either of the two.
How SASE differs from Zero Trust
A clear difference between SASE and Zero Trust is that they do not come together, rather, they complement each other to deliver seamless security measures. It is pivotal to understand that it is not possible to implement all the functions of Zero Trust via a single product. Likewise, Gartner's vision of SASE cannot be fully achieved by one product.
Both SASE and Zero Trust may have their fair share of similarities, but as mentioned before, they have different approaches to implementation and functionality. One of the key differences between these two is that a core component of designing a Zero Trust approach in SASE is defined by the cloud-based infrastructure. While Zero Trust refers to network access controls, apps, and data, it does not directly focus on protection. Instead, it focuses on its own unique configuration, which is to assume that all the users or devices are untrustworthy and unauthorized.
Zero Trust is a crucial component of SASE as SASE is built on the very principles of Zero Trust. This is why the strategies involved in one of them will tend to overlap with the other. SASE is not a quick means to enforce Zero Trust. Zero Trust by itself requires various enforcement strategies for successful operation and collaboration with SASE.
One of the critical reasons behind the convergence of SASE and Zero Trust is that the traditional network security method (castle-and-moat approach) does not cut it anymore. The moat now has to stretch far beyond it's typical boundaries owing to the remote workforce along with cloud transformation paired with rapid virtualization. The repositioning of the moat threatens the security of the castle and leaves the IT industry with an underlying truth:
Gone are the days of castle protection using drawbridges and moats!
Benefits of SASE
Inherent benefits
By itself, SASE offers a plethora of benefits. Being a recent concept, it has leverage over other concepts as it tackles modern network security issues. Listed below are four prime benefits provided by SASE.
- Easy to use
- Simplification of network across the board
- Enhancement of network security
- Fusion between the backbone and edge services
SASE offers simplification of operations by enforcing a single management platform to control and deploy the entirety of an organization's security policies. This enforcement results in an easier shift from site-centric to user-centric security.
Independent of employees, data centers, and cloud environment locations, SASE is structured to inherently reduce complexity and cost of MPLS lines. It simplifies the use and maintenance of the network thanks to its architecture.
Cyberattacks such as man-in-the-middle, spoofing, and malicious traffic can be mitigated if SASE is implemented the right way. Alongside the mitigation of cyberattacks, SASE also strengthens the protection of sensitive data. Furthermore, SASE services can provide a plethora of additional services, such as encryption for every remote user or device and enhancement of privacy controls.
SASE enables the fusion between its governing functions (backbone) and edge services like content delivery networks (CDNs), VPNs, and edge networking. Services such as data center services, cloud and internet access, and many more can be offered as a singular service.
Industrial benefits
- All the end users have the same experience regardless of their or the resource's location.
- SASE enables and supports Zero Trust networking, which is presently one of the top industrial trends.
- Each application can receive the necessary bandwidth and responsiveness with SASE, as it provides various types of services with varying quality.
- SASE reduces the number of chores and the hassle for IT teams relating to deployment, surveillance, and maintenance. This way, IT teams can focus on tasks of higher priority or significance and make better use of their time.
SASE vs. traditional network security model
| Aspect | Traditional network security model | SASE |
| Remotely accessing on-premises resources | Relies on VPN technology (through SSL/TLS browser access) or a specific endpoint client | SASE in and of itself, serves as a replacement for VPNs To access on-premises resources or cloud services, users connect to a SASE solution |
| Accessing cloud resources | Makes use of legacy security and routing controls | Relies on integration of API Provides optimization and cloud-aware network access for SASE components (SaaS, CASBs, etc.) |
| Network access controls | Switching, routing, firewall, and proxy controls are relied upon by most of the on-premises environments | Several network security and access controls (inclusive of FWaaS) are converged into a single unified fabric |
| SD-WAN, WAN optimization, bandwidth aggregation | Several vendors and products are required for controls and capabilities to function Lacks integration |
SD-WAN and traffic optimization capabilities are integrated into one brokering service for every access type |
| Security of Web Applications | Usually used as separate applications or platforms a, WAF can also be attained by brokering to either a content delivery network or in-cloud service | Although the policies and capabilities may not be mature enough yet, this platform allows for the integration between WAF policies and services into the similar approach of brokering |
| Detection of network threat | Next-generation firewalls, malware detection sandboxes, and CASB brokering are used to detect network threats | Several network threat detection capabilities are merged into a single fabric for swift integration |
Challenges of SASE
By itself, SASE is more of a concept than a specific technology. Naturally, no network security concept is completely foolproof. Besides being a new concept, SASE has a dual-nature that leads to a beneficial convergence of SD-WAN and network security tools. As if being a new concept was not enough, the duality of SASE makes it even more vulnerable to advanced cyberattacks. Some of the key challenges of SASE are mentioned below.
- Lack of expertise
- Traditional mindset
- Cost and performance
- Integrated simplification
- Staff retention
As SASE is a convergence of SD-WAN and network security tools, some services might not prove to be adequate owing to the lack of expertise of SASE vendors in one of the two.
Legacy vendors usually focus on selling on-premises software, as they do not have a cloud-native mindset. This can lead them to opt out of providing services that are specific to individual customers (individualized provisioning).
Problems can arise if legacy hardware vendors lack the in-line proxy experience required by SASE. Lack of experience may also lead to limited contextual decisions.
For the simplification of deployments, SASE endpoint agents need to be integrated for collaboration with other agents in the line of deployment.
For the sake of handling new and emerging technologies and concepts, the retention of experienced and agile IT staff will be pivotal, as they will know how to adopt concepts like SASE better.
Conclusion
A piecemeal approach to SASE is one of the most common implementation methods taken by organizations. An interesting fact is that many organizations are unaware of the fact that they have already adopted some of the SASE elements mentioned below.
- Secure remote workforce
- Placement of branch offices behind a cloud perimeter
- Repositioning DDoS protection to the edge
- Shifting self-hosted applications to the cloud
- Replacement of security appliances with unified, cloud-native policy enforcement
SASE is not a cure for network and security issues. SASE does not guarantee the protection of organizational services from disruption, and it does not behave like a standalone solution for network security (at least by itself). It merely allows for faster responsiveness to minimize the impact of disruptions or crises in an organization. To top it all off, it provides better organizational positioning to leverage newer technological services such as edge computing and artificial intelligence.
Rethink your IAM with AD360
AD360 helps you simplify IAM in your IT environment by giving users quick access to the resources they need while establishing tight access controls to ensure security across on-premises Active Directory, Exchange Servers, and cloud applications from a centralized console.
Demo request received
Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.
Get a one-on-one product walk-through
© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.