Network security is no longer confined to the data center. As security shifts to the cloud, the tried-and-true perimeter based model just can’t keep up. Today’s cyber security professionals are contending with an entirely new type of network and an entirely new set of security needs — now more than ever, they need a new way to keep users, data, and devices safe from threats.
With all the different security solutions (and acronyms) out there — DNS, SIG, SWG, CASB, FWaaS, SASE — it can be tough to sort out which approach is best, as well as which technologies you need to reduce complexity, improve speed and agility, and ultimately secure your network.
The network is changing like never before
A growing remote and roaming workforce, the increasing adoption of direct internet access at branch offices, and the widespread use of cloud-based apps and services have expanded the edges of the network well beyond the data center. As a result, traditional data center–oriented security solutions are no longer providing the protection users need.
Security operations and IT teams are trying to keep up with changing security needs by using a combination of different point solutions, but this fragmented approach to security only adds complexity — it can be tough to stay on top of a deluge of alerts and potential threats coming from a variety of tools.
The future of security: consolidation, cloud, and convergence
Securing the modern network is a considerable challenge, requiring a great deal of time, energy, and resources that overextended organizations don’t always have.
To fill in the gaps, today’s teams are increasingly seeking an entirely new type of security solution — one that consolidates and converges a variety of individual components into one unified, cloud-delivered service.
By bringing previously disparate point solutions together, a service like this can deliver robust, flexible security from one simple, easy-to-manage source. And, by delivering this security from the cloud, this solution is easy to deploy and can provide protection anywhere, on or off network.
A timeline of changing security standards
As security converges in the cloud, we get closer to achieving one simple goal: giving teams the ability to control and secure users, apps, devices, and data — anywhere and everywhere.
So what exactly is SASE?
SASE offers an alternative to traditional data center– oriented security, with a new type of architecture that brings together networking and security services in one unified solution designed to deliver strong security from edge to edge — including the data center, remote offices, roaming users, and beyond. By consolidating a variety of powerful point solutions in one service that can be deployed anywhere from the cloud, SASE can provide better protection and faster performance, while reducing the cost and work it takes to secure the network.
The next evolution in cloud convergence
SASE combines networking and security point solutions into one unified, cloud-delivered service.
- Cloud Access Security Broker (CASB) Software that detects and reports on cloud applications in use across your network, exposing shadow IT and enabling the ability to block risky SaaS apps and specific actions, like posts and uploads.
- DNS-Layer Security Software that acts as a front line of defense against threats on the internet, blocking malicious DNS requests before a connection to an IP address is even established.
- Firewall as a Service (FWaaS) with Intrusion Prevention System (IPS) Software-based, cloud-deployed network services designed to stop or mitigate unwanted access to the internet. With a cloud firewall, you have visibility and control of internet traffic across all ports and protocols. You can log all activity and block unwanted traffic using IP, port, and protocol rules. You can also block or allow activity by application and by user.
- Secure Web Gateway (SWG) A gateway that logs and inspects web traffic to provide full visibility, URL and application controls, and protection against malware. Some gateways can also inspect web-hosted files in real time and decrypt SSL (HTTPS) traffic for advanced threat protection.
- Zero Trust Network Access (ZTNA) A security framework that helps prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement across the network. Duo, now part of Cisco, is a user-centric, zero-trust security platform that verifies users’ identities and establishes device trust before granting access to authorized applications.
- Software-Defined Wide Area Network (SD-WAN) A virtual WAN that allows companies to use any combination of transport services — including MPLS, LTE, and broadband — to securely connect users to apps and locations.
Stronger network security doesn’t happen overnight, but getting started on your journey doesn’t have to be complicated: Start simple by enforcing security at the DNS layer. Because DNS requests precede IP connection, DNS resolvers can stop threats before they reach your network or endpoints, blocking requests to malicious or unwanted destinations over any port or protocol.
A critical component to keeping users safe on the internet, DNS security provides a single view of all internet activity across every location, while helping you prevent threats at the earliest point of contact.