The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues to define this term and its attributes.
SASE combines network services like SD-WAN with network security functions, including cloud access security brokers (CASB), Secure Web Gateways / proxies (SWG), antivirus/malware inspection, virtual private networking (VPN), Firewall as a Service (FWaaS), and data loss prevention (DLP), all delivered by a single cloud service at the network edge.
These network security functions on their own are often referred to as Secure Software Edge (SSE).
Edge security is a type of enterprise security for corporate resources that are no longer all located within the protective boundaries of a centralised data centre. It’s used to protect users and apps at the farthest reaches, or “edge,” of a company’s network, where sensitive data is highly vulnerable to security threats.
Cisco Meraki at its very origin in 2006 delivered cloud-managed wireless access points to market with inbuilt firewalls and DNS protection stopping threats over all ports and protocols. This provided customers with enterprise wireless and security connected to the internet by any network routing mechanism.
Overtime, Meraki has developed a platform of cloud-managed routers, switches, access points, cameras, IoT devices, wireless WAN devices and network analytics functions. Many of these leveraging enterprise security software from Cisco who acquired Meraki in December 2012.
The Meraki Routing and Security Appliances (MX) have three basic levels of software they can be licensed with. The license covers automated firmware upgrades, 24 x 7 support and a limited equipment warranty which varies by device type, but in many cases, provides full component replacement on failure at no additional charge. All for the term of the license 1, 3, 5, 7 or 10 years.
The MX license types are Enterprise, Advanced Security and SD-WAN Plus. All three advance the level of network security available.
The Enterprise license delivers a firewall and Auto VPN to quickly establish secure tunnels between Meraki devices – providing essential SD-WAN, secure connectivity, and basic security.
The Advanced Security license, in addition, delivers Unified Threat Management leveraging Cisco AMP, Snort and the global Cisco Talos Threat Intelligence Group. This license also offers additional integrations with Cisco Umbrella DNS protection stopping threats over all ports and protocols and Cisco Threat Grid a malware analysis platform providing automated static and dynamic analysis, producing human-readable reports with behavioural indicators for each file submitted. These integrations are licensed separately.
The SD-WAN Plus license, in addition, provides advanced analytics with Machine Learning and Smart SaaS Quality of Experience (QoE). While this license does not substantially add to network security, it is designed for branch SD-WAN deployments where SaaS, VoIP and public cloud applications are critical to corporate operation – and network health analytics reduce the number of support tickets and help optimise network operation in lean IT operations.
At some point in your network security journey, your on-premises security hardware won’t be able to keep up with the volume of packet inspection required leaving you exposed, or you have so many network security components from different vendors that no one vendor can assure you that there aren’t any security holes or system conflicts. After all, there is a limit to the regression and load testing capability of your single system security vendors and the version compatibility testing they do with other vendors security systems and networking platforms. It’s just a costly, seemingly mammoth task which adds to the cost of the product and its support fees.
Other business and IT challenges addressed by SASE include:
The next iteration of Cisco Umbrella is Umbrella SIG (Secure Internet Gateway) or sometimes referred to as ‘SIGRAKI’, a play on names when deployed in a Meraki network.
Umbrella SIG is a cloud-delivered security service that unifies multiple functions in a single solution that traditionally required multiple on-premises appliances or single function cloud security services.
Both the MX Advanced Security and SD-WAN Plus licenses can benefit from the addition of Umbrella SIG.
Due to Umbrella SIG being a multi capability service it offers many practical benefits which include:
This is a full proxy gateway (performing the function of a firewall and filter between users and the public internet) to shield users from malware and other dangerous attacks. It does this by logging and inspecting (in detail) all the traffic that passes through it.
Exposes the use of non-IT approved cloud applications (also referred to as Shadow IT). Its overall purpose is to secure user identities, prevent user accounts from being compromised and protects corporate cloud data from threats or loss.
There are often multiple firewalls within an organisation’s network providing segmentation of various servers. This Umbrella firewall can be seen as the first port of call into the organisation from the public internet. Specifically, it provides visibility and control for all traffic across all ports and protocols. This could include mobile apps, peer-to-peer file sharing, collaboration (for example, WebEx or Zoom), or any non-web or non-DNS (Domain Name Server) traffic. It logs activity and blocks unwanted traffic using IP, port, and protocol rules (ISO layer 3/4 firewall), application rules (layer 7 firewall), and intrusion prevention system (IPS) rules.
DNS servers convert URLs and domain names into IP addresses that computers can understand and use. They translate what a user types into a browser into something the machine can use to find a webpage. By enforcing security at the DNS-layer, Umbrella uses the internet’s infrastructure to block requests to malicious and unwanted destinations / websites before a connection is even established, stopping threats over any port or protocol.
Analyses data in-line to provide visibility and control over sensitive data. DLP does more than retroactively alert you of potential leaks and abnormal file transfers. It blocks the transfer of your sensitive data, in line with your data policies, before it even leaves your organisation.