One of the main reasons that the secure access service edge (SASE) is getting so much attention these days is that it combines several networking and security capabilities and functions normally carried in multiple, siloed point solutions into a single, fully integrated cloud-native platform. This allows organizations to overcome cost and performance issues, resulting in a more decentralized networking approach to optimize performance and increase security.
The challenge is that, like the blind men all trying to describe an elephant, it means different things to different people.
In this article, we’ll look at some of the commonly accepted elements of a SASE solution and also review the approach that Cisco is taking to securing access and the network edge. Following are the major elements of SASE:
- Software-defined wide area networks (SD-WAN)
- Domain name system (DNS) layer security
- Secure web gateway (SWG)
- Firewall as a service (FWaaS)
- Cloud access security broker (CASB)
- Zero Trust Network access
The Cisco approach to SASE
Software-defined wide area networks (SD-WAN)
Cisco’s approach to SASE leverages a cloud-scale SD-WAN architecture designed to meet the complex needs of modern WANs through three key areas:
- Advanced application optimization that delivers a predictable application experience as the business application strategy evolves
- Multilayered security that provides the flexibility to deploy the right security in the right place, either on-premises or cloud-delivered
- Simplicity at enterprise scale, which enables end-to-end policy from the user to the application over thousands of sites
Cisco Umbrella multi-function cloud-native security
A foundational element of the Cisco SASE architecture, Cisco Umbrella helps businesses of all sizes embrace and secure direct Internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices. Cisco Umbrella blocks requests to malicious and unwanted destinations before a connection is even established — stopping threats over any port or protocol before they reach your network or endpoints.
Domain name system (DNS) layer security
DNS-layer security provides the visibility needed to protect Internet access by:
- Logging and categorizing DNS activity by type of security threat or web content and the action taken
- Covering thousands of locations and users in minutes
Other elements of the Cisco SASE solution include:
Secure web gateway (SWG)
Cisco Umbrella includes a secure web gateway (SWG) that uses a cloud-based proxy to log and inspect all your web traffic for greater transparency, control, and protection.
- Real-time inspection of inbound files for malware and other threats
- Advanced file sandboxing
- Full or selective SSL decryption to further protect against hidden attacks
- Blocking of specific user activities
- Content filtering by category
Cloud-delivered firewall as a service
With Cisco Umbrella’s cloud-delivered firewall, all activity is logged, and unwanted traffic is blocked using IP, port, and protocol rules. Cisco Umbrella’s cloud-delivered firewall provides:
- Visibility and control for Internet traffic across all ports and protocols
- Customizable IP, port, and protocol policies in the Umbrella dashboard
- Layer 7 application visibility and control
Cloud access security broker (CASB) functionality
Cisco Umbrella exposes shadow IT by providing the capability to detect and report on the cloud applications that are in use across your environment. Umbrella App Discovery offers:
- Extended visibility into cloud apps in use and traffic volume
- App details and risk information
- Capability to block/allow specific apps
Interactive threat intelligence
Cisco Umbrella analyzes 250 billion DNS requests daily, taken from Cisco’s global network into a massive graph database. It also continuously runs against statistical and machine learning models. This information is constantly analyzed by Umbrella security researchers and supplemented with intelligence from Cisco Talos to efficiently discover and block an extensive range of threats.
Cisco’s unique view of the Internet enables Umbrella to uncover malicious domains, IPs, and URLs before they’re used in attacks, and helps analysts to accelerate investigations.
Umbrella and SD-WAN integration
With the Cisco Umbrella and Cisco SD-WAN integration, you can deploy Umbrella across your network and gain powerful cloud-delivered security to protect against threats on the Internet.
Umbrella offers the flexibility to create security policies based on the level of visibility and protection that you need — all from one dashboard.
Cisco SecureX
All of these capabilities won’t mean much if your team can’t quickly and easily access the information they need to understand what is happening, nor respond in a timely manner. That’s where the power of the Cisco SecureX platform comes in.
The goal of this integrated security portfolio is to deliver a consistent, simplified experience that unifies visibility, enables automation, and strengthens your security.
SecureX empowers your security operations center (SOC) teams with a single console for direct remediation, access to threat intelligence, and tools like casebook and incident manager. It overcomes many challenges by making threat investigations faster, simpler, and more effective.
Zero Trust with Cisco Duo
For organizations of all sizes that need to protect sensitive data at scale, Cisco Duo’s trusted access solution is a user-centric Zero Trust security platform. Duo’s multifactor authentication (MFA) lets you verify the identity of all users — before granting access to corporate applications. You can also ensure devices meet security standards, develop and manage access policies, and streamline remote access and single-sign-on (SSO) for enterprise applications.
Cisco Umbrella also feeds huge volumes of global internet activity into a combination of statistical and machine learning models to identify new attacks being staged on the Internet. Umbrella has a highly resilient cloud infrastructure that boasts close to 100 percent uptime since 2006. Using Anycast routing, any of Cisco’s 30-plus data centers across the globe are available using the same single IP address. As a result, your requests are transparently sent to the nearest, fastest data center and failover is automatic, resulting in superior speed, effective security, and excellent user experience.
So, you’ve just finished reading this blog. Why stop now? If you’re lucky – you’ll read our new ebook before anyone else at your company, and you’ll gain a reputation as a networking and security expert who can talk about SASE with the best of them. Who doesn’t love to be a hero?
Ready to get started on the journey? Click to download the ebook Secure Access Service Edge (SASE) for Dummies.
Author Ken Howard is a content marketing manager at Cisco Systems. Read more guest blogs from Cisco here.