Streamlined management, unparalleled protection: How SASE is ushering in the third generation of network security
The security of enterprise networks is a critical priority for all organisations across the public and private sectors, as they are forced to contend with an increasingly turbulent cyber threat landscape. As a result, network teams increasingly find their roles overlap with their organisations' cyber security strategies, with numerous siloed elements now converging.
Indeed, at the time of writing, 35% of network management challenges involve cyber security concerns of some description – a situation made even more complex when we consider the growing percentage of enterprise infrastructure that has either moved or is in the process of being moved to the Cloud, and the rapid rise of the hybrid workforce, with 44% of UK professionals now working remotely at least part of the time.
However, for all the challenges this represents, it is important to remember that the security of enterprise networks is very much a journey rather than a destination. These challenges could very well be turned into opportunities to streamline networking management and optimise the performance of critical applications – all while maintaining ironclad security for all data flows.
But before we consider how this might work in practice, let's look back and consider how network security has evolved over multiple decades…
Stateful firewalls – the original foundation of network security
Even in the very earliest days of enterprise networking, bad actors ought to exploit hidden vulnerabilities to access corporate infrastructure. In response to these threats, the first generation of stateful firewalls became an integral part of security ecosystems.
By blocking traffic based on IP addresses, ports, and protocols, IT teams were able to create clear distinctions between trusted and untrusted networks, including creating demilitarised zones. This way the risks created by open connections between networks and devices could be mitigated.
However, these platforms began showing their limitations when secure access for remote users and branch offices became a key requirement for many organisations, as any data transmitted via unsecure home networks or public Wi-Fi presented a potential attack vector. VPNs offered a solution, encrypting traffic and ensuring activity could not be monitored, but required a separate agent to provide connections to remote endpoints. Furthermore, when users needed to connect to the public internet, a proxy was required to ensure network security policies would be maintained, combined with caching devices to maintain internet performance in cases of limited bandwidth.
While stateful firewalls remain part of all robust cyber security ecosystems, such evolving challenges mean they do so as part of integrated solution wraps, working in tandem with other platforms to mitigate risk and ensure infrastructure remains secure.
NGFWs – the firewall comes of age
As enterprise networks evolved, it became clear that application ports – i.e. HTTP and HTTPS – represented prime targets for cyber-attacks and required a dedicated security solution. While Layer 7 filtering was already in place to secure these ports, its limited granularity meant bad actors soon learned that by targeting application traffic, they were able to use them as back doors to access corporate networks, completely bypassing the firewall.
In response, the well-established stateful firewalls evolved into Next-Generation Firewalls (NGFWs). Located at the network edge (typically data centre perimeters), these proactively detected potential threats by inspecting all traffic while it was still in transit, with the potential for deeper granularity through SSL and deep packet inspection. However, this deep control and visibility of network traffic required additional processing power – more than most off-the-shelf processors could provide – which led to the creation of purpose-built ASICs that offloaded certain security functions to optimise performance.
In response to the increasing scale and complexity of internet-based cyber-attacks, additional capabilities were later incorporated into the existing proxies, including URL filtering, antivirus, data leakage protection, and SSL inspection. The resulting platforms became known as Secure Web Gateways (SWG).
Secure Access Service Edge (SASE) – a unified approach to network security
A fundamental challenge throughout the evolution of network security is that cyber security platforms have traditionally been relatively siloed, designed to overlay other areas of IT infrastructure rather than truly integrate with them. This means that as network and security teams have worked to maintain their edge against the latest threats, they have had to integrate and manage an increasingly disparate range of platforms, with all the ongoing challenges that entails.
SASE offers a new approach, with the best of enterprise networking and leading-edge cyber security seamlessly integrated to deliver full control and visibility of all network traffic through a single, Cloud-based platform, with the AI-powered automation of corporate security policies, ensuring they are consistently applied wherever employees are connecting from. When delivered as a single-vendor solution, this is all achievable without the cost, complexity, and potential risk that typically accompanies the integration of disparate platforms.
This offers the best of all worlds, with all the potential benefits available 'out of the box': the highest standard of network security for the modern distributed workforce, the optimal performance and availability of critical applications, and reduced time spent on manual processes, freeing network and security teams to invest their time and resources where they are most needed.
If you're ready to embrace the convergence of leading-edge networking and security, just get in touch, and our own specialists will work with you to implement your ideal managed SASE solution.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
