With the increase of digital business volume, the trend of comprehensive cloudification of enterprise data has become prominent, and the application scenarios of remote work and multi terminal device access have become normalized. The traditional architecture of "network to network, security to security" is no longer able to meet the dual demands of modern enterprises for efficient connectivity and dynamic security. In this context, it has given rise to SASE ( The birth of Sassy
SASE Definition:
SASE(Secure Access Service Edge) Also known as the 'secure access service edge', Gartner The concept was first proposed in 2019 to define this new generation of network security architecture.
In fact, it is not a product, but a new architecture integrating network and security capabilities. Its core is to integrate the functions of Wide Area Network (WAN), network security and edge computing into cloud services to meet the needs of enterprises for flexible, secure and efficient network access in the digital era.
Simply put, SASE It is to integrate the "network connectivity capability" and "security capability" required by enterprises into a cloud service platform for unified delivery, realizing a "cloud native architecture". Through such network architecture deployment, enterprise users can safely and efficiently experience everything they need SaaS( Software as a service) optimized secure connection between applications, cloud resources or public Internet services
SASE Core components of architecture: Software Defined Wide Area Network (SD-WAN) and Secure Service Edge (SSE)
✅ SD-WAN( Our previous program's star, 'Internet Superman'
SD-WAN It is a technology that optimizes enterprise wide area network connectivity through software intelligent scheduling. It is like the traffic dispatch center of the enterprise network, helping to achieve stable and efficient connections between the headquarters, branch offices, and cloud services through intelligent routing, link redundancy, and real-time monitoring.
✅ SSE It includes its comprehensive security technology combination:
Firewall as a service (FWaaS): It refers to the migration of firewall computing, policy management, threat detection and other functions to the cloud, and enterprises access the firewall services of cloud service providers through the Internet to achieve unified protection.
Zero Trust Network Access (ZTNA): ZTNA is a network access policy that requires continuous verification of all users and entities inside and outside the network from untrusted to trusted. The meaning of zero trust is to only give "corresponding people" access to "corresponding resources" no matter where they are.
secure Web Gateway (SWG): SWG is a two-way Internet traffic monitoring technology. It uses traffic filtering, Domain Name System (DNS) query checking, and other methods to identify and prevent malicious software, ransomware, and other network threats. (Commonly known as "attribute filter", online behavior goes through security check first)
Cloud Access Security Proxy (CASB): Regardless of where the user is located or how they connect, as long as the user accesses the cloud, CASB We will implement enterprise security policies, such as encryption and access control, to regulate employee usage SaaS Behavior during application to prevent data from "quietly slipping out".
Generally comprehensive and complete SASE The services will also include Data Loss Prevention (DLP), Network Access Control (NAC), and more.
The combination of the above two architectures achieves a cloud network security integration experience of "Network as a Service" and "Security as a Service".
Simply put, SASE It is the "traffic control tower" that connects enterprises to the cloud world, providing guidance and security, deeply integrating and coordinating network and security, and making the network experience of enterprise users more flexible and intelligent.
▶️ Next article: Let's discuss together in the next issue SASE Advantages and highlights
简体
EN
