SASE in the spotlight under the new normal

Once you taste it, you can't go back, and the way employees work is the same. Even if the corona disaster calms down in the future, it is hard to imagine a complete return to the former appearance. The number of people commuting to the office will increase to some extent, but remote work is one of the mainstream in the future. Hybrid work (coexistence of work and remote work) at the head office and bases will become the standard form, and various cloud services will continue to be actively used. That is the new normal.
At that time, new innovations will be required in the IT infrastructure that supports business execution, especially in the operation of networks. If services that use a lot of bandwidth, such as web conferencing, are used more and more, there is a possibility that the internal network will be strained. In addition, if there are a considerable number of employees who work outside the office, such as at home, it is difficult to clearly divide the internal and external networks and implement security measures at the boundaries.
With such a background, the keyword that has been attracting attention again is "SASE (Secure Access Service Edge)". A concept advocated by US Gartner, a major IT market research company and trend setter, based on the idea of controlling communications on the path to cloud services instead of centralizing and controlling communications at the head office (or data center). It is in. In other words, it is an approach to centrally and dynamically manage networks and security so that various users (devices) can access applications/services/data safely.
This "network and security..." part is the key. When we say SASE, we tend to focus only on cloud security, but SASE is the idea of integrating dynamic control of networks. In that sense, SD-WAN (Software Defined-Wide Area Network) is in the limelight as a part of SASE.

Re-focused on local breakouts, etc.

SD-WAN is literally a technology/service/solution that controls networks (not only LANs but also wide area networks) through software definitions and settings. In the past, network devices such as routers and switches, in other words, the mainstream was to control communication by rewriting hardware configurations and changing settings via dedicated consoles. SD-WAN, on the other hand, is centrally controlled by software. It is possible to optimize after visualizing traffic, and it is also possible to change settings without going to the site. As a result, it is expected that the load and cost of operation can be suppressed.
Initially, SD-WAN was intended for access to domestic data centers from overseas bases where communication environment options are limited, rather than in Japan, where various communication services such as leased lines, wide area Ethernet, and broadband lines are provided. It seems that attention was focused on how to balance network quality and cost. Recently, along with technological evolution, there is a growing view that SD-WAN has advantages over MPLS (Multi Protocol Label Switching) and Internet-based VPNs in terms of cost efficiency, agility, and cloud optimization, even in Japan. It says.
One of the notable features of SD-WAN is "local breakout". It identifies a specific type of communication, such as the use of a cloud service, or a specific connection partner, and directly connects to the Internet via a different gateway than usual. It is common to all companies that traffic is increasing due to the use of web conferencing and various SaaS, which have become established as new work styles. Local breakouts are expected to provide employees with a comfortable work environment while at the same time realizing safe and optimal network management and operation.

Steady Domestic SD-WAN Market

Under these circumstances, the domestic SD-WAN related market seems to be performing well. The survey results published in September 2021 by research firm IDC Japan are interesting. According to the press release, the market size in 2020 will increase by 36.9% from the previous year to 3,722 million yen. The forecast that it will further expand to 5,492 million yen (47.6% growth rate) in 2021 has become a hot topic. It will continue to grow even after 2022, with an average annual growth rate of 43.2% from 2020 to 2025, and the market size in 2025 is expected to reach 22.378 billion yen.
What specific solutions and services are on the market? From the next chapter, we will pick up the attention stocks and explain the details. You can see the direction of each company in how they balance network and security, that is, mobility and safety, or offense and defense, so please read it carefully. Companies with an insatiable interest and curiosity in technology will undoubtedly benefit from digital.

SASE (Secure Access Service Edge) is at the forefront of attention-grabbing keywords as corporate networks and security are approaching a major turning point. CATO Networks, which was established in Israel, has a prominent presence in this area. What are its features and values?

CATO Cloud, provided by CATO Networks, is a popular service with a growing number of users globally. “The biggest feature is that it is a cloud-native SASE that also integrates SD-WAN functions.In other words, in addition to communication between locations, network security and ZTNA (Zero Trust Network Access) can all be centrally managed. It has been highly praised,'' says Tsubasa Komoriya of Macnica Networks Company, a domestic sales agent.

Move security and WAN connectivity to the cloud

Mr. Komoriya explains that the way companies perceive security and communication between bases is maturing through three main phases (Fig. 1). Phase 1 was based on Internet usage via data centers. Perimeter-type security measures were functioning, but many companies must have been plagued by problems such as an increase in the load on the network when teleworking increased due to the corona disaster.
Phase 2 is to migrate security functions and inter-site connection functions from on-premises to the cloud. ,” Komoriya points out.
Phase 3 eliminates such issues, vertically dividing by use and visualizing both security and network on a single console.
can be controlled. This is the true SASE way of thinking. Even before SASE appeared in the world, CATO Networks has been pursuing an ideal form for the next generation, and as a result, it is a pioneering company that has led to SASE." (Mr. Komoriya).

All-in-one service including connection between bases

Now, let's delve a little deeper into SASE. The concept was originally launched by the US market research firm Gartner, and it is now generally accepted that five core functions are essential. Specifically, (1) SWG (Secure Web Gateway) that secures web access when mediating it, (2) CASB (Cloud Access Security Broker) that visualizes and controls the usage of cloud services by end users, and (3) Firewall FWaaS (Firewall as a Service), which provides functions in the cloud; (4) ZTNA (Zero Trust Network Access), which verifies the security status of users and terminals during remote access; and (5) SD-WAN for communication between bases.

Figure 1 Network functions and security functions have been migrated from on-premises to the cloud, and have now been integrated on the cloud. SASE integrates inter-site communication functions in addition to the security functions provided by SSE (Source: Macnica Networks Company)

Figure 2 CATO Cloud has its own backbone network for SD-WAN. We have over 70 connection points around the world, speeding up long-distance communication with overseas bases (Source: Macnica Networks Company)

However, there are quite a few solutions that claim to be SASE that do not include SD-WAN, and there is a feeling that the market was confused for a while. Perhaps for this reason, the recent movement is to distinguish services that integrate the network security functions of (1) to (4) into one and provide them in the cloud as SSE (Security Service Edge). In other words, SASE is a service that integrates SD-WAN in addition to SSE.
“It can be said that true SASE is not a virtual appliance placed in the cloud, but a software stack that integrates network and security functions. That is CATO Cloud,” says Komoriya. It's Mr.
The first use case for introducing CATO Cloud is for global companies with many overseas bases. In addition to being able to simply centralize network security measures for all bases, SD-WAN can guarantee the quality and performance of the line that accesses the head office data center from overseas bases. It is said that it is appealing that costs can be greatly reduced compared to communication services.

Accelerate overseas connections with our own WAN backbone

Looking at the features of CATO Cloud from the SD-WAN perspective, Mr. Komoriya says, ``The biggest advantage is that we have our own backbone network as a WAN line'' (Figure 2). There are generally three levels of WAN acceleration. ``Line switching'' switches routes based on application type and threshold values; ``Line correction'' applies WAN acceleration techniques such as data compression and packet correction; and ``Usage of dedicated lines'' increases speed with a dedicated backbone network. ”, and CATO Cloud is positioned as the last mentioned use of a dedicated line. CATO Cloud originally started by applying U.S. company Imperva's CDN (content delivery network) technology to inbound communications, and the backbone that was built there has borne fruit as a strength in the current era. "Delays in long-distance communications occur not in the last mile, which is close to the user, but in the middle mile of the backbone. CATO Cloud speeds up this process," Komoriya emphasizes. In this way, CATO Cloud is a service that includes a line, so users do not need to install a dedicated line themselves. As of 2022, there are over 70 PoPs around the world, and two in Japan, in Tokyo and Osaka. For example, when communicating between the UK and Tokyo, the UK base connects to the UK PoP, and the Tokyo base connects to the Tokyo PoP. These can be connected at high speed via a dedicated network. Companies using CATO Cloud will install a dedicated edge device ``Cato Socket'' at each location they want to connect to, and connect it to the nearest PoP. PoP constantly monitors network delays, packet loss, and other conditions and determines the best route to forward packets in real time. Cato Socket features zero-touch provisioning, meaning you can basically just plug it in out of the box. Another advantage is that it can be used on a monthly basis and there is no need to purchase hardware first. Two models are available depending on the connection band. There is also remote access software ``Cato Client'' that connects to CATO Cloud from endpoints such as client PCs. A network full of timely security and mobility. The true value of CATO Cloud lies in its ability to build the foundation that is essential to the new normal, and Macnica 's role is to fully develop its potential into the market. Mr. Komoriya concluded the interview by saying, `` the Company has a wealth of know-how that we have cultivated over the years.Please contact us with any network-related concerns.We are ready to provide you with the optimal solution.'' Mr. Komoriya concluded the interview.