A Comprehensive Platform Your Enterprise Needs

SASE is particularly new and attracting attention among network security frameworks (templates that summarize system mechanisms). SASE is a new solution framework called "network & security cloud service" that integrates security solutions and network solutions that have been used separately until now.

Until now, it was common to use one security appliance (for example, a firewall) for one security problem.
But there is a big problem with this. Multiple security appliances are installed in the data center one after the other, and as the number of security solutions increases, costs not only increase, but also problems such as operational load and deterioration of communication quality arise.
Meanwhile, in 2019, Gartner, a major US research company, advocated SASE.
In recent years, due to telecommuting and remote work, the number of connections to SaaS from home Internet lines has increased rapidly, and SASE has become a network security service that is attracting particular attention among companies that actively use remote access.

How SASE works

SASE is a product that integrates many security and network functions. Multiple functions can be centrally managed and operated on one platform.

There are so many features included, and they vary from product to product. Here, the main functions are divided into two types, network and security, and representative functions are picked up and introduced.

• Network function (WAN Edge)
• 1. SD-WAN
  2. global backbone
  3. WAN optimization and acceleration
  4. Inter-site routing

• Security function (Security Service Edge)
• 1. SWG (Web Access Protection)
  2. CASB (visualization and control of SaaS)
  3. FWaaS (control and protection of non-WEB communication)
  4. SDP/ZTNA (remote access)

Other solutions include data loss prevention (DLP), browser isolation (RBI), and other features that vary by vendor.

merit

Deploying SASE to combine security solutions and network functions into one has many benefits. Below are three of the biggest benefits.

1.Cost reduction

By deploying SASE to combine network and security solutions into one, you can reduce the cost of physical appliances and reduce operational costs by enabling centralized management. Consolidating WAN functions can also dramatically reduce line costs.
I would like to introduce some interesting data on how much cost reduction function there is.
According to data released in 2022 by the American research firm Forrester Research, it was revealed that 246% ROI was achieved within 6 months using the "Cato SASE Cloud". Elimination of outdated network equipment, improved performance, enhanced security posture, and increased morale among IT team members are also mentioned. We will introduce the Cato SASE Cloud, which achieved this astounding number, in detail later.

2. Both productivity and security

In conventional networks, network structures have been created around data centers.
However, this data center-centric network structure may not be able to withstand large volumes of data traffic to the cloud. Furthermore, in recent years, the amount of data communication including video is increasing due to web conferences such as zoom and sharing of high-quality materials. If the communication volume becomes unbearable and delays occur in the network, it becomes difficult to use the company's own system or communicate with the outside world, causing a great loss to the company's digital business. SASE has a cloud-native scalable infrastructure that automatically scales according to the amount of data traffic, adopts a mechanism that prevents delays, and can withstand access by thousands or tens of thousands of people. It is possible to achieve both security and employee productivity.

3. Automatically respond to security threats

In the conventional combination of disjointed security points, the security policy will also be disjointed. Vulnerabilities may arise even in settings that seem to have no omissions or omissions. In addition, the amount of time required for countermeasures against these vulnerabilities will be enormous.

SASE integrates multiple security services and network functions into one, and operates and manages them with one simple security policy. Unauthorized communication can also be monitored, resulting in stronger security.

Since SASE is provided as a cloud, the latest ransomware and malware countermeasures are automatically upgraded by the cloud. You can strengthen global, centralized security governance without omissions without the hassle of applying patches to each site.

Demerit

Since SASE is not a one-size-fits-all service, it also has disadvantages.

I would like to introduce the disadvantages of SASE that you should check before introducing it.

1. Complexity of management screens

SASE bundles many security services and network management functions into one. As there are many functions, each management screen tends to be complicated. It is important to check the usability of the management screen through actual demonstrations by each SASE vendor. If you can experience a pre-installation demo, be sure to try it once to see if the management screen is easy to use and how it feels to operate.

2. Robustness of cloud services

Corporate networks basically access between clouds, data centers, and bases through SASE. If the line is down, the work will stop and it will have a negative impact on the business. It is also recommended to research the availability and redundancy of the SASE infrastructure in advance. Cato Networks cloud guarantees SLA 99.999% and high availability. It is safe if you calculate the frequency and method of maintenance and downtime in advance. It is also recommended to check whether or not there is a mechanism to avoid using a backup line even if the SASE infrastructure goes down.

3. Whether SD-WAN is built-in

Many security vendors, including FW vendors, have released SASE solutions, but many of them focus only on security functions and do not have SD-WAN. It is also possible to introduce SD-WAN separately and cooperate with it, but this is not SASE, and these specialized security service functions are now called SSE (Secure Service Edge), which is clearly distinguished from SASE. They are now called separately. If you also want to integrate communication between sites, choose SASE with built-in SD-WAN functionality.

*SD-WAN is a next-generation router function that efficiently centrally manages WAN, which is communication between bases. It is possible to control communication for each application mainly at the L4-7 level and flexibly configure corporate networks not only on closed networks but also on hybrid lines such as the Internet.

Zero Trust and SASE

“Zero Trust”, which is often talked about with SASE, is not the name of a solution or feature, but a new security concept/framework. Until now, the mainstream idea was "perimeter defense", which separates internal and external networks in the form of a reliable internal network and an unreliable external network.

However, it is becoming more and more common for users with access to the internal network to take data out of the office, and for important data to be stored in external networks such as the cloud. It has become

"Zero Trust" is based on Verify and Never Trust, eliminates the boundaries between inside and outside the company, does not trust any communication, and always verifies before connecting to resources. By adopting the concept of Zero Trust, it is possible to deal with data exfiltration due to internal fraud and data leaks between clouds that do not pass through boundaries.

In order to achieve zero trust, it is necessary to centrally visualize and verify access to resources and data, and at this time, it will be possible to integrate all communication paths on the cloud and create a common path. SASE is a great fit for embodying the Zero Trust concept, and more and more customers are using SASE.

Difference from CASB

CASB (Cloud Access Security Broker) is a security gateway solution that specializes in controlling access to cloud services and SaaS. It is characterized by the ability to set very detailed security settings in cloud services and SaaS environments.

The main functions of CASB include visualizing access to cloud services, implementing data-centric security measures, defending against threats such as malware, and preventing use that violates compliance.

Advocated by Gartner in 2012, the demand for CASB is increasing along with the spread of cloud services.
Especially in recent years, when the demand for remote work has increased rapidly, cases of using cloud services that security personnel are not aware of (shadow IT) are becoming more likely, and CASB has become indispensable.

Such a CASB was originally a separate security solution, but is often included as one of the security features of SASE.

Keywords related to SASE have many technical terms and can be easily confused. When choosing a SASE product, carefully compare services and consider them in detail.
In the next chapter, we will introduce Macnica recommended SASE "Cato Networks".

"Cato Networks" Features and Fees

Since its establishment in 2015, it has developed network security, SD-WAN, and SDP/ZTNA in-house to provide one-stop security measures.

The SASE product “Cato SASE Cloud” developed by Cato Networks comprehensively protects all bases, telework, SaaS, IaaS, and mobile terminals. The biggest feature is that it's all in the cloud and built with a software stack.

Since it's in the cloud, you don't need to set up a dedicated server. It's not even a virtual appliance. Global security measures are centrally managed on the Cato SASE Cloud, eliminating the need for vulnerability checks and batch application of security devices. Ransomware countermeasures are also automatically performed on the cloud side.

In fact, the previously introduced “246% ROI achieved within 6 months” is also a figure unique to the Cato SASE Cloud that operates on the cloud. With another company's SASE, it would be difficult to recover the cost of installing the equipment, and it would be difficult to improve operations by as much as 246%.

It is also recommended for remote work.
SASE also integrates remote access management functions, allowing centralized management of remote access, and the installed SDP/ZTNA client software supports not only Windows and macOS, but also multiple operating systems such as iPhone, Android, and Linux. Increase employee productivity while working from home.

The annual cost of the connection device to SASE, Cato Socket, all includes maintenance costs, so you can start introducing SASE while keeping the initial investment low. You can also use the device as it is after PoC (Proof of Concept).

After a small start, it is possible to scale out and update the bandwidth, bases, and mobile users at any time, so it is possible to prepare as a digital business foundation for disaster countermeasures and sustainable corporate management in unpredictable times. is.

The CATO SASE cloud pricing system is very simple, with no classification such as editions.

• Site license: Number of sites per country, last mile bandwidth, HW (Cato socket)
• Mobile Licenses: Number of mobile users by country. Up to 3 devices can be connected simultaneously per user
• Security options such as CASB, monitoring service options such as MDR

We listen to the above customer's specifications and make an estimate based on the configuration. Since it is possible to add sites, increase speed, and add mobile licenses at any time, we also support small starts and multi-year contracts.

Click here if you want to know more about Cato SASE Cloud

Click here to apply for an individual consultation session