Secure Access Service Edge (SASE)
Learn how security-as-a-service works together with cloud infrastructure in SASE.
What is SASE?
Secure Access Service Edge (SASE) is a cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service. Conceptually, SASE extends networking and security capabilities beyond where they’re typically available. This lets work-from-anywhere and remote workers, to take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley of threat detection functions. SASE is composed of Security Service Edge (SSE) and SD-WAN.
The term SASE (pronounced “sassy”) was first described by Gartner in an August 2019 report called, “The Future of Network Security in the Cloud.” Gartner notes that in the SASE market trend report, "Customer demands for simplicity, scalability, flexibility, low latency, and pervasive security force convergence of the WAN edge and network security markets.”
Why is SASE necessary?
Enterprise networks are increasingly reliant on cloud-based applications to run their businesses and support distributed workflows to support remote and mobile users. This has resulted in the conventional enterprise network to rapidly grow beyond the conventional network edge, challenging infrastructure leaders to secure and manage an ever-expanding attack surface. While networks have advanced rapidly enough to support the workflows of these remote endpoints, most security tools have not kept pace, rendering VPN-only solutions obsolete. For organizations to remain competitive, all endpoints must be secured and managed with the same security and networking policies as their on-premises infrastructure, regardless of where they’re located.
Benefits of SASE
When properly implemented, a SASE approach allows organizations to apply for secure access no matter where their users, workloads, devices, or applications are located. This becomes a critically important advantage to ensure remote workers' security. SaaS applications see rapid adoption, and data move rapidly among data centers, branch offices, and hybrid- and multi-cloud environments. SASE enables safe browsing, secure access to corporate apps and secure access to SaaS applications from anywhere,
SASE Offers:
- Flexible, consistent security: Deliver a comprehensive range of security services, from threat prevention to NGFW policies, to any edge, ensuring zero-trust network access to know who is on your network, know what is on your network, and protect assets both on and off the network
- Reduced total cost of ownership: Conquer point product sprawl once and for all by using a single platform approach and reducing or eliminating capex and opex costs
- Reduced complexity: Simplify your architecture by consolidating key networking and security functions from disparate point products into single solutions, all easily managed from a single-pane-of-glass management system
- Optimized performance: Leveraging cloud availability, your team members easily and securely connect to the Internet, applications, and corporate resources wherever they are located.
What is Security Service Edge (SSE)?
SSE is a cloud-delivered security service from anywhere that enables safe browsing, authenticated access to private applications, secure access to SaaS applications.
SSE includes:
- Firewall-as-a-Service (FWaaS) - same features as our high-end FortiGate, provided through the Cloud (IPS, anti-malware protection, web security, anti-spam, sandbox)
- Secure Web Gateway (SWG) - inspects end-user web activity and applies a consistent set of security policies to enforce safe browsing habits at the endpoint. Includes features such as Data Loss Prevention, deep SSL inspection, URL filtering, DNS filtering.
- Zero-Trust Access Network (ZTNA) - provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies. ZTNA differs from virtual private networks (VPNs) in that they grant access only to specific services or applications, where VPNs grant access to an entire network.
- Cloud Access Security Broker (CASB) - unified platform where administrators can centrally configure policies for cloud service use. Includes in-line CASB for control over the type of application access (e.g. is the employee allowed to access Facebook?), or API-based CASB that connects to the app and checks the content sent (e.g. files uploaded in Office365 email)
About FortiSASE
FortiSASE offers a comprehensive set of security capabilities including secure web gateway (SWG), universal zero-trust network access (ZTNA), next-generation dual-mode cloud access security broker (CASB), and Firewall-as-a-Service (FWaaS).
Expanding SASE to Secure All Users, Access, Edges, and Devices
Fortinet brings new innovations in its SASE offering. Fortinet SASE is becoming the industry’s most comprehensive SASE offering - securing users, access, edges, and devices anywhere while delivering the highest ROI, consistent security posture and improved user experience. Powered by Fortinet’s unique security and networking convergence approach, it offers organizations a simple secure networking journey towards SASE.
Fortinet SASE’s new innovations enhances the cutting-edge AI-powered solution specifically designed for the hybrid workforce, the power of cloud delivery, unified management and logging, with comprehensive features such as Universal ZTNA, SD-WAN integration, OT/IoT security, LAN/WLAN/5G security, Digital Experience Monitoring, and a flexible licensing model. The new
Fortinet SASE solution ensures the utmost security for all edges, devices, and users, whether they are accessing the web, corporate applications, or SaaS applications.
Single-Vendor SASE
Fortinet is the first vendor to deliver a comprehensive SASE solution by integrating cloud-delivered SD-WAN connectivity with security service edge (SSE), extending the convergence of networking and security from the edge to remote users.
With our single-vendor SASE solution, you can:
- Overcome security gaps and minimize the attack surface with consistent security posture
- Deliver superior user experience with intelligent steering and dynamic routing via SD-WAN
- Simplify operations with simple cloud-delivered management and enhanced security and networking analytics
- Shift to an OPEX business model with simple user- and device-based tiered licensing
SD-WAN Explained: Find out more about SD-WAN benefits.
