SASE

Transforming networksecurityto the cloud.
The transformation away from traditional network boundaries to distributed cloud applications poses new security risks for companies .

Users work from anywhere, e.g. company headquarters, branch office, home office, airport, etc., with applications that are also hosted everywhere, they can no longer be guaranteed the speed, performance and, above all, security of their own company network. Secure Access Service Edge (SASE) is a new security concept that combines multiple network functions and security services in a single solution and guarantees companies secure data exchange for their employees, regardless of location or device. CANCOM Austria and Cisco provide the expertise to ensure network access and security in the cloud era.

What is SASE?

The SASE (pronounced "sassy") concept was first introduced by Gartner in 2019.

Secure Access Service Edge is a newly developed offering that combines the power of WAN with comprehensive network security features (such as SWG*, CASB*, FWaaS* and ZTNA*) to meet the secure access needs of digital enterprises.

SASE solutions are based on a software-defined wide-area network architecture (SD-WAN), which offers a flexible and scalable network solution depending on business requirements. This can be easily deployed in a distributed network environment. The aim of SASE solutions is to reliably network companies, their sites and their mobile users and to control secure, stable data traffic, regardless of the user's location or device.

It is therefore a cloud-based model that is provided as an extended SD WAN in a branch office and combined with security services provided in the cloud. In 2020, Gartner predicted that investments in SASE technology will increase by 42% worldwide. 90% of all IT security decision-makers surveyed already rely on the new IT security model.

The SASE architecture was developed to meet the requirements of New Work with mobile teams and the need for secure remote access to applications and data running at different locations. This approach simplifies network and security management and increases the cyber resilience of companies.

What does SASE involve?

Cisco viptela and Cisco Meraki are two SASE product lines with different characteristics. The connectivity and encryption, i.e. the SD-WAN part, is natively integrated in both series. The security elements such as Secure Web Gateway, Firewall, Cloud Access Broker, Zero Trust Network Access, DNS protection etc. are mapped in the Umbrella Cloud Platform for Cisco viptela and in the edge device for Cisco Meraki.

Managed Network Services

With Managed LAN and Managed WAN (SD-WAN), networks are operated, monitored (real-time monitoring) and maintained by CANCOM Austria.

All configuration changes, upgrades, updates (changes) or faults (incidents) are carried out or rectified by CANCOM Austria. This reduces complexity and operational costs for customers, but increases flexibility and implementation speed with shorter fault clearance times. Flexible financing and OPEX models (monthly costs instead of CAPEX basic investment) can be used.

Managed Services - Solutions | CANCOM Austria

Managed Security

SASE offers a range of advanced features that help protect against cyber attacks.

With a zero-trust model, every user and device is verified and authenticated before corporate resources can be accessed. SASE also provides threat protection, including real-time monitoring, threat intelligence and automated response. With appropriate firewalls, traffic flowing between networks is scanned and controlled to ensure that only authorized users and data are allowed through.

CANCOM Cyber Defense Center (CDC) - Solutions | CANCOM Austria

Partner for IT-Security | CANCOM Austria

©Cisco

we transform for the better

SASE models

Cloud-native SASE

Cloud-native solutions are based on container and microservices technologies.

Here, all network and security services are provided via the cloud. A hardware device establishes the connection to the cloud. There is also the option of software clients that connect computers or IoT endpoints directly to the cloud - so additional hardware is no longer necessary.

Cloud-native SASE is ideal for companies with many small branch offices, as each environment, including individual work equipment such as laptops, smartphones, etc., is equipped with security and network services, e.g. insurance companies or retailers.

Cloud-managed on-premise SASE

SASE can be managed centrally via the cloud - all branch offices usually have their own routers.

Administration via the cloud is critical to success because it significantly lowers the barriers to use and a uniform set of rules (policies) is specified company-wide. The advantage of the model is that certain security checks or connectivity and encryption issues run at local level, which increases performance in larger environments.

Managed SASE

CANCOM provides the necessary expertise to manage the increasingly complex WAN, including the security blocks.

Questions such as "How are security functions rolled out or how are user profiles created correctly?" are answered by CANCOM.

With Managed Secure Access Service Edge, you as a company have the advantage of having experts configure and operate the network. Managed SASE is suitable for companies that want to quickly implement the Secure Access Service Edge model and hand over control.

Hybrid options

Some companies rely on a combination of cloud-native and on-premises SASE.

For example, an international company that operates up to two offices with hundreds of employees in each country. Here, the company can use an on-premises security infrastructure for the local offices, while remote teams are integrated via a cloud-native service.

©Cisco

we transform for the better

Advantages of Sase

Simplified administration

SASE provides a single, centralized management platform for security and network services across all sites and devices.

Improved security

SASE solutions offer security services such as firewall, web filter, DNS protection, Zero Trust Network Access, Cloud Access Broker to protect against cyber attacks.

Improved performance

SASE solutions are designed to optimize network performance and provide a fast and reliable path or access to cloud-based resources.

Scalability

SASE solutions are highly scalable, allowing organizations to easily add or remove resources as needed.

Cost-effective

SASE solutions can help reduce costs by combining security and network services into a single solution, eliminating the need for multiple standalone solutions.

SASE in practice

When a user accesses a cloud-based application, their device first connects to the SASE platform. The SASE platform verifies the user's identity and applies the corresponding central security guidelines, i.e. the company's IT security guidelines. If the user is authorized, the SASE platform establishes a secure connection to the cloud application. All data transferred between the user's device and the cloud application is encrypted and protected by the SASE platform and analyzed for threats.

If an employee attempts to access a cloud application from an unauthorized location or device, or generates or spreads suspicious traffic (malware, virus, etc.), the SASE platform denies access and protects the resources. This prevents unauthorized users from accessing sensitive data, even if they manage to bypass other security measures.