An emerging cybersecurity concept introduced by Gartner, Secure Access Server Edge (SASE) promises better cyber protection in view of the growing prevalence of cloud use, which entails the need for dependable cyber protection without interrupting access for users from various locations. SASE helps organizations achieve extensive visibility, real-time data protection, and defense from various threats.
One benefit of SASE that does not seem to get the attention it deserves is stronger endpoint security. SASE is often associated with network and cloud protection, but it also has excellent endpoint security benefits. It is a relatively new cybersecurity technology, but it is already getting widespread adoption. According to a 2021 global study by Sapio Research, 34 percent of businesses are already using SASE, while 64 percent say that they plan to follow suit in the next year.
Introduced in 2019, SASE security combines WAN capabilities with other security technologies including firewall-as-a-service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and cloud access security broker (CASB). It is designed to secure protected entities following the principle of zero-trust. It is also capable of identifying sensitive data and malware, decrypting content, and conducting continuous monitoring to determine risk and trust levels.
One of SASE’s biggest differentiating attributes is its shift away from the traditional enterprise delivery model toward decentralized cloud delivery. This marks a significant improvement in securing enterprise assets because of the largest interconnected nature of modern organizations. Nowadays, people, devices, branch offices, remote entities, apps, services, edge computing sites, as well as IoT devices need to be online and connected with each other to operate efficiently. Conventional security models are no longer suitable to handle the challenges encountered in this setup.
SASE provides the benefits of flexibility and cost savings as it does not require on-prem hardware and client software, and it also supports the consolidation of existing security services, so organizations get to avoid using multiple disparate security consoles. Additionally, SASE delivers improved security with its advanced threat prevention functions, sandboxing, and CDR technologies. It also provides performance enhancements for latency-sensitive applications or services.
Endpoint security and SASE
Simply put, endpoint security is the protection of endpoint devices including workstations, desktop and laptop computers, mobile phones and tablets, IoT devices, and others that are used by end users. Endpoint security is often associated with antiviruses, threat detection and response, data loss prevention or data leak protection, and device management. It is known for solutions like unified endpoint management (UEM), endpoint protection platforms (EPP), endpoint detection and response (EDR), and mobile threat defense (MTD).
However, given the rapid changes in the IT infrastructure of modern organizations, there is a corresponding need to change the way endpoints are protected. Devices are now getting interconnected or constantly connected to cloud services. It is not impossible to adequately protect them using the traditional solutions, but on the enterprise level, sticking to the conventional would be extremely costly. Maintaining./managing the antivirus, DLP systems, and other security solutions in each and every device in an organization’s network entails a lot of expenses and tediously complex management.
There is a need for a solution that is not only effective but also efficient in terms of costs and the time and effort needed to manage security for all devices. This is where Secure Access Service Edge provides the needed supplementation. The SASE security model brings security controls close to end users for both internal and external facing resources. It significantly enhances overall security posture, while making it considerably more challenging for threat actors to take advantage of vulnerabilities and proceed with their attacks.
Moreover, SASE addresses the latency disadvantage of the conventional security model, which entails delays in detecting, investigating, and responding to attacks. The SASE model brings controls to the cloud edge instead of relying on a centralized data center. This means faster communication between systems and a prompt way to address threats and attacks.
Not a replacement for endpoint security
In a blog post for AT&T Cybersecurity, AT&T Product Marketing Manager Lisa Ashjian emphasizes two points:
- SASE does not replace endpoint security
- SASE should integrate with endpoint security
While SASE may provide different cybersecurity functions that make it appear as a suite of solutions for securing IT resources, it does not supplant endpoint security. The latter is a different cybersecurity discipline that also advances or evolves in response to new developments in endpoint technologies.
“No amount of network, edge or cloud security can replace security on the endpoint itself. Endpoints must be both managed and protected with UEM solutions, next-generation endpoint protection platforms, and mobile threat defense solutions,” Ashjian explains.
However, SASE can be part of a holistic approach to defending endpoints with greater efficiency. SASE makes it possible to provide network and security services on the same platform, resulting in network security without performance compromises. Also, the concept of SASE opens up the idea of building an enterprise security strategy with a single platform to unify and enable collaboration among security and IT teams.
SASE can be integrated with endpoint security to bring zero-trust capabilities to UEM, EPP, EDR, MTD, and other endpoint security solutions. On the other hand, endpoint security solutions allow SASE to gather device context to improve security decision making especially in the context of machine learning and automation. Also, endpoint security solutions bring the benefit of multi-factor authentication to SASE.
Together, endpoint security with SASE is capable of verifying if devices comply with the security policies of an organization, detecting devices and endpoints that are showing odd or anomalous behaviors, and ensuring the security of both managed and unmanaged endpoints.
Moreover, SASE brings to endpoint security the benefit of analyzing hotfixes to evaluate the criticality of threats, patch vulnerabilities in a timely manner, and prioritize systems that require urgent action. With these, IT administrators can implement improved automated patch management while considerably lowering the amount of manual work needed in network security administration.
The integration of SASE and endpoint security means that security measures are brought to the edge network while also securing endpoints. SASE allows organizations to have interconnected endpoints that are easier to manage and protect. Ultimately, having SASE as part of endpoint security leads to a better security posture. It is a welcome development that there are already a number of security firms offering cybersecurity solutions that integrate SASE with endpoint security.