WELCOME TO SASE Vs Zero Trust: Perfect Twins Or . - KuppingerCole
1y ago
21 Views
1 Downloads
3.03 MB
25 Pages
Report/dmca
Download PDF

Transcription

WELCOME TOSASE vs Zero Trust:Perfect twins orantagonists?John TolbertWarwick AshfordLead Analyst KuppingerCole AnalystsSenior Analyst KuppingerCole Analysts

Agenda01Introduction02What is SASE?03What is Zero Trust?04What is the relationshipbetween the two?

1. Introduction

The world of work andbusiness IT is changingSASE?Zero Trust?Both?

2. SASE

What is Secure AccessService Edge (SASE)? SASE SD-WAN Security Services Unified Management. Designed to deliver Security and SD-WANto any edge computing location.Edge LocationsBranch offices SASE offerings typically designed to targetnetworking and security shortcomings. Scalability and performance Lack of insights and policyenforcementHome offices SASE vendors also claim ability to: Improve user experience Improve IT operations Eliminate point solutions Move to cloud-native architectureIoT devicesCloud services & storageOperational technologyIIoT devices

SASE Use CasesAddressing two major concernsRemote facilitiesWork From Anywhere (WFA)Securing access from branch offices, remotemanufacturing/production/warehouse facilities,conference facilities, partners, shops, andkiosksSecuring and improving access to enterpriseresources (on-premises, at co-locationfacilities, as well as cloud) from remoteworkers and contractors

What is Secure AccessService Edge (SASE)? SASE addresses the performancebottleneck issue of traditional networksthat rely on traffic backhauling. Integrates identity, business context, andreal-time risk assessment into everyconnection to prevent a range of cyberattacks. Comes with the promise of: Being widely available. Providing uniform access toresources, wherever they are. Providing integrated securitycontrols. Being highly scalable.

SD-WANonlyaddressestransportlevelsecurity.SASE aims toprovidesecurity ontop of SDWAN

SASE SecurityComponents Secure the communicationfrom end to end. Provide consistent policymanagement andenforcement. Add security analytics. Enable an integratedadministration capability tomanage every connectionfrom everything to everyresource.SASE SD-WAN Security Services Unified Management

SASE SecurityComponentsSecurity components typically include:Firewall and Intrusion Protection (FWaaS)Software-Defined Perimeter (SDP)Secure Web Gateway (NG-SWG)Endpoint Management and Security (EPDR &UEM)Malware protection/SandboxData Loss Protection (DLP)Cloud Access Security Broker (CASB)Cloud Security Posture Management (CSPM)User Behavior Analytics (UBA)Zero Trust Network Access (ZTNA)SASE SD-WAN Security Services Unified Management

3. Zero Trust

What is driving theinterest in Zero Trust? Ransomware attacks Industrial espionage Intellectual property theft

“Networks should be designed withoutimplicit trust, enforcing strictidentity verification and leastprivilege access policies.- John Kindervag

Zero Trust is Widely regarded as critical to protecting ITsystems, data and infrastructure. Not a product or technology that can beretrofitted over existing systems. An approach to security that assumesnetworks will be breached. Based on the principle of “never trust,always verify”. Used to architect good cybersecurityhygiene from the ground up.

Zero Trust is Essentially a concept and an architecturemodel. About continual verification of each user,device, application, and transaction. Aimed at making it more difficult for badactors to carry out successful attacks. About shifting to a trusted identity-basedmodel of security. Designed to secure data, while ensuringits availability to those who need it. About increasing security, boostingproductivity, and blocking lateral movement.Zero Trust often involvesrestructuring howresources are securedand accessed

The Tenets of Zero TrustAs defined in NIST SP 800-20701All data sources and computing servicesare considered resources.02All communication is securedregardless of network location.03Access to individual enterpriseresources is granted on a per-sessionbasis.04Access to resources is determined bydynamic policy evaluating client identity,application/service, the requestingasset, behavioral and environmentalattributes05The enterprise monitors and measuresthe integrity and security posture of allowned and associated assets.06All resource authentication andauthorization are dynamic and strictlyenforced before access is allowed.07The enterprise collects as muchinformation as possible about thecurrent state of assets, networkinfrastructure and communications anduses it to improve its security posture.

Zero Trustis a journey that:Begins with a long-term business strategy.Requires step-by-step implementationFocuses on using existing or readily availabletools and technologies.Maintains the continuity of businessprocesses and avoids adding complexity tothe existing architecture.

And finally Security Components of SASE Secure Web Gateway (NG-SWG)Endpoint Management and Security (EPDR &UEM)Firewall and Intrusion Protection (FWaaS)Managed Cloud Service API Integration(CASB)Data Loss Protection (DLP)Software-defined perimeterCloud Security Posture Management (CSPM)Malware protection/SandboxIdentity and User Behavior AnalyticsAdvanced Threat Protection (ATP)Zero Trust Network Access (ZTNA)

4. Relationship?Perfect twins or antagonists?

Conclusions SASE solutions often include ZTNA as one ofthe capabilities. SASE solutions typically rely on SD-WAN as theunderlying infrastructure. Risky to assume that SD-WAN is always secureand can be trusted. Trusting a single element in the multi-layeredsecurity stack is the exact opposite of what zerotrust is about. Relationship between SASE and Zero Trust islargely complementary

Recommendations Consider whether Zero Trust alone will address yoursecurity needs without SASE. SASE solutions may be a better fit for traditionalheterogeneous organizations. For cloud-native startups, there need to be goodreasons for oping for SASE. If SASE still seems the best option: Understand the risks of SD-WAN. Ensure any prospective SASEimplementation can meet current and futureneeds in term of functionality, integration,and future-proofing.

Final analysisWhere SASE implementationsmake sense and Zero Trustalone is not enough to meetspecific security requirements,SASE and Zero Trust areperfect twins with Zero Trustenabling and complementingSASE, but the risk of SD-WANshould not be overlooked.

THANKS!Any questions?

KuppingerCole Analysts AGWilhelmstr. 20 - 2265185 Wiesbaden GERMANYP: 49 211 - 23 70 77 - 0F: 49 211 - 23 70 77 – 11E: info@kuppingercole.comwww.kuppingercole.com

Managed Cloud Service API Integration (CASB) Data Loss Protection (DLP) Software-defined perimeter Cloud Security Posture Management (CSPM) Malware protection/Sandbox Identity and User Behavior Analytics Advanced Threat Protection (ATP) Zero Trust Network Access (ZTNA) Security Components of SASE

Related Books

These materials are 2020 John Wiley & Sons, Inc. Any . - AFCEA

These materials are 2020 John Wiley & Sons, Inc. Any . - AFCEA

SASE - IT Best of Breed

SASE - IT Best of Breed

Versa SASE (Secure Access Service Edge)

Versa SASE (Secure Access Service Edge)

SASE - f.hubspotusercontent20

SASE - f.hubspotusercontent20

Secure Access Service Edge (SASE) - Palo Alto Networks

Secure Access Service Edge (SASE) - Palo Alto Networks

Chapter 2 Introduction to Java Applications Section 2.2 Your First .

Chapter 2 Introduction to Java Applications Section 2.2 Your First .

SASE & Zero Trust Integrated Security Framework

SASE & Zero Trust Integrated Security Framework

Limits and Strengths of Predicate Logic (and its Alloy Implementation)

Limits and Strengths of Predicate Logic (and its Alloy Implementation)

Towards Probabilistic Identification of Zero-day Attack Paths

Towards Probabilistic Identification of Zero-day Attack Paths

These materials are 2021 John Wiley & Sons, Inc. Any . - Netskope

These materials are 2021 John Wiley & Sons, Inc. Any . - Netskope

C C Generals Zero Hour Serials Fitgirl Repack

C C Generals Zero Hour Serials Fitgirl Repack

PopularTags

Recent Views