How SASE works
When it comes to SASE, half of the technologies are about network traffic; the other half are about security. Or, Speed vs. Control. The SASE framework is designed to allow enterprise security professionals to apply identity and context to specify the exact level of performance, reliability, security, and cost desired for every network session. Organizations using the SASE framework can realize increased speed and achieve greater scale in the cloud while addressing new security challenges inherent in these cloud environments.
An example: A sales force needs greater efficiency and efficacy through mobility. The use of the Internet through public Wi-Fi can become a security risk. Therefore, accessing corporate business applications and data in a timely, secure manner is a challenge. A SASE framework provides the construct to maintain higher access speed (or performance), while also enabling more stringent control of users, data and devices traversing networks—regardless of when, where and how they’re doing it.
Gartner says leaders in SASE should embrace the continuous adaptive risk and trust assessment (CARTA) strategic approach (see “Zero Trust Is an Initial Step on the Roadmap to CARTA” and Gartner’s “Seven Imperatives to Adopt a CARTA Strategic Approach”), ensuring that the session is monitored continuously. By remaining in the data path, the session can be analyzed for indications of excessive risk (such as compromised credentials or insider threat) using embedded UEBA capabilities. The SASE offering should be capable of adaptive responses as a user’s behavior is analyzed and subsequent risk increases, or as device trust decreases (for example, requiring additional user authentication).
An initial step in implementing CARTA is adopting a Zero-Trust approach. The basic tenant here is “Verify, then trust” rather than simply trusts users inside the network by default. Zero Trust assumes the network has been compromised and challenges the user or device to prove that they are not attackers. Zero Trust requires strict identity verification for every user and device when attempting to access resources on a network even if the user or device are already within the network perimeter.
Benefits of SASE
According to the Gartner report: “In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere . . . What security and risk professionals in a digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where to connect entities to the networked capabilities they need access to.”
According to Gartner, implementing a SASE architecture would benefit enterprises by providing:
- Lower costs and complexity – Network Security as a Service should come from a single vendor. Consolidate vendors and technology stacks which should reduce cost and complexity.
- Agility – Enable new digital business scenarios (apps, services, APIs, and data shareable to partners and contractors with less risk exposure.
- Better performance/latency – Latency-optimized routing.
- Ease of use/transparency – Fewer agents per device; less agent and app bloat; consistent applicate experience anywhere, any device. Less operational overhead by updating for new threats and policies without new HW or SW; quicker adoption of new capabilities.
- Enable ZTNA – Network access based on identity of user, device, application – not IP address or physical location for seamless protection on and off the network; end-to-end encryption. Extended to endpoint with public WiFi protection by tunneling to the nearest POP.
- More effective network and network security staff – Shift to strategic projects like mapping business, regulatory, and application access requirements to SASE capabilities.
- Centralized policy with local enforcement – Cloud-based centralized management with distributed enforcement and decision making.
How McAfee fits within the SASE framework
There are two key aspects that form the foundation of the SASE framework: Network- and Network Security as a Service. The first half of the technologies are directed at network traffic; the other half are focused on security. The goal of enterprise network devices is to pass packets of data at an ever-increasing rate to gain even a millisecond of performance. Security, on the other hand, requires context as in identifying the user, the data, the device, the place, and any other parameters that are important in making a security decision. Understanding and prioritizing risks allows for the adaptation of security policies. Network security needs a 360-degree view and an understanding of user behavior and content to make optimum policy decision based on the organization’s risk profile.
As one of the largest and most experienced pureplay cybersecurity vendors, McAfee understands data, devices, users, applications, and has the context to provide comprehensive protection from device to cloud. McAfee’s approach of integrating data across its portfolio gives data context and sets McAfee far apart from the competition.
McAfee’s cloud-native and cloud-delivered MVISION portfolio can help reduce complexity and enable fast and secure cloud adoption in order to maximize business agility and lower operational costs by offering policies that are set once and deployed in multiple places – endpoint, network and cloud.
Unified Cloud Edge is the first solution from a single vendor to fully integrate the first three security technologies listed in Gartner’s SASE framework. MVISION Unified Cloud Edge (UCE) provides a converged security solution to simplify adoption of a Secure Access Service Edge (SASE) architecture and help reduce the costs and complexity of modern cybersecurity. UCE enables secure access to the cloud from any device for ultimate workforce productivity by integrated data loss prevention, device/user control and other security technologies into web filtering (SWG), endpoint management and cloud control (CASB).
To delive an even more complete security architecture for a Secure Access Service Edge (SASE), McAfee has agreed to acquire Light Point Security, a pioneer in browser isolation founded by former employees of the National Security Agency (NSA) to expand the threat prevention capabilities of Unified Cloud Edge. McAfee plans to integrate Light Point Security’s browser isolation technology into our cloud-native secure web gateway for use in any web security policy.
Light Point Security’s browser isolation technology takes the end user’s web browsing session and isolates the page remotely in a secure location, then replicates an interactive image of the session in the user’s browser with a technique called pixel mapping. This provides the end user with protection against web-based threats because malicious code can’t leave the isolated browser, which is remote from their endpoint. This technology complements McAfee’s secure web gateway which has a unique, industry-leading approach to malware prevention – real-time emulation. Emulation removes the vast majority of malware in milliseconds as traffic is processed. The next evolution is removing the ability for malicious code to reach an end-user altogether.
In addition to UCE, McAfee offers the following solutions/capabilities:
- UEBA via CASB, which offers policy enforcement based on unusual behavioral patterns of traffic to/from cloud services.
- McAfee access control help establish the identity of users, and confirm the security posture of devices, before allowing remote access (managed vs unmanaged devices)
- Container security via CASB, which delivers container vulnerability control, cloud security posture management (CSPM) and enforces zero-trust between containers to defend against data leakage between containers.
McAfee customers can deploy other elements of the SASE model by using technologies from other vendors. McAfee’s Security Innovation Alliance (SIA) program provides customers with integrated security and networking solutions that allow them to resolve more threats faster with fewer resources. The Data Exchange Layer (DXL) is an open ecosystem, initially developed by McAfee, that allows integration between different vendor products. Companies that provide elements of the SASE model that are members of the SIA and/or can share information using DXL include:
- McAfee can integrate its SASE technologies (especially McAfee Secure Web Gateway) with SD-WAN vendors such as SilverPeak
- DNS Resolution Infoblox
- Zero Trust. The integration of SWG and functionality from Menlo Technology provides Remote Browser Isolation (RBI), a recommended part of SASE. (Also Ericom)
- ZTNA with Bufferzone
- Networking vendors like Cisco, Extreme Networks, Checkpoint, Attivo Networks, Forcepoint
What is MVISION Unified Cloud Edge?
The cloud is now the epicenter of IT, data, and computing. To address resulting security concerns, McAfee converged the capabilities of its award-winning McAfee® CASB, McAfee® Web Gateway, and McAfee® Data Loss Prevention offerings—all embedded in the MVISION platform—to enable a borderless IT environment. Here, cloud services can be used to transform and accelerate business while providing enterprises with complete visibility and control over data and threats in cloud, on-premise and hybrid environments.
Unified Data Protection and Threat Prevention
Features and Benefits
- Acceptable Use Policy Enforcement
With advanced malware protection
MVISION Unified Cloud Edge is a first-of-its-kind cloud-native and -delivered solution that provides unified data and threat protection from device-to-cloud. It also gives organizations simplicity in policy management, centralized incident management and reporting, and a combined set of controls to secure users, devices, and data – everywhere. This unified solution helps stop cloud-native breach attempts previously invisible to the corporate network.
UCE uses common cloud-based management capabilities and systems that share information (e.g., ePO, DXL) so its decisions are based on multiple parameters. By enforcing consistent data context and policies across endpoints, web and cloud, UCE protects data as it leaves the device, travels to and from the cloud, and within cloud services to create a new secure cloud edge for the enterprise.
Disclaimer: McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and other countries. Any other product names, logos, or trademarks appearing above are the property of their respective owners. McAfee is not affiliated with or sponsored by those owners.