How SASE works

Secure Access Service Edge (SASE) merges network traffic and security priorities, ubiquitous threat and data protection, and ultra-fast, direct network-to-cloud connectivity. While SASE used to be a matter of sacrificing speed vs. control, improved technology now offers businesses speed AND control. The SASE framework is designed to allow enterprise security professionals to apply identity and context in order to specify the exact level of performance, reliability, security, and cost desired for every network session. Organizations using the SASE framework can realize increased speed and achieve greater scale in the cloud while addressing new security challenges inherent in these cloud environments.

An example: A sales force needs greater efficiency and efficacy through mobility. The use of the Internet through public Wi-Fi can become a security risk. Therefore, accessing corporate business applications and data in a timely, secure manner is a challenge. A SASE framework provides the construct to maintain higher access speed and performance, while also enabling more stringent control of users, data, and devices traversing networks – regardless of when, where, and how they’re doing it.

Benefits of SASE

According to the Gartner report: “In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere. . .What security and risk professionals in a digital enterprise needs is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where to connect entities to the networked capabilities they need access to.”

According to Gartner, meeting the challenge of implementing a SASE architecture would benefit enterprises by providing:

  • Lower costs and complexity – Network Security as a Service should come from a single vendor. Consolidating vendors and technology stacks should reduce cost and complexity.
  • Agility – Enable new digital business scenarios (apps, services, APIs), and data shareable to partners and contractors with less risk exposure.
  • Better performance/latency – latency-optimized routing.
  • Ease of use/transparency – Fewer agents per device; less agent and app bloat; consistent applicate experience anywhere, any device. Less operational overhead by updating for new threats and policies without new HW or SW; quicker adoption of new capabilities.
  • Enable ZTNA – Network access based on identity of user, device, application – not IP address or physical location for seamless protection on and off the network; end-to-end encryption. Extended to endpoint with public Wi-Fi protection by tunneling to the nearest Point of Presence (POP).
  • More effective network and network security staff – Shift to strategic projects like mapping business, regulatory, and application access requirements to SASE capabilities.
  • Centralized policy with local enforcement – Cloud-based centralized management with distributed enforcement and decision making.

SASE represents the best way to achieve a direct-to cloud architecture that doesn’t compromise on security visibility and control, performance, complexity, or cost. Speed without compromising security.

What’s the difference between SSE and SASE?

Security Service Edge (SSE) adds value to a comprehensive Secure Access Service Edge (SASE) strategy by providing security service edge essentials web, cloud services, and private applications. SASE delivers networking and security as a cloud service to the connection rather than the data center. SSE teams with software-defined wide area networking maintain the path through a complete SASE platform that includes cloud-delivered network security services.

Why MVISION Unified Cloud Edge is your fastest route to SASE

MVISION Unified Cloud Edge is a first-of-its-kind cloud-native and cloud-delivered solution that provides unified data and threat protection from device to cloud, fully integrating data loss prevention (DLP), device/user control and other security technologies into web filtering (SWG), endpoint management and cloud control (CASB). MVISION Unified Cloud Edge provides policy management that is unified, enabling shared data protection policies and incident management between endpoints, web, and cloud, with no increase in operational overhead.

Unified Cloud Edge Integration with SD-Wan

MVISION Unified Cloud Edge uses common cloud-based management capabilities and systems that share information (e.g., ePO, DXL) so its decisions are based on multiple parameters. By enforcing consistent data context and policies across endpoints, web, and cloud, UCE protects data as it leaves the device, travels to and from the cloud, and within cloud services to create a new secure cloud edge for the enterprise. This unified solution helps stop cloud-native breach attempts previously invisible or native to the corporate network.

With industry leading Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Data Loss Prevention (DLP) technology, McAfee is the only vendor to be awarded all 3 Gartner Peer Insights Customer’s Choice Awards in 2020. MVISION Unified Cloud Edge features and benefits match Gartner’s enterprise benefits of a SASE architecture:

Reduction in Cost and Complexity, Increased Speed and Agility

  • The resulting converged cloud service is substantially more efficient than building your own SASE using manually integrated, separate cloud-based technologies
  • Minimize inefficient traffic with efficient intelligent and secure direct-to-cloud access
  • Protect remote sites via SD-WAN using industry standard Dynamic IPSec and GRE protocols leveraging SD-WAN technology that connects office sites to cloud resources faster and more directly than ever before
  • Enjoy low latency and unlimited scalability with a global cloud footprint and cloud-native architecture that includes global Peering POPs (Point of Presence) reducing delays
  • Cloud service with 99.999% uptime (Maintained Service Availability) and internet speeds faster than a direct connection, improves the productivity of your workforce while reducing the cost of your network infrastructure