The epidemic has ushered in the all-distance era, and now the new hybrid working model is more likely to replace working from home and become the new normal of office. With the transformation of the working mode, applications continue to go to the cloud. Today, users can access the cloud working environment from anywhere and using any device, but it also greatly increases the possibility of attacks. At the same time, traditional single-point products and solutions are no longer effective. How to ensure stable connection, smooth application and data security under the new model? Become the biggest challenge for corporate chief information officer, chief information security officer and IT network personnel.
“The future of network security is in the cloud.” Market research firm Gartner pointed out. Due to the increase of remote or mixed working users, applications continue to migrate to the cloud, which in turn changes the delivery method of network and security services.
In a cloud-driven environment, traditional point products are no longer effective. Security policies and tools need to be integrated and delivered from the cloud they should protect. The ultimate “Security Access Service Edge” (SASE) solution It came into being under the current latest space-time background and needs. According to Gartner’s estimates, by 2025, 80% of enterprises will adopt a new strategy of SASE/SSE architecture to integrate Web, cloud services and private application access, much higher than 20% in 2021.
Leaving aside single-point product deployment thinking, building SASE to fully embrace hybrid work
When you actually walk into the field, you can find that although home remote or hybrid office can play the benefits of flexible office through different devices anytime, anywhere, how do enterprises make the edge devices of users who are scattered in different places and outside the umbrella of the corporate firewall exist? When accessing cloud apps that are not controlled by the company’s existing traditional security mechanism, can it also implement the same security policy and protection level as the company’s intranet? But it is a big test right now.
In particular, many corporate employees have begun to build smart home networks at home. There are also endpoint devices of different members in the home, and even many IoT devices without security protection measures. These have greatly increased the security exposure factor of smart home networks. , so it is no surprise that phishing and ransomware will become the most common malicious attacks during the epidemic.
Due to the fact that the hybrid office is located in different locations and network environments, it is more complex and changeable than the pure enterprise intranet environment. Coupled with the popularity of cloud apps, the problem of cloud system configuration and setting errors has also begun to surface, resulting in There are more possible weaknesses in protection for employee edge devices.
In terms of network performance and scalability, how can enterprises enable all employees in the home/hybrid office to enjoy consistent network quality, better application service performance, and uninterrupted access rights, thereby ensuring remote Colleague productivity is not affected. If for the sake of security, the remote edge traffic is sent back to the enterprise data center for security scanning or security policy enforcement, the user experience and work efficiency will be greatly reduced due to network delays. What’s more worth mentioning is that for hybrid work and the cloud, the current traditional hub-and-spoke (Hub-and-Spoke) network architecture and security stacking cannot meet the needs of elastic expansion.
Faced with the emerging network performance and security issues caused by home/hybrid office, it is no longer possible for enterprises to solve them with the deployment model of single-point products in the past, because this will not only increase complexity, management load and cost, but also make it difficult Guaranteed complete protection. The most likely approach right now is to integrate various network security services such as software-defined wide area network (SD-WAN) and security service edge (Security Service Edge, SSE) into a single cloud delivery service model. SASE is the only way to ensure security. A solution that combines productivity and the best experience with high performance, scalability, and availability.
However, this is another headache for corporate chief information officers, chief information security officers, or IT network personnel, because the SASE solution covers a wide range of areas, and it is difficult to implement it solely by in-house manpower and resources, and must rely on external resources. An manufacturer.
Fully integrate SD-WAN and SSE, and formulate a short-term and long-term strategic SASE migration plan
The term SASE was first proposed by Gartner in the report “The Future of Network Security is in the Cloud” published in 2019, “SASE is an emerging service that combines a full range of WAN functions, and secure web ), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS) and Zero Trust Network Access (ZTNA) and other comprehensive network security functions to support the needs of digital enterprises for dynamic security access, ” Gartner further defines it. “SASE capabilities are services provided based on the entity’s identity, real-time context, corporate security/compliance policies, and ongoing assessment of risk/trust throughout the work phase.”
As can be seen from the title of the aforementioned paper, Gartner particularly emphasizes the importance of cloud-based network security, because only providing network security through the cloud can effectively ensure the security of users, applications and data in any location. Furthermore, “SASE = SD-WAN + SSE” can be simply summed up from Gartner’s definition. Most of the SSE functions integrated in various SASE solutions currently on the market include SWG, CASB, FWaaS, and ZTNA functions recommended by Gartner.
At present, some manufacturers, such as Amazon AWS, Microsoft, etc., have also incorporated data leakage prevention (DLP) functions. As for the information security manufacturer Palo Alto, it not only supports ZTNA 2.0, but also integrates Autonomous Digital Experience Management (ADEM) , Artificial Intelligence Operations (AIOps) and SaaS Security Posture Management (SaaS Security Posture Management, SSPM) and other advanced functions, and then create a diversified integrated security product suitable for all users, all applications and all data.
In order to successfully deploy SASE solutions, Gartner suggested in the “2022 SASE Converged Development Strategy Roadmap” report that enterprises should formulate short-term and long-term strategic plans for “from old peripheral and hardware-centric products to SASE architecture” as soon as possible. Migration plan, as this is the first step to successfully deploying a SASE solution.
Full-featured integrated single platform, Prisma SD-WAN and Prisma Acces double attack!
Optimistic about the market prospect of mixed work environment security and cloud-based network security, many manufacturers are launching their own SASE products one after another. Among them, Palo Alto Networks, which is favored by enterprises with its exclusive App-ID identification technology, has launched what is known as the industry’s most complete SASE solution. The solution Prisma SASE has been adopted by more than 2,500 enterprises. The solution includes two products: one is a new generation of Prisma SD-WAN supported by machine learning and automation, and the other is Prisma Access that integrates native SSE platforms on a single platform.
First of all, Prisma SD-WAN, which adopts AIOps and machine learning methods, can autonomously simplify network operations and reduce 99% of network problems. The product can also natively apply the security of machine learning threat defense and cloud-delivered security services to branch offices, thereby blocking 95% of embedded network threats and greatly reducing the risk of data leakage. With the support of the CloudBlades API platform, the comprehensive SSE platform security can be perfectly natively integrated with SD-WAN, and additional services can be added to the branch without service interruption. In addition, this product provides an on-demand bandwidth authorization mechanism (minimum unit of Mbps) that enterprises can purchase SD-WAN according to the amount of bandwidth they use, which helps enterprises optimize cost and bandwidth management.
Since the launch of Prisma SD-WAN, it has been favored and affirmed by the industry so far, which has also allowed Palo Alto Networks to be selected as a leader in the Gartner SD-WAN Magic Quadrant for three consecutive years starting from 2020. In addition, the company was awarded the 2022 Best Practice Company Award in the global secure SD-WAN industry by Frost & Sullivan. Overall, Prisma SD-WAN can increase the bandwidth by 10 times for customers who migrate from traditional MPLS routing to SD-WAN. In the research report “Total Economic Impact Spotlight” published by Forrester Research, the statistics of Prisma SD-WAN customers achieved an impressive average ROI of 243%.
As far as Prisma Access is concerned, it is a cloud-native integrated SSE platform that supports SSE functions such as ZTNA 2.0, SWG, new generation CASB (NG-CASB), FWaaS, DLP and ADEM. While the SASE solution in the industry is still at the ZTNA 1.0 stage, Prisma Access is currently the only solution that provides ZTNA 2.0 services, through least-privilege access to ensure all home/mobile/corporate office workers’ various application traffic, edge devices , Continuous security of network access and data, effectively preventing zero-day threats.
Prisma Access also supports the next-generation CASB with proactive visibility and real-time data protection mechanisms, allowing enterprises to safely use thousands of SaaS applications. In 2021, Prisma Access will support the industry’s only SASE-native ADEM function, providing end-to-end visibility into endpoints, WAN links, cloud resources, applications, and traffic levels through a single management console, thereby providing users in different locations Solve performance problems and improve the best user experience. As for the SWG function, it allows enterprises to defend against various network threats through static analysis and machine learning. In addition, Prisma SASE also provides SSPM function to help customers quickly identify and correct this problem that has plagued enterprises for a long time for the common problem of misconfiguration of SaaS applications.
According to official data, Prisma Access can provide 99.999% uptime, less than 10ms security processing delay and SaaS performance. Compared with other SSE competitors, Prisma Access helps enterprises reduce the risk of data leakage by 45%, provides 10 times higher performance SLA guarantee, supports faster remote connections and 4.3 million information security updates per day, providing more than competition The opponent’s information security update speed is 25 times higher. ( See Palo Alto Networks white paper report for details )
Gartner earlier predicted that at least 40% of enterprises will explicitly import a SASE strategy in 2024, compared to less than 1% adoption rate at the end of 2018. The market research agency then updated and pointed out that compared with 20% in 2021, as many as 80% of enterprises will adopt a new strategy of SASE/SSE architecture to integrate Web, cloud services, and private application access in 2025. Now is the time for companies to develop a SASE migration plan.
In any case, with the transformation of the new mode of information security warfare, compared with the past thinking about how to build internally, today’s information security personnel need to turn more outward resource deployment, new information security construction and cooperation models It will also be a major challenge.