What is Secure Access Service Edge (SASE)

1. Definition of SASE

SASE (Secure Access Service Edge) is a service architecture concept and marketing term introduced by Gartner.

Formalized in the report "The Future of Network Security Is in the Cloud" (2020)

In the past, work was done within headquarters data centers, but today users (remote workers) and business data (SaaS, cloud) are increasingly distributed.
- For this reason, organizations are now facing a situation where they must handle multiple incompatible technologies, increasing both complexity and cost.
Traditional VPN approaches route traffic to headquarters first and then send it back out, causing bottlenecks and high latency.
- There are also limits to securing scalability as the number of users grows.

It is a technology that integrates network services (SD-WAN) and security services (CASB, SWG/FWaaS, ZTNA, etc.) into a single cloud service.
It seeks to solve these issues through the combination of Network as a Service and Security as a Service.

The goal is to provide secure network services no matter where users connect from.

Gartner classifies the technical maturity required to realize SASE into three levels.

SD-WAN (Software-Defined Wide Area Network)
- A software-based technology that centrally controls and optimizes traffic paths across a wide area network (WAN).
SWG (Secure Web Gateway)
- A security gateway that inspects traffic between users and the web to block malicious sites, malware, and unauthorized content access.
CASB (Cloud Access Security Broker)
- An intermediary security solution that provides visibility, enforces access control, and applies data protection policies between users and cloud services.
ZTNA (Zero Trust Network Access)
- A security model that controls access at the user, device, and application levels based on the principle "Never Trust."
FWaaS (Firewall as a Service)
- A security service that provides firewall capabilities in cloud-service form to protect traffic regardless of location.

Sandboxing (Sandboxing)
- A security technique that executes and analyzes malware or suspicious files in an isolated virtual environment.
Browser Isolation (RBI, Remote Browser Isolation)
- A technology that blocks web-based threats by running the browser in a remote environment isolated from the user's local environment.
Web Application Firewall (WAF, Web Application Firewall)
- A security appliance or service that blocks attacks targeting web applications (SQL Injection, XSS, etc.).
Next-Generation Antivirus (EDR, Endpoint Detection and Response)
- A security solution that continuously monitors endpoint activity and detects, analyzes, and responds to threats.

Wireless LAN Management(Wireless Local Area Network Management)
- A management framework that centrally configures, operates, and monitors wireless networks (APs, wireless clients, policies, authentication, etc.).
Existing VPN Service(Virtual Private Network)

A technology that creates an encrypted tunnel over public networks such as the Internet to enable secure access to internal networks.

It does not matter where the user is located.
Access is allowed only to specific authorized resources, and only when the user's identity (Identification) and device (Device) are verified.

Security inspection is performed not at headquarters equipment, but at the nearest regional PoP (Point of Presence, service node) to the user.
This enables consistent security inspection while reducing latency.

When users are inside the office, SD-WAN equipment determines the optimal path.
It uses "Service Chaining (Service Chaining)" to hand traffic over to cloud security services (SWG) only when security inspection is needed.
- Normally, it takes the fastest route, and only passes through a checkpoint when inspection is required.

[Reference]

What is Secure Access Service Edge (SASE)?
- https://www.youtube.com/watch?v=Opy9D-8eyVg
Secure Access Service Edge (SASE) For Dummies®, Palo Alto Networks 2nd Special Edition
- Published by John Wiley & Sons, Inc.