By David Gormley, CiscoÂ
Secure access service edge (SASE) solutions â€” cloud-delivered security combining networking and security functions â€” are on the rise, fueled in part by the events of the past yearâ€™s shelter in place order and the need to secureÂ work from homeÂ in countless locations. As companies and employees begin their return to the office, one thing is clear: the hybrid work model is here to stay â€” and SASE solutions are critical to supporting this new normal.
Selecting a SASE solution is a big decision. How do you determine which one is right for your needs todayÂ andÂ able to grow with you in the future? Here are 8 factors to help direct your search:
The appeal of a SASE solution is consolidation, and using a single vendor enables you to achieve key SASE benefits, eliminating the complexity of managing best-of-breed point solutions with different operating systems, consoles, and limited integration.
To ensure you reap the full rewards of SASE, choose a vendor that offers the full breadth of SASE components including a cloud-based SD-WAN and security offerings that combine Zero Trust Network Access (ZTNA), a secure web gateway (SWG), and a cloud access security broker (CASB), ensuring that networking and security capabilities are fully integrated into a single service, and not just stitched together. Closely evaluate the integration of the services to make sure you can support direct internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices from a single console and a single method for setting policy.
Cisco delivers the complete range of SASE capabilities through several networking and security components. Cisco SD-WAN is a flexible cloud-managed networking solution that meets the complex needs of modern WANs. Cisco Umbrella is a cloud security service that delivers a secure, reliable, and fast internet experience by unifying multiple security functions into a single service. Umbrella includes ZTNA, Domain Name System (DNS) security, Firewall-as-a-Service (FWaaS), SWG, CASB, SD-WAN integration, and threat intelligence.
SASE solutions enable the flexibility to scale up and down, and this should apply to consumption models as well. Networking SD-WAN is typically licensed by bandwidth whereas security solutions are licensed per user, per year. And, having different providers for each means having multiple vendors on different pricing models, adding complexity and reducing flexibility.
Instead, look for a vendor that offers a simple, flexible consumption model with networking and security solutions in the same license. Check to make sure that the model meets your unique situation and can scale as you grow.
Cisco Umbrella has a single-offer, single-license solution that covers SD-WAN and Umbrellaâ€™s multi-function security. Additional license flexibility is forthcoming with the ability to buy Cisco Secure Web and Umbrella licenses with one simplified SKU and easily convert a license from Cisco Secure Web to an Umbrella license.
A vendorâ€™s SASE architecture will dictate its performance â€” the speed, reliability and scalability that will power your business. A native global cloud architecture connects and secures all your locations, cloud resources, and remote users, everywhere. To deliver optimal performance, networking and security need to be delivered in a distributed manner close to the endpoint. This means that a vendor must have a large geographical footprint with many points of presence (PoP).
In evaluating a vendorâ€™s native global cloud architecture, ensure that traffic routes through worldwide POPs, high-bandwidth backbones, and peering partners. Evaluate the number and location of POPs and peering relationships and check that they map to your requirements.
Cisco Umbrellaâ€™sÂ cloud-native, multi-tenant network architectureÂ uses container-based microservices to offer service flexibility, seamless updates and new innovation, and higher, more dynamic scalability. Direct peering [KQ1] to 1,000+ ISPs, CDNs, and SaaS platforms allow Cisco to deliver the fastest route to and from SaaS applicationsâ€“â€“2x most competitors.
Threat protection requires deep visibility into current and future problems. For example, scanning content in session checks for malware and content sandboxing. On public Wi-Fis, applying DNS-based protection services and encrypting at a local POP prevents eavesdropping.
Consider vendors with proven track records of threat detection and security efficacyÂ backed by third party validation. Obtain their metrics for threat detection rates, â€śblock before connectionâ€ť ratios, and other statistics.
In a recentÂ security efficacy test performed by AV-Test, Cisco Umbrella received the highest threat detection rate in the industry at 96.39%.
The reality is that the transition to SASE will take time. You may have existing investments in hardware that are not fully amortized and in software contracts with time remaining. Additionally, you may be moving from on-prem to a hybrid or cloud environment.
To support your unique cloud journey, look for a vendor that can integrate with your existing systems like security appliances, threat intelligence platforms, and in-house tools. The ability to integrate protects your existing investments, affording you time to transition to a single vendor on your terms.
Cisco Umbrella was built with a bidirectional API to easily integrate with other systems. Umbrella includes pre-built integrations with more than 10 security providers (including Splunk, FireEye, and Anomali) and manages up to 10 custom integrations.
Proactive SASE security is backed by robust and active threat intelligence that learns from internet activity patterns, enabling you to block threatsÂ beforeÂ they attack your organization.
When it comes to intel, look for a vendor that conducts real-time analysis of live threat feeds from global internet activity, and combines human intelligence with statistical and machine learning models.
Cisco Umbrella takes a proactive approach to blocking threats. Umbrella has visibility into 350 billion internet requests and analyzes 1.5 million unique malware samples daily. Umbrella blocks 20 billion threats every dayâ€“â€“more than 200X some vendors. Cisco Umbrella leverages data from Cisco Talos Intelligence Group, one of the worldâ€™s largest threat research teams. Talos uses statistical and machine learning models to analyze and automatically uncover malware, ransomware, and phishing.
Throughout your SASE journey, youâ€™ll oversee an assortment of security services or solutions. Centralized administration simplifies management and allows security and network policy to be handled from a single, unified console.
Look for a solution provider that offers a single console from which to manage different security functions through a unified interface.
Cisco Umbrella includes Cisco SecureX, a cloud-native XDR platform that connects the Cisco security portfolio with your infrastructure to create a simpler, more consistent experience. Compiling security data from across products and a wide range of third-party security solutions, Cisco SecureX and Cisco Umbrella provide context on threats and attacks, and reduces the time, money, and resources it takes to investigate incidents and remediate issues.
Some companies offer SD-WAN as a standalone networking solution which lets them set up new sites quickly through a local ISP that provides a DIA link. But this scenario does not include security unless the SD-WAN has built-in security capabilities.
A cloud-native SASE security solution that fully integrates with SD-WAN is able to secure cloud access and protect branch users, connected devices, and app usage from direct internet access breakouts.
Cisco Umbrella integrates with SD-WAN in just a few clicks, instantly deploying powerful protection across hundreds of users and devices. Combined, SD-WAN and Umbrella allow you to secure your users wherever they access the internet, while providing a streamlined user experience, lightning-fast performance, and simplified security management.
Itâ€™s time to choose a SASE solution that meets your unique needs and puts you on the path towards a converged network and security future.Â Sign up for a Cisco Umbrella free trialÂ to explore how our cloud-native security service delivers multiple security functions in a single, simple-to-manage SASE solution.