Fortinet SASE Security solutions

The four most important things CISO asks of a SASE Security solution

As Internet security innovations have progressed, organizations have also invested in multi-edge networking strategies to not only enable employees to work from home but also provide support to employees as they become more dependent on cloud applications and cloud environments in which they operate. As these networks expand, so does the area of attack. Traditional security solutions are unable to keep pace with network innovations based on cloud solutions and are unable to protect growing areas of the cloud security network. This has resulted in a growing gap between network functionality and security, exposing organizations to an increasing number of compromises in terms of security and availability.

What is Secure access service edge (SASE) Security?

Secure access service edge (SASE) Security enables organizations to converge and scale their security and network strategies and securely deliver new cloud services that meet the requirements of a distributed hybrid work environment. To succeed in today’s digital marketplace, it is crucial to support this new distributed strategy. Choosing the right SASE Security solution vendor can mean the difference between operational success and the effort to keep all the essential elements of the infrastructure working together.

In theory, all SASE solutions would provide secure cloud access for users anywhere. However, not all SASE solutions are equal in scalability, security and orchestration - meaning increased overhead costs of implemented technologies and IT staff required to establish an integrated system.

The four most important security requirements of the SASE Security solution

To avoid these and similar challenges, before adopting any SASE solution, organizations should insist on these four security requirements:

SASE Security must function as part of an integrated security platform

SASE solutions are designed to provide secure connectivity based on cloud solutions but on the other hand, there are very few users who have migrated all business components to the cloud. While more than 93% of companies have a strategy with multiple cloud systems, the vast majority still have their data center and will remain so in the future. It requires the protection of the data center and other local resources, as well as the implementation and orchestration policy of a unique security strategy that uses the same security products and services applied elsewhere, including those that come with SASE. As a result, most vendors that only have SASE have limited options when security issues are addressed holistically, as they only address cloud access security. Organizations must prioritize SASE services that are integrated or can be set up as a simple network extension, including WAN security. The resulting unified security framework will reduce the total cost of ownership (TCO) and improve the usefulness of the SASE solution.

SASE Security must support enterprise-grade security

Effective functionality and performance of security features are essential when evaluating any SASE service. Choosing the right SASE solution can provide the security you need to meet your corporate requirements. Consider what a SASE solution can offer your company if its Firewall-as-a-service (FWaaS) solution can support proxy protocols or SSL inspection when running applications. The question is also whether SASE provides a full range of proven solutions, rather than forcing customers to settle for non-certified solution technologies. Considering these features and offers will ensure that your choice of SASE solution is the right choice.

The secure SASE solution should include the following set of security features and tools:

Firewall as a Service (FWaaS). Each SASE solution should contain a next-generation firewall (NGFW) that:

• Provides high-performance SSL inspection and advanced threat detection techniques via cloud components
• Establishes and maintains secure connections for distributed users
• Analyzes incoming and outgoing traffic without affecting the work of users

Domain Name System (DNS). DNS identifies and isolates malicious domains to prevent malicious threats from entering the network.

Intrusion Prevention System (IPS). IPS should be used to actively monitor the network for malicious activities that attempt to exploit known and unknown vulnerabilities.

Data Loss Prevention (DLP). DLP functionality is needed to prevent end-users from moving key data out of the network and to ensure that the network and data are secure.

Secure Web Gateway (SWG). The SWG solution provides Internet access and stops internal and external risks. It must also be able to automatically block threats, even those embedded in encrypted traffic - including TLS 1.3 - with high-performance SSL inspection.

SASE Security should use solutions and services certified by independent analysts

Any SASE vendor under consideration should have a record of advanced security research and innovation, not just their own experience. This ensures that protection is continuously updated to counter the latest threat techniques and technologies.

From threat intelligence to protection, SASE security vendors offering the technology as a service (TaaS) must provide reliable solution maintenance and upgrades for their services and SASE capabilities. In addition, any serious TaaS offering must also include advanced threat detection against both known and zero-day unknown threats. An organization beginning its journey into SASE solutions should check to see if potential suppliers are investing in threat research and continuous improvement in their security offering at SASE.

SASE Security should be part of a holistic security strategy

Every SASE solution relies on security as a core function. Things like third-party testing and validation and delivery history of security solutions from reputable vendors are one way a vendor guarantees its solution. Elements that can function together as part of a seamlessly integrated security strategy are essential as part of a single SASE solution but also as part of a single, complete security structure designed to incorporate the entire distributed network.

Learn more about the future of SASE security and networking. From SD-WAN, ZTNA, CASB, and NGFW, the Fortinet platform provides full readiness to accept SASE Security solutions.