Secure Access Service Edge (SASE) is a new network and cybersecurity architecture combining SD-WAN, ZTNA, and threat prevention. It manages access to cloud or on-prem applications based on users’ roles, locations and schedules. It also provides multi-layer cybersecurity such as IP address filtering, DNS filtering, Country Block, Ad Block, and Intrusion Prevention System (IPS). It monitors networks and users while automatically discovering new devices. In addition it sends alerts for network and user related events as well as suspicious activities in real-time.
Current SASE implementations are not capable of making direct connections among sites. Instead, they carry all of the customer traffic to an overlay network located in a datacenter or public cloud and distribute them from there.
Overlay networks are not preferred, because:
- They create additional latency.
- They may create congestion with their available bandwidth.
- They introduce new points of failure.
- They introduce a privacy risk.
- Companies lose control of their networks.
Distributed SASE technology can directly connect networks without a need for an overlay network. By using powerful on-prem appliances, SASE features including threat prevention are implemented in a distributed fashion. This way internal company data is directly sent among sites and remote users without traversing public clouds, while the management of SASE network is still in the cloud.
Due to governmental restrictions or security practices, some organizations may not be able to send or host their data in public clouds. Regular SASE implementations may not be suitable for these organizations.
Private SASE refers to the implementation of SASE within a private cloud or datacenter for organizations whose sites are connected via a private intranet. With Private SASE, none of the end user or application data goes through a public network. In addition, Private SASE management is performed completely inside the private network. Private SASE offers the same comprehensive features and functionalities as the SASE solution.