The threat environment for businesses is always changing, and the reality is that appliance-based network security is no longer up to the challenge. That’s why the CyberRisk Alliance recently released, Converged Network Security Platforms: A Buyer’s Guide.
This report looks at the concept of converged network security, and how it’s built to solve a serious issue that confronts organizations of all sizes.
There are two buzzwords floating around to describe converged network security: Secure Access Service Edge (SASE) and Security Service Edge (SSE). Both options have their unique features and benefits, but at their core these solutions are all about employing a Zero Trust strategy and harnessing the benefits of the cloud such as centralized management.
Coined by Gartner in 2019, SASE is a converged security model that combines software-defined wide area networking (SD-WAN) with established cloud security tools and protocols such as Zero Trust Network Access, FWaaS, CASB, and SWG.
The primary goal of this model is to reduce complexity by consolidating networking and security tools into as few control interfaces as possible.
SASE deployments allow remote users and branch offices to connect to geographically dispersed points of presence (PoPs) to access company resources. These PoPs help reduce latency compared to legacy VPNs that are often only available in one or two company-owned data centers around the world. VPNs usually mean increased latency and a higher potential for traffic bottlenecks impacting productivity. A global network, by comparison, allows employees to connect to a PoP near their location reducing latency and increasing productivity.
The issue with SASE is that it still relies on SD-Wan hardware appliances for dynamic routing. Some companies may still need this capability for industries such as manufacturing, or where low-latency access to a centralized database is paramount. However, most businesses don’t need much more than a solid Internet connection. Something that’s easier than ever to obtain thanks to high-speed wired fiber connections and wireless technology such as Wi-Fi 6 and 5G.
SSE, another term defined by Gartner, is basically SASE without SD-WAN. SSE is about the core tools found in cloud-based, converged network security. This approach focuses on simplicity for IT managers and day-to-day operations, as well as for CISOs and CEOs who need to understand the basic concepts, why it’s beneficial, and ultimately authorize it for deployment.
Key tools and technologies in a cloud-based, converged network security platform include Zero Trust Network Access (ZTNA), Agentless ZTNA for unmanaged devices, Firewall as a Service, and Hybrid Secure Web Gateway.
Before choosing a network security platform the CRA report advises organizations to ask some key questions such as:
Do you need an SD-Wan, or are regular internet connections enough to serve your needs? If the latter is the case then the SSE model is closer to what you need.
Converged network security means that the very network itself is part of your security platform requiring cross-team cooperation to ensure that connections to company resources remain stable. One key issue to remember is that instead of connecting users to data centers or offices, with a converged, zero trust approach employees connect only to the applications they need through a network of global PoPs. This increases security, and reduces potential traffic bottlenecks at key chokepoints like a company-owned data center.
It’s important that leadership understands the full benefits of moving to converged network security. First and foremost for them, it reduces the TCO since this style of network security is delivered under the software-as-a-service model, which means no long-term commitments. Not to mention reduced CAPEX since there’s no overhead from acquiring and maintaining hardware.
Have you chosen the right model for your organization? Excellent. Next, CRA suggests the following factors as points of consideration when selecting a vendor:
Organizations are realizing the benefits of integrating network security tools and capabilities into a unified platform, allowing for a more agile response to threats and a reduction in overall risk.
Key drivers for adopting converged network security solutions include the need to consolidate multiple security solutions, streamline management, and reduce complexity. Businesses also need to adapt to the changing threat landscape since threat actors are always evolving their tactics, while ripe targets such as mobile workers become more plentiful.
Converged network security is better placed to react to these changes since a SaaS model can more easily scale up as a company’s needs grow. Not to mention that converged network security also offers businesses improved visibility into their network, and can more quickly adapt to changing security demands compared to hardware appliances stuck on a five-year upgrade cycle.
In the long term, organizations that successfully implement converged network security platforms can expect to see a reduction in costs, improved operational efficiency, and enhanced security posture.
Whether you need to protect on-prem or cloud-based resources, Perimeter 81’s cloud-based, converged network security platform is there for you. We have more than 50 PoPs worldwide backed by a high performance network with an easy-to-use centralized management console. Book a demo today to see how we can get your company up and running with a Zero Trust network in no time.