What is Secure Access Service Edge (SASE)?

How SASE works

When it comes to SASE, half of the technologies are about network traffic; the other half are about security. Or, Speed vs. Control. The SASE framework is designed to allow enterprise security professionals to apply identity and context to specify the exact level of performance, reliability, security, and cost desired for every network session. Organizations using the SASE framework can realize increased speed and achieve greater scale in the cloud while addressing new security challenges inherent in these cloud environments.

An example: A sales force needs greater efficiency and efficacy through mobility. The use of the Internet through public Wi-Fi can become a security risk. Therefore, accessing corporate business applications and data in a timely, secure manner is a challenge. A SASE framework provides the construct to maintain higher access speed (or performance), while also enabling more stringent control of users, data and devices traversing networks—regardless of when, where and how they’re doing it.

Gartner says leaders in SASE should embrace the continuous adaptive risk and trust assessment (CARTA) strategic approach (see “Zero Trust Is an Initial Step on the Roadmap to CARTA” and Gartner’s “Seven Imperatives to Adopt a CARTA Strategic Approach”), ensuring that the session is monitored continuously. By remaining in the data path, the session can be analyzed for indications of excessive risk (such as compromised credentials or insider threat) using embedded UEBA capabilities. The SASE offering should be capable of adaptive responses as a user’s behavior is analyzed and subsequent risk increases, or as device trust decreases (for example, requiring additional user authentication).

An initial step in implementing CARTA is adopting a Zero-Trust approach. The basic tenant here is “Verify, then trust” rather than simply trusts users inside the network by default. Zero Trust assumes the network has been compromised and challenges the user or device to prove that they are not attackers. Zero Trust requires strict identity verification for every user and device when attempting to access resources on a network even if the user or device are already within the network perimeter.

How McAfee fits within the SASE framework

There are two key aspects that form the foundation of the SASE framework: Network- and Network Security as a Service. The first half of the technologies are directed at network traffic; the other half are focused on security. The goal of enterprise network devices is to pass packets of data at an ever-increasing rate to gain even a millisecond of performance. Security, on the other hand, requires context as in identifying the user, the data, the device, the place, and any other parameters that are important in making a security decision. Understanding and prioritizing risks allows for the adaptation of security policies. Network security needs a 360-degree view and an understanding of user behavior and content to make optimum policy decision based on the organization’s risk profile.

As one of the largest and most experienced pureplay cybersecurity vendors, McAfee understands data, devices, users, applications, and has the context to provide comprehensive protection from device to cloud. McAfee’s approach of integrating data across its portfolio gives data context and sets McAfee far apart from the competition.

McAfee’s cloud-native and cloud-delivered MVISION portfolio can help reduce complexity and enable fast and secure cloud adoption in order to maximize business agility and lower operational costs by offering policies that are set once and deployed in multiple places – endpoint, network and cloud.

Unified Cloud Edge is the first solution from a single vendor to fully integrate the first three security technologies listed in Gartner’s SASE framework. MVISION Unified Cloud Edge (UCE) provides a converged security solution to simplify adoption of a Secure Access Service Edge (SASE) architecture and help reduce the costs and complexity of modern cybersecurity. UCE enables secure access to the cloud from any device for ultimate workforce productivity by integrated data loss prevention, device/user control and other security technologies into web filtering (SWG), endpoint management and cloud control (CASB).

To delive an even more complete security architecture for a Secure Access Service Edge (SASE), McAfee has agreed to acquire Light Point Security, a pioneer in browser isolation founded by former employees of the National Security Agency (NSA) to expand the threat prevention capabilities of Unified Cloud Edge. McAfee plans to integrate Light Point Security’s browser isolation technology into our cloud-native secure web gateway for use in any web security policy.

Light Point Security’s browser isolation technology takes the end user’s web browsing session and isolates the page remotely in a secure location, then replicates an interactive image of the session in the user’s browser with a technique called pixel mapping. This provides the end user with protection against web-based threats because malicious code can’t leave the isolated browser, which is remote from their endpoint. This technology complements McAfee’s secure web gateway which has a unique, industry-leading approach to malware prevention – real-time emulation. Emulation removes the vast majority of malware in milliseconds as traffic is processed. The next evolution is removing the ability for malicious code to reach an end-user altogether.

In addition to UCE, McAfee offers the following solutions/capabilities:

• UEBA via CASB, which offers policy enforcement based on unusual behavioral patterns of traffic to/from cloud services.
• McAfee access control help establish the identity of users, and confirm the security posture of devices, before allowing remote access (managed vs unmanaged devices)
• Container security via CASB, which delivers container vulnerability control, cloud security posture management (CSPM) and enforces zero-trust between containers to defend against data leakage between containers.

McAfee customers can deploy other elements of the SASE model by using technologies from other vendors. McAfee’s Security Innovation Alliance (SIA) program provides customers with integrated security and networking solutions that allow them to resolve more threats faster with fewer resources. The Data Exchange Layer (DXL) is an open ecosystem, initially developed by McAfee, that allows integration between different vendor products. Companies that provide elements of the SASE model that are members of the SIA and/or can share information using DXL include:

• McAfee can integrate its SASE technologies (especially McAfee Secure Web Gateway) with SD-WAN vendors such as SilverPeak
• DNS Resolution Infoblox
• Zero Trust. The integration of SWG and functionality from Menlo Technology provides Remote Browser Isolation (RBI), a recommended part of SASE. (Also Ericom)
• ZTNA with Bufferzone
• Networking vendors like Cisco, Extreme Networks, Checkpoint, Attivo Networks, Forcepoint