Top 8 Secure Access Service Edge (SASE)

Cisco UmbrellaPrisma Access by Palo Alto NetworksPerimeter 81VMware SD-WANHarmony ConnectSkyhigh SecurityCato NetworksVersa FlexVNF
  1. leader badge
    It has certainly saved us time. If we go and look at what's rejected on the requests from the hospital itself, it has saved about 5% or 6% time.The integration features within, for example, the Cisco VPN product and the Umbrella module are valuable.
  2. leader badge
    Prisma integrates well with Cortex XDR and Cortex Data Lake. My company has been also using Prisma Access in-house for nearly a year, and it integrates seamlessly.
  3. Buyer's Guide
    Secure Access Service Edge (SASE)
    March 2023
    Find out what your peers are saying about Cisco, Palo Alto Networks, Perimeter 81 and others in Secure Access Service Edge (SASE). Updated: March 2023.
    685,707 professionals have used our research since 2012.
  4. Logging back into Perimeter 81 is relatively user-friendly as I just need to re-type my Windows credentials in to access the VPN.Our operators can work from home without any problems.
  5. I find the application-aware routing feature to be the most valuable.I love the solution because of its many features like cluster and cloud VPN.
  6. The scalability is good, and I'd give it an eight out of ten.All employees have access to secure and reliable VPN connectivity.
  7. The management is very good.Skyhigh performs well, and we can choose from virtual and hardware plans. We can deploy the ISO on as many virtual machines as possible and easily set up high availability on the web proxy. The location doesn't matter. The user at a site will always access the web proxy for that location. It's suitable for an organization distributed across multiple regions.
  8. report
    Use our free recommendation engine to learn which Secure Access Service Edge (SASE) solutions are best for your needs.
    685,707 professionals have used our research since 2012.
  9. The most valuable feature of Cato Networks is the CASB and the documentation is useful.It is quite simple and easy to use.
  10. The granularity when it comes to configuration and security features are valuable. The product has a dynamic VPN feature for SD-WAN.

Advice From The Community

Read answers to top Secure Access Service Edge (SASE) questions. 685,707 professionals have gotten help from our community of experts.
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
Do you recommend this SASE? Why or why not?
Read More »
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)

Should I choose SASE? Why is it better?

Mike Hounsome - PeerSpot reviewer
Mike HounsomeSASE is cloud delivered architecture that provides central policy and… more »
3 Answers

Secure Access Service Edge (SASE) Articles

Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
What Is SASE? Secure Access Service Edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner first described in the August 2019 report. SASE is the convergence of wide-area networking or WAN, and network security services like CASB, FWaaS and Zero Trust, into a si...
Read More »

Secure Access Service Edge (SASE) Topics

Main Characteristics of the SASE Security Model

The SASE model has four main characteristics:

1. Identity-driven.  The networking experience and the level of access are determined by the identity of the actual user and the resource, rather than simply by an IP address. The identity associated with the network connection drives the quality of service, the route selection, and the application risk-driven security controls. This approach allows companies to develop one set of security and networking policies for users regardless of location or device. This ultimately reduces operational overhead.

2. Cloud-native architecture. The architecture of SASE leverages key cloud capabilities, including adaptability, elasticity, self-maintenance, and self-healing, to provide a platform that is efficient, adaptable, and available anywhere.

3. Supports all edges. SASE creates one network for all of the company’s resources. For example, physical edges are supported by SD-WAN appliances while users on the go are connected through mobile clients and clientless browser access.

4. Globally distributed. The SASE cloud must be globally distributed in order to ensure the full security and networking capabilities are available everywhere and the best possible experience is delivered to all edges.

SASE Benefits

Benefits of the SASE security model include:

  • Price: Instead of paying for multiple products, combining them into a single platform will reduce your costs as well as IT resources.
  • Flexibility: Cloud-based infrastructure offers services such as web filtering, threat prevention, sandboxing, data loss prevention, credential theft prevention, DNS security, and next-generation firewall policies.
  • Better performance: Cloud infrastructure allows you to easily connect to anywhere resources are located.
  • Simplification: Minimizing the amount of security products your IT team needs to manage, update and maintain, will simplify your IT infrastructure, as will centralizing your security stack into a security service model that is cloud-based.
  • Zero Trust: A SASE solution provides complete session protection, regardless of where users are connecting from.
  • Data protection: Instituting data protection policies within a SASE framework helps to prevent abuse of sensitive data and/or unauthorized access.
  • Threat prevention: A SASE solution provides more security and visibility.
SASE Challenges

1. The security, networking, and systems teams are fully siloed.

In this case, the network team manages and operates an SD-WAN with other network-centric systems, such as DDiS mitigation, DNS protection, and CDNs, to protect it. A remote site has one or more tunnels under the control of the network team, and then the security team has its own tunnels through which it manages the security portion. Therefore, multiple vendors are needed and as a result, additional money will have to be spent.

2. The security, networking, and systems teams are siloed but have agreed to manage a common infrastructure.

In this case, a uCPE (universal customer premises equipment) device at the remote site maintains role-based access control, enabling the cybersecurity and network teams to each manage their respective parts of a service that is integrated. This can get complicated at times, but at least saves money because only one vendor is required.

3. Choosing products.

If your IT teams will remain fully siloed, you will need at least two products: one (or more) for security and another one (or more) for networking. However, if your IT teams are siloed but agree to manage a common infrastructure, then these services can be combined into a single product.

4. Choosing NaaS (network as a service).

Some executives are looking at the possibility of an end-to-end service so that they don’t have to manage their WANs at all. In this NaaS model, the enterprise and the vendor’s client portal interface to set policies.

5. Integration and Interoperability.

Due to its scope, it is important that providers have features that are well-integrated, not ones that are cobbled together from pre-existing standalone point products. SASE endpoint agents need to be able to integrate with other agents to simplify deployments, with different kinds of cloud gateways, and with various kinds of proxies that are required in the overall solution.

6. Avoid DIY Solutions.

Rather than stringing together appliances and services on an ad hoc basis, it is preferable to adopt a true SASE solution that is provided by one or two vendors. This can prevent such issues as high latency, insufficient performance at scale, and a lack of control, network visibility, and necessary administrative tools. that cobble together a disjointed set of single-purpose appliances or services are destined to result in a solution with undesirable attributes. A well-engineered SASE solution should deliver simplicity, flexibility, and security that you wouldn’t otherwise have.

How Secure is SASE?

SASE is secured end-to-end and all communication across the platform is encrypted. Threat prevention capabilities such as firewalling, decryption, IPS, URL filtering and anti-malware are natively integrated into SASE and are also globally available to all connected edges.

What does it mean that SASE is on the “Edge”?

Edge computing is a framework of computing that is done closer to the source of the data (such as local edge service or internet of things devices.) Proximity of applications to the source of the data can offer faster insights, better bandwidth availability, and improved response times. Latency is reduced because the data does not have to travel to a cloud or a data center to be processed. Edge computing enables more comprehensive and faster data analysis, which creates an opportunity for deeper insights and an overall improved customer experience.

SASE - Secure Access Server Edge - is a framework in which security and networking functions work together at the cloud edge to maximize both protection and performance.

What is the difference between point solutions (SD-WAN, NGFW, SWG, VPN) and SASE?

Point solutions address specific requirements for networking and security. Buying, sizing, scaling, and maintaining each of these solutions separately can get complicated, not to mention costly. SASE is a simplified, unified alternative to these solutions that replaces physical and virtual point solutions with a globally distributed cloud service that is cost-effective, agile, and scalable. SASE performs all of the functions that point solutions do - and more - and offers better visibility, easier orchestration, and proactive threat detection. Using a software stack in the cloud, it runs multiple security functions simultaneously in multiple engines.

Check out more answers to this question from our users.

What is the difference between SASE and SD-WAN?

A software-defined wide-area network (SD-WAN) is a virtual WAN architecture that uses software to control the connectivity, the management and the services between data centers and cloud instances or remote branches.

SASE combines security functionalities with an SD-WAN approach into one cloud-based service. Both SASE uses features that were already found in SD-WAN, such as traffic prioritization and bandwidth optimization. However, in an SD-WAN, the features are executed by virtualized devices that are spread throughout the WAN. In SASE, on the other hand, the networking decisions are made by the cloud or by a security agent on an end user’s device.

One way SASE differs from SD-WAN is in how it inspects network traffic. While SD-WAN uses service-chained point solutions, SASE runs all of the security functions at once in a single cloud-native software stack made up of multiple policy engines. And since the engines are all from the same vendor, there is less downtime since the data does not have to be sent back and forth between products.

What is the difference between SASE and CASB?

A CASB (cloud access security broker) acts as an intermediary between users and cloud service providers. It can address gaps in security across SaaS (software-as-a-service), PaaS (platform-as-a-service), and IaaS (infrastructure-as-a-service) environments. CASB extends some of the protections used for a traditional perimeter-focused security model to cloud-based deployment.

The fundamental difference between SASE and CASB is the amount of security integration each one provides and the assets that each one can protect. While CASB secures SaaS applications and can be added on to a security stack the organization is already using, SASE offers a fully-integrated WAN networking and security solution connecting branch offices and remote users to the Internet and to cloud and corporate applications.

SASE provides a security stack that is fully integrated and that includes the security features that CASB includes, as well as incorporating SD-WAN, next-generation firewalls (NGFW), and more. The integration and optimization that SASE provide will generally simplify security and maximize the efficiency of your security team. However, it may be easier to slot a standalone CASB solution into your organization’s existing security architecture.

Buyer's Guide
Secure Access Service Edge (SASE)
March 2023
Find out what your peers are saying about Cisco, Palo Alto Networks, Perimeter 81 and others in Secure Access Service Edge (SASE). Updated: March 2023.
685,707 professionals have used our research since 2012.