How to reach an ideal state of cyber threat prevention
In this article we extract from a report on Secure Access Service Edge (SASE) on how to reach an ideal state of cyber threat prevention.
The enterprise work environment has forever shifted to a highly-distributed model of users, data, apps, and service. Without signs of this perimeterless evolution abating, organizations are now reckoning with how to adapt their “best of breed” on-premises security approach to the cloud- centric nature of today’s business — and do so before the next attack.
Under pressure like never before, defenders are clamoring to change the security dynamic as threat actors rejoice in their success. In 2020, a staggering 86% of organizations experienced a successful cyberattack. The increase, up from 81% the prior year, was the largest year-over-year increase in the last six years.
Preventing malware with SASE Security
To change the power dynamic in the current threat landscape, organizations must be able to consolidate their security toolbox to gain greater efficiencies, lower costs, and improve risk reduction.
And, the most natural way to actualize these benefits is by bringing together a combination of capabilities that align and allow for close integration of data flows. Working as one, with a shared policy and management framework and wholistic visibility, the security capabilities are free to scale globally and interact seamlessly for improved security outcomes.
Protecting against cyber threat
SASE Security improves security and risk reduction without additional IT overhead and oversight.
When evaluating SASE Security vendors, one critical decision point is the design and deployment. For organizations, there are typically two options:
Option 1:
Evaluate separate vendors for each technology set (CASB, SWG, ZTNA, firewall-as-a-service [FWaaS], remote browser isolation [RBI], etc.) and then use an internal or third-party resource to stitch together capabilities to form a consolidated SASE Security solution.
Benefits:
• This allows organizations to select their perceived “best of breed” product for each SASE Security category for complete customization of capabilities and functionality across requirements.
Challenges:
- Requires significant integration investment and time
- Can lead to lengthy deployments
- Complexity of managing several disparate solutions, resulting in IT burden from more hands-on monitoring and management to ensure harmonious operations
- Multiple vendor relationships and SLAs to manage
Option 2:
Evaluate vendors with comprehensive security platforms that include all the needed SASE Security capabilities in one integrated offering.
Benefits:
• Centralized management and visibility for easier use by IT and security teams without integration work and the associated added costs
• Faster deployment compared to multi-vendor scenarios
• Single predictable bill for all security functionalities
• Streamlined vendor and SLA management
• Simplified troubleshooting and system maintenance needs
Challenges:
• Potentially less customizable
• Possibility of blind spots a single vendor cannot identify
SASE Security is centered around threat prevention, allowing adopters to consolidate key — not all — security functions to gain previously unattainable efficiency and economy of scale.
Secure Web Gateway
SWG is a long-standing solution, yet not all SWGs work in today’s highly-distributed, work-from-anywhere environments, which have set the stage for SASE Security adoption.
Cloud Access Security Brokers
Organizations that use cloud environments to power work often have a security blind spot in the persistent connection outside of their data center. Beyond the bounds of their infrastructure — they don’t know what they don’t know.
Because of this, CASBs are placed between an organization’s on-premises infrastructure and a cloud-provider’s infrastructure. Acting as a gateway, CASBs give users safe access to SaaS platforms while providing security teams with the deep visibility and control they need to keep the business safe.
As an integral part of SASE Security, CASBs deliver cloud-specific capabilities that are not commonly found in traditional security products. Because of this, choosing a forward-leaning solution that goes beyond commonly available core functionality may offer futureproofing benefits.
Zero Trust Network Access
Many security vendors claim to have solutions with Zero Trust, but not all use the term to mean the same thing. The Zero Trust security model focuses on evaluating trust on a per-transaction basis so that nothing is considered automatically “trusted” based on network location or IT address. Using Zero Trust as a framework, vendors have begun building out Zero Trust Access (ZTA) and ZTNA solutions:
ZTA = knowing and controlling who and what is on your network ZTNA = brokered access for users to applications
When evaluating an SASE Security platform, ZTNA should be at the core as a newer way to regulate and secure access. Especially as VPNs are faltering under the increased load of virtual workforces.
Remote Browser Isolation
Today, users spend 75% of their work day either in a web browser or attending virtual meetings.3 While the journey to SASE Security can involve many different technologies to achieve secure work, the significant time spent in a web browser deserves special attention.
RBI works by routing all web traffic through a remote server or cloud location before sending a rendering to the user. Like other technologies in the SASE Security menu, not all RBI offerings provide the same level of integrated security.
Becoming invincible against threats
Translating SASE Security into your own security architecture may still feel like a challenge. After all, adopting new technologies and mindsets isn’t an easy lift for any company. Putting proper security controls in place will take time and resources, but in the end, SASE Security will yield worthwhile benefits.
Key SASE Security security stages
- Adopt a full cloud-based SASE Security stack to provide security coverage no matter where a user is located.
- Refresh your data loss prevention policy, including laying out where data can be stored, how it can be used, and who can access it.
- Increase visibility into access across the computing environment.
- Add CASB data authentication and encryption points to protect applications on the cloud, establish control, and improve visibility.
- AdoptaZTNAmindsettoovercomethemanyshortcomingsofVPNsinthe hybrid work environment. SASE Security positive outcomes SASE Security does not clearly dictate what security solutions you must adopt. Rather, it’s a list of converged technologies which you can choose
from for the maximum business and security impact. Since many of these technologies aren’t new, the true focus of SASE Security should be more about how these core, consolidated services can be brought into balance with each other to achieve positive outcomes.