The 8 Most Important Factors to Consider When Evaluating a SASE Security Solution
August 20, 2021 By BlueAlly
By David Gormley, Cisco
Secure access service edge (SASE) solutions — cloud-delivered security combining networking and security functions — are on the rise, fueled in part by the events of the past year’s shelter in place order and the need to secure work from home in countless locations. As companies and employees begin their return to the office, one thing is clear: the hybrid work model is here to stay — and SASE solutions are critical to supporting this new normal.
Selecting a SASE solution is a big decision. How do you determine which one is right for your needs today and able to grow with you in the future? Here are 8 factors to help direct your search:
1. Does the solution have a complete, integrated SASE architecture?
The appeal of a SASE solution is consolidation, and using a single vendor enables you to achieve key SASE benefits, eliminating the complexity of managing best-of-breed point solutions with different operating systems, consoles, and limited integration.
To ensure you reap the full rewards of SASE, choose a vendor that offers the full breadth of SASE components including a cloud-based SD-WAN and security offerings that combine Zero Trust Network Access (ZTNA), a secure web gateway (SWG), and a cloud access security broker (CASB), ensuring that networking and security capabilities are fully integrated into a single service, and not just stitched together. Closely evaluate the integration of the services to make sure you can support direct internet access (DIA), secure cloud applications, and extend protection to roaming users and branch offices from a single console and a single method for setting policy.
Cisco delivers the complete range of SASE capabilities through several networking and security components. Cisco SD-WAN is a flexible cloud-managed networking solution that meets the complex needs of modern WANs. Cisco Umbrella is a cloud security service that delivers a secure, reliable, and fast internet experience by unifying multiple security functions into a single service. Umbrella includes ZTNA, Domain Name System (DNS) security, Firewall-as-a-Service (FWaaS), SWG, CASB, SD-WAN integration, and threat intelligence.
2. Is there a flexible consumption model that enables scaling up and down?
SASE solutions enable the flexibility to scale up and down, and this should apply to consumption models as well. Networking SD-WAN is typically licensed by bandwidth whereas security solutions are licensed per user, per year. And, having different providers for each means having multiple vendors on different pricing models, adding complexity and reducing flexibility.
Instead, look for a vendor that offers a simple, flexible consumption model with networking and security solutions in the same license. Check to make sure that the model meets your unique situation and can scale as you grow.
Cisco Umbrella has a single-offer, single-license solution that covers SD-WAN and Umbrella’s multi-function security. Additional license flexibility is forthcoming with the ability to buy Cisco Secure Web and Umbrella licenses with one simplified SKU and easily convert a license from Cisco Secure Web to an Umbrella license.
3. Does the vendor have a native global cloud architecture?
A vendor’s SASE architecture will dictate its performance — the speed, reliability and scalability that will power your business. A native global cloud architecture connects and secures all your locations, cloud resources, and remote users, everywhere. To deliver optimal performance, networking and security need to be delivered in a distributed manner close to the endpoint. This means that a vendor must have a large geographical footprint with many points of presence (PoP).
In evaluating a vendor’s native global cloud architecture, ensure that traffic routes through worldwide POPs, high-bandwidth backbones, and peering partners. Evaluate the number and location of POPs and peering relationships and check that they map to your requirements.
Cisco Umbrella’s cloud-native, multi-tenant network architecture uses container-based microservices to offer service flexibility, seamless updates and new innovation, and higher, more dynamic scalability. Direct peering [KQ1] to 1,000+ ISPs, CDNs, and SaaS platforms allow Cisco to deliver the fastest route to and from SaaS applications––2x most competitors.
4. Does the vendor have a proven track record for protection and security efficacy?
Threat protection requires deep visibility into current and future problems. For example, scanning content in session checks for malware and content sandboxing. On public Wi-Fis, applying DNS-based protection services and encrypting at a local POP prevents eavesdropping.
Consider vendors with proven track records of threat detection and security efficacy backed by third party validation. Obtain their metrics for threat detection rates, “block before connection” ratios, and other statistics.
In a recent security efficacy test performed by AV-Test, Cisco Umbrella received the highest threat detection rate in the industry at 96.39%.
5. Is there support for a hybrid approach?
The reality is that the transition to SASE will take time. You may have existing investments in hardware that are not fully amortized and in software contracts with time remaining. Additionally, you may be moving from on-prem to a hybrid or cloud environment.
To support your unique cloud journey, look for a vendor that can integrate with your existing systems like security appliances, threat intelligence platforms, and in-house tools. The ability to integrate protects your existing investments, affording you time to transition to a single vendor on your terms.
Cisco Umbrella was built with a bidirectional API to easily integrate with other systems. Umbrella includes pre-built integrations with more than 10 security providers (including Splunk, FireEye, and Anomali) and manages up to 10 custom integrations.
6. Is there robust threat intelligence?
Proactive SASE security is backed by robust and active threat intelligence that learns from internet activity patterns, enabling you to block threats before they attack your organization.
When it comes to intel, look for a vendor that conducts real-time analysis of live threat feeds from global internet activity, and combines human intelligence with statistical and machine learning models.
Cisco Umbrella takes a proactive approach to blocking threats. Umbrella has visibility into 350 billion internet requests and analyzes 1.5 million unique malware samples daily. Umbrella blocks 20 billion threats every day––more than 200X some vendors. Cisco Umbrella leverages data from Cisco Talos Intelligence Group, one of the world’s largest threat research teams. Talos uses statistical and machine learning models to analyze and automatically uncover malware, ransomware, and phishing.
7. Is there unified management?
Throughout your SASE journey, you’ll oversee an assortment of security services or solutions. Centralized administration simplifies management and allows security and network policy to be handled from a single, unified console.
Look for a solution provider that offers a single console from which to manage different security functions through a unified interface.
Cisco Umbrella includes Cisco SecureX, a cloud-native XDR platform that connects the Cisco security portfolio with your infrastructure to create a simpler, more consistent experience. Compiling security data from across products and a wide range of third-party security solutions, Cisco SecureX and Cisco Umbrella provide context on threats and attacks, and reduces the time, money, and resources it takes to investigate incidents and remediate issues.
8. Is there flexible integration with SD-WAN?
Some companies offer SD-WAN as a standalone networking solution which lets them set up new sites quickly through a local ISP that provides a DIA link. But this scenario does not include security unless the SD-WAN has built-in security capabilities.
A cloud-native SASE security solution that fully integrates with SD-WAN is able to secure cloud access and protect branch users, connected devices, and app usage from direct internet access breakouts.
Cisco Umbrella integrates with SD-WAN in just a few clicks, instantly deploying powerful protection across hundreds of users and devices. Combined, SD-WAN and Umbrella allow you to secure your users wherever they access the internet, while providing a streamlined user experience, lightning-fast performance, and simplified security management.
Your next steps
It’s time to choose a SASE solution that meets your unique needs and puts you on the path towards a converged network and security future. Sign up for a Cisco Umbrella free trial to explore how our cloud-native security service delivers multiple security functions in a single, simple-to-manage SASE solution.