Answering the Top Questions About SASE Asked by IT Professionals
We’ve all heard of AV and VPN, but there are many more cybersecurity-related acronyms and abbreviations that are worth taking note of. We gathered a list of the key acronyms to help you keep up with the constantly evolving cybersecurity landscape.
Secure Access Service Edge (SASE) is a cloud-based solution that converges network and security functionalities. SASE’s built-in SD-WAN functionality offers network optimization, while the integrated security stack – including Next Generation Firewall (NGFW), Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and more – secures traffic over the corporate WAN. According to Gartner (that coined the term), SASE is “the future of network security.”Cybersecurity Master Class | Check it out
Cloud Access Security Broker (CASB) sits between cloud applications and users. It monitors all interactions with cloud-based applications and enforces corporate security policies. As cloud adoption grows, CASB (which is natively integrated into SASE solutions) becomes an essential component of a corporate security policy.
Zero Trust Network Access (ZTNA), also called a software-defined perimeter (SDP), is an alternative to Virtual Private Network (VPN) for secure remote access. Unlike VPN, ZTNA provides access to corporate resources on a case-by-case basis in compliance with zero trust security policies. ZTNA can be deployed as part of a SASE solution to support the remote workforce of the modern distributed enterprise.
Software-Defined Perimeter (SDP) is another name for ZTNA. It is a secure remote access solution that enforces zero trust principles, unlike legacy remote access solutions.
Zero Trust Edge (ZTE) is Forrester’s version of SASE and uses ZTNA to provide a more secure Internet on-ramp for remote sites and workers. A ZTE model is best implemented with SASE, which distributes security functionality at the network edge and enforce zero trust principles across the corporate WAN.
Deep Packet Inspection (DPI) involves looking at the contents of network packets rather than just their headers. This capability is essential to detecting cyberattacks that occur at the application layer. SASE solutions use DPI to support its integrated security functions.
Next-Generation Firewall (NGFW) uses deep packet inspection to perform Layer 7 application traffic analysis and intrusion detection. NGFW also has the ability to consume threat intelligence to make informed threat decisions and may include other advanced features beyond those of the port/protocol inspection of the traditional firewall.
Firewall as a Service (FWaaS) delivers the capabilities of NGFW as a cloud-based service. FWaaS is one of the foundational security capabilities of a SASE solution.
Intrusion Prevention System (IPS) is designed to detect and block attempted attacks against a network or system. In addition to generating alerts, like an intrusion detection system (IDS) would, an IPS can update firewall rules or take other actions to block malicious traffic.
Secure Web Gateway (SWG) is designed to protect against Internet-borne threats such as phishing or malware and enforce corporate policies for Internet surfing. SWG is a built-in capability of a SASE solution, providing secure browsing to all enterprise employees.
Next Generation Anti-Malware (NG-AM) uses advanced techniques, such as machine learning and anomaly detection to identify potential malware. This allows detecting modern malware, which is designed to evade traditional, signature-based detection schemes.
Unified Threat Management (UTM) is a term for security solutions that provide a number of different network security functions. SASE delivers all network security needs from a cloud service, eliminating the hassle of dealing with appliance life-cycle management of UTM.
Data Loss Prevention (DLP) solutions are designed to identify and respond to attempted data exfiltration, whether intentional or accidental. The deep network visibility of SASE enables providing DLP capabilities across the entire corporate WAN.
Web Application Firewall (WAF) monitors and filters traffic to web applications to block attempted exploitation or abuse of web applications. SASE includes WAF functionality to protect web applications both in on-premises data centers and cloud deployments.
Security Information and Event Management (SIEM) collects, aggregates, and analyzes data from security appliances to provide contextual data and alerts to security teams. This functionality is necessary for legacy security deployments relying on an array of standalone solutions rather than a converged network security infrastructure (i.e. SASE).
Security Operations Center (SOC) is responsible for protecting enterprises against cyberattacks. Security analysts investigate alerts to determine if they are real incidents, and, if so, perform incident response and remediation.
Managed Detection and Response (MDR) is a managed security service model that provides ongoing threat detection and response by using AI and machine learning to investigate, alert, and contain threats. When MDR is incorporated into a SASE solution, SOC teams have immediate, full visibility into all traffic, eliminating the need for additional network probes or software agents.
Transport Layer Security (TLS) is a network protocol that wraps traffic in a layer of encryption and provides authentication of the server to the client. TLS is the difference between HTTP and HTTPS for web browsing.
Secure Sockets Layer (SSL) is a predecessor to TLS. Often, the protocol is referred to as SSL/TLS.
Threat Intelligence (TI) is information designed to help with detecting and preventing cyberattacks. TI can include malware signatures, known-bad IP addresses and domain names, and information about current cyberattack campaigns.
Common Vulnerabilities and Exposure (CVE) is a list of publicly disclosed computer security flaws. . Authorities like MITRE will assign a CVE to a newly-discovered vulnerability to make it easier to track and collate information about vulnerabilities across multiple sources that might otherwise name and describe it in different ways.
Advanced Persistent Threat (APT) is a sophisticated cyber threat actor typically funded by nation-states or organized crime. These actors get their name from the fact that they have the resources and capabilities required to pose a sustained threat to enterprise cybersecurity.
Distributed Denial of Service (DDoS) attacks involve multiple compromised systems sending spam requests to a target service. The objective of these attacks is to overwhelm the target system, leaving it unable to respond to legitimate user requests.
Extended Detection and Response (XDR) is a cloud-based solution that integrates multiple different security functions to provide more comprehensive and cohesive protection against cyber threats. It delivers proactive protection against attacks by identifying and blocking advanced and stealthy cyberattacks.
Security Service Edge (SSE) moves security functionality from the network perimeter to the network edge. This is the underlying principle behind SASE solutions.
Indicators of Compromise (IoC) is data that can be used to determine if a system has been compromised by a cyberattack such as malware signatures or known-based IP addresses or domains. IOCs are commonly distributed as part of a threat intelligence feed.