SASE: It’s the iPhone of Networking

Dave Greenfield
November 10, 2020

When the Apple iPhone hit the market in 2007, it was described as “revolutionary.” The monumental success of the iPhone – and countless imitators from other smartphone vendors – has proven the term to be correct. But why? What’s the big innovation of the smartphone? After all, the components in a smartphone predated this type of device by years. We had our PDAs for our contact lists and appointments, digital cameras to take photos, mobile phones to place calls, handheld GPS to find our way to places, and portable media players for music.

The innovation of the smartphone was, of course, that it converged all these functions (and more) together. Convergence. That is the innovation of SASE.

When Gartner defined the market for the Secure Access Service Edge (SASE) last year, we had already seen all its networking and security functions on the market. We already had firewalls and UTMs. We had mobile access solutions. We had SD-WAN and networking. But we had them as separate solutions coming from different vendors, which made their deployment quite complex. What’s more, with the functions being separate components, taking advantage of capabilities across the functions required heavy integration and multi-vendor coordination.

Like the smartphone, SASE’s first innovation is that it brought all those disparate components together into one converged and convenient platform. This makes deployment and delivery much simpler.

Convergence Is More Than Convenience

Packaging multiple functions into a smartphone did more than save pocket space. It created a platform that could be used for unlimited applications. Sensors and software and other capabilities all built into the smartphone resulted in several benefits. First, things work together seamlessly, so no integration is needed. Second, app developers don’t have to create functions for themselves because they can simply use what the platform already offers. But most importantly, a robust platform with lots of capabilities is a force multiplier to spur even more innovation and new kinds of solutions that might otherwise be impractical or even impossible to build.

For example, the language translation app Google Translate builds on some of the inherent features of the smartphone in a very innovative way. This app delivers a language conversion engine that lets you translate a sign written in a foreign language in real-time. It uses the smartphone’s camera to capture an image of the sign, embedded OCR to convert the image into text, and then Google’s own language engine to translate the foreign text to the target language. Google used some of the capabilities of the smartphone, coupled with its own technology, to create a unique and high value application. Delivery of Google Translate’s capabilities wouldn’t be possible without convergence of functions on the device.

A SASE Platform Enables Capabilities that Were Previously Impractical, If Not Impossible

The same is true of SASE. Pulling together all networking and security functions into a single, coherent platform does more than make deployment simpler. It allows for combining data and capabilities in different ways to develop new solutions that otherwise might have been impossible to deliver. Let’s explore some examples of the benefits of convergence in the Cato SASE platform:

  • ZTNA and Remote Access -VPNs have traditionally been the dominant point solution to provide remote access to a network. However, VPNs bring risk to an enterprise due to the lack of granular control over network access. Software-defined perimeter (SDP), also called Zero Trust Network Access (ZTNA), enables tighter overall network security for remote access users. SASE converges ZTNA, NGFW, and other security services along with network services such as SD-WAN, WAN optimization, and bandwidth aggregation into a cloud-native platform. Enterprises that leverage Cato’s SASE architecture receive the benefits of ZTNA along with a full suite of converged network and security solutions that is both simple to manage and highly scalable.
  • High-Performance FWaaS – Firewall as a service is a multifunction security gateway delivered as a cloud-based service. It is often intended to protect mobile users and small branch offices that have no dependency on the central datacenter for applications. Standalone FWaaS offerings often incur poor site-to-site performance because of their few PoPs and dependency on the unpredictable, global Internet. With integrated FWaaS, Cato’s SASE architecture, though, addresses these shortcomings to deliver high-performance FWaaS.
  • Threat Prevention – The Cato SASE platform detects and prevents threats not only based on signatures and security feeds but also on network characteristics. This latter information wouldn’t be available if Cato’s security services had been built on a security-only platform. Instead, Cato captures the network metadata of all flows from all users at all customers in massive data warehouse and enriched with threat-intelligence feeds and other security-specific information. Data aggregation and machine learning algorithms mine the full network context of this vast data warehouse over time, detecting indicators of anomalous activity and evasive malware across all customer networks. It’s the kind of context that can’t be gleaned from looking at networking or security domains distinctively, or by examining just one organization’s network. It requires a converged solution like Cato, examining all traffic flows from all customers in real-time.
  • Event Correlation – Last year, Cato introduced SIEM capabilities called Instant*Insight, offered with the Cato platform at no added cost to customers. Instant*Insight organizes the millions of networking and security events tracked by Cato into a “queryable” timeline through a single-pane-of-glass. This service tracks issues for all sites, mobile users, and cloud resources. IT teams can quickly drill down into and correlate these events to arrive at the root cause of issues.

For years, organizations have looked for such a platform but delivering it was impractical before SASE convergence. Network appliances typically share log data – not raw event data – with SIEMs. Even then the right APIs need to be written, the data needs to be normalized, and only then can it be stored in a common datastore. It’s a massive undertaking when networking and security are separate functions. But Cato was able to develop Instant*Insight in a matter of months precisely because we were able to leverage the power of convergence. The data has already been gathered and the base tool sets were available.

In short, a true SASE platform does more than make deployment easier. It converges capabilities together to form a platform that provides the basis of new capabilities. Integration can’t give you that—only smartphone-like convergence can.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.