The network’s perimeter has been gradually changing over the last ten years or so — effectively since the cloud’s ubiquity — but it has changed beyond all recognition in the last two years.
In many ways, the organization’s network perimeter is now fragmented into several pieces comprising every home or remote office network, every public cloud, and even every cloud service used in the day to day working of the enterprise. As IT departments will know, with the average number of remote services in the average enterprise at around 1,200, the IT perimeter is effectively now dissolved.
To better protect users across the business, security teams are rethinking the way cybersecurity and safety are implemented. The modern approach is to establish zero-trust network connectivity with all resources, be they in the cloud or the organization’s data centres.
Initial moves were to position hardware security devices to broker connections at every edge location and virtualized security devices for web instances of apps and services – web application firewalls (WAFs).
However, since 2019, Gartner has referred to a new generation of facility it terms SASE (Security Access Service Edge). It combines the best aspects of several existing technologies, extending them and adding more granular examination and protection methods too. The SASE model removes the need for perimeter-based devices — as impractical as that is in 2021 — and lets users connect to and interact with the services they use daily, all under the umbrella of centrally formulated security policies.
The Netskope advanced SASE platform arbitrates between the many connections every user and application makes between the endpoint and the app or service. Users connecting to SaaS platforms are identified and provided with access to appropriate applications securely, regardless of where those applications might be. Furthermore, automated apps in daily use (like the synchronization between desktop and Dropbox repositories, for example) are subject to the same levels of scrutiny. Those capabilities mean that users are protected from even very advanced spoofing techniques, where rogue services masquerade as trusted ones.
With a methodology of a zero-trust network dictating security practice, the organization is protected by a variety of control and security methods that are controlled centrally — there is no need for multiple point products (VPN, WAF, firewalls, proxies, etc.). The Netskope SASE is built of microservices that allow granular control down to the finest detail (of browser type or OS, for example) yet represent policy in a single platform architecture.
As the service is fully cloud-based and constructed in cloud-native frameworks, it scales according to the needs of the users and devices in the organization. The high bandwidth and low latency overheads give users a seamless layer of protection that is driven by advanced AI algorithms and informed by multiple data sources such as SIEM, public SOC postings, and of course, Netskope’s expertise.
The SASE stops access to insecure applications anywhere on the internet, thanks to databases of tens of thousands of safety-ranked sites, apps, and services, plus hybrid working models are protected — the location of any member of staff is irrelevant and is always protected.
There is also good news with regards to “traditional” cybersecurity costs, like endpoint protection, cloud and edge security brokerage, and intrusion detection systems. The advanced platform stops a range of threats from malware, right up to very advanced spear-phishing and DNS-based attacks, all from the same single platform. Maintenance and management of security policies are simple, with individual users granted access only to appropriate resources and safe destinations. At all times, the solution is context-aware, with smart algorithms building pictures of genuine use and flagging potential anomalies to security teams.
In a later article on these pages, we’ll be taking a deeper look at the platform and talking to the Netskope CTO Michael Ferguson about some of the technology under the hood. But if what you’ve read here has sparked your interest, then head over here for more information.