Secure Access Service Edge (SASE) is an enterprise networking and security category introduced by Gartner. SASE converges SD-WAN and Security Service Edge (SSE) functions, including FWaaS, CASB, DLP, SWG, and ZTNA, into a unified, cloud-native service.

With SASE, enterprises can eliminate the effort and costs required to maintain complex and fragmented infrastructure made of point solutions, reduce the risk for breach and data loss with optimal security posture, enable secure work from anywhere, and improve access to global applications on premises and in the cloud.

SASE is a layered, interwoven fabric of network and security technologies that protect an organization’s data and systems from unwanted access. It enables enterprises to deliver protected networking and security services in a consistent way and supports the unceasing movement towards digital business transformation and workforce mobility

SASE achieves its capabilities because it’s built upon a solid platform of SD-WAN and is intertwined with software intelligence. This combination allows users to access applications from any device, and from any location. The result is enhanced security with less network complexity.

Enhanced SDWAN is required and will include 3 components SD-WAN, SWG and FWaaS, the customer will not be required to use all the functionality included but it will come with it as standard.

The 3 components included with Enhanced SD-WAN are defined below.

• • SD-WAN – (Included with Enhanced SD-WAN) Your network drives your business by supporting customer experience and employee applications. Network solutions like SD-WAN deliver the agility to thrive in today’s rapidly changing business environment.
  • Firewall as a Service (FWaaS) – (Included with Enhanced SD-WAN) FWaaS is a firewall solution delivered as a cloud-based service. It provides hyperscale, next-generation firewall capabilities to deliver a wide range of network security features, whenever and wherever businesses need it.
  • Secure Web Gateway (SWG) – (Included with Enhanced SD-WAN) A SWG prevents unsecured traffic from entering an organization’s internal network. It safeguards users from being infected by malicious web traffic, websites, viruses and malware.

The following Add-ons are available at an extra charge each. They are not stand-alone. The Enhanced SDWAN product is required for each of these to be added to it individually or all together. These are applied to all sites and end user devices on the account.

• • Zero trust network access (ZTNA) – (Available as a Add On at an extra charge) Organizations benefit from ZTNA’s security, scalability and network capabilities needed for secure remote access and to prevent data loss and cyberthreats.
  • Cloud Access Security Broker (CASB) – (Available as a Add On at an extra charge) CASB allows organizations to manage and protect the data stored in the cloud. It enforces security policies and complies with regulations, even when cloud services are beyond their perimeter.
  • NGAM (Next-Generation Anti-Malware) or NGAV (Next-Generation Anti-Virus). Cato uses Sentinel One’s Nexus SDK to identify threats without signatures and stop zero-day malware from ever reaching endpoints.
  • IPS (Intrusion Prevention System) is a technology for securing networks by scanning and blocking malicious network traffic. By identifying suspicious activities and dropping packets, an IPS can help reduce the attack surface of an enterprise network. Security attacks like DoS (Denial of Service), brute force attacks, viruses, worms and attacking temporary exploits can all be prevented with an IPS.
  • MDR (Managed Detection & Response) Cato seamlessly extends customers’ internal threat detection capabilities to continuously monitor the network for compromised malware-infected endpoints. Because network traffic is flowing through Cato, Cato can deliver a zero-footprint detection of persistent threats without installing agents or appliances to gain traffic visibility. Cato MDR uses a combination of machine learning algorithms that mine network traffic for indicators of compromise, and human verification of detected anomalies. Cato experts then guide customers on remediating compromised endpoints.