Latest News

Introducing SASE into an existing security environment 

Introducing SASE into an existing security environment 

Secure Access Service Edge (SASE) has developed into a modern and platform-based security concept that solves many of the problems of traditional products.  

Most companies use multiple security solutions from different manufacturers and often lose track of the big picture. Isolated solutions always lead to both overlaps in the scope of functions, and security gaps that are not even covered. Some vendors do not design their standalone solutions to integrate or exchange data with others. These disparate environments create immense complexity in the detection, prevention and resolution of security incidents. In conjunction with the changing requirements of a modern infrastructure with distributed services and users, this is a dangerous combination. 

SASE promises to make this easier. The focus is on convergence, i.e. reducing the number of products used without having to sacrifice functionality. Isolated solutions are replaced by a cloud-managed platform with cloud-delivered functionality. This simplifies the introduction and daily operation for administrators, and leads to synergy effects. Shared configurations that work on multiple technical components make administration easier and facilitate a consistent level of security across multiple use cases. In a single management application, troubleshooting and analysis of security incidents or the identification of optimization potential becomes much clearer. 

The core functions of a SASE platform include: 

Zero Trust Network Access (ZTNA) – Secure remote access to corporate resources with identity- and application-based enforcement. 

Secure Web Gateway (SWG) – The secure web gateway provides web security for end-user internet access. 

Firewall-as-a-Service (FWaaS) – Firewalling delivered through the cloud-as-a-service. Users have the option to add on-premises hardware.  

Software-Defined Wide Area Network (SD-WAN) – Seamless connectivity with built-in redundancy and failover mechanisms between corporate sites and the cloud. 

Cloud Access Security Broker (CASB) – The cloud access security broker is the security layer between the user and the service and oversees authentication and security enforcement. 

Barracuda SecureEdge 

With the SecureEdge platform, Barracuda offers a cloud-managed SASE solution that securely and reliably networks users, company locations, and IOT devices with services and workloads of all kinds, whether in the public cloud, its own company data centers, or on the public Internet. You can find more details about SecureEdge here. 

How does this fit in with existing infrastructures? 

Very few IT departments can implement a completely new security design without taking existing infrastructure and requirements into account. Start-ups are of course well advised to get their business applications, services, and security infrastructure from the cloud. SASE is a highly recommended solution that is ideally suited for cases like this. However, when a new concept is to be introduced in an existing environment, a cautious approach is required.  

Of course, minimizing downtime due to changeovers is crucial, and it is rare for any company to replace several products with a uniform platform at the same time. In existing security and network infrastructures, it is therefore advisable to prioritize the use cases and plan a gradual introduction. 

Use cases for SASE adoption 

Secure remote access to company applications with ZTNA 

ZTNA is a core component of every SASE platform and is, therefore, seamlessly integrated with the other functions, but it can also be combined with existing environments. This makes ZTNA a suitable entry-level scenario for SASE. A software agent on mobile end devices such as laptops or cell phones grants users secure access to defined company applications or not. Unlike traditional VPN connections, users can regulate access granularly at an individual application level. A cloud service functions as the central point of entry, and it can easily connect with existing infrastructure components such as firewalls. Whether Barracuda CloudGen Firewall or a product from another provider is used here is irrelevant. This makes ZTNA the ideal entry-level scenario for SASE newcomers. Remote access offers great potential for attack and often has serious weaknesses. Companies can achieve a significant improvement in corporate security here with little effort. 

Web security with SWG 

Like ZTNA, modern web security is relatively easy to implement without having to modify the existing network. Especially in the area of web security, there are striking differences in the level of security depending on the user’s location. While office workplaces usually thoroughly inspect and, when necessary, filter web traffic, there are often hardly any restrictions on web access for users outside the locations with firewalls. However, if the same level of security is not enforced when users are traveling or working from home, this is a major problem. Regardless of location, the system should block malicious websites and filter undesirable categories of content in the interests of compliance. The level of access can be finely controlled, depending on what the company needs. This can include regulating access based on keywords or other granular parameters. Incidentally, the SWG and ZTNA use cases also fit together perfectly, but they can also be operated separately. 

Although SASE offers a security platform with a very wide range of functions that can certainly replace several standalone products, not everything has to be put into operation immediately. Individual use cases can be selected and prioritized. 

Step-by-step deployment 

Define goals 

If SASE is to be evaluated as a concept, you should first consider what you want to achieve with it and where existing security may be reaching its limits. In principle, the aim should be to reduce complexity and the number of products and manufacturers in use. 

Security assessment 

Before selecting a suitable solution, you should first get an overview and clarify a few technical details. Are there any known gaps in the security posture or vulnerabilities or outdated technologies that are causing headaches? Then you should start there.  

Which use cases need to be addressed? To what extent are cloud services integrated and is an FWaaS tool required as a cloud on-ramp? Are there plans to replace on-premises hardware and should SD-WAN be considered for optimized site networking?  

All these questions depend on the individual needs of the organization. At Barracuda, we are always happy to provide support. 

Staging test 

Once the requirements have been clarified, you naturally want to test the chosen solution extensively before going live. With Barracuda SecureEdge, all use cases can be tested free of charge. 

Turn on and optimize 

Once the decision has been made, it is essential to achieve initial success quickly. For this purpose, a selected scenario is put into operation after the planning phase. As soon as everything is working as intended, the range of functions can be expanded as required. The most important thing is that user requirements are always considered and fulfilled. This also requires appropriate support training and technical assistance. 

At this point, the process of continuous evaluation and optimization as part of the regular operations begins. 

How we support 

With Barracuda SecureEdge, we offer a SASE platform with proven technology. The modular design allows step-by-step commissioning – even in existing infrastructures. We are happy to support you with the design, evaluation, and commissioning! 

Email solutions@pmddatasolutions.co.uk to find out more about how SecureEdge can help you.

Other News

News by Category

News Archive