Spirent 원형 로고
사이버 보안

SASE and Zero Trust: Four Requirements to Get Beyond “Vision” and Get it Right


SASE and Zero Trust 4 requirements hero

By combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network—and give consumers the security and performance they expect.

Gartner coined the term “SASE” (Secure Access Service Edge) less than two years ago, before anyone had heard of “COVID-19.” At that time, Gartner described SASE as a visionary, dynamically created, policy-based security framework that could better protect the explosion of endpoint devices at the network edge.

SASE goes beyond the capabilities of traditional network security and SD-WAN security because it is specifically built for today’s realities, where the data center is no longer a “center,” the corporate network is a myriad of networks, every user is a branch office, and there is no end to new endpoints.

When combined with a Zero Trust (ZT) approach, in which everyone and everything is authenticated before access is granted, SASE enables companies to consistently apply and enforce security across their entire landscape—continuously and at scale.

The pandemic has forced a new model of network security and made it an urgent priority for many companies. Post-pandemic working-from-home projections further intensify the need for distributed security, especially for companies delivering new cloud-native software products that will be consumed at the edge.

SASE with Zero Trust is emerging as the best option for this new world. But the question remains: how will you transform the “promise” and “potential” of SASE/ZT into real results, right now? How can you get control over the new norm of remote workers and distributed applications, and give consumers the security and performance they expect?

This blog gives you four focal points for addressing those questions so you can harness a SASE/ZT framework that really works for your developers, your consumers, and your business.

#1: Test every conceivable deployment environment.

As you develop products and services for the SASE/ZT marketplace, make sure you test, validate and assure your solutions by pushing your software to the limit from every angle. Make sure your offerings will work in any network, from any cloud, under any set of circumstances, so you can accelerate your learning curve and deliver better outcomes for your customers.

Test and validate with fully virtualized testing and validation solutions that can be deployed in any cloud environment—public cloud, private cloud, telco cloud, edge cloud, multi-cloud, hybrid cloud or local cloud.

These principles apply whether you’re creating a 5G Core or Metro Edge, operating a quality assurance lab, integrating with CI/CD developer tool-chain, and more. Make sure you have holistic SASE/ZT testing, validation, and assurance capabilities. Whether your architecture is based on virtual machines, containers, or bare metal infrastructure, you need to maintain maximum flexibility of deployment across all possible network scenarios.

Of course, it is critical to both validate the design of the service prior to deployment and assure that security and performance are up living up to expectations in the actual production environment. Get your testing from a source that has the tools and experience to do both equally well.

#2: Assess with real traffic, not just “simulation.”

You need to be able to fully emulate your application environment at scale and you need the ability to run attack scenarios in the way a hacker would, entering the network the same way and launching the same code or evasion techniques. With simulation, it’s just play-acting.

Real-world traffic generation and test methodologies give you an accurate representation of all facets of the networking landscape—from discrete application emulation behaviors to fully compliant encrypted transmissions, and the ability to inject impairments, system errors or artificial latencies—that help you understand how your solution will perform under duress.

These capabilities ensure that any product or service under development can be stressed with every scenario that might occur in a production environment, giving the developer the peace of mind that their product is prepared for all eventualities.

#3: Measure the impact of the vulnerabilities you identify.

This is a side benefit of doing realistic attack emulation. Simulating attacks with basic packet replay can lead to false results. With stateful emulation you can assess and quantify the impacts of your security countermeasures in real time against real attack vectors, and you can also evaluate the impact your security measures have on your business model.

For example, if application performance is paramount and cannot be sacrificed due to security measures, you can identify security policies that degrade performance without providing additional security coverage. Your teams can make changes and verify the balance between performance and security continuously.

#4: Make sure the testing is objective and vendor-neutral.

When you look at the history of any new innovation in the networking arena, you have to ask one critical question before you adopt the technology: Who’s setting the standards?

Look no further than SD-WAN. Widespread concern over a lack of standards initially threatened multi-vendor interoperability. Vendors with hidden agendas and competing charters made a host of claims about their products and services, leading to confusion and complexity. Thankfully, the community has responded in the Metro Ethernet Forum (MEF) to instill order by creating consensus in the form of SD-WAN certifications.

Simply put, work with a testing solution provider that works with the community to ensure that its solutions conform to industry standards and specifications—not just MEF, but all segments of the network communications market, including high-speed Ethernet, WiFi-6, 5G, Global Positioning and Timing and Lifecycle Service Assurance, and, of course, SASE and Zero-Trust.

If you can get independent, standards-based, vendor-neutral testing, validation, and assurance of security and performance in the SASE/ZT environment, you may just attain something that’s exceedingly rare today: peace of mind.

One example shows how everyone wins

How does the holistic, realistic, standards-based approach to SASE/ZT validation outlined in this blog benefit real-world companies? Here’s one quick example. I’ll leave the company names out, but the story is true.

One of our clients, a large, high-speed telecom service provider, had a request from a customer, a global financial services enterprise. The financial service firm provides a guest network to its end customers in branch offices, and they wanted assurance that an edge security managed service could be integrated into its SASE framework without degrading the user experience.

The company did not want a “best guess.” They wanted a reality check. Spirent was able to validate that the security edge technologies of SASE were operating properly in the policy domain WITHOUT creating latencies in the performance domain.

Spirent tested and confirmed how many users could be supported. Along the way, our testing also uncovered new insights, such as:

  • What types of traffic performed most efficiently

  • What could potentially cause performance slow-downs

  • How those slow-downs could be avoided

  • Capacity of VPN connectivity

  • And traffic anomalies that needed further attention.

This created a win for everyone:

  • The telecom service provider got an objective validation of network performance

  • The security service provider gained insights into performance issues it hadn’t accounted for

  • The financial services customer validated that its guest network met user expectations

  • And Spirent proved its value in the new world of SASE/ZT security testing and validation

To quickly recap: by combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network. This comes with a number of benefits:

  • Stronger network security with fewer layers to manage

  • Centralized policy management

  • Lower costs with higher scalability

  • And a single view of your entire network

And if you do it right, you can give consumers the security and performance they expect.

Watch the video to learn more about SASE and Zero Trust오른쪽 화살표 아이콘

콘텐츠가 마음에 드셨나요?

여기서 블로그를 구독하세요.

블로그 뉴스레터 구독

Dave Larson
Dave Larson

제너럴 매니저, 클라우드 & IP

Dave는 Spirent Communications Cloud & IP 부문의 제너럴 매니저로 회사 전반의 기술 비전 및 전략을 맡고 있습니다. Dave는 Spirent의 모든 제품 라인에 통합하기 위한 클라우드 네이티브 영역에 미래 지향적인 테스트, 측정 및 보증 솔루션을 개발하는 Spirent Advanced Technology 팀을 이끌고 있습니다. 부상하는 기술 스타트업과 대기업을 위한 네트워크, 네트워크 보안 및 클라우드 아키텍쳐 부분에서 25년 이상의 경험을 보유하고 있습니다. Spirent에 합류하기 전에는 데이터센터 네트워크(Data Center Networking) 사업 부문 부사장과 제너럴 매니저직을 겸임했으며, 그 전에는 HP(Hewlett Packard)에서 네트워크, 보안 및 고급 클라우드 기술 및 전략(Networking, Security and Advanced Cloud Technology and Strategy) 부분의 최고 기술직(Chief Technologist)을 맡았습니다. 이전에 Dave는 캐리어급, 테라비트급 DDoS 완화 솔루션 개발업체인 Corero Network Security의 COO/CTO였습니다. 그 전에는 Advanced Technology의 부사장과 HP Networking의 CTO를 역임했습니다. 또한 Dave는 3Com Corporation, TippingPoint, Xedia(Lucent에서 인수), Sandburst(Broadcom에서 인수), Tizor Systems(Netezza/IBM에서 인수)를 비롯한 여러 조직의 제품 및 기술 부문에서 고위 역할을 담당했습니다. Dave는 매사추세츠주 웬햄의 고든칼리지(Gordon College)에서 물리학 학사를 받았습니다.