Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreThe need for more robust cybersecurity measures skyrocketed with the rise of remote work since the pandemic. This made organisations question the future of work and how that will change their operations. While employees can now work from anywhere, they still require the same level of access to applications, tools, and services. This creates additional cybersecurity threats as employees accessing the network from different locations entails changes to the corporate network perimeter. It's now more pressing than ever to have adequate cybersecurity strategies in place, as the risk of possible attacks on an enterprise’s network increases with the popularity of remote work.
This is where Secure Access Service Edge (SASE) comes in, the new concept that aims to better fulfil the security requirements of enterprises that require flexible workforce arrangements. As more organisations consider implementing this trailblazing solution, the question remains - what is SASE?
Gartner coined the term SASE in 2019, defining it as a cloud-based offering that combines SD-WAN functions with performance-enhancing and security features like cloud access security broker (CASB) and zero-trust network access (ZTNA). SASE combines various cloud security (link to cloud security content) and network functions in a single cloud service. The market has been gradually expanding since the term first appeared, but the industry still hasn't decided on a final definition of what a SASE deployment should look like. There are several approaches to deploying SASE, each with its own set of advantages and disadvantages.
Despite the gradual adoption of SASE, many security professionals are still confused about how it really works. According to a 2022 survey conducted by Accelerate Technologies, 94% of respondents know what SASE is, but the market seems unclear about its relationship to SD-WAN. This indicates that the industry is still unaware of the full potential of SASE architecture. However, understanding how it works will have significant benefits for your organisation.
According to a 2021 research by ESG, surveying 613 cybersecurity, networking, and IT professionals, respondents who started using SASE reported substantially positive outcomes.
While SASE is in its infancy, some companies have taken the plunge and adopted the new technology, which significantly eased their transition to remote working and minimised their security concerns when the COVID-19 pandemic hit.
Company: Thornton Tomasetti
Industry: Engineering consulting
Size: 42 global offices
In 2019, IT professionals at global engineering consulting firm Thornton Tomasetti evaluated how they were managing their WAN, especially concerning network security and access control. "We recognised we were in a very reactive mode," stated Lance Brophy, IT director of operations transformation. Their WAN security strategy lacked cohesion because diverse hardware was deployed inconsistently across the company's 42 branch sites, and an ideal solution would have been to standardise and streamline WAN management without increasing total spending.
That led the team to conduct a formal study to explore their options, and they quickly saw the potential of SD-WAN and SASE technology. They decided on Versa Networks as a SASE provider. Brophy stated that Versa was their all-in-one solution, providing cloud security, next-generation firewalls, threat management, and role-based access control under one umbrella. Having a comprehensive SASE solution allowed Thornton Tomasetti to only replace their firewalls rather than the majority of their infrastructure.
Brophy's IT team, along with a third-party network management partner, began deploying SASE technology in January 2020 and finalised deployments across their 42 offices within 90 days. Luckily, they finished right before COVID-19, allowing them to immediately transition to a secure, dispersed workforce, which would not have been feasible on the company's traditional network infrastructure, according to Brophy. "We've been able to prove as a business that we can work as a remote workforce, something that we wouldn't have even dreamed about a year ago," he said. "And it's got to be secure -- that is key."
SASE combines cloud agility, convergence, and fast performance to support various business use cases.
SASE enables businesses to switch quickly from pricey, capacity-restricted MPLS networks to a more cost-effective alternative that makes use of high-capacity internet links. It achieves this by connecting PoPs networks with a global private backbone that offers the same level of performance and predictability as MPLS at a lower cost and faster. While SASE deployment at each location typically takes a few days or hours, MPLS implementation could take weeks or months.
SASE improves usable capacity and resilience globally once linked, which optimises performance and maximises throughput to on-premises and cloud applications.
SASE solutions improve and streamline branch office WAN security with an integrated cloud-delivered network security stack. You can protect all traffic, both WAN and internet-bound, by connecting all branch locations to the SASE PoP using an enterprise-grade, cloud-based security service. It's no longer essential to buy stand-alone cloud security solutions, backhaul internet traffic to a data centre or regional hub, or deploy and maintain branch network security appliances.
The entire WAN is protected by a security stack and a set of security policies, and SASE handles all security service updates and upgrades.
SASE seamlessly accelerates cloud traffic by routing it from all of the network edges over its global private backbone to the SASE PoP that's closest to the cloud data centre. SASE PoPs share the data centre footprint of major cloud providers, reducing the latency between them and SASE to zero. You can optimise cloud application access by simply adding one application-level rule that defines where cloud application traffic should leave the SASE cloud. Now you no longer need to choose between MPLS, which is not suited for cloud connectivity, or SD-WAN solutions, which are not always reliable over the public internet.
SASE integrates networking and network security services like ZTNA, firewall as a service (FWaaS), cloud access security broker (CASB), data loss protection (DLP), and other services into a single holistic, integrated solution that supports all traffic, applications, and users. Companies can use SASE architecture to authenticate users quickly, detect and reduce potential security threats. This also means that they no longer need to set up separate infrastructure to address both internet and private applications, as was previously the case with traditional proxy- and software-defined perimeter products.
Businesses can combine SASE security and Zero Trust principles as a unified solution to achieve ZTNA, which enables them to apply and enforce security protocols consistently throughout their entire network.
The benefits of a SASE and ZTNA approach include
Gartner predicts that by 2025, at least 60% of enterprises will have clear SASE adoption strategies and timelines encompassing user, branch, and edge access, up from 10% in 2020. As business leaders begin to consider how to properly implement this technology, a few crucial questions can assist their decision-making process.
The most important question is whether SASE architecture can help solve their business challenges. Additionally, does the solution fit their requirements for stable connectivity and a seamless user experience? Is the service in line with the company's risk management strategy? Will it provide the expected level of security robustness that they need?
These questions compel businesses to take a holistic look at their network. Rather than applying a plethora of networking and security solutions, they'll opt for more integrated solutions which help reduce complexity and improve their security posture. Ultimately, these new technologies and practices will enable businesses to adapt to a more flexible and spread-out workforce model, which will continue to impact security and networking requirements in the near future as we continue adapting to remote work.
There’s no better way to learn about emerging cybersecurity technologies like SASE than with real industry professionals. Join us at Black Hat MEA, the cybersecurity event that gathers global CISOs, elite ethical hackers, and Black Hat trainers to share their knowledge and give technical cybersecurity courses for infosec leaders and enthusiasts alike. Black Hat MEA aims to bolster the Saudi community’s infosec capabilities to align with the kingdom’s 2030 vision of a technology-enabled future.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More