Security + SD-WAN is the next step in the network story. Customers today are keen to identify how to keep their ecosystems secure and business continuity intact. Join us as we discuss the SASE approach and how to have that conversation with your customers.
2. THE WONDERFUL WORLD OF SECURE ACCESS SERVICE
EDGE
Combination of the
WAN with network
security
Features native
integrations like SWG,
CASB, FWaaS, ZTNA
Supports the dynamic
security needs of the
enterprise
Provides continuous
security and risk
assessment
Identity-based versus
traditional single
branch-based
3. GLOSSARY
Term Definition
CASB Cloud Access Security Broker
CDN Content Delivery Network
DLP Data Loss Prevention
FW Firewall
FWaaS Firewall as a Service
IDS Intrusion Detection System
IPS Intrusion Prevention System
SWG Secure Web Gateway
UTM Unified Threat Management
WAF Web Application Firewall
ZTNA Zero Trust Network Access
4. THE NEED FOR A DIFFERENT NETWORK SOLUTION
Enterprises are shifting
toward a holistic view of
the network and security.
They’re preferring an
approach that takes not
just network
performance into
consideration, but also
where the vulnerabilities
lie and how to give end
users an ideal application
experience.
Since COVID-19, the U.S.
FBI reported a 300%
increase in reported
incidents of cybercrime.
Most companies take
nearly 6 months to
detect a data breach.
With better
management/monitoring
and more advanced
insights into security, this
timeframe can be
shortened considerably.
The enterprise data
center is no longer the
center of access
requirements for users
and devices. Digital
business transformation
efforts, the adoption of
SaaS and other cloud-
based services, and
emerging edge
computing platforms
have turned the
enterprise network
“inside out,” inverting
historical patterns.
40% of enterprises are
saying that COVID has
accelerated their cloud
adoption. 2021 will be
driven by cloud-first
strategies in IT and CIO
strategies. This means
buyers will be more
focused on how
purchases integrate and
interact with the multi-
cloud environments.
5. USE SECURITY CASES
SUSPICIOUS NETWORK ACTIVITY
Examples include VPNs, proxies, and
Tor connections. These were found at
64 percent of companies.
MALWARE ACTIVITIES
39 percent of companies, detected
attempts by servers and workstations
to connect to sinkholed domains
FAILING TO COMPLY TO SECURITY
POLICIES
Non-compliance with information
security policies was found at 94
percent of companies.
INTERNAL RISKS
At 81 percent of companies, sensitive
data is transmitted in cleartext.
WORK FROM HOME
Employee's personal computer can
be hacked and then attackers can
connect to the corporate network via
remote access.
PHISHING ATTACKS
Phishing attacks generate a fraudulent email,
text, or website to trick a victim into
surrendering sensitive information
RANSOMWARE – INC.
CLOUDThese ransomware attacks are
growing more than 350% annually
with IoT attacks increasing by 217.5%
year over year
DDOS (DISTRIBUTED DENIAL OF
SERVICE)According to statistics, 33% of
businesses fall victim to DDoS attacks.
LEAKED DATA
There were over 11.7 billion records and over 11
terabytes of data leaked or stolen in publicly
disclosed security incidents in the three years
from 2016 to 2018
6. THE CONVERGENCE ZONE
By 2024, more than 60% of SD-WAN customers
will have implemented a SASE architecture,
compared with about 35% in 2020.
By 2023, 20% of enterprises will have adopted
SWG, CASB, ZTNA and branch FWaaS
capabilities from the same vendor up from less
than 5% in 2019.
By 2024, at least 40% of enterprises will have
explicit strategies to adopt SASE, up from less
than 1% at year-end 2018.
By 2025, at least one of the leading IaaS
providers will offer a competitive suite of SASE
capabilities.
7. THE MARKET
The new 2020 Gartner Magic Quadrant
- Focused on vendors that have a complete
solution and focus on security as a part of
the SD-WAN offering
- 2019 had 2 leaders in the quadrant, this
year we see 6
How do we interpret this?
- The market is maturing and we’re seeing
major acquisitions and major solution
enhancements
- The leaderboard hasn’t changed a ton
but we do see some new players that have
benefited because of their focus in security
8. WHAT ARE YOUR CUSTOMERS SEEING?
Today, all cloud/SaaS traffic goes through a central concentrator which degrades the user
experience and creates bottlenecks.
Current architecture isn’t application or performance aware
To cover the network performance, security, and monitoring today requires multiple
platforms, agents, and vendors to solve for, creating extremely complex environments
Scaling new locations or remote users today is a high CAPEX/OPEX demand
Today’s security perimeter focuses on the branch, which is no longer acceptable and is
highly risky
Cloud platforms live as an add-on to the network as opposed to a natively integrated part of
the network, mostly communicating back and forth with the branch, not recognizing that
users are operating outside of the branch perimeter
9. QOS STEPS IN
QOS Networks brings the marriage of the
network and security to the forefront,
delivering SD-WAN, threat detection, zero-
trust network access, integrated firewall,
carrier management, multi-cloud support,
and much more. This is also combined with
advanced monitoring and management
meaning security vulnerabilities can be
identified quicker, remediated with advanced
insight, and end users can see better
performance and a better experience.
10. Cloud-Delivered
Cloud-delivered network
solutions mean more flexibility in
adopting new technologies,
pivoting when new needs arise,
and being able to support the
infrastructure regardless of
location.
Rapid Identification
The QOS Intelligent Network Platform
focuses on rapid identification of
vulnerabilities as well as proactive
notifications when something looks off.
This helps enterprises build resiliency
when they get full visibility into their
network operations.
Focus on the User
Better end user experience comes from IT teams being able
to go from reactive management to proactive monitoring.
Seeing network issues and where bottlenecks are occurring,
where connectivity is degraded, or where platforms are being
filtered or blocked for security reasons can quickly turn a
frustrated employee into a rapid solution to the user
experience.
THE INTELLIGENT NETWORK PLATFORM
Insights built to deliver proactive security instead of reactive. The QOS Intelligent Network
Platform combines automation and advanced analytics to turn network events and data
into better visibility and help lower downtime.
11. THE HOLISTIC SOLUTIONS
The SD-WAN vendors and moving toward this SASE
model quicker than any other trend. With
acquisitions happening across the market, it’s
more evident than ever that this joint process is
critical.
QOS leverages the native integration to deliver:
• The QOS Intelligent Network Platform integrates
multiple network components from SD-WAN, switching
and routing, WAPs, security, and end user devices to
bring a truly holistic view to the network through
analytics and visualizations.
12. THE NETWORK, ALL IN ONE MANAGED SERVICE
Data Center
The data center is the core of
the network. QOS integrates
our Intelligent Network
Platform and monitoring to
ensure optimal performance so
that end users aren’t
impacted. Plus, we set up
parameters to identify potential
issues before they happen.
Cloud
Today, cloud traffic is often
backhauled through the data
center, but that is shifting to
now allow for direct cloud
connect through platforms like
SD-WAN and end-user device
applications to eliminate slow
performance.
End User
The new network focus is at the
end user and the devices they
operate on. This means
extending the network to those
devices and users to ensure the
same monitoring components
are available no matter the
location.
Branch
The branch features some of
the key security parameters
that exist in the network today
as well as the performance
power that keeps business
running and users being
productive.
QOS Networks doesn’t just focus on single deployments or point solutions, but the entire holistic network view
to ensure each piece is working together and your users are seeing the experience they expect.
Backed by an extensive monitoring and analytics platform that visualizes current network state, utilizes baselines
and shows notable changes, and delivering a scorecard that allows IT teams to spend less time diving into each
network component.
13. THE FULL VIEW
• The QOS Intelligent Network Platform focuses on rapid identification of vulnerabilities as well as proactive
notifications when something looks off. This helps enterprises build resiliency when they get full visibility into their
network operations.
• Security developments are moving quickly, and security risks are evolving even faster. Working with QOS Networks
brings extra layers of continuous monitoring and automation to the network, especially when 95% of cybersecurity
breaches are due to human error. Automation can help prevent those risks by more quickly identifying the source
and blocking it.
14. THE OUTCOMES
Multi-Cloud Adoption
By combining SD-WAN and
security at the edge,
enterprise are enabled
adopt new and additional
cloud capabilities and
solutions because access is
streamlined and policies
extend across not just the
branch but to the cloud and
to the user themselves.
Better Visibility
With multiple vendors in a
traditional model, it’s near
impossible to get cross-
platform communication
and visibility. Without that,
it’s difficult to identify and
isolate security risks,
network pain points, and
secure users.
Ease of Use/
Transparency
Implemented correctly, the
QOS Secure Edge will reduce
the number of software
agents required on a device
to a single agent per device.
This provides a consistent
access experience for users,
regardless of where the user
is, what they are accessing
and where it is located.
Improved security
No longer is the firewall the
only component that’s
protecting the network, QOS
extends the
security perimeter to the
user themselves, scanning
data in cloud-hosted
applications and across SaaS
platforms, ensuring policies
are applied consistently
across the user, no matter
the location.
Reducing Limitations
Adding functionality doesn’t
mean making the footprint
bulkier. With cloud-delivered
edge security, it requires
enterprises to have less
hardware onsite and
ultimately brings down
operational overhead.
Software updates and
upgrades can roll out better
security protocols quickly
meaning faster responses to
new threats.
15. qosnet.com
Ready to get started? We are too!
Reach out to the team at partnerhelp@qosnet.com
Editor's Notes
Key focus – Sd-WAN is evolving into this new space that puts security at the center of the conversation just as much as the network performance.
Its not an sd-wan 2.0 as much as a convergence of two critical needs that enterprises are focusing on
Natively integrating security with sd-wan and bringing SASE to the forefront demonstrates this importance
“SASE services will converge a number of disparate network and network security services including SD-WAN, secure web gateway, CASB, software-defined perimeter (zero-trust network access), DNS protection and firewall as a service,” writes Gartner
Highlights:
Transition to an app and user centric mindset, which means a need for a holistic approach
Cloud adoption is driving this trend as well
Cybercrime has skyrocketed (next slide shows examples of common security concerns) – increasing the timeliness and importance of this convo
Can be MONTHs before a team discovers a breach, need for more insights, better visibility
Finally, the shift is moving toward the edge, and devices, and away from data centers and branches. SASE delivers solutions via the cloud and will continue to move toward app and agent-style availability
Examples of the threats customers are coming under that makes security a much bigger convo today
Gartner’s definitions
But projections have already shown progress – nearly every major manufacturer has moved toward the SASE this model and begun enhancements and acquisitions
Next-generation firewall (NGFW) restricts access to other locations. Unlike legacy stateful firewalls, NGFW will provide application awareness and control to protect against the spread of malware and other application-layer attacks. NGFW can be delivered as an on-premises solution or from the cloud in which case its a firewall as a service (FWaaS)
Secure Web Gateway (SWG) restricts access to Internet and cloud resources and provides advanced threat protection against malware in user-initiated Web/Internet traffic. All SWGs will inspect HTTP/HTTPs traffic, but some will also include all ports and protocols.
Software Defined Perimeter (SDP), also called zero trust network access (ZTNA) restricts access to applications based on identity and real-time context. While thought of as applying to remote and mobile users, SDP/ZTNA is seen as extending to network users as well. Rather than connecting to the network, users of SDP/ZTNA first authenticate with a broker who then provides a portal of permitted applications and network resources. As such, users have application access but not general network access, preventing minimizing lateral movement across the network.
Intrusion Detection/Prevention Systems (IDS/IPS) analyze network flows for signatures of known cyberattacks. IDSs detect attacks, IPSs stop attacks. Because IPSs impact the flow, not merely monitor it, enterprises need to be particularly careful that adding signatures won’t result in false positives, unnecessarily interfering with user workflows.
Remote Browser Isolation (RBI) protects users from Web-based attacks by shielding them from the Internet. An RBI system sits between the users and the websites they browse, sending a user’s browser an image of the browsed site. No content is executed on user machines, protecting them from most Web threats.
Cloud Access Service Brokers (CASBs) identify and protect data in the cloud. CASBs provide a central point to enforce policies and provide visibility into user activities. CASBs generally include DLP to enforce policies, threat protection to prevent users from accessing specific cloud services, and compliance capabilities.
Web Application and API Protection delivers multiple security modules for inspecting and protecting at the Web layer. WAAP’s core features include WAF, bot mitigation, protection against DDoS, and API protection, with a variable depth of security available for these for each module.
Data Loss Prevention (DLP) identifies and prevents the use of sensitive information, such as social security numbers or meta-data, within data streams. DLP systems inspect content and analyze user actions to identify activity involving confidential information out of compliance with company guidelines and regulations.
Data Masking goes a step further than DLP that masks data for reasons of privacy or compliance. Data Masking is a one-way process that hides sensitive data, such as social security numbers, with other realistic-looking data.
User and Entity Behavior Analytics (UEBA) analyze user behavior and apply advanced analytics to detect anomalies.
We’re ahead of the SASE market by already having security solutions available today and will continue to integrate as the vendors bulk out their offering
Today – QOS can highlight visibility for customers on key security needs
New focus compared to old school sd-wan
Cloud-native Architecture. A SASE service should use a converged, multi-tenant cloud-native software stack not discrete networking and security devices service chained together. SASE solutions delivered as a CPE should be turnkey boxes just “turn it on and forget it,” as Gartner says.
Identity-driven. Security and network access are delivered based on user identity, not an IP address. The identity can be the name of the user but will also consider the device being used and the user’s location.
QOS enables the benefits that SASE has to offer
SASE brings many, many benefits to the enterprise. Some of the more notable ones include:
Reduced costs by reducing the number of components and vendors. Competition among SASE solutions will lead to additional cost savings.
Better network performance by using a global SD-WAN service with its own private backbone and built-in optimization
Security improvement and performance by inspecting traffic flow at the source (performance) and inspecting every data flow user (security improvement) Seeing policies based on identity — not IP address — will also help.
Less overhead due to the fact that SASE vendors run and maintaining the security engines. IT is freed from the updating, patching, and scaling appliances.
“True SASE services are cloud-native — dynamically scalable, globally accessible, typically microservices-based and multitenant.” Gartner
Users today move between office and on the road, and as they move so changes the risk posed to the organization. A user working from a corporate device in the office likely poses far less risk than the same user working on a third-party device in a Wi-Fi hotspot of a Starbucks. The ability for policy to reflect the user’s identity and real-time context is important in creating an agile, powerful network fabric.
To deliver on those goals, look for SASE to integrate with your directory services, such as LDAP or ActiveDirectory. The identities contained in the corporate directory should be able to be used throughout the networking and security policies. Policies should also be able to consider the device being used, user location, and other elements comprising real-time context.