Security Service Edge works with a variety of network configurations. Is it right for yours?
By Chris Alberding & Evin Safdia
On the heels of another record number of cyberattacks in 2022, including an alarming 13% increase in ransomware attacks, according to a Verizon year-end report, shielding an organization from this very real and escalating risk requires protective measures that work across network configurations out to the network edge, even as the contours of that edge shift. It takes defenses that are as sophisticated, persistent, and adaptable as the would-be attacks and attackers themselves, without requiring or excessively relying upon specialized security talent. Security Service Edge (SSE) fits that profile.
Q-1: What is SSE?
SSE is the security portion of the SASE (Secure Access Service Edge) architecture, which converges networking and security together. SSE converges an organization’s disparate cybersecurity capabilities into a single, cloud-native software stack that protects all enterprise “edges” – sites, users and applications – worldwide. More specifically, SSE includes:
- Secure Web Gateway (SWG), which defends users against phishing attacks and malicious websites.
- Firewall as a Service (FWaaS), which provides end-to-end traffic segmentation, restricting access to locations, applications and resources.
- Zero Trust Network Access (ZTNA), which ensures secure remote access to applications on-premises and in the cloud for every user, device and location.
- Cloud Access Security Broker (CASB), which controls access to cloud applications, extending enterprise security policies to the cloud and enabling regulatory compliance.
- Next-Gen Anti-Malware (NGAM), which protects connected sites, cloud resources and users against known and unknown malware.
- Managed Detection & Response (MDR), which offers ongoing network monitoring and alerting on compromised endpoints.
- Data Loss Prevention (DLP), which prevents sensitive data and information from leaving the organization, while complying with industry regulations.
- Intrusion Prevention System (IPS), which monitors network traffic and blocks malicious content, providing protection against range of cyberthreats.
A managed service provider can seamlessly maintain the SSE engine, keeping it current against new threats. And the engine operates at line rate regardless of the traffic volume or if it’s encrypted, traditionally a major problem for security appliances.
Q-2: Which types of cyberthreats is SSE designed to protect against?
SSE defends enterprises and their networks against anomalies, threats and sensitive data loss. That includes phishing, malware, ransomware, data theft, and other forms of unwanted access to locations, applications, and resources.
Q-3: What kinds of enterprises are a good candidate for SSE and why?
SSE is for any organization that wants to improve its risk posture and reduce operational overhead, which is to say it’s for everyone. By converging security capabilities, SSE provides deeper security insight than possible with the traditional patchwork of security appliances. And it’s all maintained by a SSE provider, not the enterprise itself.
Q-4: What’s the business case for SSE? What are the benefits?
SSE protects the complete organization – users, sites, and cloud resources. As such, organizations like SSE because it:
- Establishes a global fabric of enterprise-level security connecting all network edges into a unified security platform, enabling consistent policy enforcement.
- Readily scales with business demands and the network.
- Provides line-rate inspection of all traffic, scaled vertically and horizontally, even when traffic is encrypted.
- Reduces IT workloads as a self-maintaining service.
- Fits into any existing network topology, allowing SSE to be adopted gradually.
Q-5: How is SSE different from SASE?
As the security portion of SASE, SSE is independent of the connecting device. Third-party SD-WAN devices, firewalls, or any IPsec-capable device can connect to SSE. With SSE, organizations can benefit from cloud security without impacting their existing network infrastructure. Because of that, SSE is viewed as a seamless migration path to full SASE (with SD-WAN) architecture, if and when an organization is ready.
Q-6: What’s the SSE implementation process like? How easy is SSE to implement?
SSE can be deployed very rapidly without disrupting network operations. In many cases, organizations can be up and running in days. No need for extra hardware to be shipped and installed, or excessive operational overhead.
Q-7: Who manages the various moving parts of SSE? Is that something our organization’s IT department does internally, or can day-to-day management be outsourced?
SSE usually comes as a managed service, which is good news for organizations and their IT and security teams, many of which are running extremely lean. As a single-vendor managed solution, SSE relieves organizations from the burden of integrating, configuring, implementing, monitoring and managing multiple layers of security themselves. Instead, they can hand these responsibilities over to the cybersecurity experts providing the service. Organizations with skilled security experts may opt to select an SSE provider that enables them to co-manage the security policies via a user portal.
With this unique combination of advanced cybersecurity capabilities and turnkey management, it’s no wonder that by 2025, according to Gartner, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
Chris Alberding is Senior Director for SD-WAN and Security at Windstream Enterprise (https://www.windstreamenterprise.com/). Evin Safdia is the Director of Product Marketing for the Americas at Cato Networks (https://www.catonetworks.com/).