Hello!

In this lesson, we will introduce you to Secure Access Service Edge SASE, and explain how it
has evolved.
SASE is a technology that combines Network as a Service with Security-as-a-Service capabilities.
SASE is delivered through the cloud as an, as-a-service consumption model, to support secure
access for today’s distributed and hybrid enterprise networks.
Network security is a top priority for most organizations, however new challenges have emerged.
Rapid and disruptive digital innovation has brought on:
an Expanding thin edge defined by small branch locations that are attached to the core network
a Growing amount of off-network users accessing the central data center
a Challenging user experience for off-network users
an Expanding attack surface
Multi-level compliance requirements , and
Increasingly sophisticated cyber threats
As work environments have evolved, so too have user behavior and endpoint protection
requirements. Users no longer access information from a dedicated station within a pre-defined
network perimeter confined to a corporate office. Instead, users access information from a variety of
locations, such as in the home, in the air, and from hotels. They also access that information from
different devices, such as desktop workstations, laptops, tablets, and mobile devices. Adding to this
network complexity is the rise of Bring-Your-Own-Device, where users access enterprise systems
through personal devices that are not part of the enterprise infrastructure.
Organizations today require that their users have immediate, continuous secure access to network
and cloud-based resources and data, including business-critical applications, regardless of location,
on any device, and at any time. Organizations must provide this access in a scalable and elastic way
that integrates thin edge network sites and remote users into the central infrastructure, and that
favors a lean operational, as-a-service model.
Finding solutions that meet these requirements is challenging,
The reasons for this are clear.
While networks have evolved to support the workflows for remote endpoints and users, many
outdated network security solutions remain inflexible and do not extend beyond the data center to
cover the ever-expanding network perimeter and, therefore, the attack surface. With the advent of
new thin edge networks, this challenge is exacerbated.
Secondly, these solutions to converged networking and security oversight require that all traffic,
whether coming from thin edge locations or off-network users, runs through the core data center for
inspection. This results in:
 High cost
 Complexity
  Elevated risk exposure
 Latency and a poor user experience when accessing multi-cloud-based applications
and data
Finally, the multi-edge network environment of today has exposed the limitations of VPN-only
solutions, which are unable to support the security, threat detection, and zero-trust network access
policy enforcement present at the corporate on premise network. VPN-only solutions cannot scale to
support the growing number of users and devices, resulting in inconsistent security across all edges.
A new scalable, elastic, and converged solution is required to achieve secure, reliable network
access for users and endpoints. One which addresses the security of many hybrid organizations,
defined by systems and users spread across the corporate, and remote network. That solution is
SASE.
A SASE solution provides integrated networking and security capabilities, including:

 Peering, which allows network connection and traffic exchange directly across the internet
without having to pay a third party.
 A Next-Generation Firewall NGFW or cloud-based Firewall-as-a-Service FWaaS , with
security capabilities including Intrusion Prevention System IPS, Anti-Malware, SSL
Inspection, and Sandbox,.
 A Secure Web Gateway to protect users and devices from online security threats by filtering
malware and enforcing internet security and compliance policies.
 Zero-Trust Network Access ZTNA , which ensures that no user or device is automatically
trusted. Every attempt to access a system, from either inside or outside, is challenged and
verified before granting access. It consists of multiple technologies, including multi-factor
authentication MFA, secure Network Access Control NAC, and access policy enforcement.
 Data Loss Prevention DLP prevents end-users from moving key information outside the
network. These systems inform content inspection of messaging and email applications
operating over the network.

 Domain Name System DNS, which serves as the phone book of the internet and provides
SASE with threat detection capabilities to analyze and assess risky domains.

These services deliver:

Optimized paths for all users to all clouds to improve performance and agility
Enterprise-grade certified security for mobile workforces,
Consistent security for all edges, and
Consolidated management of security and network operations
Although classified as cloud-based, there are common SASE use cases, which may Require a
combination of physical and cloud-based solutions. For SASE to be effectively deployed in this
scenario, secure connectivity with network access controls must be extended from the physical WAN
infrastructure to the cloud edge. For example, to roll out access to SASE at branch offices, you may
see SASE reliant on physical networking appliances, such as wireless (LTE and 5G), and wired
(Ethernet) extenders or Wi-Fi access points.
The goal of SASE is to support the dynamic, secure access needs of today’s organizations. Proper
SASE service allows organizations to extend enterprise-grade security and networking to the:
 Cloud edge, where remote, off-network users are accessing the network, and
 Thin edge, such as small branch offices
Fortinet’s cloud-based SASE solution is called FortiSASETM.
Thank you for your time, and please remember to take the quiz that follows this lesson.