Networking vendors continue to add to their portfolios in a secure access service edge (SASE) space whose fast growth is fueled in part by such trends as remote and hybrid work and the increasingly distributed IT environment.
Cato Networks and Juniper Networks were among the companies that expanded their SASE offerings. Cato announced a cloud access security broker (CASB) capability to its SASE SPACE engine—part of the company’s SASE cloud—and making it accessible to enterprises via the more than 70 points of presence around the world.
The CASB offering also works with the Cloud Application Catalog the company unveiled in December, offering enterprises a single place to find more than 5,000 common enterprise applications, along with descriptions of each application and a risk score. CASBs can be used on premises or in the cloud to monitor activity and enforce security policies.
A Combination of SD-WAN, Security
SASE is essentially a blending of software-defined WAN (SD-WAN) and such network security capabilities as threat protection, zero-trust features, firewall-as-a-service (FWaaS), and CASB. As the network has become more central to IT operations that now stretch from the central data centers into the cloud and out to the edge—including where many remote workers are located— securing those networks is crucial.
Gartner analysts predict that the global SASE market will grow an average of 42 percent a year through 2024, when it will hit almost $11 billion.
“CASB addresses a critical visibility and control gap created by cloud migration but must be converged into a broad SASE platform to be truly effective across the business,” Cato co-founder and CEO Shlomo Kramer said in a statement. “We’ve done just that with Cato CASB. By building Cato CASB into the Cato SPACE engine, it can leverage the global footprint, rich context, cloud scalability and self-healing and self-maintenance underpinning the Cato SASE Cloud.”
Also read: Transitioning to a SASE Architecture
CASB is Better Used on a Platform
Kramer argued that CASB works best and fastest via a cloud-based platform rather than as a standalone offering in on-premises environments, noting that it can take months to get legacy SASE solutions up and running. For Cato CASB, it could take less than an hour.
At the same time Cato is rolling out a new Shadow IT dashboard designed to give enterprises a high-level view of their software-as-a-service (SaaS) usage, including such detail as the highest risk applications and the number of users accessing them.
For its part, Juniper said it is adding a FWaaS to its SASE platform. Juniper Secure Edge is a single-stack FWaaS software architecture managed by the vendor’s Security Director Cloud, which was introduced last year.
Work-From-Home Driving SASE
Samantha Madrid, vice president of security business and strategy at Juniper, wrote in a blog post that the new work-from-home model means that “new cloud-based architectures are required to secure the network edge. However, many organizations are hesitant to walk toward SASE for fear of throwing away their existing security investments and policies.”
However, it doesn’t have to be a binary either-or decision, according to Madrid.
“With the right security architecture, including unbroken visibility from client to workload, security assurance and a single policy framework, organizations can leverage their existing security investments while also seamlessly transitioning to a SASE architecture,” she wrote.
What’s most important is easy management, Madrid wrote, pointing to Security Cloud Director, which ensures that security policies remain with users—and their applications and devices—as they move from one place to another, whether those security policies are delivered as a service or via physical, virtual, or containerized walls.
That also includes if an enterprise is making the shift to a SASE model.
Secure Network Access
Juniper Secure Edge enables secure access from any location, a single-policy framework that is the same for SRX Series firewalls and applies those policies to remote workers and branch sites, dynamic segmentation based on zero-trust principles, security assurance and the ability for enterprises to transition to SASE on their own timeline
“Juniper customers can use the physical, virtual, containerized—and now cloud-delivered—SRX firewall, completely managed by Security Director Cloud with a single-policy framework, allowing for full visibility and consistent security across both the edge and the data center from one UI,” Madrid wrote.
The FWaaS space is expected to expand an average of 23.9 percent a year, reaching more than $3.9 billion in 2026, according to Verified Market Research. The analysts wrote that the growing importance of the internet has fueled a rise in security threats.
“Cybersecurity threats are worsened by the interdependent and interconnected architecture of recent computing situations,” they wrote. “Hence, firewalls help industries by protecting them from cyber-attacks, which has led to the growth of the firewall-as-a-service market.”
The SASE space is among the fastest-growing sectors in the networking field, with the market expected to expand from $1.2 billion last year to $4.1 billion by 2026, according to a report from MarketsandMarkets.
There shouldn’t be any surprise to the expected increase in the SASE market, according to Bob O’Donnell, principal analyst with TECHnalysis Research. It was already expanding when COVID-19 entered the picture. Like other offerings that were on a growth curve, such as cloud collaboration and cloud services, the pandemic accelerated the global demand for SASE.
With the rapid shift to working from home when the pandemic set in in 2020 and the expected continuation of hybrid work environments even after it lifts, greater network security became a larger priority for enterprises.
“You’ve got people all over the place and companies understand the need to have the ability to have very flexible networks, software-defined networks, that can extend to literally all these people’s homes in some cases and work in branch offices or other kinds of situations,” O’Donnell told Enterprise Networking Planet. “At the same time, there are security concerns related to that. It’s kind of a perfect match for addressing the needs that hybrid and distributed workforces have.”
There also is the trend toward dedicated processing and network optimization that also is fueling the need to more tightly mesh networking with security. For example, Cisco Systems has its own networking chip, Network Silicon One, aimed at web-scale provider and service provider networks.
“You’ve got a combination of the technology being stronger [and] the need being more apparent and now it all comes together in a way that makes sense,” he said. “It is kind of a straightforward thing. It’s the kind of thing that people are starting to expect and you’re seeing all the big networking vendors do it.”