Unified SASE: The Third Era of Network Security

It should come as no surprise that the three largest cybersecurity markets today are endpoint security, network security, and identity. Yes, there are other large cybersecurity markets, such as email security, web security, cloud security, SIEM, and SOC, but the three I singled out account for over 50% of the cybersecurity market and are a big part of any customer's budget.

Of course, like any market or technology, network security has undergone several cycles of evolution over the past couple of decades, especially as new features have been added or consolidated into a platform. Today, network security has begun its third era of growth-but where did it all begin?

The First Era of Network Security: The Stateful Firewall

Trust everything and connect everything as fast as possible. That original objective of networking remains true today. However, malicious actors quickly made it their job to exploit those connections. So, back in the mid-1990s, the stateful firewall was invented to control access to private networks.

These initial stateful firewalls started to block traffic based on IP addresses, ports, and protocols. They created trusted and nontrusted networks and sometimes a demilitarized zone, which is in between both. This was a big improvement from just connecting everything. However, as application ports became well known owing to traffic migrating to application ports such as HTTP and HTTPS, simply allowing traffic on these ports was no longer an effective defense as its Layer 7 filtering was not granular enough. As a result, a lot of traffic would pass through without inspection.

Many firewall vendors also began to add secure remote access via virtual private networks (VPNs). This allowed remote users and branch offices to work as though they were on the network. However, this required them to add an agent to extend secure connectivity to remote endpoints. As users increasingly connected to the internet, a proxy was put in between the user and the internet; the proxy would act as intermediary between users and the internet. In fact, when bandwidth was at a premium, caching devices were incorporated to improve internet performance.

It should be noted that while the network firewall has evolved, traditional stateful firewalls will not disappear completely. Use cases such as internal segmentation remain essential to protecting networks against the lateral movement of threats.

The Second Era of Network Security: NGFWs and UTM devices

As threat actors began to target application traffic, it became critical for security tools to inspect applications and content to assess whether the traffic was malicious. In other words, threat protection was becoming a critical job for the firewall. As a result, stateful firewalls evolved into unified threat management (UTM) devices, later known as next-generation firewalls (NGFWs).

These NGFWs were placed at the network edge, which was usually at the data center perimeter for traffic accessing external applications and the internet. They could identify applications and mitigate most threats in flight, making them critical for in-path communications. Deeper content inspection and understanding of a URL's application content provided more visibility and granularity to mitigate threats.

However, these additional layers of inspection, including SSL and deep packet inspection, required more security-specific processing power than the off-the-shelf processors powering most NGFW appliances. To address this challenge, Fortinet developed the industry's first security processing unit, a purpose-built ASIC designed to increase performance by offloading critical security functions.

At the same time, intrusion prevention systems (IPS) became a security tool used by InfoSec teams to protect endpoints from attack, with different IPS signatures for different types of applications. Because IPS and NGFW devices were usually deployed on the same edge, it became apparent that inspection and enforcement worked just as well-and sometimes better-as part of the NGFW.

And as attacks from the internet increased, additional security was also added to the traditional proxy and became known as the secure web gateway (SWG). This included URL filtering, antivirus, data leakage protection, and SSL inspection.

The Third Era of Network Security: Unified SASE

As we move into the third era of network security, the traditional perimeter has been completely reimagined. To secure today's highly distributed environment, a new, more expansive type of platform is required-one that can work across the hybrid workforce, distributed edge, and multi-cloud environments. It must also expand the convergence of networking and security across all edges by supporting multiple form factors-physical and virtual appliances, multi-cloud platforms, and as-a-Service. We call this Unified SASE (secure access service edge).

Public link

Please use the above public link if you want to share this noodl on another website.