SECURITY SERVICE EDGE

A Great Foundation for Network and Security Convergence

Secure Service Edge (SSE) converges Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) and Zero Trust Network Access (ZTNA) into a single cloud service and enables a seamless path to a full single-vendor SASE deployment.

Learn More
SSE 101

SSE 101

SASE converges enterprise network and security capabilities into a single-pass software stack delivered as a cloud service.

Secure Service Edge (SSE) describes a limited scope of network security convergence that combines Secure Web Gateway (SWG), Cloud Access Secirity Broker (CASB) Data Loss Prevention (DLP) and Zero Trust Network Access (ZTNA) into a single, cloud-native service. Introduced by Gatner in 2021, SSE provides secure access to internet, SaaS and specific internal applications, without directly addressing secure access to WAN resources. These remain part of a separate technology stack that includes SD-WAN, Next Generation Firewalls (NGFWs), and a global network infrastructure that are all addressed as part of a SASE solution. SSE creates a good foundation for customers to start their journey towards a complete SASE transformation.

Enterprises must decide how to approach the “converged future” of their IT infrastructure. Some organizations will go for the full SASE convergence from the outset.

Others will approach the journey to full SASE convergence through multiple steps, starting with SSE-driven security transformation on top of the existing network infrastructure and proceeding to SASE with a network transformation project at a later stage.

By converging secure, consistent access to all applications for all users, SSE is a strategic first step in achieving security-driven transformation, and keeps the path open for a full SASE transformation at a later stage.

The Security Service Edge (SSE) enables enterprises to move away from a rigid and disjointed IT architecture to a converged security platform delivered as a cloud service.

With SSE, enterprise IT can rapidly address new business and security requirements such as cloud migration, adoption of public cloud applications, and work from anywhere. SSE’s converged architecture reduces cost and complexity with simple management through a single pane of glass, self-healing infrastructure, and automatically evolving defenses that seamlessly mitigate emerging threats.

Customers can opt to manage their infrastructure themselves or co-manage it with their preferred partners.

SSE CABABILITIES

Capabilities of Security Service Edge


At its core, SSE provides secure access to the internet, SaaS applications and specific internal applications.

Secure Web Gateway (SWG) protects users against phishing, malware, and other Internet-borne threats. Unlike traditional firewalls, Secure Web Gateways focus on inspecting Layer 7 web traffic for both inbound and outbound traffic.

In recent years, Secure Web Gateways appeared as cloud services. The cloud instances enable secure web and cloud access from anywhere – including outside the office by mobile users. The traffic coverage and solution form factor remain key distinctions between Secure Web Gateways and Next Generation Firewalls, which often provide similar security capabilities.

Cloud Access Security Broker (CASB) solutions play a pivotal role in helping enterprises cope with shadow IT risks and fortify their security posture. They do this by providing visibility, assessment, access control, and protection capabilities, which enable enterprises to understand and manage their organization’s SaaS usage.
DLP is one of the most effective tools to control the exfiltration of data from an organization. DLP enables organizations to define a set of rules which govern the movement of data to and from their applications by identifying sensitive information which matches defined data types and taking the appropriate action. DLP also identifies the file type of an asset request and can prevent its download.
Zero Trust Network Access (ZTNA) is a new approach for securing remote access to business applications both on-premises and in the cloud. Unlike cloud-native ZTNA, traditional VPNs are not suited for the shift to the cloud and to the increase in the number of work-from-home users. VPNs rely on appliances, such as firewalls or VPN concentrators, forcing remote users’ traffic to specific physical locations. This architecture adds latency and creates capacity constraints. Risk is minimized before and after users access the network through strong authentication and continuous traffic inspection for threat prevention. Cloud-native ZTNA makes mobile access easy — easy to deploy, easy to use, and easy to secure.
SSE VALUE

The Value of SSE to Business

SSE creates a holistic platform that connects all edges to the networking and security capabilities they need. This lowers the cost, complexity and risks of supporting the business in a dynamic environment.

Supported by the SASE architecture, IT can deliver optimized networking and strong security to all locations, applications, and users regardless of where they are. With reduced time to configure and ship equipment, new sites can be rolled out faster and at less cost. Provisioning of new resources and capabilities is fast and easy. Just deploy the right edge client, plug into the SASE platform and configure corporate policies to drive your network and security experience.
IT teams can leverage the convergence of network and security to manage all features and policies in a single interface, using common terminology, and gain deep visibility into network and security events. Cross-team collaboration improves the overall service delivery to the business.

With SASE, IT teams are relieved of the grunt work to maintain on-premises infrastructure. Physical topology, redundancy, scaling, sizing, and upgrading are dramatically reduced.

IT can now achieve better service to the business while focusing precious resources and skills on business-specific problems rather than the grunt work of generic infrastructure maintenance.

A single console to manage and report on your entire network and security infrastructure simplifies the management process. No need to need to switch between multiple consoles to gather information and troubleshoot issues. With improved visibility into network and security issues, you can optimize and troubleshoot more easily.

The simplification of the network and security stack and the consolidation of multiple-point products enable vendors and customers to reduce the overall costs of keeping the infrastructure running.

There are fewer costs associated with the maintenance of expensive equipment. IT engineers a freed up to do more value-adding activities such as system optimization and faster deployment of new sites.

With or without a global crisis, enterprises realize that supporting secure remote access at scale is now a critical pillar of their business continuity plan. The elasticity of SASE’s cloud-native architecture makes it easy and flexible to shift quickly to a work-from-anywhere (WFA) model.

SSE USE CASES
Deliver Optimized and Secure Access to All Users and Applications at Scale
Delivering optimized and secure access to all users and applications everywhere is costly and complex. Overcome this challenge by moving from appliance-based solutions to a cloud-native, globally distributed architecture.
Explore More Use Cases

Unlike legacy VPN and SDP products that struggle to support the entire business, a cloud-native SSE platform can provide secure and optimized access to all users, locations, and applications everywhere.

Enterprises can support all Work from Home employees with the same security policies as their site-to-site and cloud connections.

Backed by a global private backbone you can scale and optimize traffic from thousands of users to all applications and continuously inspect traffic for threats and access control.

Enterprises can connect physical and cloud datacenters to SSE and optimizes access to public cloud apps. Traffic is secured and optimized using the global private backbone across the “middle mile”. This is achieved through a “smart egress” capability that allows customers to define an application-level rule to exit specific application traffic at a designated PoP that is the closest to the target instance serving the organization. With this, customers can eliminate premium cloud connectivity solutions like AWS DirectConnect and Microsoft ExpressRoute.

Enterprises can use SSE’s CASB and DLP to enable full visibility and control of sensitive data and enforce granular policies on data access from corporate and BYOD devices, restrict access according to device posture and required level of access, and control data sharing across applications. Enterprises can also can reduce the risk of sensitive data loss and reputation impact, and better comply with regulatory requirements.

All security capabilities, present and future, are converged into the SSE architecture and can be deployed with a “flip of a switch” without complex integration, capacity planning, and multiple management consoles.

All security policies and analytics are managed through a single pane of glass and are guaranteed to work at the geographies, capacities, and resiliency defined by current deployment without requiring further planning. Enterprises can eliminate the cost and complexity of point solutions including appliances and cloud-based security services such as VPN, Firewalls, CASB, and Secure Web Gateways.

The right SSE solution is SSE can is self-maintaining, self-evolving and self-healing. It removes the grunt work associated with the upkeep of on-premises infrastructure.
SSE Benefits

SSE Benefits for Network and IT Security Teams

Total Visibility and Control for All Traffic, Users, and Applications Everywhere.

SSE establishes a global fabric that connects all edges into a common security platform. All traffic, between any two edges, is inspected by SSE, and the complete set of corporate policies is enforced for threat prevention and data protection. SSE provides consistent security policy enforcement down to a single user, avoiding the compromise of the depth of security controls in smaller locations due to budget and maintenance concerns.
SSE implements zero trust access by ensuring users can only access authorized applications (“least privilege access”). In addition, application access is assessed continuously for anomalies such as threats, attacks, and data loss.

SSE is a cloud-native and cloud-based solution that is delivered through a global backbone comprised of points of presence (PoPs).

The PoPs can secure the traffic at any scale without impacting the user experience because they can scale vertically and horizontally and leverage optimal routing for both local and global traffic.

A converged networking and security architecture reduces troubleshooting times. All networking and security management data are stored in a common database. As such, from one interface, IT can correlate network and security events to investigate a problem.

There is no need to juggle four or five consoles. With each one, they can master the product set and interface nuances to extract the needed information.

How SSE Can Work For You

Simplify and streamline your network security by building a best-in-class SASE architecture. Request a demo from our team to see how it works.

See it in Action
Scroll to Top