Can SASE fit into an adaptive security model?
Let's say you get Versa networks. You deploy them, and then go to the integrations page within their console. You choose to integrate with this cloud access security broker (CASB) or proxy server, like Zscaler, and then you add those services on top of what you have. Now you're paying for SD-WAN but you're also paying for your Zscaler and you're paying for your CASB and everything else on top of that. It's a convenient way to have your networking and security in one box but just like any company that offers everything, they're not good at everything. So, it's a way to get best-in-breed networking and security in one solution, but it still doesn't work in that it doesn't address the internal issues and propagation.
It sounds like they delegate out—they have hooks into other things.
I’ve asked Versa how their CASB works and they said, "Well, it's not our CASB. You have to integrate with somebody else.” But then Netskope has the whole package. They have single sign-on, they have everything that Duo and Okta do, and they have SD-WAN now. It's interesting how their path is coming along and it'll be interesting to see where they go.
And there some CASBs are agentless and some are not. I went through this whole journey to get Zscaler, Netskope, SD-WAN, and some other things to work and had to create this big PAK file. You have to get your config file right before you push it out through GPO or DP because if you put the PAK file stuff in the wrong order, it doesn't work. So if you get it wrong, then you have to reissue all the agents and it's a pain. Agents are a step back, period. Nobody wants to manage agents or anything on laptops. GPOs, all this stuff, those are all 20-year-old technology. Why use it anymore?
The majority of players in the SASE space today are just riding the Gartner hype train, and are actually point-product solutions just deployed in the cloud. It’s a chaos of integrations, API hooks and disjointed context. The reason for this? SASE is sexy, and they want a slice of that pie.
If you look at the SASE originators (no naming here), you will see that the platforms are designed with scale and adaptation in mind. In the event that you need to add or remove services/rules/policies etc, it’s a couple of clicks instead of a couple of deployments.
You want CASB? Check the toggle and get it working. You need DLP? Sure! RBI? Deployed worldwide in 5 minutes.
This is one of the powers of a true SASE approach. You don’t need to kill your existing architecture, but instead you can adopt one that collapses your vendor sprawl, and scales to your business need