secure access service edge (SASE) (noun) [Word Notes] - Hacking Humans

Summary6 min read

Podcast Summary: Hacking Humans – Episode on Secure Access Service Edge (SASE)

Podcast Information:

Title: Hacking Humans
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cyber crime.
Episode: Secure Access Service Edge (SASE) (noun) [Word Notes]
Release Date: November 12, 2024

Introduction to SASE

In this episode of Hacking Humans, hosted by Rick Howard from N2K Networks, the focus shifts to the emerging cybersecurity framework known as Secure Access Service Edge (SASE). Released on November 12, 2024, the episode delves deep into the definition, components, and significance of SASE in the contemporary cyber landscape.

Definition and Pronunciation: Rick Howard introduces SASE by breaking down the acronym:

Secure
Access
Service
Edge

He emphasizes its pronunciation, noting, “Pronounced sassy or as I like to call it, sassay” (00:15).

Formal Definition: SASE is described as “a security architecture that incorporates the Cloud shared responsibility model, a vendor-provided security stack, an SD WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks” (00:15).

Historical Context and Evolution of Network Security

Rick Howard provides a comprehensive overview of the evolution of network security, highlighting the shift from traditional perimeter-based defenses to more distributed models.

Traditional Perimeter Defense: Since the early days of the Internet around 1995, network defenders typically established a defensive perimeter between internal digital assets and the external world. This involved:

Establishing Internet connections with service providers.
Connecting remote offices, data centers, and endpoints via internal leased lines.
Deploying security tools like firewalls and intrusion detection systems at the Internet boundary.

Challenges with Traditional Models:

Cost: Leased lines are expensive, especially as organizations scale.
Complexity: Maintaining a security stack across multiple locations leads to exponential management complexity.
Scalability: The number of security tools can range from 15 to 300, depending on organizational size, making scalability a significant challenge.

Transition to SASE: With the decline in the cost and rise in the reliability of local Internet connections, organizations found it more practical to allow remote offices to connect directly to the Internet. This shift increased the burden on network defenders to deploy and manage security stacks in multiple locations, leading to inefficiencies that SASE aims to resolve (00:15).

Components of SASE

Rick Howard breaks down SASE into its four fundamental components, explaining how each contributes to a streamlined and effective security architecture.

SASE Cloud Provider:
- Instead of individual organizations managing their own security stacks, a SASE vendor offers the stack from multiple global data center locations.
- Customers set global policies across all security tools, while the vendor maintains the underlying infrastructure.
- Quote: “The SASE vendor keeps the blinky lights working on all of the equipment” (00:15).
Security Stack:
- The SASE vendor provides a suite of security services, including Zero Trust, kill Chain prevention, compliance, and risk forecasting.
- These services are standardized and managed centrally, ensuring consistency and up-to-date protection.
SD-WAN (Software-Defined Wide Area Network):
- Connects a software-hardware meta layer to all customer remote locations.
- Facilitates efficient routing decisions between various Internet connections, optimizing performance and reliability.
Peer Connections:
- The initial hop from the SASE vendor’s data center is directed to major content provider fiber networks such as Google, Amazon, and Microsoft, rather than the general Internet backbone.
- This approach enhances speed, security, and reliability by leveraging established high-performance networks.

Benefits of SASE:

Reduced Management Complexity: Centralized management simplifies the oversight of security tools and policies.
Cost Efficiency: Eliminates the need for expensive internal leased lines and reduces redundant maintenance costs.
Scalability for SMBs: Small and medium-sized organizations can access enterprise-grade security without the extensive resources typically required by large enterprises.

Gartner’s Hype Cycle and SASE’s Position

Rick Howard contextualizes SASE within Gartner’s Hype Cycle, a model developed by Gartner analyst Jackie Finn to describe the lifecycle of emerging technologies.

Gartner’s Hype Cycle Overview:

Innovation Trigger: Introduction and early development of a new technology.
Peak of Inflated Expectations: High visibility and excitement, often leading to unrealistic expectations.
Trough of Disillusionment: Initial enthusiasm wanes as the technology fails to meet inflated expectations.
Slope of Enlightenment: Gradual understanding of the technology’s practical applications and limitations.
Plateau of Productivity: The technology matures, achieving widespread adoption and delivering consistent value.

SASE’s Current Position: According to Rick Howard, as of the 2020 Gartner Hype Chart for Endpoint Security, SASE is positioned at the “peak of inflated expectations.” He predicts that SASE will take another five to ten years to reach the “plateau of productivity,” where it will become a mainstream, essential component of cybersecurity infrastructure (06:03).

Supporting Quote from Jackie Finn: “In the Hype cycle, the expectation starts with a product announcement and then rises through the peak of inflated expectations as consumers realize the potential of the new idea. From there, expectations begin to diminish through the trough of disillusionment as these same people begin to realize that the new tech is not quite ready for prime time. From there though, expectation rises again through a much gentler slope of enlightenment and finally, once the product has matured, reaches the plateau of productivity,” explains Jackie Finn (05:37).

Future Outlook and Conclusion

Rick Howard concludes the episode by emphasizing the transformative potential of SASE in modern cybersecurity. By integrating cloud-based security services with efficient network routing and leveraging major content provider infrastructures, SASE represents a significant advancement in how organizations manage and protect their digital assets.

Final Thoughts:

Centralized Management: Simplifies security operations and policy enforcement across global networks.
Scalability and Accessibility: Empowers organizations of all sizes to implement robust security measures without prohibitive costs.
Long-Term Adoption: While currently at the peak of expectations, SASE is poised to mature and become a foundational element of cybersecurity strategies in the coming decade.

Notable Quotes

Rick Howard on SASE Definition: “SASE is a fundamental shift in thinking about Internet data flow and the logical location of the security stack that is on the same historical significance level as standardizing on tcp/ip, installing bgp, routing, and instantiating content provider peering relationships.” (00:15)
Jackie Finn on the Hype Cycle: “The Hype cycle is something we've been using within Gartner and within information technology for many years now to describe the common pattern that happens over and over again of over enthusiasm with the new technology and then disillusionment when that technology doesn't quite live up to expectations and then the eventual move to maturity where you're pretty sure you're going to get value out of the technology.” (05:37)
Rick Howard on SASE’s Maturity: “For SASE, it's early days. The 2020 Gartner Hype Chart for Endpoint Security has SASE at the apex of the peak of inflated expectations and predicts that the architecture will not reach the plateau of productivity for another five to ten years.” (06:03)

Production Credits

Wordnotes: Written by Naila Genoui
Executive Produced by: Peter Kilpe
Edited by: John Petrick and Rick Howard
Sound Design and Music: Elliot Peltzman

This episode serves as an insightful exploration into SASE, providing listeners with a thorough understanding of its components, benefits, and potential trajectory within the cybersecurity landscape. Whether you’re a seasoned IT professional or new to the field, Rick Howard’s detailed explanation offers valuable perspectives on the future of secure network access.

Loading summary

Transcript4 lines

[00:02]
Unknown Host
You're listening to the CyberWire network powered by N2K.
[00:15]
Rick Howard
The word is sase, spelled S for secure, A for access, S for service, and E for edge. Definition A security architecture that incorporates the Cloud shared responsibility model A vendor provided security stack, an SD WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks. Example Sentence SASE is a fundamental shift in thinking about Internet data flow and the logical location of the security stack that is on the same historical significance level as standardizing on tcpip, installing bgp, routing, and instantiating content provider peering relationships. Origin and context Pronounced sassy or as I like to call it, sassay. The term is so new that most traditional dictionaries only list the postal service acronym self addressed stamp envelope. But this cutting edge cybersecurity architecture, coined by Gartner in 2019, fundamentally shifts how network defenders might manage their security stack. Since the early Internet days, circa 1995, network defenders typically established a perimeter defense between their internal digital assets and the outside world. Organizations established one or more Internet connections with a service provider and connected remote offices, data centers, and endpoints via internal leased lines. Network defenders deployed their security stack tools like firewalls and intrusion detection systems at the Internet boundary, and network managers ensured that the data flow would always traverse through the security stack. But lease lines are expensive, and the typical number of tools in the security stack in today's environments can be anywhere between 15 and 300, depending on on how big the organization is. At the same time, local Internet connections have become so inexpensive and reliable that it doesn't make sense to pay for internal lease lines anymore. It's just easier to let the remote offices connect to the Internet themselves. But that means the network defender team has to deploy the security stack in multiple locations. The management complexity of this situation has become exponential, and the money we save by removing the lease lines is consumed again by maintaining multiple sets of the same security stack. Enter sase it has four components. Number one A SASE cloud provider. Instead of each network defender managing and maintaining their own internal security stack, the SASE vendor provides the stack in multiple data center locations around the world. The first network hop out of the customer location is through their SASE vendor. The SASE customer sets the global policy for every tool in the stack, and the SASE vendor keeps the blinky lights working on all of the equipment. 2 the security stack the SASE vendor offers security services for its customers like Zero Trust, kill Chain prevention, compliance, and risk forecasting. Number three the SD WAN the SASE vendor connects a software hardware meta layer to all the customer remote locations for the purpose of making efficient routing decisions between all customer Internet connections. Number four Peer Connections the first hop out of the SASE vendor's data center is not to the Internet backbone, but to one or more of the big content provider fiber networks like Google, Amazon and Microsoft. By flipping the management model to a cloud shared responsibility model, the customers have the opportunity to reduce the management complexity of their security environments and to automatically orchestrate their global security stack with updates and changes. For the small and medium sized organizations who don't have the resources that big business does, they can now deploy the same world class security stack as their big brothers. Nerd Reference According to the Challenging Coder website Gartner's Jackie Finn created the concept of the hype cycle in 1995. She noticed a repeated pattern of expectation attitudes from consumers of tech and security tools as new, new and innovative products emerge in the marketplace. The expectation starts with a product announcement and then rises through the peak of inflated expectations as consumers realize the potential of the new idea. From there, expectations begin to diminish through the trough of disillusionment as these same people begin to realize that the new tech is not quite ready for prime time. From there though, expectation rises again through a much gentler slope of enlightenment and finally, once the product has matured, reaches the plateau of productivity. In an interview with Finn on the RSA Showroom Floor in 2008 about the book she wrote on the topic, she described the Hype Cycle this way because.
[05:37]
Jackie Finn
The Hype cycle is something we've been using within Gartner and within information technology for many years now to describe the common pattern that happens over and over again of over enthusiasm with the new technology and then disillusionment when that technology doesn't quite live up to expectations and then the eventual move to maturity where you're pretty sure you're going to get value out of the technology.
[06:03]
Rick Howard
For SASE, it's early days. The 2020 Gartner Hype Chart for Endpoint Security has SASE at the apex of the peak of inflated expectations and predicts that the architecture will not reach the plateau of productivity for another five to ten years. Wordnotes is written by Naila Genoui, executive produced by Peter Kilpe and edited by John Petrick and me, Rick Howard. The mixed sound, design and original music have all been crafted by the ridiculously talent talented Elliot Peltzman. Thanks for listening.