Top Menu

SASE: What is it? How can you test its performance?

SASE: We are presently witnessing a dramatic transformation of enterprise networking and its associated security environment. This sea change is being driven by major and ongoing ‘cloudification’ of business and workplace activities. Businesses are moving from on-premise solutions to hybrid and public cloud solutions, and managed networks. Adding to this complexity is the growing use of IoT devices, increased personnel mobility, and the Covid-generated boost to remote working.

From a security perspective, traditional enterprise premise-oriented network defense perimeters are weakening and disappearing. However, with a huge increase in endpoints connecting to private, public and edge-cloud infrastructure, there is now the requirement to provide end-to-end network security and identify new vulnerabilities. In response, a new expanded security framework is evolving. Identified by Gartner as the Secure Access Services Edge (SASE), this new model sees networking and security move out of the data center and into the cloud. SASE is less a new principle and more the translation, augmentation and unification of existing networking and cloud technologies into a single cloud-delivered platform.

What is Secure Access Services Edge?

SASE represents the amalgamation of cloud and network security, effectively a software bridge between private networks and the public cloud, moving security processes out of the data center and into the cloud. SASE is designed to extend enhanced security capabilities out from data centers to the network edge, enterprise networks and into the user access domain.

 

 

 

 

 

 

 

 

 

 

 

Secure Access Services Edge incorporates a full repertoire of Wide Area Network (WAN) and network security functions and services, including:

  • Secure Web Gateway (SGW) – sits between users and the Internet and blocks any malicious software it detects
  • Firewall-as-a-Service – Next-Generation Firewall (NGFW) systems consolidate traditional firewall abilities like dynamic packet filtering, stateful inspections, Network address translation (NAT), and VPN support
  • Zero Trust Network Access – ensures users only have access to the network resources they need to accomplish their task
  • Cloud Access Security Broker (CASB) – provides a security policy enforcement framework that FWaaS services comprise
  • Sandbox – creates an isolated environment where suspicious files and malware can be observed without risk
  • Data Loss Protection (DLP) – solutions that monitor traffic across the web, app or email and prevent the loss of sensitive data
  • Web/Remote Browser Isolation – defends against a variety of attacks that target web browsers, users can access potentially unsecured websites but they are rendered via a secure disposable container

The SASE endgame is the enabling of secure, seamless, end-to-end access to multiple cloud data and application repositories by authorized and verified users, anywhere, with any wired or wireless device.

What are the challenges of deploying SASE?

While many employees have been working remotely via VPNs for several years and are now looking to move towards signaling gateways (SGW) and zero trust models as part of a SASE architecture, some similar challenges remain, including:

  • The capacity of VPN links between SASE and private applications
  • High web app traffic for SASE solution to process and validate with zero trust policy
  • Potential performance variation under varying load conditions
  • The number of connections
  • Ensuring redundancy is in place and functioning properly in the case of failures or downtime
  • Working around distributed multi-cloud platforms
  • Cyber-attacks potentially comprising performance while data is being scrubbed

With many network control functions previously performed by traditional servers, routers and firewalls now moving to SASE, effective, objective and certified performance benchmarking becomes ever more critical. To account for different scenarios and mitigate risk, SASE models must be thoroughly tested.  Testing with real traffic, at scale, across different cloud environments, and against various malware and equipment failures.

How can you test SASE?

To thoroughly test a SASE architecture requires a virtualized test tool that can function across multiple platforms in a multi-cloud distributed environment. These test tools, like the VIAVI TeraVM, are containerized, can dynamically scale, support real traffic and can inject malware to assess the functionality of security protocols. Metrics that need to be measured as part of these tests are:

  • Concurrent Authenticated Web connections
  • Throughput
  • Latency
  • MoS score
  • QoE

Performance and scalability are two very important tests with MoS scores for voice and video, providing a measurable performance metric. However, in addition to quantifiable metrics, it’s important to assess the effect of the new SASE model on day-to-day employee activity, for example:

  • Will zero trust slow down access to services?
  • Will sandboxing affect application performance?
  • How many connections can be added without degrading performance?

How can VIAVI help test SASE models?

TeraVM, The VIAVI emulation and security solution is a completely software-based, virtualized and containerized NGFW and network validation tool that runs in labs, data centers and servers (in the cloud or on-premise).

TeraVM can help identify where vulnerabilities lie across networks (fixed and wireless) and cloud infrastructures. It can emulate a huge range of potential security breaches, from viruses, spyware and malware, to weak BYOD policies and impersonation. TeraVM can deliver reliable and repeatable results.

Additionally, TeraVM components can be deployed in a distributed and hybrid network with central control. Businesses need to future-proof their network infrastructure, and by converging their networks, cloud and security solutions with SASE, they address the opportunities of today and tomorrow. The VIAVI TeraVM can play a crucial role in SASE and network, cloud and security testing.

The future for SASE is looking bright. Gartner predicts that by 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access. In the meantime, estimates of the global SASE market size range from $5.36 billion in 2027 to $11.29 billion by 2028 (respectively, figures in reports available from Market Research Future and ResearchAndMarkets). If your organization is looking to implement SASE, get in touch with VIAVI today.

For more information on how to test SASE, please read this whitepaper: https://comms.viavisolutions.com/SASE-Test-Explained-vs10908

or red more about Security Solutions for Wireless Operators – TeraVM | VIAVI (viavisolutions.com)

About The Author

Related Posts

OTDR Test

Are you being “smart” about OTDR Testing?

What is AI OPS?

Navigating MPO Waters: Top 3 Testing Challenges with Multi-Fiber MPO connectors

VIAVI Named Frost & Sullivan Customer Value Leader

©2023 VIAVI Solutions. All rights reserved.
×
Close