Ebook

Cisco Public

A roadmap
to SASE
Navigating the challenges of network
security beyond the data center

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

New network, new In this ebook:

Users and applications are everywhere

security challenges The future: connect, control, converge

SASE: network and security convergence

Network security is no longer confined to the data center. As security shifts
to the cloud, the tried-and-true perimeter-based model just can’t keep up. The Cisco SASE vision
Today’s cybersecurity professionals are contending with an entirely new type
of network and an entirely new set of security needs — now more than ever, Meet Cisco Umbrella
they need a new way to keep users, data, and devices safe from threats.
With all the different security solutions (and acronyms) out there, it can be
tough to sort out which approach is best, as well as which technologies
you need to reduce complexity, improve speed and agility, and deliver
secure network access for your users. In this ebook, we’ll look at where
the security landscape is heading and highlight the steps you can take
to keep your organization safe and secure, today and tomorrow.

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

Users and applications …and security teams

are everywhere and tools are falling
behind.
With more remote workers than ever before, more roaming devices to protect, and
the widespread use of cloud-based apps and services, the edges of the network have
expanded well beyond the data center.
For the past decade, the demand for anywhere, anytime access has grown as the Security operations and IT teams are trying to keep up with changing security
workforce has become more distributed and IT teams have adapted to connect and needs by using a combination of different point solutions, but this fragmented
protect users in new ways. approach to security only adds complexity. It can be tough to stay on top of a
deluge of alerts and potential threats coming from a variety of tools.
Users are accessing applications from multiple locations — and the applications they’re
accessing are just as distributed. As the world continues to move in this direction,
organizations are faced with a growing challenge: how can network and security teams

16%
provide consistent, secure access to an increasingly distributed, mobile workforce
without taking on more complexity?

of companies saw over 100,000

alerts per day

64%
(Cisco CISO Benchmark Study, 2020)

believe network security is more

93%
difficult than two years ago

agree moving security to the cloud has

increased efficiency, allowing security to
focus on other areas
(Cisco 2019 Benchmark study, 2019)
© 2020 Cisco and/or its affiliates. All rights reserved.
 Ebook
Cisco Public

The future: connect, control, converge

Today’s workforce expects seamless access to Securing the modern network is a challenge, requiring In this new paradigm, IT requires a simple and reliable
applications wherever they are, on any device. The a great deal of time, energy, and resources that approach to protect and connect with agility. This is
need for cloud-delivered security service expands daily overextended organizations don’t always have. To fill forcing a convergence of network and security functions
as contractors, partners, IoT devices and more each in the gaps, today’s teams are increasingly seeking closer to users and devices, at the edge — and is best
require network access. IT must protect users and an entirely new type of security solution — one that delivered as a cloud-based, as-a-service model called
devices as if they were located at a corporate office or converges a variety of individual components into one secure access service edge (SASE).
branch. Each requires secure access to applications and connected, cloud-delivered service that makes it easy
must now be treated as a “branch of one.” to control policies and behaviors.

Connect your workforce to Control access through simplified Converge networking and security
applications seamlessly security and policy enforcement functions to meet multi-cloud
demands at scale

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

The evolution of SASE

As networking and security converge in the cloud, we get closer to achieving one
simple goal: giving teams the ability to control and secure users, apps, devices, and
data — anywhere and everywhere.

2007 2017 2019

Secure Web Gateways are the norm. Secure Internet Gateways emerge as a new Network and cloud security begin to converge
security solution. to form Secure Access Service Edge.
Going back as far as 2007, secure web gateways
(SWG) were standard, delivering URL filtering, In 2017, Gartner introduced a new product As 2019 came to an end, Gartner defined a new
advanced threat defense, and legacy malware category, the secure internet gateway (SIG). A type of security model — an evolution from SIG
protection to defend users from internet-based single, cloud-based solution with a greater set called Secure Access Service Edge, or SASE.
threats — and help organizations enforce web of capabilities than SWG, SIG had the potential Gartner predicts that SASE will become the new
security and policy compliance. to replace some (or all) on-premises security standard for security in the coming years, with at
solutions — especially for orgs with distributed least 40% of enterprises adopting explicit SASE
networks or stand-alone SaaS offerings. strategies by 2024.

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

What is SASE?
SASE (pronounced “sassy”) offers an alternative to traditional data center–oriented
security, with a new type of cloud-based architecture that brings together
networking and security services in one unified solution. This converged network
and security solution is designed to deliver strong secure access from edge to edge
— including the data center, remote offices, roaming users, and beyond. Cloud
DNS-layer access
By consolidating a variety of network and security functions in one service that can security security
be deployed anywhere from the cloud, SASE can provide better protection and Secure broker
web Firewall
faster performance, while reducing the cost and work it takes to secure the network. SD-WAN
gateway

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Digital business transformation is moving security

to the cloud, driving a parallel need for converged
services that help reduce complexity, improve
speed and agility, and secure the new network
architecture of tomorrow.

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

The next evolution in cloud convergence

SASE combines networking and security point solutions into one unified, cloud-delivered service.

SASE components

Firewall as a Service (FWaaS) with Intrusion

Cloud Access Security Broker (CASB) Prevention System (IPS) Zero Trust Network Access (ZTNA)
Software that detects and reports on cloud Software-based, cloud-deployed network services A security framework that helps prevent
applications in use across your network, exposing designed to stop or mitigate unwanted access to unauthorized access, contain breaches, and reduce
shadow IT and enabling the ability to block risky the internet. With a cloud firewall, you have visibility the risk of an attacker’s lateral movement across
SaaS apps and specific actions, like posts and and control of internet traffic across all ports the network. Duo, now part of Cisco, is a user-
uploads. and protocols. You can log all activity and block centric, zero-trust security platform that verifies
unwanted traffic using IP, port, and protocol rules. users’ identities and establishes device trust before
You can also block or allow activity by application granting access to authorized applications.
and by user.

Software-Defined Wide Area Network

DNS-Layer Security Secure Web Gateway (SWG) (SD-WAN)

Software that acts as a front line of defense against A gateway that logs and inspects web traffic to A virtual WAN that allows companies to use any
threats on the internet, blocking malicious DNS provide full visibility, URL and application controls, combination of transport services — including
requests before a connection to an IP address is and protection against malware. Some gateways MPLS, LTE, and broadband — to securely connect
even established. can also inspect web-hosted files in real time and users to apps and locations.
decrypt SSL (HTTPS) traffic for advanced threat
protection.

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

The Cisco SASE vision

Every organization has different architectures, Whether you’re looking to onramp to a cloud We offer simple, flexible deployment and consumption
business goals and investments. When it comes architecture, securely connect users who can’t come models that meet your unique situation and scale
to transformation, there’s no one-size-fits-all to the office, or move security from on prem to the with your needs. Our highly available, global cloud
approach. And moving to a SASE framework is cloud, Cisco can help. We are committed to building infrastructure provides secure access wherever
no different. Some will move quickly, while others out the strongest SASE offering in the industry as users and applications reside. We’ve already built
need to take more of a stair-step approach — and we deliver our networking and security capabilities the prerequisite foundation for SASE with our
we at Cisco understand that. We can bridge natively through a unified, global cloud infrastructure. microservices-based, scalable architecture. Our unified
your journey to SASE from wherever you are. cloud platform approach supports the primary SASE
use cases (SD-WAN, FWaaS, SWG, CASB, and ZTNA)
so you can start streamlining security and networking
today. It’s now possible to:

1. Connect all users and devices to

applications with reduced latency.
2. Monitor and secure enterprise traffic
from a single, cloud-native platform.
3. Protect and defend any roaming user.
4. Provide visibility and control over all SaaS
applications, sanctioned or otherwise.
5. Capture deep insights from the endpoint
all the way to cloud services.

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

Meet Cisco Umbrella The Umbrella Advantage

Cisco is leading the way to SASE, and Cisco Umbrella is at the center of the

250B
Cisco SASE approach. Umbrella delivers multiple security functions in a single,
cloud-delivered service, creating a simple, scalable, flexible solution that can
meet the unique needs of your business.
Umbrella delivers the most secure, most reliable, and fastest internet experience to billion daily DNS requests
more than 100 million users daily. By unifying multiple security solutions into a single
service, Umbrella helps businesses embrace direct internet access, secure cloud
applications, and extend protection to roaming users and branch offices.

Most secure
Leveraging insights from Cisco Talos, one of the world’s largest commercial threat
30+
intelligence teams, Umbrella uncovers and blocks a broad spectrum of malicious
data centers across
domains, IPs, URLs, and files that are being used in attacks. Umbrella also feeds five continents
huge volumes of global internet activity into statistical and machine-learning models
to identify new attacks being staged on the internet.

Most reliable
Umbrella has a resilient cloud infrastructure that boasts 100% uptime since 2006.
100M
Using Anycast routing, any of our 30+ data centers across the globe are available global daily
using the same single IP address. As a result, your DNS requests are transparently active users
sent to the nearest, fastest data center with automatic failover.

Fastest internet experience

Umbrella peers with more than 1,000 of the world’s top internet service providers
(ISPs), content delivery networks (CDNs), and SaaS (software as a service) platforms
1000+
to deliver the fastest route for any request — resulting in superior speed, effective partnerships with
security, and user satisfaction for your business.
top ISPs and CDNs

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

Simplify security with Cisco Umbrella

SD-WAN Integration Cloud-Delivered Firewall DNS-Layer Security

Easily deploy Umbrella across your network of Cisco Log all activity and block unwanted traffic using IP, port, Block requests to malicious and unwanted domains and
SD-WAN devices in minutes, and gain powerful, cloud- protocol, and app rules. As new tunnels are created, IPs before a connection is even established — stopping
delivered security to protect branch users, connected security policies can be applied automatically for easy threats before they reach your network or endpoints.
devices, and application usage from threats across all setup and consistent enforcement throughout your
direct internet access breakouts. environment.

Secure Web Gateway Interactive Threat Intelligence Cloud Access Security Broker (CASB)
Log and inspect all web traffic for greater transparency, Uncover malicious domains, IPs, and URLs before they Detect and analyze cloud applications in use across your
control, and protection. IPsec tunnels, PAC files, and are used in attacks, and accelerate incident investigations. environment. Automatically generate reports on the app
proxy chaining can be used to forward traffic to Umbrella Use the Umbrella web console or APIs to get real-time name, vendor, category, risk, and volume of activity for
for full visibility, URL- and application-level controls, and access to Umbrella’s robust threat intelligence. each discovered app. Better manage cloud adoption,
advanced threat protection. reduce risk, and block specific behaviors in applications
(like uploading and posting).

© 2020 Cisco and/or its affiliates. All rights reserved.

 Ebook
Cisco Public

Start your SASE journey

Your roadmap to SASE starts with Cisco Umbrella.
• Broad, reliable security coverage across all ports and protocols
• Protection on and off network
• Rapid deployment and flexible enforcement levels
• Immediate value and low total cost of ownership
• Single dashboard for efficient management

See for yourself. Attend an upcoming

Cisco Umbrella live demo.

Register now

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of
Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/
trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. 12/20