3 things you need to know about SASE and SD-WAN

How can SASE and SD-WAN be compared?

As companies increasingly need to support and integrate a distributed workforce, many IT decision-makers are fundamentally rethinking their networks. SD-WAN (Software-defined Wide Area Network) and SASE (Secure Access Service Edge) are coming into focus. The similarities between the two often lead to confusion – both pursue new approaches to make company networks more secure and easier to manage. It is therefore important to know the differences and the interaction between SD-WAN and SASE.

SASE encompasses (and extends) the SD-WAN principles

Since SD-WAN has gained in importance, the focus has been on optimizing and securely terminating data traffic across distributed locations. To achieve this, SD-WAN uses a virtualized control layer that flexibly combines broadband, MPLS or LTE. Centralized management makes it easier for companies to efficiently connect home offices and branch offices.

However, SD-WAN was never designed for security controls. To minimize risks, additional web gateways and firewalls are required – traffic must therefore pass through central checkpoints. This reduces flexibility and performance, especially in cloud and remote environments, as data has to be routed back into the company network or to the cloud.

SASE combines the central management of SD-WAN with integrated security functions – cloud-based and provided directly at the network edge.

SASE is designed so that the most important security controls are already integrated

When Gartner first defined the SASE category in 2019, it set out the five minimum components. SASE technology combines SD-WAN network controls with four other security control functions:

Secure Web Gateway (SWG)

Cloud Access Security Broker (CASB)

Zero Trust Network Architecture (ZTNA)

Firewall as a service (FWaaS)

As SASE technology has evolved, additional features such as next-generation anti-malware and managed detection and response have been added to create a more comprehensive suite of security management capabilities.

The SASE topology is more like a mesh than a secure SD-WAN with hub and spoke

The security functions are bundled in a single SASE cloud service. Security checks are carried out via distributed SASE Points of Presence (POPs). These POPs are located close to the respective connecting device, so that data traffic is checked locally without any detours. The SASE topology works like a meshed network, replacing the rigid hub-and-spoke model of classic SD-WAN architectures.

Conclusion

Many companies are reluctant to introduce SD-WAN for fear of transitional difficulties.SASE can exacerbate these concerns. SD-WAN is not a prerequisite for starting with SASE, but SASE extends SD-WAN and can also be implemented separately. Savecall accompanies you step by step – in line with your current infrastructure. We focus on your goals: Security, performance, business enablement. Book an online appointment, write to me on WhatsApp or give me a call (+49 89 219914810), I’ll be happy to help!

I look forward to your questions!

Juarez Williams

Head of Sales Strategy