Uncategorized

What Is SASE and What Security Threats Can it Prevent?

SASE, which stands for Secure Access Service Edge, is a cloud-based network security model. SASE uses a technology called software-defined networking, which allows software to manage networks and combine them with network security features. SASE simplifies network infrastructure and security management by providing organizations with a single service provider.

This cloud-based security model was proposed by Gartner in August 2019. It allows organizations to enforce secure access policies regardless of their physical location. The SASE architecture identifies users and devices requesting access, enforces policy-based security and compliance, and provides secure access to users.

Traditional network infrastructures use a hub and spoke model—it connects users in multiple locations to resources hosted in centralized data centers. All data and applications reside in this core data center and users can connect via a localized private network or VPN, depending on how the organization’s network is configured.

The problem with this traditional model is that it is not compatible with evolving technologies and cultures. Security as a Service (SaaS) adds complexity to this model because it requires more maintenance and monitoring. Additionally, this hub-and-spoke model becomes impractical as more remote workers reside in different locations, increasing latency for critical applications and remote users.

SASE, on the other hand, performs network control at the cloud edge instead of using the data center as the primary hub for all storage and traffic. This simplifies networking and security services, does not require a VPN, and limits latency. With built-in security and a single monitoring platform, SASE is an easier and more secure way to configure network infrastructure.

The Major Components of SASE

Cloud-access Security Broker (CASB)

CASB acts as a bridge between users and cloud applications. They allow organizations to apply security policies, two-factor authentication (TFA), and single sign-on (SSO) to all cloud applications, preventing unauthorized devices and individuals from accessing sensitive assets, and denying access to unauthorized parties.

Zero-Trust Network Access (ZTNA)

ZTNA is a next-generation access control system that ensures every user or device has explicit permission to access an application or resource. It enforces a zero trust security model, and ensures that applications running in a network are hidden from users who should not have access to them. It also enables secure remote access through layered authentication. ZTNA provides highly adaptable security suitable for agile organizations.

Software-Defined Wide-Area Networking (SD-WAN)

SD-WAN is a connectivity architecture that separates the network hardware from the physical control layer. It improves network performance by improving WAN performance and simplifying management. SD-WAN supports new applications and services driven by digital transformation, in particular cloud-based environments. Combining SD-WAN with advanced security features provides a foundation for enterprises to transition to SASE.

Secure Web Gateways (SWG)

SWG protects connected devices from attacks, enforces corporate policies, and filters malware from user-initiated Internet traffic. SWG provides URL filtering, application control, DLP, antivirus, sandboxing, and SSL inspection to protect users from viewing harmful websites and enforcing security policies, while ensuring full web access to legitimate resources.

Firewall as a Service (FWaaS)

FWaaS is a firewall solution delivered as a cloud-based service. It provides next-generation firewall (NGFW) features including web filtering, advanced threat protection (ATP), intrusion prevention system (IPS), and DNS security. By integrating FWaaS into the SASE platform, SASE can provide network security capabilities for any workload running in any location.

Centralized and Unified Management

The modern SASE platform enables IT administrators to manage SD-WAN, SWG, CASB, FWaaS, and ZTNA with centralized, unified management across networks and security. This improves security and results in a better user experience for the organization’s mixed workforce.

What Security Threats Can it Prevent?

Code and SQL Injection Attacks

Many websites accept user input but do not validate and sanitize that input. An attacker could then fill out a form or make an API call, passing malicious code instead of expected data values. This code runs on the server and allows an attacker to perform malicious activities, and in many cases compromise the entire host.

How SASE prevents this threat: SASE has several components that filter application traffic, searching for attack patterns. These include SWG and FWaaS. There are several defensive layers that can identify probable attack patterns, such as SQL injections attacks, and block them in real time.

Insider Threats

Networks are particularly vulnerable to malicious insiders who already have access to organizational systems. Insider threats can be difficult to detect and defend against, because they are already inside the network and might already have privileges for sensitive systems.New technologies such as User and Event Behavior Analytics (UEBA) help identify suspicious or anomalous behavior by insiders and detect insider attacks.

How SASE prevents this threat: similar to the previous section—one of the main goals of zero trust security is to prevent insider threats. SASE uses ZTNA to continuously verify all requests, including from internal, trusted sources. This way, an insider abusing their privileges to carry out anomalous activities can be immediately detected and blocked.

Unauthorized Access

Unauthorized access is when an attacker gains unauthorized access to your network. Causes of unauthorized access attacks include weak password strength, lack of protection against social engineering, previously compromised accounts, and insider threats.

How SASE prevents this threat: SASE includes ZTNA, which enforces strong authentication, and can identify and block anomalous access requests.

Distributed Denial of Service (DDoS) Attacks

Attackers create botnets, swarms of compromised devices, and use them to send fake traffic to networks or servers. DDoS can occur at the network level, for example, overwhelming a server by sending a large number of SYN/ACC packets. It can also happen at the application level, for example, by hitting a database with a large number of complex SQL queries.

How SASE prevents this threat: One of the components of SASE is FWaaS, a firewall operating at the edge which can identify network-layer or application-layer DDoS and block it.

Man in the Middle Attacks

In a man-in-the-middle (MitM) attack, an attacker intercepts traffic between your network and an external site or within your network. If the communication protocol is insecure, or an attacker finds a way to bypass its security, they can steal data in transit, obtain user credentials, and hijack sessions.

How SASE prevents this threat: SASE encrypts all traffic by default, preventing a majority of man in the middle threat vectors.

Privilege Escalation

If an attacker gets into your network, they can use privilege escalation to expand their reach. Horizontal privilege escalation involves an attacker gaining access to another adjacent system, while vertical escalation implies an attacker gaining higher privileges on the same system.

How SASE prevents this threat: one of the basic tenets of SASE is to implement a zero trust security model, in which every user or entity has the minimal privileges required to carry out their role. When a user attempts to escalate privileges, ZTNA checks if the higher privilege is warranted and if not, blocks the request.

Conclusion

In conclusion, SASE is a relatively new technology that is designed to provide a secure and integrated approach to networking and security. By combining multiple security functions, such as VPN, firewall, and content filtering, into a single cloud-based service that is delivered through a global network of edge locations, SASE enables organizations to easily and securely connect users to applications and resources, both on-premises and in the cloud. 

Additionally, SASE is able to protect against a wide range of security threats, including malware, SQL injection attacks, and insider threats. By providing a single platform for networking and security, SASE helps organizations to improve their overall security posture and better protect against modern cyber threats.

Balaji N

Balaji is an Editor-in-Chief & Co-Founder - Cyber Security News, GBHackers On Security & Kali Linux Tutorials.

Recent Posts

Bomber : Navigating Security Vulnerabilities In SBOMs

bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…

10 hours ago

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…

11 hours ago

Exploit Street – Navigating The New Terrain Of Windows LPEs

Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…

2 days ago

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…

3 days ago

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago