SASE, SD-WAN, SD-Branch, ZTNA... What does it all mean?

This blog has been written by Rhys Lancaster, Consultancy and Service Delivery Director (Connectivity), at Nasstar. 

The world of network security is awash with acronyms that can be confusing even to the most tech-savvy among us. I hear these buzzwords more and more, and even though I’m in the industry, it feels like there's a new acronym created every day. Let's break down some of the most common acronyms you're likely to encounter. 

Secure Access Service Edge (SASE) 

I think of SASE as the overall framework, the top of the tree, so to speak. Many of the other terms are components, or bolt-ons, to SASE. The acronym stands for 'Secure Access Service Edge'. It was coined as a way of thinking about network security, combining the best networking and security technologies into a single service. It's a holistic approach that addresses the challenges of today's distributed workforce and cloud-first applications. 

SASE represents a significant shift from traditional network security models that were centered around protecting a defined corporate perimeter. In today’s world, with users working from anywhere and applications hosted everywhere from corporate data centres to multiple clouds, that perimeter has essentially dissolved. This dissolution means you can no longer trust anything simply because it's inside your network perimeter - hence the zero-trust approach.  

SASE acknowledges this reality by moving security controls from centralised data centres to a cloud-delivered service that follows users wherever they go. Critical to this model is robust user authentication through Identity Access Management (IAM), ensuring every user requesting access is properly verified before being granted permissions to corporate resources, regardless of their location or device. 

What makes SASE powerful is how it brings together multiple security and networking functions that traditionally required separate products. Instead of having one system to filter web traffic, another to monitor cloud applications, a third to provide secure VPN access, and yet another to manage your network connections, SASE combines all these capabilities into one integrated service.  

This means you can apply the same security rules everywhere, simplify IT infrastructure, and gain greater visibility into what's happening across your entire network. The result is better protection that follows your users and data wherever they go, without the complexity of managing numerous different security tools. 

Software-Defined Wide Area Network (SD-WAN) 

SD-WAN (Software-Defined Wide Area Network) is a key component of SASE, providing a more agile and efficient way to manage your network. It uses software to control network traffic, allowing you to optimise performance and reduce costs. SD-WAN is the part of the technology that enables you to use, for example, a traditional private connection such as Multiprotocol Label Switching (MPLS)and a broadband connection at a location, while ensuring your application traffic is effectively routed via the best and fastest path.  

Previously, you might have had an office connected back to a data centre with a central firewall. To access Office 365 from the office, you would have to connect all the way across the country to your datacentre, navigate the corporate firewall to get to the internet, share that expensive internet connection with everyone in your company, and hope that your web pages load before you get back from making a brew.  

With SD-WAN, you’re accessing the internet a long way from your corporate firewall using a small firewall that is embedded on your office's local router. Sometimes, this firewall is included in software that sits on your laptop or smartphone.  

This means your company can effectively secure devices at the edge of the network and enable you to make use of local internet breakout, whether you're in a remote office, coffee shop, plane, or even the spa. The firewall addition is when SD-WAN becomes SASE. 

With more applications hosted in the cloud and accessed via the internet, SD-WAN provides access to these services securely and quickly, from anywhere. It also means you can continue to access corporate networks that may still be hosted within the company. To do this, you would make use of private MPLS links where available or just set up a Virtual Private Network (VPN) tunnel for that application, sending traffic securely back to the company servers. 

Zero Trust Network Architecture (ZTNA) 

Zero Trust Network Architecture is another important part of SASE, although it’s more of a design concept. It describes how, with ever more employees accessing "anything, anywhere, from any device", your trusted network perimeter has expanded from a few firewalls to every device accessing company data.  

The extent of this expansion means you can’t trust any device or user that tries to connect to your company's servers, services, and data. ZTNA design principles mandate Identity and Access Management (IAM) solutions that secure your network by verifying the identity of every user and device before granting access. This helps prevent unauthorised access and protects your sensitive data. 

Many businesses are finding that ZTNA offers the perfect baby steps into the world of SASE. It replaces ageing VPN platforms and offers immediate security benefits, but doesn’t require the deployment of expensive infrastructure.  

Traditional VPNs are a bit like giving visitors to your office a key to the entire office building. Once they’re in, they can wander around anywhere. ZTNA, on the other hand, is a bit more like having a receptionist who checks ID, confirms the appointment, and escorts your visitor only to the specific meeting room they need to be in. This means users only get access to the specific application they require, and not your entire network. 

SD-BRANCH 

A key acronym associated with SD-WAN is SD-BRANCH (Software-Defined Branch). This extends the SD-WAN concept to the entire branch office, including the local area network (LAN). It simplifies branch network management by consolidating various network functions into a single platform, improving efficiency and reducing complexity. 

“Bolt-on acronyms” 

Now, what I think of as the bolt-on acronyms, SEAM and SOAR. SEAM (Security Event and Alert Management) tools collect and analyse security event data from various sources, such as firewalls and intrusion detection systems. This helps organisations identify and respond to security threats in a timely manner.   

SOAR (Security Orchestration, Automation and Response), when set up correctly, should integrate seamlessly with SEAM (pun intended). SOAR should take the event and alert information from SEAM and automate security response tasks such as threat detection and incident response.  

This allows security teams to respond more quickly to critical threats. The automation of basic response measures means they can spend more time looking at the human, design, and strategic aspects of security protection. 

Why should you care about secure network acronyms? 

The simple answer is that they can help you to improve your organisation's network security posture. By adopting a SASE approach, you can gain several benefits, including: 

Improved security: SASE helps protect your network from a wide range of threats, including malware, phishing attacks, and data breaches. 

Increased agility: SASE allows you to adapt quickly to changing business needs and deploy new applications and services faster. 

Reduced costs: SASE can help you save money by optimising your network traffic and reducing the need for expensive hardware. 

How to get started with SASE 

The first step in getting started with SASE is to educate yourself on its different components and how they can benefit your organisation. Once you have a good understanding of the basics, you can start to develop a SASE strategy that meets your specific needs. 

There are several resources available to help you get started with SASE, including our team of experts at Nasstar. We can help you to assess your current network security posture, develop a SASE roadmap, and implement the right solutions for your business. 

If you'd like to delve deeper into secure network acronyms or explore how they can be integrated into your business, don't hesitate to contact us. We’re on hand to help you navigate the complexities of network security and make informed decisions that align with your goals.