MONITORAPP’s deputy director of R&D: Donghan Kim In a world of mobile devices, cloud security has been rising in demand. MONITORAPP develops and provides not only security appliances but solutions through cloud delivery. AISASE platform is built and serviced to enable global delivery of AIONCLOUD, internally developed SECaaS platform. This article will discuss the basics of SASE and the architecture of AISASE.
|
- What is SASE
Source: https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528&st=sb
Secure Access Service Edge (SASE), first introduced in 2019 by Gartner, refers to a network security technology that supports dynamic secure access by integrating WAN and multiple network security solutions into cloud-based services.
Unlike in the past, in a modern cloud environment, users, devices, and network functions that require secure access can be anywhere, so the secure access service should be everywhere. SASE delivers required services on demand and this is provided through dynamically generated edges based on policy regardless of the location and network of the entity requesting the service. It reduces the complexity, cost, latency while improving performance, security, and the security policies of all edges can be centrally managed.
Source: https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528&st=sb
There are many components that make up SASE but the key components are: SD-WAN (Software-defined WAN), VPN (Virtual Private Network), ZTNA (Zero Trust Network Access), QoS (Quality of Service), DNS, FWaaS (Firewall as a Service), Thread Prevention, SWG (Secure Web Gateway), DLP (Data loss prevention), CASB (Cloud Access Security Broker), etc.
Source: https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528&st=sb
- AISASE Architecture
AISASE is divided into two main services, which are AIONCLOUD Security Center and AIONCLOUD Security Edge. AIONCLOUD Security Center includes Service Gateway, Security Manager, and Master DB, etc. AIONCLOUD Security Edge, built in each region, has network functions as well as multiple security services and is multitenancy architecture based.
AIONCLOUD Security Center stores the information (accounts, domains, etc.), policies, usage statistics, logs, and events necessary for edges to provide security services to the users and provides an integrated console on the web to manage and monitor them.
AIONCLOUD Security Edge provides security services and network functions to users, and when connecting through a virtual private network to form a global private backbone, it provides SD-WAN functions and supports fail-over/back between regions. Security services provided by AIONCLOUD are server-side security service, WAF (Web Application Firewall), and WMD (Web Malware Detection) along with client-side security service, which contains SWG (Secure Web Gateway). In the future, combining the AISASE platform and MONITORAPP’s high-performance proxy technology will enable various security services (VPN, ZTNA, DLP, etc.) to be delivered through the cloud.