Monojit Samaddar, Country Director, VIAVI Solutions, India

Businesses are moving from on-pre­mise solutions to hybrid, public cloud solutions and managed networks. Further, the growing use of internet of th­ings devices and the rise of personnel mobility and remote working are adding complexity to the network. The increasing utilisation of cloud services and proliferation of devices are impacting traditional premise-oriented network defence perimeters, making them weaker and less effective.

Effective network security requires protection, detection and timely response. A new expanded security framework is evolving. Identified by Gartner as the Se­cu­re Access Services Edge (SASE), the framework involves the augmentation and unification of existing networking and cl­oud technologies into a single cloud-delivered platform.

SASE represents the amalgamation of cloud and network security, serving as a software bridge between private networks and the public cloud. It moves security pro­cesses out of the data centre and into the cloud. SASE is designed to extend enhan­c­ed security capabilities to the network edge, enterprise networks and the user access domain.

Challenges in deploying SASE

Implementing SASE is not straightforward and deserves careful consideration to ensure that corporate security principles are not compromised for the sake of operational efficiency. The challenges include:

  • Capacity of virtual private network (VPN) links between SASE and private applications
  • Processing high web app traffic for SASE solutions and validating it with a zero trust policy
  • Potential performance variation under varying load conditions
  • Managing the number of connections
  • Ensuring redundancy is in place and functioning properly in case of failures or downtime
  • Working with distributed multicloud platforms
  • Cyberattacks potentially compromising performance while data is being scrubbed.

With many network control functions pre­viously performed by traditional ser­vers, routers and firewalls now moving towards SASE, effective, objective and certified performance benchmarking be­co­mes even mo­re critical. To account for different scenarios and mitigate risks, SASE models mu­st be thoroughly tested with real traffic at scale, ac­ro­ss different cloud environments and agai­nst various malware and equipment failures.

How to test SASE?

To thoroughly test a SASE architecture, a virtualised test tool that can function across multiple platforms in a multicloud distributed environment is required. The metrics that need to be measured as part of these tests are: concurrent authenticated web connecti­ons, throughput, latency, mean opinion sc­ore (MoS) and quality of experience.

In addition to pure numbers, it is imp­or­tant to understand the day-to-day im­pact on employee activities. For example, it is essential to determine how many new connections can be added before perform­ance degradation occurs, whether zero-tru­st access will contribute to delays in acc­e­ssing services, and whether sandboxing will no­ticeably affect application performa­nce, etc.

Certain office applications demand a high performance, low-jitter network that is both reliable and scalable. Therefore, pe­rformance and scalability are very important tests, with MoS scores for voice and vi­deo providing measurable performance me­trics. Content filtering, sandboxing, re­mote browser isolation and data loss prevention are all additional security mechanisms that can protect corporations from being attacked or losing sensitive data.

SASE testing tools

SASE testing tools are containerised, can dynamically scale, support real traffic and can inject malware to assess the functionality of security protocols. TeraVM is a completely software-based, virtualised and containerised next-generation firewall and network validation tool that runs in labs, data centres and servers (in the cloud or on-premise). It can help identify vulnerabilities across networks (fi­xed and wireless) and cloud infrastructures, replicate a wide range of potential security breaches: from viruses, spyware, malware and owing to we­ak bring-your-own-device policies and impersonation. This tool can be dep­loyed in a distributed and hybrid network with central control. Busine­sses need to future-proof their network in­frastructure by converging their networks, cloud and security solutions with SASE, which will en­able them to le­ve­rage the opportunities of today and tomorrow.