Discover Why SASE is the Ultimate Upgrade from Secure Service Edge
Hi. I'm Max Clark. I was just reading that Cloudflare was just named in the 2024 Gartner Magic Quadrant for Security Service Edge or SSE not gonna get into Cloudflare as a platform or what we think about them or how they stack up to competitors I'm just gonna talk right now about SSE and SASE so secure service edge versus secure secure access service edge I know these acronyms feel like they're changing daily so who knows sassy just sounds better to say sassy anyways so we'll say sassy what is secure service edge and what is sassy secure service edge is taking and let's just do it like the basic simplest way possible your firewall you get rid of so you get rid of your firewall that's at your premise and firewall you get rid of so you get rid of your firewall that's at your premise at your office and instead of the firewall being at the premise we'll use that term I hate now is in the cloud that weird thing that we all talk about and nobody really knows what it is SSC as a default is moving the firewall off your premise and put it in the cloud SSC also gives you a lot of additional acronyms that you can leverage and depending on the SSC platform or the bronze silver platinum diamond package that you buy you get different acronyms and some of these acronyms are things like data loss prevention DLP cloud access secure service broker CASB.
Speaker 1:If you're looking for CASB, then you could dig into whether it's CASB CASB lite. You can get into remote browser inspection. You talk about secure web gateway, SWG. Some people call it secure remote access or 0 trust network access, e t n a. You'll hear people refer to it as a, software defined perimeter and SDP.
Speaker 1:Right? Like, there's all these other acronyms that you get on top of the SSE system that kinda make up this platform. The other thing that's really awesome about SSE systems is when you go to it is you can now unify your we used to call it talk about it like terms of a perimeter. You had an office. The office had a firewall.
Speaker 1:All of your employees were in the office. Now your employees aren't all in the office or in other places you have other offices you have remote you have work from home you have Starbucks you know whatever it is right not say anything new that you haven't heard about or you don't already know hopefully when that happens your perimeter changes and you no longer have a physical location with a physical firewall in it right so the advantage you get with SSE is now you have a common unified platform that everybody is behind regardless of how they're connected to it or where they actually are now good SSE good SSE platforms have geographic diversity to them bad platforms providers gone out and just bought like a giant firewall instead of you buying a firewall put it in your office they buy giant firewall put in their own data center and they pin all your traffic to it now if all your users are in the same location it's great. When your CFO goes on vacation in Ibiza and your office is in Los Angeles, it's gonna be terrible because they're gonna tunnel all the traffic back from Ibiza back to Los Angeles.
Speaker 1:I hope your CFO is traveling to be all the time. So what the SSC platform then does is it allows your remote users connect to the gateway, the pop, the resource that's closest to them and get a better experience. And the way the SSE works on mobile devices is it's just a it's an agent. Looks like a VPN because what it that's what it is. You know, it's a VPN running on the cell phone or on the laptop, that on the tablet that connects back the missing component with SSE and why there became s a s e is merging the security infrastructure with the network access piece specifically SD WAN my big complaint and hopefully by the time you're watching this cloud flare addresses it with the SSC is they don't have the a they don't have the SD WAN so you have to go out and you have to figure out what SD WAN that you want to do when you want to run and then you have to understand how you integrate and connect that SD WAN platform with the Cloudflare system By the way, this isn't specific to Cloudflare.
Speaker 1:Zscaler, same issue, right? You know, if you run Zscaler, you start to connect your offices to it somehow less issue for remote users that are independent. They're just out in the wild and a coffee shop or at the coffee shop or at the airport because they don't have redundant connections but when you talk about your physical locations in your offices this is when the a and the sassy becomes really important versus going to an actual sassy platform where you get everything in one location now I don't know about you but I like having some things with single unified vendors. We should put this meme in here with this Spider Man's pointing at each other like whose problem it is. Right?
Speaker 1:Have you ever had this issue before? Of course, you've had this issue before. So now you're gonna have you your SSC vendor and your SD WAN vendor and you're gonna have to figure out, like, what's not working why is it not working how do you fix it who's responsible for what's actually going on you have 3 people pointing at each other okay wonderful what happens sucks so I would advocate and tell you that if you do not already have an SD WAN you already haven't already invested in SD WAN infrastructure instead of going out and trying to figure out an SSC infrastructure plus an SD WAN infrastructure, why don't you just go out and just get the whole thing unified together and get a Sassy platform? And what do you get out of Sassy platform? Well, that provider provide gives you the SD WAN appliance that gets installed in your physical locations to then connect back to their SSC infrastructure to give everything else on top of it.
Speaker 1:Right? Like, it's just a unified single experience for you. Now let's go back and talk about one of my favorite topics, which is firewall suck. If you're buying firewall, stop buying firewalls for the love of all things good and holy in the universe stop doing it you know you get into a conversation and they immediately talk about like oh we can do UTM unify you know we can do deep packet inspection we can do this we can do that who cares you're not turning it on anyways because when you do, the box dies, you know, unless you're buying, like, the largest firewall known to mankind that's, like, 50 times larger than what your circuit speed is. Like, you're not turning on UTM and DPI and using it for anything, like, like, actually doing anything with it.
Speaker 1:You know, you wanna have fun? Okay. 1st question for IT people. Are you running UTM and DPI? Is it emailing you?
Speaker 1:Have you filter those emails to a folder that you've never looked at again? Or did you disable it? Or, you know, if you're managing it, you're not technical and you're managing, you have ITT people on them, and you think that you're running UTM or or DPI or IDS or IPS,
Speaker 2:ask them to see the
Speaker 1:folder where they're filtering all the stuff, which they look at occasionally from time to time. Like, you don't get real time alerts with this stuff. I mean, you know, the whole point with, like, half the MDR services in the market is just doing event correlation and, like, noise reduction. Right? You're gonna get, like, 4,000,000 events a month.
Speaker 1:Like, what are the 3 that actually matter for you? That's just not just, like, just noise. There's a lot of these systems that get really noisy. So, yeah, you know, it's great that all these firewall manufacturers will tell you how amazing their UTM and DPI platforms are that you're never gonna use. You're just gonna turn it off.
Speaker 1:So you're spending a fortune to get it, and then you don't use it firewalls 99% of the time are just fancy NAT boxes and by the way it's not really NAT it's really port just translation we can get really nerdy right now but it's just there to like connect you to the Internet you're not hosting email in your office anymore your emails in the office 365 your emails and and Google Workspace. You know? Why do you need a firewall doing that, you know, to host internal resources externally? Oh, you need a VPN so people can connect to it. Like, no, you don't.
Speaker 1:Like, you probably don't. 95%, 99%, a 100% of your system at this point is in some sort of SaaS hosted platform where you need a CASB to maintain access to that platform. Right? You need somebody that can do DLP. By the way, let's talk about this from scale.
Speaker 1:Like, how many firewalls do you have? Well, you have to have redundant firewalls. How many offices do you have? Maybe you're small. Maybe you only have 10 offices.
Speaker 1:Right? So you've got 20 firewalls. Now you get a software update that comes out, a firmware update. How long does it gonna take your engineers to update 20 firewalls in 10 different locations without having any downtime remotely? You know?
Speaker 1:Like, yeah. It takes a few weekends. You know? This isn't just something that happens, like, instantaneously overnight. Let's say you're a retailer and you've got I don't know 500 storefronts right 1,000 storefronts 2,000 storefronts right what do you have in the storefronts you have a lot of equipment you know you don't have redundant firewalls per se maybe you have just a single firewall single switch some access points whatever those things are and now you need to update it how are you going to update a thousand devices in a efficient quick timeline critical severity 0 patch your box tonight or it will be compromised issue you know it takes you weeks to do it I don't care if you have a web interface with a cloud management platform on top of your infrastructure and you can just point and click and say update somebody still has to drive that process make sure it worked and it didn't fail and if it did fail get somebody in the location before you need to open the location to conduct business right like this isn't an instantaneous thing what do you get with a good SSC or Sassy platform you don't have to do that anymore somebody else is responsible for it and that company is responsible is doing it real time like instantaneously oh we just saw this fill in the blank log for j we just saw this log for j attack like happen like it's weird it's come up on our logs we don't know what it is but guess what we can filter it now instantaneously across everything right time to response goes to 0.
Speaker 1:Amount of IT infrastructure and staffing that you have dedicated to do nonsensical tasks like patching and maintaining your firewalls go down. I'm not saying this isn't like a staffing reduction play. This is like your IT people are already so busy just trying to tread water, keeping your applications and users connected and running that like oh by the way you need to pat now patch a 1,000 firewalls
Speaker 2:it doesn't exist they don't have time to do this
Speaker 1:stuff they're already overworked take stuff off their plate make their lives better you know and oh by the way make your infrastructure and your business and everything else better as well improve your security give your users a better experience Improve your application performance. Layer on additional functionality. You know, firewall is not gonna give you RBI. You're not gonna get remote browser inspection off of firewall in your office. If you're on SSC or Sassy platform, now you're gonna get RBI.
Speaker 1:Why is that important? Well, how does ransomware happen? You should be, like, yelling at your screen right now. We ransomware happens because somebody clicks on a link that did something bad. Like, fundamentally, most of the time, you're not talking about, like, some worm that's infected your network.
Speaker 1:You're talking about somebody that has clicked on a payload in the email or has clicked a link on a website and they're tricked, you know, like, that's what happens. They got tricked and they click the link and the link did something really bad. Now, hopefully, you've got an EDR system that can see this payload running and doing bad things then help you get unwind it right like all of a sudden if a hard drive is being encrypted in every file and the hard drive is being touched like your EDR should be screaming at you and you should be doing something about it right but something is happening you're clicking that link and something is taking place well if you have an RBI as part of your secure web gateway running on top of your SSC or sassy platform it can take and explode that payload and see what the heck it's doing before it lets it run on your device that you're pry trying to protect right like what's more secure? Clicking every link and running the payload or just, like, letting stuff happen? You know, your firewall isn't giving you a secure web gateway, and it's giving you a NAT device to the Internet.
Speaker 1:Now it's gonna try to tell you we do unified threat, you know, management and detection, and we do deep packet inspection. Oh, yeah. Whatever. Like, what what does DPI really do? DPI is, like, trying to say, like, oh, somebody's trying to mask, you know, like, we have a rule that says allow, you know, 80 and 443 into our web server and, you know, somebody trying to abuse that and then do something laterally.
Speaker 1:Right? What's a secure web gateway, you know, getting you? And especially if you have RBI, it's like oh this URL is bad like we know bad things are happening with this URL this domain was just registered yesterday I mean there's a bunch of heuristics that go into it threat intelligence fees go into it you know you get all these other things that happen with it that can say this is bad we're not gonna let you go there right or this is we don't know about it so we're gonna test it first before we let you go there what would you rather have you know like yes of course don't spend the money on a firewall don't spend tens of 100 of 1,000 of dollars in firewalls and support packages and all these things I mean this this technology has been obsoleted 10 years ago like you're investing in something that the OEM is manufacturing these things and they're good companies I'm not saying that they're not good companies but they've got an innovator's dilemma right now like look at their roadmaps they are trying to figure out how to move you as a customer into their SSC or their sassy platform that they've been now acquiring and hobbling together because they didn't have it together at the same time without cannibalizing their revenue over here and they have to do both the same time otherwise they crush their market cap where is their alignment with you in terms of actually looking out for your best cap.
Speaker 1:Where is their alignment with you in terms of actually looking out for your best interest? Well, their best interest for you is, like, keeping you on firewall renewals and spending money here and then spending additional new money over here because they've got this other platform that then integrates with this platform that then does these other things that get off the merry-go-round just get off of it if you got the ability if you're greenfielding a new platform or if your firewalls are coming up for renewal or if you got new locations coming in just get off listen I've been doing this since 1997 I'm telling you like there is a better way there is a better way you can do it a better way and you can get better service you get better functionality you can get better lifestyle out of it like it is better like the grass is greener just go jump over the fence and roll around in it and enjoy it anyways. I'm Max Clark. I hope this helps. If you have any questions send me an email comment below.
Speaker 1:I'd love to hear your stories on firewall renewals and SSE and and sassy infrastructure deployments. I'm a nerd. I love it. Anyways, comment below. Hope this helps.
Speaker 1:Have a great day.
