Secure Access Service Edge (SASE) has emerged as a leading architecture for cloud deployments. Its primary function is to provide comprehensive cloud-based secure access while maintaining seamless access to data and applications for users of cloud computing services.
This article compares SASE with a traditional network architecture and then looks at how artificial intelligence (AI) and machine learning (ML) are being used to take SASE security to the next level of performance.
In a traditional networking architecture, private multiprotocol label switching (MPLS) services provide a secure connection to the centralized corporate data center for dispersed users. Maintaining security while scaling MPLS to larger groups of remote workers can quickly become complex, leading to inefficiencies.
SASE replaces the MPLS services with an architecture specifically optimized for the new cloud environment. It provides secure access regardless of the location of the user or the type of device used to access cloud resources without relying on MPLS services (Figure 1).
SASE components
SASE is built around a software-defined wide area network (SD-WAN). SD-WANs operate differently than the traditional MPLS approach. For example, MPLS handles network connectivity failures with backup links while SD-WAN uses real-time traffic steering to correct for errors. The use of real-time traffic steering and other dynamic features of SASE requires the deployment of new technologies to ensure security.
It starts with zero-trust network access (ZTNA), which is based on continuous verification and inspection of traffic to protect sensitive data and applications. The secure web gateway (SWG) supports URL filtering, SSL decryption, and threat detection and prevention. Firewall as a service (FWaaS) adds Layer 7 (application layer) inspection, access control, and another layer of security services, including more threat detection and prevention.
Finally, a cloud-access security broker (CASB) manages software as a service (SaaS) applications and implements malware and threat detection. CASB also enables data loss prevention (DLP) cybersecurity that detects and prevents data breaches and supports internal security and regulatory compliance (Figure 2).
Where do AI and ML fit in?
AI is used in SASE to improve SWG, SD-WAN, CASB, FWaaS, and ZTNA for enhanced security and networking. AI and ML algorithms can quickly analyze large data sets and detect threats and potential security breaches. ML’s ability to learn and adapt means it can continuously improve security performance. AI can be used to analyze network activities in real-time to identify previously unknown threats or highly evasive behavior and prevent cyberattacks.
In the case of ZTNA, AI is used to continuously analyze user and network activity. If a user accesses sensitive data they have not accessed before, that can be immediately flagged as a possible security concern and the level of authentication can be increased accordingly. By immediately addressing changes in behavior, the risk of cyber-attacks and insider threats leading to malware or data breaches is greatly reduced.
ML analyzes email sources and content, webpage source code, text, images, and URL structure to detect potential threats. This can be particularly useful for detecting well-hidden phishing threats like phishing kits that generate malicious web pages. Users can be prevented from accessing those pages before any harm has been done. ML can also be used for URL filtering to detect and stop SaaS phishing threats.
In addition to threat detection, AI and ML are used to implement proactive threat prevention. Using pattern recognition, large language models (LLMs), and continuous learning, AI and ML can predict potential threats and speed security preparations even before new threats appear.
SASE solutions using AI and ML provide robust support for zero-trust networking. Two key benefits of AI-powered SASE include:
- Support for secure access from any place using any device. Using AI and ML tools, SASE can implement zero trust dynamic access controls based on its ability to identify and continuously authenticate all devices, even those on third-party networks, including IoT devices and BYOD.
- Monitor and analyze network activities, web page content, and SaaS activities in real-time using AI LLMs, continuous learning, and other tools to anticipate and prevent cyber threats.
Summary
Zero-trust SASE is an important tool set for securing cloud networking environments. AI and ML can enhance the basic SASE components of SWG, SD-WAN, CASB, FWaaS, and ZTNA. AI-enabled SASE supports secure access using any device at any location and provides continuous and proactive network traffic monitoring to prevent cyberattacks before they can cause problems.
References
Enhancing Security and Asset Management with AI/ML in Cato Networks’ SASE, Cato Networks
Four steps to edge-to-cloud Zero Trust with AI-powered single-vendor SASE, HPE Aruba Networking
Leveraging SASE and AI for Enhanced Network Security, Redvine Networks
The New Convergence: Artificial Intelligence (AI) Powered Secure Access Service Edge (SASE) And Why It Matters, Elnion
What Is AI-Powered SASE?, Palo Alto Networks
What is SASE?, Hewlett Packard Enterprise Development
