We’ve always believed SD-WAN was a transitional network approach, and with the arrival of the Secure Access Service Edge (SASE) this vision has been validated.
A term coined by Gartner, and an idea picking up a lot of steam this year, SASE combines elements of SD-WAN and network security into a single cloud-based service, going beyond the traditional notions of what we always knew was not the ultimate destination (SD-WAN patched things together, and threatened MPLS, but remains lacking).
While there is a broad range of opinions on SASE – is it hype or is it happening – we are high on the idea as it matches our reality better than any we’ve seen to date. SASE converges the WAN edge and network security into a cloud-based, as-a-service delivery model. According to Gartner, the convergence is driven by customer demands for simplicity, scalability, flexibility, speed and security, with all five harmonized and optimized.
According to Zeus Kerravala, the founder and principal analyst with ZK Research, “A SASE implementation requires a comprehensive technology portfolio that only a few vendors can currently deliver. The technology is still in its infancy, with less than 1% adoption. There are a handful of existing SD-WAN providers, including Cato Networks, Juniper, Fortinet and Versa, that are expected to compete in the emerging SASE market. There will be other SD-WAN vendors jumping on this wagon, and the industry is likely to see another wave of startups.”
While Dispersive is not a start-up (we have been delivering the highest level of military grade Internet overlay ultra-secure and performant networking technologies for several years), and while we are not your typical SD-WAN provider, we believe we are the “purest play” in the SASE category compared to all other companies who are transitioning from SD-WAN to SASE. We’re already there.
Gartner predicts that the adoption of SASE will take place over the next five to 10 years, rendering existing network and security models obsolete, but we’re already seeing traction with our already tuned technology. We’re digital-native, cloud-native and built security into the network from day one, guided by seemingly impossible requirements from some of the most demanding government, utility and enterprise clients in the world for whom trades offs between security and performance are unacceptable.
SASE supports all types of devices and edges, and ultimately eliminates the need to connect a branch office to a central office. Instead, Dispersive’s approach connects individual users and devices to a centralized cloud-based service, ultimately “decentralizing” the network, while keeping any device using any network protocol connected to computing systems, whether the compute is happening at the edge, in an edge data center, or in a larger cloud (where certain data can be analyzed and the requirement for ultra-low-latency is not as critical).
Gartner gets it when they explain the rationale for SASE and the benefits of separating while orchestrating endpoint functions (routing for example) and cloud services, with an open stack (not requiring purpose-built hardware), policy-driven commonality that looks at any location, device, user in simplified manner, with a “single pane of glass” interface for administrators.
In short, SASE systems are simpler, less expensive, more secure, easier to manage, and more scalable than any IP network historically; in a single world, SASE is AGILE.
Here’s why Dispersive’s Virtual Networking (DVN) is the most evolved SASE to date.
Each deployment is composed of three fundamental components: end point clients/gateways, strategically placed deflects, and controllers.
Data streams are split at the authenticated source and re-addressed with a DVN header to force traffic to follow different network paths based on instructions from the DVN Controller across one or more physical circuits.
The underlying IP networks deliver these packets to DVN software nodes known as data Deflects. Placement of these deflects influences the actual physical paths traversed.
New paths can be established/rolled during the transmission enhancing performance by avoiding link failures and bypassing congested pathways.
The data Deflects receive the packets and re-address them for the final destination.
The authenticated destination reassembles the split packet streams and strips out the DVN header information before passing the original packet to the receiving application. Missing packets are re-requested to ensure guaranteed packet delivery.
Here’s why it matters:
Data gets from Point A to Point B faster. All traffic is divided into separate, independent packet streams that are each sent simultaneously across different micro-segmented, individually encrypted paths across the internet from authenticated sources to destinations. If congestion or an attack anomaly is encountered the encrypted data packet rolls to a new unimpeded path to optimize your connectivity.
Data is more secure. The DVN distributes traffic across dynamically changing pathways to avoid DoS, DDoS, and Man-in-the-middle attacks. Deflects are programmable to reflect the level of security and agility each client needs. Our software acts as a waypoint and relays traffic between clients or edge endpoints along the independent pathways in the DVN and deflects can authenticate user data but cannot decrypt payload.
As an industry, we are on the “Edge of Greatness” in 2020 and prepared to change how networking works for good in this third decade of the 21st Century.