News

[Communications] - SASE: What is it? How can you test its performance?

May 26, 2023

We are presently witnessing a dramatic transformation of enterprise networking and its associated security environment. This sea change is being driven by major and ongoing ‘cloudification’ of business and workplace activities. Businesses are moving from on-premise solutions to hybrid and public cloud solutions, and managed networks. Adding to this complexity is the growing use of IoT devices, increased personnel mobility, and the Covid-generated boost to remote working.

From a security perspective, traditional enterprise premise-oriented network defense perimeters are weakening and disappearing. However, with a huge increase in endpoints connecting to private, public and edge-cloud infrastructure, there is now the requirement to provide end-to-end network security and identify new vulnerabilities. In response, a new expanded security framework is evolving. Identified by Gartner as the Secure Access Services Edge (SASE), this new model sees networking and security move out of the data center and into the cloud. SASE is less a new principle and more the translation, augmentation and unification of existing networking and cloud technologies into a single cloud-delivered platform.

What is Secure Access Services Edge?

SASE represents the amalgamation of cloud and network security, effectively a software bridge between private networks and the public cloud, moving security processes out of the data center and into the cloud. SASE is designed to extend enhanced security capabilities out from data centers to the network edge, enterprise networks and into the user access domain.

Secure Access Services Edge incorporates a full repertoire of Wide Area Network (WAN) and network security functions and services, including:

Secure Web Gateway (SGW) – sits between users and the Internet and blocks any malicious software it detects

Firewall-as-a-Service – Next-Generation Firewall (NGFW) systems consolidate traditional firewall abilities like dynamic packet filtering, stateful inspections, Network address translation (NAT), and VPN support

Zero Trust Network Access – ensures users only have access to the network resources they need to accomplish their task

Cloud Access Security Broker (CASB) – provides a security policy enforcement framework that FWaaS services comprise

Sandbox – creates an isolated environment where suspicious files and malware can be observed without risk

Data Loss Protection (DLP) – solutions that monitor traffic across the web, app or email and prevent the loss of sensitive data

Web/Remote Browser Isolation – defends against a variety of attacks that target web browsers, users can access potentially unsecured websites but they are rendered via a secure disposable container

The SASE endgame is the enabling of secure, seamless, end-to-end access to multiple cloud data and application repositories by authorized and verified users, anywhere, with any wired or wireless device.

What are the challenges of deploying SASE?

While many employees have been working remotely via VPNs for several years and are now looking to move towards signaling gateways (SGW) and zero trust models as part of a SASE architecture, some similar challenges remain, including:

  • The capacity of VPN links between SASE and private applications
  • High web app traffic for SASE solution to process and validate with zero trust policy
  • Potential performance variation under varying load conditions
  • The number of connections
  • Ensuring redundancy is in place and functioning properly in the case of failures or downtime
  • Working around distributed multi-cloud platforms
  • Cyber-attacks potentially comprising performance while data is being scrubbed

With many network control functions previously performed by traditional servers, routers and firewalls now moving to SASE, effective, objective and certified performance benchmarking becomes ever more critical. To account for different scenarios and mitigate risk, SASE models must be thoroughly tested.  Testing with real traffic, at scale, across different cloud environments, and against various malware and equipment failures.

How can you test SASE?

To thoroughly test a SASE architecture requires a virtualized test tool that can function across multiple platforms in a multi-cloud distributed environment. These test tools, like the VIAVI TeraVM, are containerized, can dynamically scale, support real traffic and can inject malware to assess the functionality of security protocols. Metrics that need to be measured as part of these tests are:

  • Concurrent Authenticated Web connections
  • Throughput
  • Latency
  • MoS score
  • QoE

Performance and scalability are two very important tests with MoS scores for voice and video, providing a measurable performance metric. However, in addition to quantifiable metrics, it’s important to assess the effect of the new SASE model on day-to-day employee activity, for example:

Will zero trust slow down access to services?
Will sandboxing affect application performance?
How many connections can be added without degrading performance?

How can VIAVI help test SASE models?

TeraVM, The VIAVI emulation and security solution is a completely software-based, virtualized and containerized NGFW and network validation tool that runs in labs, data centers and servers (in the cloud or on-premise).

TeraVM can help identify where vulnerabilities lie across networks (fixed and wireless) and cloud infrastructures. It can emulate a huge range of potential security breaches, from viruses, spyware and malware, to weak BYOD policies and impersonation. TeraVM can deliver reliable and repeatable results.

Additionally, TeraVM components can be deployed in a distributed and hybrid network with central control. Businesses need to future-proof their network infrastructure, and by converging their networks, cloud and security solutions with SASE, they address the opportunities of today and tomorrow. The VIAVI TeraVM can play a crucial role in SASE and network, cloud and security testing.

In Vietnam, COMIT is VIAVI’s Platinum partner (the most senior partner), specializing in providing telecommunications test solutions for leading carriers such as Viettel, VNPT, Mobifone... With a team of experts with more than 20 years of experience, constantly updating the latest technologies and trends such as using AI in the digital transformation process, COMIT helps solve complex problems of customers, helps customers improve the quality of experience and meet the increasing requirements of users.

About COMIT Corporation:

Since its establishment, COMIT has gradually become a leading regional provider with services and solutions including Test & Measurement, RAN Planning & Optimization, BSS/OSS support systems in Communications. With more than 250 enthusiastic and creative employees, inspired by an experienced management team and subsidiaries in 03 countries (Vietnam, Myanmar, Philippines), COMIT is providing the most suitable services and solutions to clients around the globe, from Southeast Asia to Africa.

Continuing its mission of providing innovative solutions to customers across industries, COMIT expands the portfolio of solutions into new areas, such as Customer Value Management, Digital Experience & Management with applications of Big Data/AI, Video Security & Surveillance with AI... With a professional business model and a customer-centric culture, COMIT commits to increasing the value for our customers, shareholders and offer promising opportunities to our employees.