Cisco SASE and Cisco SD-WAN

SASE Secure Access Service Edge

This blog is shared courtesy of an article I wrote for

Cisco is, arguably, the most familiar name in networking. As a result, most enterprises likely have Cisco Secure Access Service Edge on their shortlist of SASE options. While Cisco’s SASE looks great in a presentation, network teams need to dig deeper to see just how many appliances and components are needed to form a SASE architecture.

As part of an ongoing series that explores SASE offerings, this article takes a closer look at how Cisco’s SASE platform compares with other vendors.

SASE recap

Ideally, SASE offerings are cloud services that securely connect enterprise users everywhere with enterprise resources anywhere. They’re meant to be as simple and cost-effective to deploy and maintain as any cloud service, a sharp contrast from the headaches of appliance-based, legacy network architectures.

SASE architectures converge networking and security. SASE services use the following components for connectivity:

  • software-defined WAN (SD-WAN) devices to connect sites;
  • mobile clients, or clientless access, to connect remote users; and
  • shared gateways or points of presence to connect cloud resources.

All these components should connect via a global private backbone for optimum worldwide performance. They should also be protected by a security suite built into the SASE fabric that includes a next-generation firewall (NGFW), secure web gateway (SWG) and intrusion prevention system (IPS).

Most SASE vendors, however, are not currently delivering cloud-native SASE. It’s a strategy or roadmap, not a product.

The genius of SASE isn’t about new features. Most, if not all, features in a SASE platform already exist in some form in the market. The genius of SASE is the packaging of those features into a single, global cloud service. Switching from appliances and discrete services to a SASE cloud is as revolutionary and beneficial as the shift from servers to cloud computing.

Components of Cisco SASE

Cisco makes it clear that SASE isn’t a product, but an architecture. In this case, the SASE architecture is offered under the branded name Cisco Umbrella, which follows the Gartner-defined services of SASE:

  • SD-WAN
  • cloud access security broker (CASB)
  • SWG
  • cloud-delivered firewall
  • zero-trust network access (ZTNA)

The Cisco Umbrella architecture is built from already existing products developed through partnerships.

Continue reading all the details on

Share this post