Hybrid Work remains prevalent within organizations. Coupled with enterprises moving more of their resources to Public Cloud infrastructure than ever before, the need for a seamless, converged approach to cybersecurity is more pertinent than ever.

Yet there are so many frameworks and methodologies in the Cybersecurity industry today that it can be difficult to determine which methodology would be the best fit for your organization’s unique requirements.

By now, you’ve certainly heard of Security Services Edge, or SSE. If learning another security acronym makes your head spin, read on as we unpack one of Cybersecurity’s newest methodologies.

What is Security Services Edge?

Gartner defines Security Services Edge (SSE) as an architectural framework that fuses network security and wide-area network capabilities into a holistic, cloud-based solution.

The SSE framework centers around shifting network security closer to the user and application edge, thus providing a flexible, scalable approach to network security and connectivity, which allows the customer to streamline their infrastructure and reduce complexity.

This Sounds Familiar...

The concept of SSE sounds similar to the concept of the Secure Access Services Edge (SASE) framework. Secure Services Edge is, in fact, a subset of SASE.

The major difference between SASE and SSE is the omittance of SD-WAN in the SSE framework, while still maintaining the CASB, FWaaS, SWG and Zero Trust Network Architecture concepts. SASE converges formerly siloed security functions into one cloud-delivered platform, while also integrating SD-WAN networking capabilities. The promise of a SASE architecture is joined networking and security functionality in an as-a-service model.

The SSE framework also includes Points-of-Presence (PoPs) - A location where multiple communication links come together to provide connectivity for users and customers to a larger network, typically the Internet. In the case of Secure Services Edge, these connections can be routed over the internet via ZTNA policies, versus utilizing an SD-WAN solution as is the case within the SASE framework.

Given this, Secure Services Edge can thus be viewed as the “security component” of SASE, or a subset of the entire SASE framework which focuses primarily on cloud-delivered security capabilities.

Tell me more about SSE!

The framework leverages cloud-based solutions to deliver security and networking capabilities, with a specific focus on implementing security directly at the network edge where traffic enters and exits the network.

The goal of SSE is to provide comprehensive security and networking services in a unified and efficient manner, while also allowing the ability to protect users, devices, and data through the fusing of networking and security functionalities.

This enables organizations to scale their services based on demand, as well as the ability to provide users secure access from anywhere. This is achieved by approaching access to resources with an Identity-centric approach by determining the user’s identity, while also incorporating contextual factors, such as device posture, before allowing access.

SSE incorporates a Zero Trust Methodology, which assumes that no user or device should be automatically trusted, regardless of their location within the network.

SSE also conceptually stems from Software-Defined Networking (SDN) principles, allowing organizations to dynamically adjust their network and security policies based on their dynamic needs.

Secure Services Edge providers typically have distributed networks of Global Points of Presence (PoPs) across the globe, helping to improve performance, as well as user experience by reducing latency.

SSE platforms also often include a range of integrated security services, such as firewall-as-a-service, secure web gateways, data loss prevention, threat detection, and more.

While the specific components and offerings might vary depending on the vendor or provider, some common security solutions typically in Secure Services Edge implementations:

• Network Firewalls and Intrusion Prevention Systems are often integrated to monitor and control traffic that is entering and leaving the network. These systems help prevent unauthorized access, detect, and block malicious activities, as well as protect against various types of cyber threats.

• Secure Web Gateways provide web content filtering, URL filtering, and malware scanning for web traffic, which help to enforce internet usage policies, prevent access to malicious websites, and protect users from web-based threats.

• Zero Trust Network Access (ZTNA): ZTNA solutions ensure that users and devices are granted access to resources based on strict authentication, authorization, and continuous monitoring, regardless of their location, allowing for a reduced attack surface and the ability to limit lateral movement within the network.

• DNS Security protects against domain-based threats, such as phishing attacks and domain hijacking, while blocking access to known malicious domains, as well as providing enhanced visibility into DNS traffic patterns for threat detection.

• Data Loss Prevention (DLP) solutions monitor and control data transfers to prevent the unauthorized exfiltration of sensitive information outside the organization.

• Network Visibility and Analytics provide insight into network traffic patterns and anomalies, helping to identify potential security threats and performance issues.

• Multi-Factor Authentication (MFA) to add an extra layer of security by requiring users to provide multiple forms of authentication before gaining access to resources.

• End-to-End Encryption of data in transit and at rest, which ensures that even if traffic is intercepted, it remains unreadable to unauthorized parties.

Cisco Secure Access

Cisco’s Secure Services Edge Solution, Cisco Secure Access, fuses multiple security functions into a holistic, cloud security solution to protect users and infrastructure from threats, allowing organizations to protect their users’ access to applications and resources regardless of where their access originates, while simultaneously offering a cohesive level of security, improved user experience and productivity, as well as ease of deployment and management.

Cisco SSE encompasses several solutions under its overarching framework, such as: • Zero Trust Network Access (ZTNA) • VPN as a service (VPNaaS) for non-ZTNA enabled apps • Cloud Access Security Broker (CASB) • Firewall as a Service (FWaaS)

Given the breadth of the Cisco portfolio and its inclusivity of multiple architectures, Cisco is able to offer a complete and seamless Secure Services Edge Platform.