With the advent of SASE, SD-WAN and security vendors have adopted a variety of postures and messages depending on their background and strategy in this market. One of the value propositions of moving toSASE是将现有网络和安全功能合并为一个供应商。这听起来像是一个有吸引力的价值主张,但是选择一个完整的堆栈解决方案,而不是最好的网络和安全解决方案,不可避免地会导致空白,并且可能不是解决数字时代的灵活性和安全挑战的最佳方法。
In this blog, we’ll describe four key reasons to choose best-of-breed network and security solutions over a single SASE solution, to help you better optimize and protect your network.
1.没有一个供应商可以为Wan Edge和安全服务组件提供最好的品种
Networking and security, while heavily interrelated, are two different and very complex domains of expertise. Security evolves rapidly to ensure protection against ever changing cybersecurity risks while wide area networking is more about providing fast, robust, and flexible connections over potentially long distances and across diverse transports.
While SASE providers are consolidating their offering, none of them can deliver the best-of-breed capabilities in both security and the WAN edge. Indeed, most SASE providers come from a security background including firewall, identity management or antivirus protection solutions. All of these vendors are in a race to fill the gap of missing functionality to address cloud-first challenges, but they still specialize in their own security domain, not SD-WAN.
Some security vendors have added basic SD-WAN capabilities into their firewall. But the real power of a SASE architecture is realized when combining advanced WAN edge functions with comprehensive security services delivered in the cloud; SD-WAN is in fact a foundational component of a complete SASE architecture. To make it easy for IT, an advanced SD-WAN solution can offer a native, automated integration to best of breed cloud security vendors. With this model, you combine the best-of-breed security solutions with a best-in-class SD-WAN. When it comes to wide area networking and security, you don’t want to compromise on quality of experience, flexibility, or security.
2. Don’t put all your eggs in one basket
在金融市场交易时,必须构成各种金融资产的投资组合以最大程度地降低风险。贸易商将风险分散到具有各种风险水平的资产中,因此他们不会在风险资产上失去一切,同时仅通过投注低风险资产来最大化其收益。
As mentioned earlier, relying on a single vendor that provides the full stack may actually be a risky bet, especially for security. Also, as security threats continuously evolve, it is critical to have the freedom of choice to adopt innovations from new security vendors that may have developed a better solution.
的灵活性与multipl轻松地部署e vendors, you can keep your bargaining power high, get competitive bids and force other vendors to reduce their prices. With a multi-vendor approach, vendors will always have an incentive to give you the best price and the best solutions.
3. Secure your hybrid cloud environments
SASE已针对云进行了优化,但是许多组织尚未将所有应用程序移至云。Most enterprises still have a corporate data center for legacy applications even if it’s just a small percentage – think of bank or insurance companies that still run in-house developed applications in COBOL – or because there are sectors that require confidentiality or are heavily regulated (e.g., military, government). With a multi-vendor strategy, organizations can move their applications to the cloud at their own pace and also better secure specific areas (on-premise, private cloud, hybrid cloud, etc.). This is why, it is essential to choose an advanced SD-WAN solution that can steer traffic intelligently to support granular QoS and security policies.
4.从外部用户和物联网设备中保护您的网络
SASE focuses more on protecting internal users that access internal or external resources, and less on external users or IOT devices. Network-connected IOT devices, such as video cameras, smart meter, point of sale terminals, and many more continue to explode in number, and they expose organizations to increasing threats. IOT devices usually include very basic security features and they cannot run ZTNA agents or VPN clients. Therefore, additional security capabilities are required beyond what is defined by SASE to secure them and their application traffic. The best way to protect your organization is to ensure that users or devices can only connect with destinations on the network that are consistent with their role in the business. Advanced network solutions with identity-based access control capabilities can unify policy enforcement across wired and wireless network and segment the network into multiple zones based on roles. For example, IT might define a security policy that creates a segment for IOT devices, a unique segment for critical app traffic, and another for guest users.
为了实现现代,云领先的访问服务边缘体系结构,Aruba EdgeConnect SD-Wan Edge平台提供了一流的SD-WAN功能,例如动态路径选择,自动故障转移,WAN优化,Internet Breakization,Internet Breakout在第一个数据包中以及一个基于国家区域的防火墙,用于微分段。此外,它还提供高级,自动编排和本地集成,以在几分钟内部署多个安全合作伙伴。Aruba EdgeConnect是一个强大的SASE体系结构的基础,可让您从现在和将来从杂货最佳的云服务提供商中进行选择。
HPE (Aruba and Silver Peak) named a Leader 4 years in a row in 2021 Gartner Magic Quadrant for WAN Edge Infrastructure—获取报告.
相关资源
