From the Office of the CTO:
Use SASE to simplify your security tools
Dan Shelton, Head of Transformation Strategy/Field CTO - AMS, Zscaler
Castle-and-moat security architectures include stacks of security devices such as IDS, IPS, firewalls, DLP, and SSL inspection, among others. These security tools examine outbound and inbound traffic for threats and malicious activity, and each one produces its own reports, logs, and data.
The challenge for IT is to parse, and then make sense from the deluge of data. Troubleshooting requires finding a needle in a haystack. Correction: in multiple haystacks. Often, determining causality requires detecting, then analyzing correlation across multiple systems, a manual task made all the more difficult when IT must integrate reports from each individual security device. In each individual stack. In each individual branch office.
The data deluge only grows larger and the management challenge more daunting as enterprises move to cloud applications (which generate more data traffic). Depending on the number and location of deployments, it’s easy to get overwhelmed with multiple data sets.
Malicious actors count on this. They hide malware in an avalanche of data. Some cyberthreats are “multi-part,” and detonate only after seemingly innocent components regroup into a malicious whole on a client machine. More data plus more cyber tools plus and more cyber tool reports equal more cover for cyber threats.
Yes, to that second question. Regarding the first, enterprises need to move to a cloud-based,
Secure Access Service Edge (SASE) architecture that provides a centralized, global view of all user activity. SASE secures a user’s direct connection to an application regardless of where the user is located or where the application is hosted. IT can see all “what, where, and who” activity in real time. A SASE architecture provides:
|
A comprehensive picture of who is interacting with what application anywhere in the enterprise
|
|
A dynamic, comprehensive list of the hourly transactions, threats blocked, and policies enforced
|
|
The movement of any threats in corporate data traffic, with place of origin, attempted targets, and threat types
|