Chasm exists between ‘true’ and portfolio SASE approaches

In what it says underscores the importance of assessing platform capabilities when considering secure access service edge (SASE) research, Cato Networks has found little difference between respondents without SASE and those who adopted SASE product portfolios when assessing how to address key IT challenges in the current business environment.

The sixth annual Security or performance: How do you prioritize? IT survey took the opinions of 2,045 IT leaders and nearly 1,000 channel partners, providing insight into the trade-offs enterprises must make when choosing between network performance and security robustness. Cato stressed that none of the respondents and only a handful of the channel partners currently worked with the company.

One of the key top-line findings was that despite SASE being touted as the solution for security and network performance, respondent scores differed little between those who have and have not deployed SASE. For example, when asked how they react to performance issues with cloud applications, 67% of SASE users and 61% of non-SASE users claimed they would add bandwidth, while 19% of SASE users and 21% of non-SASE users would purchase WAN optimisation appliances.

All respondents indicated improving remote access performance as a major priority. This, said Cato, made perfect sense in the new work-from-everywhere reality, and this is one of the most straightforward use cases of SASE. Yet even here, SASE and non-SASE users experienced the same problems.

Namely, 24% of SASE users and 27% of non-SASE users complained about poor voice or video quality. Slow application response received the same 50% from both SASE and non-SASE users. Results were similar for network security. Respondents were asked to rate the level of confidence in their ability to detect and respond to malware and cyber attacks. On a scale of 1-10, despite SASE being touted as the future of network security, the average answer for SASE users was 4, with non-SASE users just behind at 3.

This led Cato to ask why SASE was seen as a transformational networking and security platform if the respondents saw little difference between legacy and SASE architectures. The company said the answer is related to the type of SASE architecture. It noted respondents’ SASE solutions involved multiple products and components lightly integrated together into a SASE portfolio.

While such an approach may bring some improvements over legacy architectures, Cato stressed those benefits paled in comparison with what’s achievable with a full SASE platform.

In Cato’s eyes, a “true” SASE architecture describes a global cloud service converging security and networking together, that is a single platform for all essential security services tightly coupled with intelligent SD-WAN overlay. From one console, enterprises can configure and manage all of their security and networking infrastructure. It’s this vision, it added, that carries the full benefit of SASE.

“SASE’s benefits come from a rethinking of security and networking architectures by converging them into the cloud – if you continue using SASE portfolios made up from legacy point-solutions and appliance architectures, you can’t expect to realise SASE’s benefits,” said Eyal Webber-Zvik, vice-president of product marketing at Cato Networks, in a call to action regarding the survey results.

“Differentiating between these approaches is key to the efficiency of the suite, and vendor marketing will always say they are a platform,” he said. “As you evaluate products, you must look at how integrated the consoles are for the management and monitoring of the consolidated platform.

“Also, assess how security elements (such as data definitions, malware engines) and more can be reused without being redefined, or can apply across multiple areas seamlessly. Multiple consoles and multiple definitions are warnings that this is a portfolio approach that should be carefully evaluated.”