TECHunplugged analyst Max Mortillaro recently had the opportunity to travel to San Jose, California for Security Field Day 11. One of the presenting companies, Aryaka Networks, focuses on Unified SASE as a Service.
What is SASE
SASE stands for Secure Access Service edge and is, according to multiple vendors in that space, a cloud-native architecture that builds upon SD-WAN and enhances it with a host of security capabilities.
Although SASE has been around for a while, Aryaka has identified several needs that, in their opinion, organizations are looking for when it comes to implementing a modern, performant, and scalable SASE solution:
- Integrated networking and security
- Reliable, performant network
- Future proof for intelligence
- Operational simplicity
Aryaka: delivering Unified SASE as a Service
Aryaka offers secure global connectivity with end-to-end low latency and cloud-delivered services across 100+ countries, making the solution suitable for organizations with a global footprint.
Figure 1 – A view of Aryaka’s solution components – Source: Aryaka Networks
The solution, based on Aryaka’s OnePASS architecture, includes SASE capabilities such as NGFW (Next Generation Firewall), SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), as well as Data Protection and Threat Protection.
OnePASS offers an elegant approach to SASE by providing a unified set of services across both data and control planes. Management activities are performed through a modern, cloud-based management interface that allows customers to seamlessly configure services and policies.
Configuration options are granular, allowing organizations to apply policies specifically to a single site or a collection or sites. Furthermore, application-level policies can be created to ensure application-related rules are consistently applied across the board.
Figure 2 – Aryaka’s OnePass Architecture – Source: Aryaka Networks
Another key differentiator of Aryaka Networks is its ability to deliver those capabilities through the company’s own Zero Trust WAN, a proprietary WAN backbone through hardware that sits in co-located data centers, with both network redundancy and hardware high availability.
Figure 3 – A view of Aryaka’s Zero Trust WAN, depicting the global network backbone provided to Aryaka’s customers – Source: Aryaka Networks
Providing a Performant Data Plane by Design
Aryaka Networks explained the characteristics that set their data plane aside from the competition, when looking at it from a performance perspective.
According to them, these capabilities, baked in the design of the solution, allow them to provide a consistently performant data plane at scale:
- Distributed Policy Enforcement
- Run-to-Completion Model
- Multi-Tenancy at scale
- Multi-threaded scale out
The slide below expands and deep dives on each of the bullet points above:
Figure 4 – Architectural enablers for Aryaka OnePASS performance capabilities – Source: Aryaka Networks
Finally, worth mentioning, Araya Networks Unified SASE as a Service also includes security and observability features.
TECHunplugged’s Opinion
TECHunplugged was exposed to SASE solutions a few years ago and appreciated the capabilities brought to the table. Augmenting SD-WAN with security features and allowing policy-based management across multiple technologies was a big game changer.
The approach proposed by Aryaka Networks is laudable: delivering unified SASE capabilities as a service across both data and control planes will drastically simplify the life of networking and security teams within organizations, allowing them to focus on the actual work, i.e. defining end-to-end traffic & security policies across their entire environments in a consistent way.
Furthermore, the company’s approach to provide its own WAN backbone with its Zero Trust WAN effectively allows Aryaka Networks to be in control of availability and performance characteristics of their offering. Customers benefit from consistent performance and low latency, while Aryaka Networks can be in better control when it comes to SLA adherence.
Additional Resources
Check out Tech Field Day website for Security Field Day 11 presentations and videos.
Also, check out TECHunplugged’s review of Aryaka’s presentation at Security Field Day 11:
Disclosure: Max Mortillaro was invited to Security Field Day 11 by Tech Field Day, a Futurum Group company, and had his travel and accommodation expenses covered. TECHunplugged was not compensated by Tech Field Day or any presenting companies and has no obligation to create content.