EBOOK

A Roadmap
to SASE
Navigating the challenges of network
security beyond the data center.
New network, new network
security challenges
Network security is no longer confined to the data center.
As security shifts to the cloud, the tried-and-true perimeter-
based model just can’t keep up. Today’s cybersecurity
professionals are contending with an entirely new type of
network and an entirely new set of security needs — now
more than ever, they need a new way to keep users, data, and
devices safe from threats.
In this ebook:
The State of IT Today
With all the different security solutions (and acronyms) out
there — DNS, SIG, SWG, CASB, FWaaS, SASE — it can be
tough to sort out which approach is best, as well as which The Future of Security
technologies you need to reduce complexity, improve speed
and agility, and ultimately secure your network.
SASE: A New Standard of Security

In this ebook, we’ll take a look at where the security landscape The First Step to a More Secure Network
is heading, identify the gaps in today’s security stack, and
highlight the steps you can take to keep your organization safe
Meet Cisco Umbrella
and secure, today and tomorrow.
THE STATE OF IT TODAY

The network is changing like

never before…
A growing remote and roaming workforce, the increasing adoption of direct internet
access at branch offices, and the widespread use of cloud-based apps and services
have expanded the edges of the network well beyond the data center. As a result,
traditional data center–oriented security solutions are no longer providing the
protection users need.

60% 50% 79%

of orgs expect majority of of workforce will be of orgs shifting to some or all
apps to be SaaS by 20211 roaming by 20211 direct internet access (DIA)1

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 2
THE STATE OF IT TODAY

…and security teams and tools

are falling behind.
Security operations and IT teams are trying to keep up with changing security
needs by using a combination of different point solutions, but this fragmented
approach to security only adds complexity — it can be tough to stay on top of a
deluge of alerts and potential threats coming from a variety of tools.

77% 79% 69%

of orgs use over 25 say it’s challenging to say 2 or 3 people are
disparate tools1 orchestrate alerts2 involved in an incident3

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 3
THE FUTURE OF SECURITY

The future of security:

consolidation, cloud,
63%
and convergence
of orgs use less than 10 security vendors,
suggesting that consolidation is a priority.4

Securing the modern network is a considerable challenge,

93%
requiring a great deal of time, energy, and resources that
overextended organizations don’t always have.

To fill in the gaps, today’s teams are increasingly

seeking an entirely new type of security solution — one
that consolidates and converges a variety of individual
components into one unified, cloud-delivered service. of orgs agree that moving security to the
cloud has increased efficiency, allowing
security to focus on other areas.4
By bringing previously disparate point solutions together,
a service like this can deliver robust, flexible security from

76%
one simple, easy-to-manage source. And, by delivering
this security from the cloud, this solution is easy to deploy
and can provide protection anywhere, on or off network.

of orgs are looking for multifunction cloud

security services.5

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 4
SASE: A NEW STANDARD OF SECURITY

A timeline of changing
security standards
As security converges in the cloud, we get closer to achieving
one simple goal: giving teams the ability to control and secure
users, apps, devices, and data — anywhere and everywhere.

Network and cloud security begin

Secure Internet Gateways emerge to converge to form Secure Access
Secure Web Gateways are the norm. as new security solution. Service Edge.

Going back as far as 2007, secure In 2017, Gartner introduced a new type As 2019 came to an end, Gartner
web gateways (SWG) were the gold of platform, the secure internet gateway defined a new type of security
standard, delivering URL filtering, (SIG). A single, cloud-based solution platform — an evolution of SIG called
advanced threat defense, and legacy with a greater set of capabilities than Secure Access Service Edge, or
malware protection to defend users SWG, SIG had the potential to replace SASE. Gartner predicts that SASE
from internet-based threats — and some (or all) on-premises security will become the new standard for
help organizations enforce web solutions — especially for orgs with security in the coming years, with at
security and policy compliance. distributed networks or stand-alone least 40% of enterprises adopting
SaaS offerings. explicit SASE strategies by 2024.6

2007 2017 2019

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 5
SASE: A NEW STANDARD OF SECURITY

So what exactly is SASE?

SASE (pronounced “sassy”) offers an alternative to traditional data center–
oriented security, with a new type of architecture that brings together
networking and security services in one unified solution designed to
deliver strong security from edge to edge — including the data center,
remote offices, roaming users, and beyond.

By consolidating a variety of powerful point solutions in one service that

can be deployed anywhere from the cloud, SASE can provide better
protection and faster performance, while reducing the cost and work it
takes to secure the network.

Digital business transformation

is moving security to the cloud,
Network Network Security driving a parallel need for
as a Service as a Service
converged services that help
reduce complexity, improve speed
and agility, and secure the new
network architecture of tomorrow.

Secure Access Service Edge

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 6
SASE: A NEW STANDARD OF SECURITY

The next evolution in cloud convergence

SASE combines networking and security point solutions into one unified, cloud-delivered service.

SASE
components

Firewall as a Service (FWaaS) with

Cloud Access Security Broker (CASB) Intrusion Prevention System (IPS) Zero Trust Network Access (ZTNA)
Software that detects and reports on cloud Software-based, cloud-deployed network A security framework that helps prevent
applications in use across your network, services designed to stop or mitigate unwanted unauthorized access, contain breaches,
exposing shadow IT and enabling the ability access to the internet. With a cloud firewall, and reduce the risk of an attacker’s lateral
to block risky SaaS apps and specific actions, you have visibility and control of internet traffic movement across the network. Duo, now
like posts and uploads. across all ports and protocols. You can log all part of Cisco, is a user-centric, zero-trust
activity and block unwanted traffic using IP, port, security platform that verifies users’ identities
and protocol rules. You can also block or allow and establishes device trust before granting
activity by application and by user. access to authorized applications.

Software-Defined Wide Area Network

DNS-Layer Security Secure Web Gateway (SWG) (SD-WAN)
Software that acts as a front line of defense A gateway that logs and inspects web traffic A virtual WAN that allows companies to use
against threats on the internet, blocking to provide full visibility, URL and application any combination of transport services —
malicious DNS requests before a connection controls, and protection against malware. including MPLS, LTE, and broadband — to
to an IP address is even established. Some gateways can also inspect web-hosted securely connect users to apps and locations.
files in real time and decrypt SSL (HTTPS)
traffic for advanced threat protection.

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 7
THE FIRST STEP TO A MORE SECURE NETWORK

The first step to a

more secure network DNS-layer security can:
Stronger network security doesn’t happen overnight, but getting
started on your journey doesn’t have to be complicated: Start
Reduce malware by 7

75%
simple by enforcing security at the DNS layer.

Because DNS requests precede IP connection, DNS resolvers

can stop threats before they reach your network or endpoints,
blocking requests to malicious or unwanted destinations over
any port or protocol. A critical component to keeping users
safe on the internet, DNS security provides a single view of all
internet activity across every location, while helping you prevent
threats at the earliest point of contact. Reduce remediation time by 8

Malware
C2 callbacks
Phishing
>50%
Protect users on and off network

100%
First line
NGFW

Netflow

Proxy

Sandbox Router/UTM

AV
AV AV AV AV

HQ

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 8
MEET CISCO UMBRELLA

Meet Cisco Umbrella.

Cisco Umbrella delivers the most secure, most reliable, and fastest internet
200B+
daily DNS requests
experience to more than 100 million users daily. By unifying multiple security (over all ports and protocols)
solutions into a single service, Umbrella helps businesses embrace direct
internet access, secure cloud applications, and extend protection to roaming
users and branch offices.

Most secure
Leveraging insights from Cisco Talos, one of the world’s largest commercial
30+
data centers across
threat intelligence teams, Umbrella uncovers and blocks a broad spectrum of
malicious domains, IPs, URLs, and files that are being used in attacks. Umbrella five continents
also feeds huge volumes of global internet activity into statistical and machine
learning models to identify new attacks being staged on the internet.

Most reliable
Umbrella has a highly resilient cloud infrastructure that boasts 100% uptime
since 2006. Using Anycast routing, any of our 30+ data centers across the globe
100M+
global daily active users
are available using the same single IP address. As a result, your requests are
transparently sent to the nearest, fastest data center and failover is automatic.

Fastest internet experience

Umbrella peers with more than 900 of the world’s top internet service providers
(ISPs), content delivery networks (CDNs), and SaaS (software as a service)
platforms to deliver the fastest route for any request — resulting in superior
900+
partnerships with
speed, effective security, and user satisfaction for your business. top ISPs and CDNs

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 9
MEET CISCO UMBRELLA

Simplify network security with

a single cloud security service.
Cisco is paving the way to delivering multiple security functions in the cloud, creating
a simple, scalable, flexible platform that can meet the unique needs of your business.

Interactive Threat Intelligence for Cloud-Delivered Firewall Cloud Access Security Broker
Improved Incident Response Log all activity and block unwanted traffic (CASB)
Uncover malicious domains, IPs, and URLs using IP, port, protocol, and app rules. As Detect and analyze cloud applications in
before they are used in attacks, and accelerate new tunnels are created, security policies use across your environment. Automatically
incident investigations. Use the Umbrella web can be applied automatically for easy setup generate reports on the app name, vendor,
console or APIs to get real-time access to and consistent enforcement throughout category, risk, and volume of activity for each
Umbrella’s robust threat intelligence. your environment. discovered app. Better manage cloud adoption,
reduce risk, and block specific behaviors in
applications (like uploading and posting).

DNS-Layer Security Secure Web Gateway Cisco SD-WAN Integration

Block requests to malicious and unwanted Log and inspect all web traffic for greater Easily deploy Umbrella across your network
domains and IPs before a connection is even transparency, control, and protection. IPsec and gain powerful, cloud-delivered security to
established — stopping threats before they tunnels, PAC files, and proxy chaining can protect branch users, connected devices, and
reach your network or endpoints. be used to forward traffic to Umbrella for full application usage from threats across all direct
visibility, URL- and application-level controls, internet access breakouts.
and advanced threat protection.

The State of IT Today | The Future of Security | SASE: A New Standard of Security | The First Step to a More Secure Network | Meet Cisco Umbrella 10
 The Cisco Umbrella advantage
The security landscape will only continue to evolve. As we continue to move
toward the vision of SASE, Cisco Umbrella is a major step in the right direction,
offering strong security functionality in a single, cloud-delivered solution.

Your roadmap to SASE starts with Cisco Umbrella:

• Broad, reliable security coverage across all ports and protocols See for yourself.
Attend an upcoming
• Protection on and off network
Cisco Umbrella
• Rapid deployment and flexible enforcement levels live demo.

• Immediate value and low total cost of ownership

Register now
• Single dashboard for efficient management

Sources:
1. ESG Research Survey, Cisco Secure Internet Gateway Survey, January 2019 4. 2019 CISO Benchmark Study Cisco Cybersecurity Series 7. TechValidate survey of 180 users of Cisco Umbrella
2. 2019 Cisco Benchmark Study 5. Cisco commissioned ESG Research Insights Report 8. TechValidate survey of 155 users of Cisco Umbrella
3. IDC Research, Investigation or Exasperation? The State of Security Operations 6. Gartner, The Future of Network Security Is in the Cloud; 30
August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks,
go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. (1110R)