{"id":103028,"date":"2019-11-06T06:00:52","date_gmt":"2019-11-06T14:00:52","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=103028"},"modified":"2020-03-30T02:10:23","modified_gmt":"2020-03-30T09:10:23","slug":"cloud-next-generation-network-security","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2019\/11\/cloud-next-generation-network-security\/","title":{"rendered":"The Next Generation of Network Security Is Cloud-Delivered"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">By Nir Zuk,\u00a0Palo Alto Networks founder and CTO<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Applications moving to the cloud and increased user mobility are changing the way networking and network security services must be delivered. The future of network security is in the cloud, and this new model is known as a \u201csecure access service edge,\u201d or SASE (pronounced \u201csassy\u201d). Palo Alto Networks founder and CTO Nir Zuk has been driving this change for the past few years with the Prisma Access product, the industry\u2019s most comprehensive SASE. Here, Nir explains why SASE is the logical evolution for network security. This is the first in an ongoing series in which Palo Alto Networks thought leaders explore the core tenets of an integrated, effective SASE solution, and more broadly, its implementation and implications.<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">In a cloud-driven world, security needs to be unified, consistent and delivered from the cloud that it\u2019s chartered to protect. This statement transcends my entire career in security, which has required constant evolution to keep up with changes in technology and secure users, applications and data. That focus remains. However, when it comes to the future of network security and the coming convergence, the legacy point-product approach is no longer effective.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Nearly 25 years ago, I was the principal developer of the industry\u2019s first stateful inspection firewall. Those were the early days of the internet, and back then the prominent firewall technology was stateless access control lists (ACLs). ACLs were not able to deal with the emergence of stateful applications, such as internet audio and video applications (or even good old FTP), so a new approach was clearly necessary. An attempt at using proxy technology proved futile, as proxies were too slow and had the tendency to break many of these applications. Stateful inspection proved to be both useful and secure, which is why it has since dominated the network security market.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Almost 15 years ago, it became apparent that the explosion in the number of internet applications was challenging stateful inspection, so taking a new approach was again necessary. Early attempts at responding to the challenge with proxy technology emerged (for the second time!). However, they failed once more due to the proxy\u2019s inherent poor performance and its inability to inspect all types of network traffic. I felt I had to fix the firewall again, which led me to start Palo Alto Networks and build a replacement for stateful inspection \u2013 the App-ID-based Next-Generation Firewall \u2013 which today is, by far, the leading firewall in the market.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Today we are witnessing yet another change in applications that is driving yet another change to network security. This time, applications are moving from corporate data centers to the cloud \u2013 both SaaS and public cloud. Cloud adoption is challenging firewall architecture again and requires me to respond. And yes, early attempts at solving the challenge are happening with a proxy, which are failing for the same reasons they did before.<\/span><\/p>\n<h2><span style=\"font-size: 14pt;\"><b>It\u2019s time to fix network security. Again.<\/b><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Over time, organizations have typically assembled quite a few network security infrastructures. There is infrastructure for securing branch offices, where traffic is typically backhauled over an IP-VPN (think MPLS) network back to corporate headquarters or data centers, and internet traffic is routed from there through the organization\u2019s network security stack. Then there is the network security infrastructure for allowing remote access into the corporate data center.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As applications move to the cloud, the old method of forcing all branch, user and partner traffic back through the corporate headquarters or data centers no longer makes sense. It makes much more sense to deliver the same network security stack from the cloud, such that traffic destined for the cloud does not have to hit corporate networks, and less traffic needs to go to corporate data centers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By delivering network security from the cloud, you can protect users, applications and data, regardless of where they are.\u00a0<\/span><\/p>\n<h2><span style=\"font-size: 14pt;\"><b>SASE: A More Secure Everywhere<\/b><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Gartner has proposed a new model for networking and network security in the cloud, known as the \u201csecure access service edge,\u201d or SASE, pronounced \u201csassy.\u201d In Gartner\u2019s words:<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">\u201cThe secure access service edge is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA) to support the dynamic secure access needs of digital enterprises.\u201d\u00a0<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Effectively, Gartner asserts SASE is able to meet the demands of cloud and mobile environments, addressing the challenges with traditional network and security architectures.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I agree with this concept, and in my mind, it\u2019s relatively simple. <a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-sase\">SASE<\/a> is the convergence of different access and network security methods into one cohesive platform. Perhaps most importantly, however, this cohesive platform must ensure a seamless user experience. It must be built on a high-performance global network, which is beyond the capability of most smaller vendors. SASE demands a level of integration that\u2019s unprecedented in the security industry. It\u2019s unlike other approaches in the fragmented security industry, which has extremely low barriers to entry.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The cybersecurity industry has worked hard to convince customers that they need to work with dozens of vendors and use dozens of point products and technologies. Yet the future of network security is in the cloud, and security vendors must evolve in order to effectively secure customers anywhere and everywhere.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">At Palo Alto Networks, we foresaw this shift and built a compelling SASE solution. Prisma Access delivers the networking and networking security that organizations need in a SASE architecture designed for all traffic, all applications and all users.\u00a0<\/span><\/p>\n<p>Learn more about SASE in our\u00a0<i><a href=\"https:\/\/start.paloaltonetworks.com\/10-tenets-SASE\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/start.paloaltonetworks.com\/10-tenets-SASE&amp;source=gmail&amp;ust=1583445663951000&amp;usg=AFQjCNGeHBaUW_B-whsy9xai5RunEg9LTg\">10 Tenets of an Effective SASE Solution<\/a><\/i>\u00a0ebook.<\/p>\n<p>&nbsp;<\/p>\n<p><i><span style=\"font-weight: 400;\">Gartner does not endorse any vendor, product or service depicted in its research publications,\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">and does not advise technology users to select only those vendors with the highest ratings or\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">other designation. Gartner research publications consist of the opinions of Gartner\u2019s research\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">organization and should not be construed as statements of fact. Gartner disclaims all\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">warranties, express or implied, with respect to this research, including any warranties of\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">merchantability or fitness for a particular purpose.<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">Gartner, The Future of Network Security Is in the Cloud, Neil MacDonald, Lawrence Orans, Joe\u00a0<\/span><\/i><i><span style=\"font-weight: 400;\">Skorupa, 30 August 2019.<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Prisma Access delivers the networking security that organizations need in a SASE architecture designed for all traffic, all applications and all users<\/p>\n","protected":false},"author":3,"featured_media":103119,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768],"tags":[6833,6881,7006],"coauthors":[1641],"class_list":["post-103028","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","tag-prisma-access","tag-sase","tag-secure-access-service-edge"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/11\/Nir-Zuk-IgniteUSA2019.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/103028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=103028"}],"version-history":[{"count":11,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/103028\/revisions"}],"predecessor-version":[{"id":107314,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/103028\/revisions\/107314"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/103119"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=103028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=103028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=103028"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=103028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}