Frequently Asked Questions
A resource that can help individuals and organizations get quick answers to common questions and gain a better understanding of cybersecurity best practice.
-
How does your current web or cloud security give you full visibility and context across all web and cloud traffic?
Consider consolidating your secure web gateway (SWG) and cloud access security broker (CASB). This will provide critical visibility and control for data loss protection (DLP) and advanced threat protection (ATP) defenses that are also cloud-hosted in the same platform. Along with retiring your legacy SWG appliances, migrate to zero trust network access (ZTNA) to replace your legacy VPN appliances to modernize your overall secure access posture.
-
What level of cloud-scale does your current security solution provide?
The majority of cloud traffic is encrypted, and a growing number of attackers are leveraging the cloud to evade traditional network controls. Using cloud-scale SSL/TLS inspection helps you stay on top of the threat landscape.
-
Does your current network support high performance and consistent availability?
Users expect high performance with low latency, because if the SASE is slow, unhappy users will look for ways around your system. In order to deliver great user experience, make sure that your SASE solution is engineered for high performance and located in the places that your users are.
-
How many consoles and policies do you currently have to use to manage your existing security stack?
Many vendors are adapting or virtualizing their software and calling it a cloud-based solution. If it isn’t designed to be a SASE, you may end up with multiple administrative consoles, complex policies that are hard to manage, and time-wasting tools for conducting investigations. Choose a solution that has a single management console, single client, and a single policy engine to streamline operations and effectiveness for network and security teams.
-
What is SASE?
Secure Access Service Edge (SASE) pronounced “sassy,” is a cloud-based architecture that delivers network and security services meant to protect users, applications, and data. This term was coined by Gartner in 2019 and has quickly risen through the ranks to become one of the top aspirational security concepts of the current decade so far. Given that many users and applications no longer live and operate on a corporate network, access and security measures can’t depend on conventional hardware appliances in the corporate datacenter.
SASE promises to deliver the necessary networking and security capabilities in the form of cloud-delivered services. Done properly, a SASE model eliminates perimeter-based appliances and legacy solutions. Instead of delivering the traffic to an appliance for security, users connect to the SASE cloud service to safely access and use web services, applications, and data with the consistent enforcement of security policy.
-
What is SSE?
Security Service Edge (SSE) is the convergence of multiple cloud-based security services as the other half of a Secure Access Service Edge (SASE) architecture. SSE benefits your business through a singular architecture that simplifies your security, reduces risks, offers inline visibility, provides granular control of data, and creates preventative measures through advanced analytics capabilities.
-
What is NDR?
Network Detection and response (NDR) is a security tool that monitors an enterprise's network traffic to gain visibility into potential cyberthreats. NDR relies on advanced capabilities, such as behavioral analytics, machine learning, and artificial intelligence to uncover threats and suspect activities. An NDR powered by should be machine learning (ML) anomaly detection, high-risk CVE exploit identification, contextual threat hunting, and streamlined incident response with forensics capabilities. Including post-compromise detection to expose successful intrusions originating from social engineering, credential abuse, and supply chain attacks too are features of a strong NDR solution.
-
What is SD-WAN?
A software-defined wide area network (SD-WAN) is a wide area network that uses software-defined network technology, such as communicating over the Internet using overlay tunnels which are encrypted when destined for internal organization locations.
If standard tunnel setup and configuration messages are supported by all of the network hardware vendors, SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation.[1] In practice, proprietary protocols are used to set up and manage an SD-WAN, meaning there is no decoupling of the hardware and its control mechanism.
-
How do you deliver a superior Hybrid work experience
A well-implemented hybrid work model will increase productivity and lower real estate costs, while simultaneously improving employee recruitment and retention. But what does a winning hybrid work approach look like?
Work from Anywhere: Enjoy fast, secure, ubiquitous access to web, cloud, and private app resources from home or private networks.
Branch Transformation: Come back to the office with a speedier, more efficient network architecture.
Any device: Work equally effectively from corporate or personal devices, and safely interact in IoT environments.
Hybrid work starts with a Secure Digital Transformation process. Building atop a converged security platform can help your organization successfully transform and unlock the full potential of a hybrid work environment.
- Channel your hybrid workforce through a single cloud security platform (Intelligent SSE)
- Deliver zero trust across all transformation stages (Zero Trust)
- Threat protection like no other (Threat Protection)
- Manage cloud risk exposure with a 360° view of activity (Advanced Analytics)
- Keep a watchful eye on risky user behavior (Insider Risk)
- Discover, manage, and secure IoT devices across your hybrid enterprise (IoT Security)
- Ensure a superior end-to-end digital experience (Digital Experience Management)
-
What should be the Key Consideration for Cloud Protection
- Compliance
Whether you need to comply with mandates such as HIPAA, GDPR, GLBA, PCI, or another regimen, a robust solution should cover so you can pass audits. With DLP, you can construct activity audit trails, create summary compliance reports, protect sensitive data with strong encryption, and manage data incidents.
- Data Visibility and Context
Understand where your most sensitive data is flowing and how it’s being used, including sensitive data at rest in managed cloud services and data in motion for cloud services and within web traffic. Enrich visibility and decision-making by understanding the identity, device, behavior, browser, location, activity, and threat risk surrounding data.
- Prevent Data Loss
Anomaly detection combined with DLP capabilities can correlate the download of sensitive data and detect data movement that could signal data exfiltration. Zero trust principles leverage contextual policies to enable granular, least-privileged data access along with continuous assessment that dynamically adapts that access as context changes.
- Converged Data Protection
Consolidate data protection across web, SaaS, IaaS, email, private apps, and devices, eliminating the need for multiple siloed data protection solutions and policies. Instead, data is classified once, with a single policy enacted across all vectors, with incidents managed on a single pane of glass.
- Streamline Operations
Dramatically simplify DLP implementations with advanced data protection capabilities. Machine Learning and data profiles automate large parts of the data classification and discovery process, Advanced Analytics provides insights about data that enables organic, proactive policy definition, while automated workflows can block, quarantine, or encrypt data.
- Superior User Experience
Boost end-user agility with flexible context-driven policies that grant risk-appropriate access to apps and data, as well as a lightweight unified agent with cloud-based inspection that minimizes the impact of DLP on the user experience.