By Danny Browning, VP of Product
November 2, 2022

CoverBlog_SASEVSDogma_2023

 

What Is SASE?

Secure Access Service Edge (SASE) is an enterprise networking and security category introduced by Gartner. SASE unifies SD-WAN and Security Service Edge (SSE) functionality, including FWaaS, CASB, DLP, SWG, and ZTNA, into a single, cloud-native service.

By deploying SASE, organizations can:

  • Minimize the effort and costs required to sustain complex and fragmented infrastructure composed of point solutions
  • Reduce the risk of breaches and data loss
  • Enable secure work from anywhere
  • Improve access to cloud and on-premise global applications

What Is DuskRise’s Far Edge Solution?

The boom of the flexible workplace approach has left off-premises networks entirely unprotected and increased the risk of IT security breaches for enterprises. From smart TVs to printers in employee homes,
the spectrum of devices targeted by hackers has expanded. Organizations that have adopted a distributed work model are currently facing a need to secure the new attack perimeter and gain visibility into the remote networks. DuskRise has addressed this need by creating a solution that extends corporate network security policies and controls to untrusted networks through the use of mobile hardware access points with edge computing capabilities. With a defense-in-depth approach, these access points add key security features to cover the new attack perimeter.

The features of the DuskRise network edge security platform include:

  • Private network segmentation - DuskRise uses Wi-Fi segregation to create a secure enclave and prevent lateral movement attacks, providing a protected channel for access to corporate assets. 
  • Network policy implementation - The solution enables the enforcement of corporate network security policy and allows for the configuration, control, and management of affiliated remote networks. 
  • Network-based threat detection - Cyber threats are mitigated through effective connection inspection, as well as control and prevention filters, delivered by Cluster25, DuskRise’s Advanced Threat Research team. 
  • Cyber threat landscape insights - Tailor-built for the end-user, the DuskRise app provides visibility of any blocked navigation and useful information about APTs, attack types, and more to increase security awareness. 

The DuskRise platform, Dogma, provides an additional layer of protection and seamlessly integrates into the existing security stack, helping enterprises worldwide minimize the risk of lateral movement attacks. It is located at the far edge of the user’s local network, before their internet gateway, unlike SASE solutions, located at the near edge, in regional data centers or cellular towers. Thanks to its location, Dogma provides stronger user privacy and network performance over a near edge solution. Rather than backhauling the traffic to the near edge and/or cloud, Dogma inspects it at the user’s local network, processing only anonymized portions of the data to reduce network trombone.

SASE_vs_Dogma_Blog_Version_2

How Can Dogma Be Used Together With SASE?

When it comes to hardware devices and edge services, their capabilities are limited compared to the ones delivered by SASE. For instance, a SASE solution allows organizations to use a single infrastructure to provide CASB to both single and multiple users. However, by deploying Dogma at the far edge, security teams gain the ability to determine a subset of traffic to forward to the SASE solution, providing complete control of data and privacy.

For cases where DuskRise and SASE provide the same functionality, it is possible to deploy them independently and in tandem. Some solutions, such as SASE’s ZTNA, might rely on an already existing infrastructure that can be leveraged to reduce the operational overhead by combining Dogma and a pre-existing ZTNA solution. In this case, Dogma will amplify the level of security for non-ZTNA resources and improve privacy and productivity. 

Can Dogma Replace SASE?

Yes, primarily to avoid backhauling a portion of an organization's traffic to the near edge or cloud, as this can lead to the following:

Loss of employee privacy: With DuskRise performing inspection at the far edge, employee traffic is no longer backhauled to the cloud, which prevents the possibility of it being intercepted along the way or retained by cloud inspection services.

Reduction in employee productivity: Backhauling traffic to the cloud or the near edge reduces productivity, either due to increased latency or a reduction in the throughput of Internet connections. Unlike SASE, Dogma does not have this limitation and allows traffic to go directly to its intended destination with an inline inspection to ensure that latency and throughput are not impacted.

Unpredictable cost of traffic backhaul and inspection: Finally, with DuskRise's far edge solution the cost of traffic backhaul and inspection can be better predicted and, in some cases, reduced since the traffic does not need to be shipped to and from a near edge/cloud solution. In addition, there are no extra costs associated with the increase in the amount of traffic on the far edge.

The corporate network perimeter has been extended into untrusted networks, redefining the enterprise edge. Employees working from home are using these networks to access sensitive company assets, putting organizations at risk of lateral movement attacks. The DuskRise solution enables corporate security and segmentation policy management, extending office-grade protection to remote assets and users. 

Schedule a demo today to see how it works.