On March 11, the fifth SD-WAN&SASE Summit was officially held in Beijing, inviting academicians of the Chinese Academy of Engineering, operators, SD-WAN and SASE ecological chain enterprises, equipment manufacturers and other guests to attend, around the development of SD-WAN&SASE technology, to create a more open and collaborative network innovation ecology.
As an excellent SD-WAN service provider attended the meeting, Liu Chao, product director of optical Union, delivered a keynote speech "from SD-WAN to SASE cloud network security integration services", deeply analyzed the industry trend of cloud network security integration, and shared the service innovation and landing practice of optical Union in the evolution process of SD-WAN to SASE.

Rapid iteration of technology

SD-WAN and ZTNA are approaching maturity

According to Gartner's technology maturity curve, SD-WAN and ZTNA are both on a steady upward trajectory, while SASE technology has cooled off from concept fever, and some customers are beginning to pay attention and look for service vendors to exchange technology solutions. While SSE is in the concept hot stage, independent SSE is still few customer choices, and the combination of SD-WAN is a more acceptable solution. Gartner predicts that by 2025, at least 60% of enterprises will have a clear SASE adoption strategy and plan.

Network security convergence driving factors

Based on the in-depth insight into the market demand, Mr. Liu Chao shared his summary of the four drivers of network security integration, which are:
The application of software-defined technologies such as SD-WAN enables customers to introduce low-cost links to reduce the overall network construction cost, and then ensure a good application experience through application identification, intelligent routing, QoS guarantee and other technologies. Because of the introduction of low-cost network access methods such as Internet and 4G, compared with the traditional dedicated line or MPLS, more open, but increased security risks;
In recent years, customer business systems have been migrating from IDC to the cloud at a faster speed. Compared with self-built IDC and private cloud, application deployment in public cloud exposes IP and ports, making business systems more vulnerable to attacks;
Remote working/mobile working scenarios are gradually increasing, and the control of traditional SSL VPN access to the Intranet system is coarse and has too much authority, so more refined identity security access schemes are needed. In addition, the increase in employee BYOD scenarios introduces more insecure factors to the Intranet, and promotes the integration of network schemes and zero-trust schemes.
Customers increasingly no longer want to face multiple vendors. In the past, network and security were built separately and operated separately. Now, customers are more inclined to adopt network security fusion controllers to manage network equipment and security equipment in a unified way, and they are managed by one network security integration service provider.

Evolution of optical network solutions

Then, Mr. Liu Chao also introduced the five stages of the evolution of optical network services from the perspective of the scope of controller management: the first stage is the stage without controller, that is, the special line or MPLS networking stage; The second stage is the SD-WAN controller management branch CPE router stage; In the third phase, the management rights of the controller are extended from the WAN to the LAN, and the AP, SW, and FW devices on the LAN side are managed, also known as SD-Bransh controllers. In the fourth stage, the controller is extended to the cloud, where vCPE is deployed and managed by the controller in a unified manner, achieving cloud network integration. The fifth stage is the current SASE controller, which manages LAN, WAN, cloud, and security to achieve the maximum degree of cloud network security integration.

According to Gartner, the SASE Service model consists of two parts, one is Network as a Service and the other is Security as a Service. Network as a service is the advantage area of Optronix, and security as a service part of Optronix cooperates with excellent solution manufacturers at home and abroad, and builds its own SOC security operation center to achieve the integration of the two services.

Optical link SASE overall solution

Based on SD-WAN, the overall solution deploys security gateways and security resource pools at POP points. Besides traditional branch egress CPE devices and LAN devices, secure soft terminals are also added to the access side. Realize multiple types of branch access, mobile office/remote office access, zero trust identity security, border security protection, cloud firewall, secure cloud access agent (CASB), secure Web gateway (SWG) and other capabilities. Customers can securely access Intranet applications, public cloud or SaaS applications to achieve an efficient integrated cloud and network security service solution.

Optical link SASE overall solution

SOC Security Operation Center has been launched to serve customers

Liu Chao also said that Guanglian has passed the SD-WAN Ready2.0 service certification of the Information and Communication Institute, which includes a number of network security service capability certifications, marking that the SASE program built by Guanglian based on SD-WAN has been recognized by the authority. Based on its own mature NOC network operation center system, the company has developed and set up an SOC security operation center, which independently configures security specialist positions and security expert resource pools. General network security issues are dealt with directly by the security specialist, and difficult or urgent problems are solved by the security expert team.

SOC Security Operations Center service

Finally, Mr. Liu Chao also told you about the cloud network security integration application case recently landed, more complete and comprehensive to the guests to show the SASE service capability. Facing the future, Guanglian will continue to explore the cloud network security integration service model to provide more competitive solutions for enterprise customers. We will also continue to work together with industry partners to serve customers and contribute to the digital process of enterprises!