Back 
There exists a drive in all of us that embraces innovation to make life easier. For IT leaders, it’s time for true innovation at the remote access edge.
For years, network and security teams have struggled to distribute and manage multiple point-based solutions that don’t effectively integrate. Some of these deliver reliable network access while others address remote access security concerns. At Netskope, we strive to help customers make a clear path toward both simplification and unification. That’s why we’re proud to introduce the industry’s first fully converged secure access service edge (SASE) client with built-in Endpoint SD-WAN and Intelligent Security Service Edge (SSE) for remote workforces. This is an unprecedented innovation in how the needs of security and network performance come together, and we’re very excited to provide it to every organization on a digital transformation journey.
Leveraging the same technologies found in Netskope Intelligent SSE and Borderless SD-WAN, Netskope Endpoint SD-WAN and unified SASE client deliver granular and dynamic network performance, visibility, and security capabilities. From a single unified platform, enterprise IT departments can now manage branch offices and individual remote users using a uniform zero trust and network performance policy across the entire corporate infrastructure.
Legacy technologies won’t keep up with a cloud-first world
Traditional technologies, such as remote access VPNs, have served enterprises well for decades. But times are changing, and this is creating serious performance and security gaps that those technologies can’t solve or be retrofit to attempt to solve. Today’s hybrid workforce expects a robust combination of security and performance no matter where end users are working from, and IT operations teams expect to be able to deliver that security and performance. Traditional architecture, however, is often challenged in the following ways:
- Lack of visibility: Understanding precisely where a performance or security issue is occurring helps IT Ops teams to identify and remediate these types of incidents, but a lack of visibility due to the limitations of traditional solutions makes it difficult to quickly identify a root cause. For example, if clients complain of slow performance to a remote application, support teams have no way of verifying whether the problem is related to the user’s endpoint device, local network, internet connection, or any number of other potential sources of application slowdowns.
- Missing optimization capabilities: Traditional network and security solutions do not provide the level of quality of experience (QoE) that’s been available for years within SD-WAN technologies. To provide the necessary levels of QoE for mission-critical traffic, remote access platforms must have the intelligence to accurately identify and prioritize traffic flows and analyze real-time network conditions to perform the appropriate optimizations. A network bottleneck that’s occurring somewhere between an end user and a SaaS-based video conference solution—for example, in widely-used tools such as Zoom—is where traditional solutions falter as they have no way of identifying and remediating that kind of network issue.
- Operational complexities: When employees were initially sent home during the COVID-19 pandemic, IT architects were largely focused on bolstering their ability to provide secure remote access connectivity with little thought put into long-term architecture planning. Because of this, many are now grappling with having to manage multiple point-based remote connectivity solutions like remote access VPN, SSE, ZTNA, SWG, CASB, DLP, and SD-WAN appliances.
- Lack of cloud-readiness: Enterprise networks have largely migrated away from centralized data center architectures to more flexible and scalable distributed computing models. That’s why technologies such as VPN are a challenge in these types of modern environments, as the technology uses a single encrypted tunnel for transport—which is especially problematic if all client traffic is forced to take a single path to the VPN concentrator. Since applications now reside in multiple geographic locations, hairpinning traffic through a single destination negatively impacts application performance and increases cloud backhauling costs.
- Policies don’t follow the user: For years, network and network security teams have struggled to operate disparate systems that manage branch office and individual work-from-home users. When users work out of a branch office, for example, network optimization, security protections, and associated policies (e.g. SD-WAN, firewall rules, SWG, CASB, etc.) help optimize and protect user traffic. When these same users leave the branch office and work from home or from a café, the same level of high-performance connectivity and security should follow the user wherever they go, and from wherever they access data.
A better path forward with Netskope Endpoint SD-WAN
With Netskope Endpoint SD-WAN, we deliver the visibility that’s now required in today’s modern distributed infrastructures and workforces. Unlike outdated technologies such as VPN, Endpoint SD-WAN continuously collects and tracks application visibility and performance analytics over time. From this data, Endpoint SD-WAN validates whether the end-user QoE is within acceptable limits–or if specific QoE variables (e.g. Wi-Fi performance, device CPU, traffic path, remote application, etc.) are causing performance issues. The gathered statistics are then calculated and used to formulate a per-user AppX score, which points administrators to potential root causes including network latency, jitter, policy violations, and other anomalies.Netskope’s context-aware intelligence further optimizes the end-user experience by accurately identifying applications from a database of more than 60,000 applications and prioritizing, or rate-limiting, applications based on business intent. Additionally, Endpoint SD-WAN continuously monitors network packet loss, jitter, and latency to every destination (on-premises and cloud) and automates the mitigation of poor performance over the last mile connections in real-time to ensure high-performance reliable connectivity. The result is a highly granular application assurance service that delivers optimal performance for all users in all locations.
Furthermore, Netskope Endpoint SD-WAN eliminates single-tunnel shortcomings of legacy technologies by allowing clients to simultaneously and directly connect to multiple public and private data centers. Policy-based steering to these multi-site destinations enables users to receive the most optimized experience for “direct-to-app” access. Allowing client traffic to take multiple paths to various clouds and data centers largely eliminates the egress traffic costs observed when client traffic must unnecessarily hairpin through a public cloud provider, such as AWS, to access apps that may be in another cloud provider, such as Azure.
One platform, one policy, one simplified experience
The advantages of Netskope Endpoint SD-WAN don’t stop at the end user. Network architects and operations teams benefit from a platform that unifies and future-proofs network optimization, security, and visibility for all. The same branch office SD-WAN and SSE orchestration, with context-aware zero trust policies enforced and managed by network teams today, can now be applied for individual users. Not only does this single, managed architecture help to eliminate performance and security policy duplication, but it also eliminates the need for multiple client applications and security policy inconsistencies that commonly occur when using incompatible branch and remote access solutions.
No matter where your users, apps, and services reside, Netskope allows IT teams to implement, manage, and scale their branch and remote user network architecture with streamlined operations, high-performance connectivity, and steadfast security based on context-aware zero trust principles.
To learn more about how Netskope can help create a unified branch office and remote access architecture, please read our press release about Endpoint SD-WAN or visit our Endpoint SD-WAN page. SASE client will GA later this year.
Read the blog