Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

閉める
閉める
  • Netskopeが選ばれる理由 シェブロン

    ネットワークとセキュリティの連携方法を変える。

  • 導入企業 シェブロン

    Netskopeは、フォーチュン100社の30社以上を含む、世界中で3,400社以上の顧客にサービスを提供しています。

  • パートナー シェブロン

    私たちはセキュリティリーダーと提携して、クラウドへの旅を保護します。

SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。

ネットスコープが2024年Gartner®社のシングルベンダーSASEのマジック・クアドラントでリーダーの1社の位置付けと評価された理由をご覧ください。

レポートを読む
顧客ビジョナリースポットライト

革新的な顧客が Netskope One プラットフォームを通じて、今日の変化するネットワークとセキュリティの状況をどのようにうまく乗り越えているかをご覧ください。

電子書籍を入手する
顧客ビジョナリースポットライト
Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。

Netskope パートナーについて学ぶ
色々な若い専門家が集う笑顔のグループ
明日に向けたネットワーク

サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。

ホワイトペーパーはこちら
明日に向けたネットワーク
Netskope Cloud Exchange

Netskope Cloud Exchange (CE) は、セキュリティポスチャに対する投資を活用するための強力な統合ツールを提供します。

Cloud Exchangeについて学ぶ
Aerial view of a city
  • Security Service Edge(SSE) シェブロン

    高度なクラウド対応の脅威から保護し、あらゆるベクトルにわたってデータを保護

  • SD-WAN シェブロン

    すべてのリモートユーザー、デバイス、サイト、クラウドへ安全で高性能なアクセスを提供

  • Secure Access Service Edge シェブロン

    Netskope One SASE は、クラウドネイティブで完全に統合された単一ベンダーの SASE ソリューションを提供します。

未来のプラットフォームはNetskopeです

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

製品概要はこちら
Netskopeの動画
Next Gen SASE Branch はハイブリッドである:接続、保護、自動化

Netskope Next Gen SASE Branchは、コンテキストアウェアSASEファブリック、ゼロトラストハイブリッドセキュリティ、 SkopeAI-Powered Cloud Orchestrator を統合クラウド製品に統合し、ボーダレスエンタープライズ向けに完全に最新化されたブランチエクスペリエンスを実現します。

Next Gen SASE Branchの詳細はこちら
オープンスペースオフィスの様子
ダミーのためのSASEアーキテクチャ

SASE設計について網羅した電子書籍を無償でダウンロード

電子書籍を入手する
ダミーのためのSASEアーキテクチャ eBook
最小の遅延と高い信頼性を備えた、市場をリードするクラウドセキュリティサービスに移行します。

NewEdgeの詳細
山腹のスイッチバックを通るライトアップされた高速道路
アプリケーションのアクセス制御、リアルタイムのユーザーコーチング、クラス最高のデータ保護により、生成型AIアプリケーションを安全に使用できるようにします。

生成AIの使用を保護する方法を学ぶ
ChatGPTと生成AIを安全に有効にする
SSEおよびSASE展開のためのゼロトラストソリューション

ゼロトラストについて学ぶ
大海原を走るボート
NetskopeがFedRAMPの高認証を達成

政府機関の変革を加速するには、Netskope GovCloud を選択してください。

Netskope GovCloud について学ぶ
Netskope GovCloud
  • リソース シェブロン

    クラウドへ安全に移行する上でNetskopeがどのように役立つかについての詳細は、以下をご覧ください。

  • ブログ シェブロン

    Netskopeがセキュアアクセスサービスエッジ(SASE)を通じてセキュリティとネットワーキングの変革を実現する方法をご覧ください

  • イベント&ワークショップ シェブロン

    最新のセキュリティトレンドを先取りし、仲間とつながりましょう。

  • 定義されたセキュリティ シェブロン

    サイバーセキュリティ百科事典、知っておくべきすべてのこと

「セキュリティビジョナリー」ポッドキャスト

2025年の予測
今回の Security Visionaries では、Wondros の社長であり、Cybersecurity and Infrastructure Security Agency (CISA) の元首席補佐官である Kiersten Todt 氏が、2025 年以降の予測について語ります。

ポッドキャストを再生する Browse all podcasts
2025年の予測
最新のブログ

Netskopeがセキュアアクセスサービスエッジ(SASE)機能を通じてゼロトラストとSASEの旅をどのように実現できるかをお読みください。

ブログを読む
日の出と曇り空
SASE Week 2024 オンデマンド

SASEとゼロトラストの最新の進歩をナビゲートする方法を学び、これらのフレームワークがサイバーセキュリティとインフラストラクチャの課題に対処するためにどのように適応しているかを探ります

セッションの詳細
SASE Week 2024
SASEとは

クラウド優位の今日のビジネスモデルにおいて、ネットワークとセキュリティツールの今後の融合について学びます。

SASEについて学ぶ
  • 会社概要 シェブロン

    クラウド、データ、ネットワークセキュリティの課題に対して一歩先を行くサポートを提供

  • 採用情報 シェブロン

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • カスタマーソリューション シェブロン

    お客様の成功のために、Netskopeはあらゆるステップを支援いたします。

  • トレーニングと認定 シェブロン

    Netskopeのトレーニングで、クラウドセキュリティのスキルを学ぶ

データセキュリティによる持続可能性のサポート

Netskope は、持続可能性における民間企業の役割についての認識を高めることを目的としたイニシアチブである「ビジョン2045」に参加できることを誇りに思っています。

詳しくはこちら
データセキュリティによる持続可能性のサポート
クラウドセキュリティの未来を形作る

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

チームに参加する
Netskopeで働く
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

カスタマーソリューションに移動
Netskopeプロフェッショナルサービス
Netskopeトレーニングで、デジタルトランスフォーメーションの旅を保護し、クラウド、ウェブ、プライベートアプリケーションを最大限に活用してください。

トレーニングと認定資格について学ぶ
働く若い専門家のグループ

How SASE and the Internet Took Over Wide Area Networks (Part 1)

Aug 22 2024

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

As I embark on a new role with the Netskope Platform Engineering team, I am eager to explore how our company’s vision shapes the evolution of enterprise networking security. This first article in a series is a testament to my technical introspection, introducing the background, challenges, and needs that led to SASE—security access service edge.

Over the past quarter of a century, enterprises have gradually recognized the internet as a reliable means of transporting applications. Remote work further accelerated this shift, transforming the workspace into a borderless environment. Coupled with the rise of corporate SaaS applications, this has led to a new era of connectivity.

However, in this new era, the internet has become a critical vector for cyber threats. As organizations rely more on the internet for connectivity, they face increased exposure to sophisticated threats, including data breaches, malware, and phishing attacks. SASE emerged as a response to the limitations of traditional networking and security models.

With all of that in mind, let’s take a journey through the recent history of WANs to understand the direction security and networking are heading.

Wide area network evolution shaping our present and future

In 2000, before the internet bubble burst, Cisco Systems had the highest market capitalization worldwide, standing as the unquestioned leader in the enterprise networking industry. Internet security products were negligible in Cisco’s revenue statements, contributing only a tiny fraction of their sales. Overall, cybersecurity was still a relatively small sector. Corporate networks and the internet used to exist as two distinct silos, a separation that inherently provided security without necessitating encryption.

The wide area network (WAN) backbones, which were, by definition, running on private physical infrastructure, relied on legacy dedicated point-to-point lines and protocols, such as frame relay and ATM.

Additionally, cloud applications were not that critical for corporations. Besides email, electronic communications and IT resources were mainly private.

Some early adopters started using more IPsec site-to-site tunnels for WAN backup and offloading low-priority traffic over the internet. I remember demonstrating such implementation for a large corporation back in 2002, but it didn’t go beyond a proof-of-concept. At that time, best-effort internet was not considered eligible to transport sensitive corporate traffic. Today, this has evolved with intelligent quality of service and orchestration within a graphical interface, representing the SD-WAN part of SASE.

Multiprotocol Label Switching (MPLS) virtual private network (VPN), a genuine IP-minded solution, was the rising star.

MPLS and VRF: Enhancing IP routing and network isolation

MPLS is a set of core switching protocols designed to speed up IP routing. It combines the advantages of IP and ATM.

Network operators and vendors developed the VPN application of MPLS to provide network isolation at layer 3. On an MPLS-VPN network, each VPN is a private routing context. Customers purchase one or several VPN contexts to segregate their WAN routing environments over the same physical infrastructure.

Traffic over MPLS-VPN is generally not encrypted and the network is trusted. In most cases, these VPN instances naturally became the long-haul extensions of the local area network VLANs. Machines with the same usage profile would sit in the same LAN segments and VPNs.

The Impact of SLAs on Differentiating MPLS-VPN from Internet Services

For corporations (or at least their legal departments), the primary quality metric was SLAs and the penalties that come with them. In other words, how can the penalties be harmful enough to the service providers to care for and match a decent quality of service?

On MPLS-VPN networks, packet delivery, round-trip delays, and service availability are subject to SLAs. In contrast, most internet services only offer time-to-restore or availability SLAs. These contractual items have been the key argument for telcos to differentiate MPLS-VPN from IPsec over the internet. 

SLAs do not apply when the link has been broken because of a force majeure event: natural disasters, acts of war, government actions, and pandemics, among others. For example, if an excavator cuts a fiber cable, and even if it’s not considered a force majeure event, it makes no difference whether the service is internet or MPLS-VPN. There’s only a small chance that the provider will restore the link within the SLA time.

Building resilient and capable networks: Meeting SLAs amidst complex constraints

To support SLAs, resiliency and capacity management have always been prevalent themes when designing communication networks. These attributes are fundamentally about ensuring the network is extensive, redundant, fast, and agile enough to meet customer expectations under any network condition. However, achieving this involves navigating a complex set of constraints, such as:

  • Multiple routes available between two points.
  • Each link has its own capacity management.
  • Backup routes must restore fast enough to preserve the ongoing sessions (e.g., a phone call) without the users noticing when a route goes down.
  • With IP, not all applications (such as voice) have reserved bandwidth. The network may throttle low-priority applications during congestion events, but not excessively. 

The approaches in private backbones like MPLS and the shared internet network are naturally profoundly different. The internet has always been considered “best effort,” while MPLS-VPN guarantees quality of service. However, users expect the internet to deliver a decent service in most network conditions. Competition among internet service providers has driven improvements in quality. Techniques and toolkits for managing internet capacity have significantly advanced

Many efforts have also been invested into enriching the arsenal of traffic engineering techniques in IP protocols and MPLS environments, including online capacity management, bandwidth reservations, application priorities, end-to-end paths policies, fast rerouting, and more.

The good news is that MPLS, as a backbone technology, is now the underlying carrier for everything from mobile networks to the internet, and some of these efforts also benefit the internet, not only MPLS-VPN.

The internet’s rise: From home necessity to corporate backbone

For consumers, the internet quickly started providing such valuable use cases that it soon became essential to subscribe to an internet service at home. Some of these examples include personal email, online shopping, search engines, encyclopedic content, social media, and instant messaging.

Around 2008, the internet conquered the mobile space with the user-friendly smartphone, its ecosystem, and high-speed cellular data. Smartphones made access to these ubiquitous use cases, causing a seismic growth in the volume of data flows and user counts.

Alongside the growth of traffic volumes, which was multiplied by the growth of internet video services  (see Figure 1), the number of internet users increased dramatically.

Figure 1: Growth of global Internet traffic in the past 30 years

Internet use in the enterprise accelerated too. In addition to consumer-friendly applications, access to SaaS applications, starting with Salesforce, became a significant topic for IT departments. SaaS solutions offered scalable, cost-effective alternatives to traditional on-premises software, reducing the need for extensive IT infrastructure and maintenance.

Some CIOs even decided to backhaul users’ traffic and deploy private and expensive connectivity, such as Secure Cloud Direct Interconnect (SDCI), to reach services primarily available on the (free) public internet. For a long time, we could never fully resolve the conflict between the ubiquity of the internet and the guaranteed quality of service provided by private backbones.

Embracing remote work: The shift to SASE

Innovation was pushing for changes. The pandemicmarked a dramatic shift. Remote workers became the norm. They were able to benefit from business applications from their homes as if they were in the private and concealed areas of the enterprise locations and WAN networks. Cloud and particularly virtual meeting applications, such as Microsoft O365/Teams, would be affected in a centralized configuration with a single or few WAN breakouts to internet. Users require their internet traffic to go through the shortest possible path.

Internet players kept provisioning massive bandwidth to cope with the pace and absorb the additional load. The internet coped very well with the load that suddenly moved from the office building endpoints to home locations.

Naturally, the user’s workstation turned into the only remaining barrier to the privacy of company data. Intellectual property, secret commercial data, and any information to safeguard must be reached through the employee device and cloud services, which could be anywhere.

Nonetheless, CIOs couldn’t sacrifice service quality and security. Preserving productivity and guaranteeing privacy and data protection are essential. The removal of the corporate “perimeter” has led to the spread and growth of sophisticated attacks, ransomware, involuntary breaches of confidentiality, and insider threats. This threat landscape requires a ubiquitous and granular security model to protect users and data everywhere, moving from traditional defenses, the castle-and-moat, to a global, always-on security layer. This logically gave birth to SASE. 

In the next part of this blog series, we’ll explore the SASE connectivity paradigm and how Netskope delivers high-grade connectivity in this new landscape.

Stay tuned for the upcoming installments of our I&O Perspective series. Join us at SASE Week 2024 to explore the latest in SASE and Zero Trust, and learn how to enhance your organization’s security and network transformation strategy. Don’t miss the “SASE for Networkers Roundtable” on Sep 25,  where customers will share their digital transformation journeys toward SASE

author image
François Devienne
François Devienne supports field and platform engineering to deliver top-notch security and connectivity solutions.
François Devienne supports field and platform engineering to deliver top-notch security and connectivity solutions.

Stay informed!

Subscribe for the latest from the Netskope Blog