Tech Shorthand Cloud Access Security Broker (CASB) is software that allows businesses to safely use the cloud by monitoring user activity and enforcing security policies between users and cloud applications. It is a type of Identity and Access Management technique that is used to regulate who or what can view and use resources in a computing environment. Specific data loss prevention policies can enable the detection of sensitive data in the network and stop that data from being transferred. Firewall as a Service (FWaaS): Firewall as a service refers to the cloud-based, subscription-based delivery of capabilities commonly associated with firewall hardware. These capabilities include access controls, advanced threat prevention, intrusion prevention systems (IPS) DNS security, packet filtering, network monitoring, deep packet inspection, and Internet Protocol security (IPsec), typically managed from a single pane of glass. Remote Browser Isolation (RBI): Remote Browser Isolation is a technology that enables the user to access websites or applications over a separate server that then sends an image of that web page to the user’s computer without actually accessing the resource from the user’s machine. SD-WAN: A Software-defined wide area network provides a flexible, more redundant network that is less complex to manage than a legacy network design. It is transport-agnostic, which means that it can unify different types of connectivity into one cohesive WAN. It also boasts dynamic path selection meaning that it can assess the performance of the available network paths, including packet loss, latency, jitter, and congestion, and select the best available path for the circumstances. Secure Web Gateway (SWG): A secure web gateway enforces policies, supports regulatory compliance, and blocks unwanted and harmful traffic from entering a company’s network. This is accomplished through a combination of malicious website detection (URL filtering), application controls, malware blocking (malicious code detection), and intrusion detection and prevention. Zero Trust Network Access (ZTNA): With Zero Trust Access, every resource is already compromised, and every individual is considered to be a malicious intruder until proven otherwise. Users and machines are granted access to specific resources only when necessary and after identities are verified. ZTA also isolates on the targeted application as opposed to providing access to servers in general, thereby making it more difficult for intruders to move laterally through the network, as is typically the case when Virtual Private Networks (VPN) are in use. Copyright © 2021 AVANT Communications, Inc. AVANT | SASE 6-12 Report | 27
SASE Report Page 26 Page 28