[4 min. read]

Secure access service edge (SASE) is helpful for many companies considering digital transformation. If you’re looking for a way to upgrade your network security, SASE may be right for your organization.

This post will define SASE, explain how it works and detail the benefits it can bring your company.

What Is SASE?

Experts simply define SASE as a cloud-native security framework that blends wide area network (WAN) features with cloud security technologies to build secure connections between users and your internal network.

SASE — pronounced like “sassy” — combines various network security technologies into one comprehensive solution. This solution enables more efficient remote work and simplifies your tech stack, key steps toward a successful digital transformation.

It’s important to distinguish SASE from other forms of edge computing. SASE is often mistaken for security service edge (SSE), which is a SASE subcategory that focuses on security services.

How Does SASE Work?

SASE works by inspecting user traffic at a security enforcement point near them, which shifts the focus off your data center and onto your users. This change makes connecting to your applications and services safer and more efficient.

Rather than forwarding web traffic all the way to your data center and back, SASE sends user connections to a nearby enforcement point for inspection. Once approved, the user can securely connect to the destination.

In contrast, legacy system security checks take place in on-premises firewall hardware. While this model works well for in-house teams, it’s inefficient for remote and distributed users. And as people begin working from home more often, companies must find new ways to improve the remote user experience to stay competitive.

Essentially, SASE checks your user or system where they are instead of waiting for their connection to reach your network.

Breaking Down the SASE Model

The SASE architecture consists of six key components. Each component is essential to the SASE model and enables a secure connection.

1. Software-Defined Wide Area Network (SD-WAN)

An SD-WAN network is an overlay network, which means that it is constructed on top of another network’s infrastructure. This virtual architecture eliminates the constraints of a physical network, which allows it to provide extra networking flexibility and optimize the user experience.

In SASE, the SD-WAN maps the most efficient route to the destination data center, cloud application or internet server from the user’s device. This function enables you to quickly deploy new applications and services while managing uniform policy across various locations.

2. Secure Web Gateway (SWG)

As the intermediate stop between your users and your network, the SWG prevents unsecured access to your network. When users attempt to access your applications, the SWG inspects their requests against your company policy to prevent malicious entities from reaching your internal network.

This boundary shields both your users and your network from cyber threats such as web-transmitted viruses, vulnerable websites and malware.

3. Cloud Access Security Broker (CASB)

A CASB is a cloud-based security enforcement point located between your users and your network that ensures safe access to your internal applications and services. It also works for any SaaS applications you use.

CASBs include various types of enforcement, including:

• Single sign-on (SSO)
• Tokenization
• Encryption
• Device profiling
• Credential mapping
• Malware detection
• Logging

4. Firewall as a Service (FWaaS)

A FWaaS solution replaces physical firewall hardware with a cloud-based version. These solutions provide your network with advanced next-generation firewall (NGFW) capabilities and access controls such as:

• Advanced threat protection
• Domain name system (DNS) security
• URL filtering
• Intrusion prevention systems (IPS)

5. Zero Trust Network Access (ZTNA)

ZTNA is a critical part of SASE architecture. As the name implies, it does not trust any user — the ZTNA framework requires constant authorization, authentication and validation of all users before granting access to any of your applications or data.

This framework enables remote users to connect securely to your applications without needing to be on your network, which protects them from exposure to the internet at large.

6. Centralized Management

The ability to manage all these components from one central console streamlines your tech stack and improves visibility, eliminating many of the challenges that come with legacy architecture. A unified management console also enables you to deliver consistent connectivity across your organization regardless of your users’ physical locations.

Pros and Cons of SASE

Understanding the potential benefits and downsides of SASE architecture can help you determine whether it is a good fit for your company.

Benefits of SASE

Here are some of the primary benefits of implementing a SASE framework:

• Simplified networks: Unlike virtual private networks (VPNs), SASE solutions do not require users to download additional software to connect to your network. This simplifies the connection process and reduces your IT costs.
• Reduced cybersecurity costs: When you can streamline your tech stack, you can save money on security solutions. For example, a FWaaS eliminates the need for physical firewall hardware, expanding your security system’s reach and reducing infrastructure costs.
• Seamless user experience: As a cloud-based solution, SASE manages connections at key exchange points in real-time. This capability optimizes connections and minimizes latency, providing a superior user experience to VPNs. This is especially true for multi-cloud environments.
• Decreased risk: SASE is a cloud-native framework, so it’s more capable of addressing new challenges as computing becomes increasingly distributed.
• Scalability: Cloud-native solutions are highly scalable, so they can quickly scale to meet increasing demand as your business grows.

Cons of SASE

As with any technological solution, other solutions fit certain use cases better than SASE. Here are some examples:

• Complex integration: If you plan to use tools from multiple different manufacturers, trying to connect them all under the SASE umbrella can introduce new complexities into the system.
• New technology: Because the SASE framework is fairly new, some of its components are still developing. Some companies find themselves running into unexpected limitations in certain areas. For example, SASE can only integrate existing technologies at the moment.
• Limited IT options: Because SASE creates a unified solution, it limits a company’s ability to source solutions from multiple vendors, which may be a disadvantage for some organizations.
• Learning curve: Implementing a SASE framework may require you to reskill or upskill your existing IT team, which can cost you significant effort, money and time up front.

Discussing your needs with a well-established IT consulting firm can help you determine whether SASE is right for your company.

Contact Morefield for More Information

SASE can help drive your business toward digital transformation and simplify your security tech stack when implemented properly. If you’re considering adopting a SASE framework, the experts at Morefield are here to help.

We help organizations in various industries integrate and enhance their technology to boost productivity and efficiency. Whether you’re looking for an individual product to add to your existing system or a fully integrated solution, we can help you find the right technologies to meet your organization’s unique needs.

With more than 70 years of experience in IT, you can count on Morefield to provide unparalleled service and expertise. Contact our team today for more information about our technology services.

Never miss an issue – Sign up to receive our monthly newsletter

Only MSP in Pennsylvania to hold Powered Service designations in three Cisco Meraki specialties

October 24, 2022 (Camp Hill, PA) – Morefield, a Managed Service Provider and technology company, proudly announces it earned the designation of Cisco Gold Provider, with capabilities in three Cisco Powered Services: Meraki Access, Meraki SD-WAN, and Meraki Security.

Morefield earned the Cisco’s Gold level designation, after a rigorous review of their capabilities of enhanced support throughout their managed services practice. Cisco evaluated Morefield on its ability to meet specific metrics and key performance Indicators (KPIs) around expertise in delivering best in class solutions for clients. The solutions include Cisco’s Meraki offerings, end-to-end client incident management and process, and exceptional client satisfaction. Cisco’s Gold Provider audit verifies these deliverables ensuring reliability, security, and support throughout the company including, technical support, sales, marketing, project management, accounting, human resources, and leadership.

“We are excited and proud of our team on this great achievement. We are continuously looking for ways to grow our MSP practice to provide our clients the best technology solutions that manage risk and accelerate digital transformation within their organizations,” remarked Wes Kelly, President of Morefield. “Cisco’s portfolio provides services and solutions for flexible and dynamic infrastructures that can evolve with the needs of our clients. I’m proud of our talented team for achieving this level of recognition by Cisco so that we can take our clients to the next level of service and solutions.”

As a Cisco Gold Provider, Morefield is at the highest level of knowledge and skills required to implement Cisco solutions. Morefield has been a Cisco partner for over 25 years. In addition to Gold Provider status, the company is a Premier Integrator and holds specializations in Cisco Advanced Collaboration Architecture, Cisco Webex Calling, and Cisco Webex Contact Center.

Morefield is the only Gold Provider in Pennsylvania to hold Powered Service designations in these three Meraki specialties. There are less than ten companies nation-wide that hold Cisco Gold Provider role with Power Services credentials in Meraki Access, Meraki SD-WAN, and Meraki Security.

Cisco Gold Provider Status Official Press Release

Contact:
Briana Carr
Morefield Marketing Manager
Briana.carr@morefield.com

[3 min. read]
by Allan Jacks, vCISO 

As my roles changed, one of the most challenging times was when I had to complete an internal
audit in my role as an Engineer. I had to learn what controls were and about collecting evidence.
No longer was it acceptable to just have a task list with monthly to-dos checked off. The
document had to have the person’s name detailing who completed it, the time and date of
completion, and any comments that would reference any action taken or not taken. The internal
auditor then gave me a rundown on some things that would help me including an understanding
of what a control is.

What is a Control?

A control is a set of rules or procedures implemented within a company to ensure the integrity of
data and processes that a system supports. Common controls are things such as backup controls,
separation of duty controls, and physical security controls.

As you read through articles or security websites, you may see references to CIS Controls.
The Center for Internet Security (CIS) is a “community-driven nonprofit, responsible for the CIS
Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and
data. We lead a global community of IT professionals to continuously evolve these standards and
provide products and services to proactively safeguard against emerging threats.”

What are the 18 CIS Controls?

In May 2021 CIS launched the latest version of the CIS controls v 8.0 which took the list of 20 controls to 18.
These controls address areas of IT risk and form the foundation for a strong cybersecurity
program. The CIS Controls are an international-level collection of the best security practices to
implement.

Each item is a starting point that defines controls that guide security improvement within your organization. CIS Control 01 Inventory and Control of Enterprise Assets states:

“Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.”

If you don’t know what assets you have, how do you go about protecting them? It also allows you to know when you see an asset that is not on this list, that an action should be taken. You can have a policy and a supporting control that only authorized and approved devices are allowed on the network. For any device not listed in this inventory, a defined action needs to be taken.

What is the Purpose of Controls?

CIS is focused on protecting and tracking high-risk areas of the business by using controls. They should be considered a good starting point for organizations to implement and allow their focus to initially be the protection of the business’s high-value assets. 

The CIS Controls are not a replacement for other existing frameworks such as NIST 800-53, NIST Cybersecurity Framework, or ISO 27000, but you will find many of the controls mapped to these frameworks. If the CIS controls are a company’s initial focus, this will allow the groundwork for further implementations of other frameworks. The controls comply with the most applicable laws and security safeguards. 

CIS Control Groups

Not every business will have the means or budget to implement all the controls, so CIS developed three different implementation groups with recommendations for safeguards for each group.

Implementation Group 1

Has 56 safeguards and is focused on protecting IT assets and personnel for small to medium-sized businesses.

Implementation Group 2

Has 130 safeguards and typically has multiple departments and risks based on job functions.

Implementation Group 3

Has 153 safeguards, and the organization typically has sensitive information and regulatory and compliance requirements.

Need Help with Controls? Trust Morefield

The implementation of CIS Controls is a great starting point for organizations to implement especially if they don’t have Governance requirements to follow a specific framework. Implementing the controls will mature the organization’s cybersecurity maturity level and will assist in minimizing exposure and risk leading to Cyber-Attacks and threats.

At Morefield, we can assist in the implementation of these controls and provide recommendations and guidance for fulfilling the requirements of each control. Contact us today!

References:

CIS Controls v8 Released | SANS Institute

The 18 CIS Critical Security Controls (cisecurity.org)

[3 min. read]
by Allan Jacks, vCISO 

When I started my career in the military, I wanted to do all the cool stuff I heard about from my recruiter. But then week one started into my 6-month initial training course. I was given what seemed like a mountain of books to use and reference. Many of them were published by the Combined Communications Electronics Board which prescribed standards to be used when conducting communications within member nations. For successful communication, you must speak the same language and when it came to electronic communications, it had a standard and protocol that all who were involved adhered to.

This allowed successful communications between multiple parties to occur in an orderly manner.

As an engineer, we like to have order in our world, and by following templates, rules, guidelines, and best practices, we understand what to expect when implemented correctly.

A framework is exactly that!

What is a Cyber Security Framework?

From the NIST glossary, a Framework is defined as:

“A set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The Framework Core comprises four types of elements: Functions, Categories, Subcategories, and Informative References.”

NIST developed the Cybersecurity Framework in 2014 to provide voluntary guidance for critical infrastructure organizations.

Even though this framework may have been focused on critical infrastructure organizations initially, the NIST CSF is an excellent framework to follow and protect your company’s critical infrastructure. “The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state, and local governments.”

What Does the NIST CSF do?

Every company that relies on its network and the importance of its reliability should consider its network vital to economic security. The NIST Cybersecurity Framework is a proven framework to protect their business.

NIST CSF is made up of 5 core functions: Identify, Protect, Detect, Respond and Recover. These functions provide an overview of the cyclical process for managing cybersecurity risk.

Identify

First identify what your business’s core function is, what is the mission, and why it exists. What are the core assets that make up the business that needs to be secured? These can include physical assets and people. To continue the business, what third parties do I need to continue business successfully?

Protect

Second is the protection of the components identified to ensure the availability of infrastructure services. By protection, we limit the impact of a cybersecurity event through the implementation of policies and procedures, managing the maintenance of infrastructure, and establishing data protection to protect the confidentiality, integrity, and availability of the company’s information.

Detect

The third is to allow continuous monitoring of logs that can identify any anomalies occurring within the infrastructure that may point to a cybersecurity event.  

Respond

Fourth is to detail the actions to be taken in the event a cybersecurity incident occurs. Being prepared to act and knowing what action to take before it occurs will allow an ordered process to limit the damage caused. By practicing what to do, the stakeholders will be better prepared in the event of an incident.

Recover

Finally, in the event of an incident implementing planning processes to restore assets to working order, will allow quicker return to service and return to business operations. Evaluating what went wrong, what went right, and what can be improved, will allow the optimization of the processes, and reduce cybersecurity risk to the organization.

NIST Resources

Just like the Allied communications books that I read in the military, the NIST publications can be quite challenging to read. One does not just pick them up and follow from chapter one through the ending to fully secure your company’s system, though they do have a quick start guide which can be found here:

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

With the changing cybersecurity technologies and threats, NIST is currently working on updating the NIST Cybersecurity Framework to version 2.0. Information can be found here:

Updating the NIST Cybersecurity Framework – Journey To CSF 2.0 | NIST

No company is too small to follow parts of the NIST CSF and by doing so, your company will be better prepared in the event of a cybersecurity incident.

Trust Morefield with NIST CSF

At Morefield, we can assist in providing guidance or assist you in implementing the NIST CSF Framework within your organization. Our team of experts is ready to start talking to you about your needs and goals. Contact our team now!

References
NIST Releases Version 1.1 of its Popular Cybersecurity Framework | NIST