Aviatrix Blog 
The Evolution of SASE
While zero trust and SASE are hardly new, it’s fun and exciting to see how this space continues to evolve since the term was coined by Gartner analysts McDonald and Skorupa in mid-20191. For the uninitiated, SASE stands for “Secure Access Services Edge,” which takes SD-WAN technology and marries it to a zero trust security model by integrating network security, application security, and user-based conditional access. A key pillar of SASE is SSE, or “Security Service Edge” which is basically the security brains for the operation – all the embedded services which work together to create a universal zero trust architecture (ZTA).
One of the biggest transformations in the SASE space over the last three years is the evolution from appliance-based platforms to SaaS platforms. This pivot occurred, not unexpectedly, as SD-WAN companies took advantage of public cloud to focus on improved user experience, accelerated deployment, and reduced latency by leveraging the large network footprints of the cloud service providers (CSPs). And now with the introduction of Microsoft’s SSE solution, part of Microsoft Entra GSA (Global Secure Access), the space has evolved once again.
The Big Benefits of Microsoft
It makes a lot of sense for Microsoft to move into this space. First, they have one of the biggest and most trusted user-identity platforms with Entra, their SaaS solution for Active Directory. Second, they have decades of experience with enterprise security – a key differentiator between Microsoft and the other cloud providers. Third, Microsoft has one of the largest, most advanced networks in the world: 61 Azure regions, 165,000 miles of dark fiber, and over 175 edge locations paired with more than 4000 ISPs and NSPs2.
Here, Microsoft can offer something truly unique, which is the coupling of Entra-based user security policy with the full might of its global private network, resulting in what is sure to be one of the fasted, most advanced, and highly available ZTA platforms in the industry. Microsoft calls this all-up platform “Entra Global Secure Access” and its SSE policy engine “Microsoft Conditional Access Policy.” Entra GSA, Microsoft’s SSE solution is designed to provide granular, zero trust user access to important network destinations, such as the Internet, Microsoft 365, and both public and private SaaS and PaaS endpoints.
But Microsoft did something else ingenious here. In addition to an agent-based solution, they decided to turn to their partner ISVs to proliferate Microsoft’s SSE Solution far and wide, giving their customers a rich ecosystem of choice and capability. This is where Aviatrix comes in, with the release of Aviatrix Secure Edge for Microsoft’s SSE Solution. Together, these two platforms give customers big benefits over the competition in the SASE space.
The Big Benefits of Aviatrix
Aviatrix is a software-based cloud networking and security company that builds an intelligent, encrypted cloud fabric across all the major cloud providers, as an overlay, then extends this programmable fabric down to the customer edge with Aviatrix Secure Edge. Unlike traditional cloud firewalls, Aviatrix embeds network security into every edge node, which services both cloud, branch, and data center applications. This cloud-first and cloud-agnostic approach to traditional network security, which Aviatrix calls their “Distributed Cloud Firewall,” has much to offer.
First, the policy needed to protect any application is only applied where the application exists, which means that enforcement is both immediate and dynamic. Aviatrix does this with a feature called “SmartGroups” that uses cloud APIs to track applications based on their IP address and/or their cloud native asset tags. This approach means far less user configuration and change is required, leading to faster deployments, streamlined management, and reduced human error. It also means that enforcement happens within each application environment itself, and not across the network.
Second, by distributing security across the entire network, but with centralized management and control, the Distributed Cloud Firewall looks and feels like a single firewall, but with end-to-end coverage that can handle everything that cloud can throw at it – shadow IT, network sprawl, rapid growth, mergers, mismatched architectures – you name it. As it is purpose built for cloud, the entire platform can be automated and deployed in minutes or hours instead of days or weeks.
Aviatrix Secure Edge: Now Powered by Microsoft’s SSE Solution
Aviatrix takes all this capability and makes it available at the customer edge, as either software or hardware (yes, people still need hardware, and a good thing too). With the addition of support for Microsoft’s SSE Solution, Aviatrix Secure Edge is now capable of complete L4-L7 security, IDS, and granular user-based access policies for Entra users. That means your united cloud firewall is now your untied secure edge, which ties in every secure edge across your entire network into a single heavy-duty yet agile platform that does both advanced networking and security.
A big benefit for Entra customers here is that any device, workstation, or application that is connected through Aviatrix can leverage Entra GSA. This means agentless support for Windows, Linux, MacOSX, containers, and PaaS services. Aviatrix, as a true SDN platform, also gives customers some very nice networking features to sink their teeth into, such as route filtering and isolation, NAT, and advanced visibility and troubleshooting. Aviatrix doesn’t charge a dime to move network data around either, instead offering a flat monthly fee that helps unwinds the challenges of deciphering your cloud bill and saves you some money to boot.
So, is Aviatrix an SD-WAN vendor, you might ask? Not exactly. Aviatrix follows a different approach to connectivity, one that was purpose built for the cloud and uses cloud-based principles for Day 2 operations. It can fit into any pre-existing cloud deployment without causing a disruption or change to the underlying design. SD-WAN connects different networks; Aviatrix uplevels and unifies them. Also, everything is automatically connected with line-rate high performance encryption. Because if you can encrypt everything at line rate with no added complexity, why not?
So, what’s the biggest benefit of them all? You now have a unified, wholistic “any-to-any” SASE solution. Any workload or application built in any edge location, anywhere in the world, can use the universal ZTA capabilities of Entra GSA to secure any destination. This represents a significant step in the evolution of SASE. There is no need to focus on the complexity of the network because the combined platforms do all the heavy lifting and optimization for you, right out of the box.
Instead, the focus is returned squarely to the user: who they are, what they need to access, why they need to access it, and for how long they need this access. Everything else in between becomes inconsequential. Which is ultimately what a true Secure Access Services Edge should be all about.
Learn more about Aviatrix Secure Edge for Microsoft SSE.
References
1. https://en.wikipedia.org/wiki/Secure_access_service_edge
2. https://learn.microsoft.com/en-us/azure/networking/microsoft-global-network