Business trends have expanded the attack surface, creating new vulnerabilities in the network. Cybercriminal gangs are rapidly adapting their techniques to tap into these vectors. The emerging risks prompt next-generation countermeasures that can close security gaps at source.
For the past fifteen years, Aryaka has built a robust network that provides reliable connectivity and guaranteed performance to businesses across continents. Now they have layered in security to provide a unified solution that delivers security-driven networking.
At the recent Security Field Day event, Aryaka presented Aryaka Unified SASE as a Service. With this solution, Aryaka promises to provide customers agility, simplicity, performance and security, all in one package.
Security Tool Sprawl, and the Tradeoffs
When fighting novel threats, organizations quickly turn to new tools and technologies. A downside of that strategy is snowballing complexity debt. Too many point solutions that are loosely integrated cause operational complexity and friction. The debilitating effects include deployment slowdowns and subpar user experience. Specialized skills and consulting services are required to navigate these on a day-to-day basis.
“You may build some amazing technological things from a security perspective, but unless you can actually be in the traffic and do the enforcement, none of it matters,” says Renuka Nadkarni, Chief Product Officer.
Aryaka Unified SASE as a Service
To get the tool sprawl under control whilst guaranteeing security, Aryaka proposes converging network and security technologies. This vision came to fruition in the Aryaka Unified SASE as a Service solution.
This framework brings together a highly performant network and tight security controls in a cloud-based model. The solution combines in-depth security capabilities. Typically, miscellaneous solutions deployed in the network, like, secure web gateway (SWG) and Cloud Access Security Broker (CASB), collectively achieve three common outcomes – access control, threat protection, and data protection.
“It’s not that we don’t have enough security technologies available. Access control, threat protection, and data leakage prevention have been around for more than a couple of decades. The problem to solve for is how do we make them enforceable and effective,” Nadkarni points out.
Aryaka Unified SASE as a Service covers all three bases of networking, security and observability. This is accomplished via a trifecta of solutions, namely the Aryaka OnePASS Architecture, the Aryaka integrated security network and observability services, and the Arkaya delivery options.
At the core of this solution is the Aryaka Zero Trust SD-WAN that forms the underlying network. A global private network, this zero-trust backbone delivers performance through the first, middle and last mile.
“We call it zero-trust because you cannot get on our backbone infrastructure unless we know who you are. There is an implicit zero-trust concept because we provide global connectivity for users.”
Having a performant and reliable connectivity layer that offers guaranteed bandwidth for its users provided Aryaka a solid foundation to build a complete SASE solution on. “From the security standpoint, there’s only a finite number of things that you can do. If you are actually the network layer, the plumbing, and you can look at every single packet that comes to you, the amount of things that you can do is limitless,” Nadkarni says.
Zooming in on the Components
Powering the Unified SASE as a Service solution is a key component called the Aryaka OnePASS Architecture. PASS stands for performance, agility, simplicity and security. This is a purpose-built architecture that comprises a unified control plane for configuration and observability, a distributed data plane across datacenter, branch, SaaS, etc, and single pane-of-glass management.
OnePASS allows every data packet to be inspected and processed extensively in one pass, without going through screening twice. It’s Run-to-Completion Model ensures that every flow runs through all SASE functions – Firewall as-a-service (FWAAS), SWG, Cloud Access Security Brokers (CASB), anti-malware, IPS and more – through a single SSL decryption, thus delivering maximum security end to end. Policies are enforced completely at the branch without any performance impacts.
Integral to the single-pass design is the Aryaka Network Access Point (ANAP), their edge appliance line. The APs aggregate several WAN connection, and offer networking services like deep packet inspection, traffic management, and encryption, in a bundle.
A defining feature of the Unified SASE solution is the Aryaka hyperscale Points-of-Presence (PoPs) infrastructure. The PoPs are distributed strategically across six continents to provide users optimal access to cloud, datacenter and SaaS applications.
End-to-end visibility is rendered via a co-managed portal that collects insights and alerts in real-time, bringing together a full picture of things including configuration, management, performance and risks.
These are topped by Aryaka’s unique delivery model that offers businesses flexible ways to consume the solution.
Nadkarni notes, “Sometimes customers know what the problems are, but they have a skill shortage, or budget constraints, or deployment problems in remote locations.”
That’s where Aryaka really shines. “ We hold customers’ hands through the SASE journey, helping them deploy these security controls and design best practices, as well as manage them.”
Aryaka’s Lifecycle Services make all the difference in adopting and integrating SASE easily in the existing infrastructure. These include everything from design to implementation, orchestration and management.
Aryaka’s implement choices include self-managed, co-managed and vendor-managed options. Customers can deploy Aryaka products and services exclusively, or use a mix of Aryaka and third-party solutions based on deployment requirements.
To get a deep-dive of the Unified Aryaka SASE as a Service architecture, make sure to check out Aryaka’s presentations from the Security Field Day event.