SASE vs. SSE – What’s the difference?

By Mor Ahuvia, Product Marketing Manager

SASE vs. SSE – What’s the difference

While the security access service edge, or SASE, describes an architecture framework that consolidates networking and security delivered as a unified service from the cloud, SSE describes the security-as-a-service portion of this framework, leaving out the networking-as-a-service part. This new acronym reflects the observation that while organizations are looking to consolidate and simplify their network security for remote and hybrid workers, some prefer a best of breed dual-vendor approach with separate solutions for networking-as-service and security-as-a-service.

Coined by Gartner® in late 2021[1], “SSE secures access to the web, private applications and usage of cloud services. Capabilities include access control, threat protection, data security, security monitoring and acceptable use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and may include on-premises or agent-based components.”

Core SSE capabilities include ZTNA, SWG, CASB with secondary capabilities including RBI, FWaaS and DEM.

Drivers for Migration from on-prem to cloud-based SSE

So why are enterprises looking to migrate their on-prem security to cloud-based SSE solutions? As with SASE, the drivers remain similar:

• Improved user experience and performance – As data and applications increasingly reside outside the enterprise perimeter, and users shift to remote and hybrid work models, backhauling all traffic to a single prem-based security stack makes less and less sense, creating congestion, latency and a poor user experience. By making the entire security stack readily available from points of presence around the globe, users get a fast, local connection wherever they are and data is inspected closer to where it’s accessed.
• Scalability and agility – The dynamic nature of business today requires agility in supporting remote and hybrid workers to support changing mandates, supporting mergers and acquisitions, securing access for third parties (including partners, supplied and contactors) and leveraging seasonal peaks. Cloud based services are much more flexible, removing the need to install and maintain (e.g. patch) new hardware and software as business needs change.
• Consistent security policies – How do you ensure that the same security policy is applied to remote users, contractors and office workers? Unlike fragmented security solutions, a unified cloud-based security management system offers a single console from which to manage all policies—for branch offices, third parties and employees—so everyone is protected with the same security stack, whether they’re on or off premises, improving the entire organization’s security posture.
• Unified visibility – Monitoring, alerting and reporting on all access events from a single solution eliminates blindspots and simplifies auditing.
• Better utilization of scarce IT talent – By consuming security as a service from the cloud organizations can offload and outsource the many tasks required to maintain and scale their security. Instead of managing hardware appliances, teams can focus on manage policies. Tasks outsourced to the cloud vendor include ensuring load balancing and redundancy for high availability, backup and restore routines, and planning for business continuity in the event of a disaster or force majeure.

Gartner®[2] predicts that, “By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security services edge (SSE) platform.” This comes as little surprise given all the above-listed benefits.

How Check Point addresses the SSE Model

Harmony Connect SASE helps organizations make the transition from a centralized prem-based security model to a distributed cloud-based one. Harmony Connect SASE delivers the following SSE capabilities:

• Full ZTNA for any use case – Harmony Connect Remote Access offers zero trust network access (ZTNA) in two flavors: Client-based network-level access VPN-as-a-service, providing the power of layer 3 connectivity secured by Zero Trust, and clientless application-level access for layer 7 access. While the former is ideal for employees with managed devices, the latter is best suited for BYOD and third party access (e.g. partners and contractors).
• Cloud SWG – Harmony Connect Internet Access is a cloud-based Secure Web Gateway (SWG) service, which secures internet access and browsing for remote users, and includes threat prevention, access control and data protection, blocking the most evasive attacks before they can reach users.
• Branch FWaaS / SSE for branch offices – Harmony Connect integrates Check Point’s market-leading Next Generation Firewall, delivered as-a-service (FWaaS), providing customers with complete control and security to protect their users, branch-offices, and data-centers. Harmony Connect also integrates with leading SD-WAN solutions using advanced APIs, allowing consistent security to be enforced across thousands of sites with just a few clicks as branch users connect to the internet and SaaS apps.
• SaaS Security – Harmony Connect’s Internet Access, provides comprehensive SaaS security with granular application control for SaaS access and operations, integrated DLP, threat prevention and visibility.
  Additionally, we offer API-based protection for key SaaS services, via our Harmony Email & Collaboration (For CSPM, we also offer Cloudguard Security Posture Management.)

Why Harmony Connect for your Security Service Edge

As an SSE, Harmony Connect delivers several critical advantages:

• Flexible remote access options (clientless/client, layer 3/layer 7)
• Single user client for internet access and network-level remote access
• Proven prevention-focused security (via ThreatCloud, cloud IPS, Next-Gen FWaaS)
• Broad SD-WAN integration ecosystem
• Ease of deployment
• Ease of use

To learn more, download the datasheet or check out the resources below:

• Zero Trust Remote Access Guide to ensure secure corporate access
• Secure Internet Access Buyer’s Guide including the advantages of a cloud SWG
• SD-WAN Security Buyer’s Guide including how a branch Firewall-as-a-service can help

[1] Gartner® Predicts 2022: Consolidated Security Platforms Are the Future. Published 1 December 2021 – By

Charlie Winckless, Joerg Fritsch, Peter Firstbrook, Neil MacDonald, Brian Lowans. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. .

[2] Gartner® Predicts 2022: Consolidated Security Platforms Are the Future. Published 1 December 2021 – By

Charlie Winckless, Joerg Fritsch, Peter Firstbrook, Neil MacDonald, Brian Lowans.