close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Announcing Security Service Edge (SSE) for Dummies, the Industry’s First SSE Book!

                                      Jan 13 2022

                                      Security Service Edge (SSE) describes the evolving security stack crucial to a Secure Access Service Edge (SASE) journey, with core platform requirements that include CASB, SWG, and ZTNA capabilities. SASE is an architecture—really, a long-term journey that will change how we all think about security and networking. But SSE, as part of SASE, is a set of cloud-delivered security services you can acquire and make the most of today.

                                      Still, it can be difficult to separate clear, advice-driven information about SSE from what’s becoming an avalanche of industry buzz and marketing around both SSE and SASE. That’s why we’re so excited to release Netskope’s new book, Security Service Edge (SSE) for Dummies, the first SSE resource of its kind. True to the world-famous Dummies series it now joins, this book is intended to be your practical, no-B.S. explainer for SSE, its importance relevant to concepts like SASE, Zero Trust, and secure digital transformation, and fundamentally, how to build and deliver SSE capabilities.

                                      Below is an excerpt. You can grab your free copy of Security Service Edge (SSE) for Dummies here. Enjoy!

                                      Successful implementation of SASE and SSE is much more than swapping out technology. Zero Trust changes some basic assumptions about how security works. In the on-premises, network-based model, the assumption is that the network is secure and we must verify a person’s identity before granting access. So, we trust the network and verify the user. The typical paradigm granted the person access to everything or nothing—“allow” or “block” were the only choices. 

                                      Zero Trust changes this model as follows: 

                                      • When a person requests access, that request is evaluated in the context of several conditions. Identity is one of them, but the system also considers where the person is, the time of day, the device, the type of network connection, and many other variables.
                                      • The application to which the person is being connected is also part of that context. 
                                      • The desired service level is also an important factor. Is this a life-or-death use of an application or a video game played for fun? 
                                      • How the network path is protected may change based on the application being used. If someone is accessing their personal email account, an ordinary Internet connection is used, with Transport Layer Security (TLS) protection negotiated between their email server and email client. If a doctor is accessing patient records, a secure, encrypted, and authenticated path is established, regardless of the capabilities of the underlying network or application. 

                                      Based on this context, the confidence level of the person’s session is determined, and the person may be trusted either a little bit or a lot. A person requesting access at an unusual time from an unusual location to a highly-sensitive application (an instance of a low confidence level) likely will encounter a multi-step authentication process. The access granted may be limited to a small set of data and functions, and then in a read-only mode. A worker who’s accessing at their customary time from a secure location (an instance of a high confidence level) may get full access to all data and application capabilities. 

                                      Consider this example of a doctor accessing electronic health records via SSE that illustrates Zero Trust principles at work in SSE and how SSE helps bring Zero Trust principles to life: 

                                      • A doctor is carrying a facility-owned tablet as they treat a patient in the hospital. Based on the doctor’s identity, location, device, and other factors, the SSE determines it is safe to give the doctor full access to the patient’s records. 
                                      • The doctor walks across the street for a cup of coffee. They pop open a personal laptop, connect to the shop’s network, and try to access patient records. The SSE recognizes the doctor but identifies that the hospital does not own the laptop and that the laptop is on an unknown network. The doctor is allowed to view and comment on the records but can’t alter the data. 
                                      • The doctor is eating dinner at home; alerted to a crisis, they log their child out of Minecraft to use the family PC to access the patient’s records. The SSE recognizes that this computer is less secure than the hospital’s tablet. Instead of denying access, the SSE provides a series of prompts that enable the doctor to verify their identity further and frame the nature of the reason they need access. The SSE then provides the doctor with a secure set of resources to respond to the emergency —for example, inside an isolated browser session under control of the SSE. 

                                      Within network security, you often hear the term Zero Trust Network Access (ZTNA). ZTNA is an excellent choice for augmenting your virtual private network (VPN) to accommodate more remote access scenarios. With ZTNA, users don’t receive access to an entire portion of a network that could allow connections to many services. Instead, ZTNA grants the worker a connection only to the application they’re seeking to use and—as shown in our doctor story—only the minimum access needed to perform the task at hand.

                                      Implementing SSE using Zero Trust principles shrinks the attack surface and is far more data-driven, thus greatly improving the overall security posture. The level of risk presented by a person, an application, or a website undergoes continuous reevaluation. Security is adapting in real time based on changes in context. 

                                      If we take a closer look at this model and how it functions in the most advanced form, some important ideas emerge that can guide our efforts, among them:

                                      • Context
                                      • Least privilege
                                      • Risk scoring
                                      • Resource concealment
                                      • Continuous adaptive trust

                                      Get your copy of Security Service Edge (SSE) for Dummies to learn about all of these concepts in detail.

                                      author image
                                      Chad Berndtson
                                      Chad Berndtson is global head of content and communications at Netskope. He joined the team in 2020 following several years building successful content, communications, and social media teams at Palo Alto Networks, Tanium, and Fortinet. Earlier in his career, Chad was a technology journalist focused on networking, security, and other IT topics at the dawn of the cloud era.
                                      Chad Berndtson is global head of content and communications at Netskope. He joined the team in 2020 following several years building successful content, communications, and social media teams at Palo Alto Networks, Tanium, and Fortinet. Earlier in his career, Chad was a technology journalist focused on networking, security, and other…

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog