Netskopeの SASE Summitにご参加ください 、あなたの近くの都市に来てください!今すぐご登録ください

  • セキュリティサービスエッジ製品

    高度なクラウド対応の脅威から保護し、あらゆるベクトルにわたってデータを保護します。

  • Borderless SD-WAN

    すべてのリモートユーザー、デバイス、サイト、クラウドへの安全で高性能なアクセスを自信を持って提供します。

  • プラットフォーム

    世界最大のセキュリティプライベートクラウドでの比類のない可視性とリアルタイムデータおよび脅威保護。

未来のプラットフォームはネツコペです

インテリジェントセキュリティサービスエッジ(SSE)、クラウドアクセスセキュリティブローカー(CASB)、クラウドファイアウォール、次世代セキュアWebゲートウェイ(SWG)、およびZTNAのプライベートアクセスは、単一のソリューションにネイティブに組み込まれており、セキュアアクセスサービスエッジ(SASE)アーキテクチャへの道のりですべてのビジネスを支援します。

製品概要に移動
Netskopeの動画
ボーダレスSD-WAN:ボーダレスエンタープライズの新時代を先導

NetskopeボーダレスSD-WANは、ゼロトラストの原則と保証されたアプリケーションパフォーマンスを統合するアーキテクチャを提供し、すべてのサイト、クラウド、リモートユーザー、およびIoTデバイスに前例のない安全で高性能な接続を提供します。

Read the article
Borderless SD-WAN
Netskope は、データと脅威の保護、および安全なプライベートアクセスを実現するための機能を統合した、最新のクラウドセキュリティスタックを提供します。

プラットフォームを探索する
大都市の俯瞰図
  • 変身

    デジタルトランスフォーメーションを保護します。

  • セキュリティの近代化

    今日と明日のセキュリティの課題に対応します。

  • フレームワーク

    サイバーセキュリティを形作る規制の枠組みを採用する。

  • 業界ソリューション

    Netskopeは、クラウドに安全に移行するためのプロセスを世界最大規模の企業に提供しています。

最小の遅延と高い信頼性を備えた、市場をリードするクラウドセキュリティサービスに移行します。

NewEdgeの詳細
Lighted highway through mountainside switchbacks
アプリケーションのアクセス制御、リアルタイムのユーザーコーチング、クラス最高のデータ保護により、生成型AIアプリケーションを安全に使用できるようにします。

ジェネレーティブ AI の使用を保護する方法を学ぶ
Safely Enable ChatGPT and Generative AI
SSEおよびSASE展開のためのゼロトラストソリューション

Learn about Zero Trust
Boat driving through open sea
Netskopeは、クラウドサービス、アプリ、パブリッククラウドインフラストラクチャを採用するための安全でクラウドスマートかつ迅速な旅を可能にします。

Learn about Industry Solutions
Wind turbines along cliffside
  • 導入企業

    Netskopeは、フォーチュン100の25以上を含む世界中の2,000以上の顧客にサービスを提供しています。

  • カスタマーソリューション

    お客様のため、Netskopeでお客様の成功を確実にすべく、あらゆるステップを共に歩んでまいります。

  • トレーニングと認定

    Netskope training will help you become a cloud security expert.

私たちは、お客様が何にでも備えることができるように支援します

お客様を見る
Woman smiling with glasses looking out window
Netskopeの有能で経験豊富なプロフェッショナルサービスチームは、実装を成功させるための規範的なアプローチを提供します。

Learn about Professional Services
Netskopeプロフェッショナルサービス
Netskopeトレーニングで、デジタルトランスフォーメーションの旅を保護し、クラウド、ウェブ、プライベートアプリケーションを最大限に活用してください。

Learn about Training and Certifications
Group of young professionals working
  • リソース

    クラウドへ安全に移行する上でNetskopeがどのように役立つかについての詳細は、以下をご覧ください。

  • ブログ

    Netskopeがセキュリティサービスエッジ(SSE)を通じてセキュリティとネットワークの変革を可能にする方法を学びましょう。

  • イベント&ワークショップ

    最新のセキュリティトレンドを先取りし、仲間とつながりましょう。

  • 定義されたセキュリティ

    サイバーセキュリティ百科事典で知っておくべきことすべて。

セキュリティビジョナリーポッドキャスト

ボーナスエピソード2:SSEのマジッククアドラントとSASEを正しく取得する
MikeとSteveが、ガートナー®社のマジック・クアドラント™のセキュリティ・サービス・エッジ(SSE)、Netskopeの位置づけ、現在の経済情勢がSASEの取り組みに与える影響について語ります。

ポッドキャストを再生する
ボーナスエピソード2:SSEのマジッククアドラントとSASEを正しく取得する
最新のブログ

Netskopeがセキュリティサービスエッジ(SSE)機能を通じてゼロトラストとSASEの旅を可能にする方法。

ブログを読む
Sunrise and cloudy sky
ネツコペAWSイマージョンデイワールドツアー2023

Netskopeは、Netskope製品の使用とデプロイについてAWSのお客様を教育および支援するために、さまざまなハンズオンラボ、ワークショップ、詳細なウェビナー、およびデモを開発しました。

Learn about AWS Immersion Day
AWS パートナー
セキュリティサービスエッジとは何ですか?

SASEのセキュリティ面、ネットワークとクラウドでの保護の未来を探ります。

Learn about Security Service Edge
Four-way roundabout
  • 会社概要

    クラウド、データ、ネットワークセキュリティの課題の先取りをサポート

  • ネットスコープが選ばれる理由

    クラウドの変革とどこからでも機能することで、セキュリティの機能方法が変わりました。

  • リーダーシップ

    ネットスコープの経営陣はお客様を成功に導くために全力を尽くしています。

  • パートナー

    私たちはセキュリティリーダーと提携して、クラウドへの旅を保護します。

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

詳しくはこちら
Supporting Sustainability Through Data Security
Highest in Execution. Furthest in Vision.

ネットスコープは2023年Gartner®社のセキュリティ・サービス・エッジ(SSE)のマジック・クアドラント™でリーダーの1社として評価されました。

レポートを読む
ネットスコープは2023年Gartner®社のセキュリティ・サービス・エッジ(SSE)のマジック・クアドラント™でリーダーの1社として評価されました。
思想家、建築家、夢想家、革新者。 一緒に、私たちはお客様がデータと人々を保護するのを助けるために最先端のクラウドセキュリティソリューションを提供します。

当社のチーム紹介
Group of hikers scaling a snowy mountain
Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。

Learn about Netskope Partners
Group of diverse young professionals smiling

SSE for Internet Service Providers: A Competitive Threat or an Opportunity?

Apr 07 2022

It feels like only yesterday when we first heard about SASE. The proposition of consuming network and security services from the cloud was attractive and resonated with the market. It’s no surprise that internet service providers (ISPs) started exploring how they could offer a set of SASE services. Fast forward to today and we all are watching how Security Service Edge (SSE) as a new product category is being received by enterprises. Gartner recently announced the first-ever Magic Quadrant for SSE and ISP product management teams are discussing what SSE means for their business. Is it another competitive threat being delivered from cloud providers? Or is it an opportunity to introduce a new service to the market? Or, oh wait, what does this mean for the Managed SASE service that I just launched?

As you probably know by now, SSE is one-half of the SASE framework. It is the brain that integrates a specific set of security services such as cloud access security broker (CASB), secure web gateway (SWG), zero-trust network access (ZTNA), remote browser isolation (RBI), and a cloud firewall (CFW). The other half of SASE is made up of WAN Edge Services—SD-WAN, application optimization, connectivity, and all other things around networking. Simply speaking, SSE + WAN Edge Services = SASE. 

Why service providers are well-positioned for a SASE framework

Simple logic leads us to the conclusion that if a service provider offers managed SASE, it should have SSE capabilities as a part of it. But the devil, as always, is in the details. Gartner, who coined the terms SASE and SSE, outlines the following properties of the future-proof SASE strategy based on SSE:

  • Consistent policy enforcement, regardless of location
  • Consolidated policy control plane
  • Sensitive-data visibility and control

So, if you already offer a managed SASE service, now is a good time to benchmark your capabilities against these requirements to make sure your service goes beyond just offering separated products and meets the latest demands.

But what if you don’t have a SASE offering, however, you see market demand? Your sales department talks about customer inquiries around SASE. Your marketing department shares exciting forecasts of how the SASE market size will grow during the next five years. And as a service design authority, you stand in front of the whiteboard and ask yourself: how do I offer a compelling service? How do I use my company strengths—broad and mature connectivity services—to stay ahead of the game?

The good news is that service providers are very well positioned to bring the SASE framework to life by offering a comprehensive service. Instead of offering a patchwork of various solutions addressing niche use cases, you can use the wide reach of your network and your expertise in serving large markets to introduce a consistent service that follows the spirit of SASE—connect ANY user with ANY cloud service and guarantee data protection. You can cover all types of access technologies and provide the same level of visibility and policy management with a contractually enforced SLA. Using SD-WAN terminology, by controlling both “underlay” and “overlay” of customer connectivity you are able to offer a better SLA and solve any issues faster.

How service providers can integrate SSE capabilities into SASE

Trying to reduce time to market, you might consider positioning your current WAN Edge Services capabilities as SSE. Your current SD-WAN offering is likely to have some security capabilities, such as (Next Generation) Firewall or UTM, however, make no mistake—those capabilities alone would not qualify as SSE. 

SSE goes far beyond point firewall capabilities, offering more security controls for a wider set of use cases. The combination of CASB and SWG enables building a singular policy to control cloud and web traffic for any application and any user. Remote browser isolation and zero-trust network access become a part of this policy, leveraging data context gathered by CASB/SWG. All these services are tightly integrated within SSE around the concept of data protection.

So, how do you roll out an SSE service? What customer segments do you plan to address? Are you going to use different solutions for different customer types? What technology stack should be used? Can SSE be implemented using NFV principles as a service chain of network and security VNFs or CNFs? Should it run in a public cloud, private cloud, or in a hybrid model, relying on something like AWS Outpost, Azure Stack, or Google Anthos? Or maybe it’s worth looking into existing SSE solutions and consider integrating them into your product line?

To help you answer these questions, let’s review the end-user expectations from SSE that will influence your decision process:

  1. Single console, single set of policies, single data lake for logs. The idea of SSE came from a market consolidation of SWG, CASB, and ZTNA components. The last thing your users want is to manage multiple products using multiple consoles and APIs. Moreover, as a service provider, you probably don’t want your operations to replicate the same policies between multiple tools, driving internal operational costs higher. 
  2. Visibility of cloud activities that is easy to understand. Your customers would appreciate intuitive dashboards that help understand risk areas and where they should focus their attention. Which applications are used? Do employees share company data using personal SaaS instances (such as Gmail or Office365)? Where is my sensitive data? Are there any signs of risky behavior across my users? Being able to answer these questions demonstrates how you can deliver very complex capabilities in a user-friendly way.
  3. No performance impact with all security controls enabled. By consuming security services from a cloud provider your customers expect consistent performance, no matter where they are. To guarantee this a service provider needs to consider from which points of presence (PoP) security services will be delivered and how the PoP location impacts the addressable market. At the same time, within each PoP, performance should not depend on the type of security controls that you enable. “Single-pass” architectures should be preferred over “service chains” where user traffic passes a stack of multiple security functions in a serial way.
  4. Cost. According to various forecasts (1,2,3) SASE market will reach between 5 and 8 billion US dollars during the next five years and is likely going to attract a lot of players. To stay competitive, it is paramount for a service provider to find the right pricing point for the service and keep the internal costs under control. Perhaps the most important decision here is whether you are going to build out the infrastructure to deliver SSE services or partner with an existing cloud security provider. While building out your own SSE capabilities makes total sense in the long run (especially if you have already invested into NFV infrastructure), consider the following “known unknowns” that might drive your costs higher:
  • VNF and CNF (network functions) license costs are usually underestimated. Common cases are single-tenant network functions and backup service chains provisioned for each customer, which requires deploying more network functions than you might have thought initially.
  • The costs associated with developing NFV orchestration (VNFM and NFVO) are also underestimated. Maintenance of multiple network functions from different vendors requires diverse protocols and frameworks and usually results in a mix of APIs, logging, SNMP, streaming telemetry, and so on. It gets even more complicated if you plan to implement auto-scaling and self-healing procedures.

And then there are “unknown unknowns”, such as possible scalability limitations and unstable performance, all driving your costs higher and higher. In this case, offering SASE using your existing network capabilities and partnering with an SSE provider helps you to have fixed costs and build a more predictable business model. 

Seems complex, right? Well, this is just the tip of the iceberg. However, we at Netskope are strongly convinced that SSE as a part of SASE is not a threat, but rather an opportunity for internet service providers. As organizations embark on a network and security transformation journey, they will be looking for a known, mature supplier able to lend them a hand, and internet service providers are very well positioned to offer a high-quality SASE service. 

If SASE is SSE + WAN Edge Services, then service providers are the “plus” sign, the right glue to integrate two halves and offer a well-rounded service. Netskope has experience in empowering ISPs to offer cutting-edge security capabilities and is ready to help. If you are interested to learn more, please reach out to [email protected] and we will share our experience.

author image
Kirill Kasavchenko
Kirill Kasavchenko is a Senior Engineer at Netskope focusing on developing partnerships with the world's largest security and internet service providers. His areas of interest include large-scale network design, the evolution of BGP and DNS, and the global internet infrastructure availability.