The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the fourth in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture.
This is when you’ll begin to put NG-SWG to work as you lay the foundation of your SASE. Fortunately, the capabilities needed to set things right are built into NG-SWG. You have everything you need to re-establish control over your enterprise data, not only on your own network but also, ultimately, everywhere in the cloud.
As shown in the table below, you’ll leverage the expanded security controls of NG-SWG to apply context, going beyond the “yes or no” functions used by your old appliances. NG-SWG also performs deep inspections of both your web traffic and your cloud traffic. And now that you’ve established a new inspection point, its functionality is expanded to exert fine control over the movement of and access to data to manage risk according to policies that make sense for your business.
Setting Policies to Manage Risk
|Out with the Old
|In with NG-SWG
|Netskope NG-SWG Integrates with . . .
|Legacy data loss prevention (DLP) — protects only stuff in the data center.
|Intelligent DLP protects all data being moved anywhere.
|Security information and event management systems and endpoint protection systems
|User behavior analytics (UEBA)
|Expanded behavior anomaly detection and user risk scoring.
|Various sandboxing solutions.
|Advanced threat protection (ATP), including sandboxing and machine learning–based anomaly detection.
If you’d like to read the complete Designing a SASE Architecture for Dummies book, you can download a complimentary copy here!