Security Serve Edge SSE

DNS Security’s Role in Security Service Edge & SASE

Jillian Kossman
January 20, 2022

TLDR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access. And it’s now called Security Service Edge (SSE). Protective DNS and user-level policies are part of the new, secure category, launched by Gartner in January 2022.

What is Security Service Edge?

The security service edge comprises three core services:

  1. Secure access to the internet and web by way of a secure web gateway (SWG). Secure Web Gateways protect users from online threats in addition to applying and enforcing corporate acceptable use policies.
  2. Secure access to SaaS and cloud apps via a cloud access security broker (CASB)

CASB is a middleman that sits between a user and access to cloud-based apps. It monitors all activities and enforces security policies.

  1. Secure remote access to private apps through zero trust network access (ZTNA)

Zero trust network access creates contextual identities at the user level for all applications and tools that may be accessed remotely.

These components are all focused on cybersecurity protection and identity verification at the granular level, and together form the whole of “Security Service Edge” as defined by Gartner.

How Is Security Service Edge Different Than SASE?

SASE is a cloud architecture purpose-built for security. SASE architecture includes the following:

  • Remote access to company resources (versus a traditional VPN setup)
  • Cloud-aware network access with each request inspected
  • Network security and access controls. This can include DNS security, firewalls, and CASB solutions - anything that 
  • SD-WAN capabilities that optimize traffic across any transport service
  • Threat detection and monitoring  

In the SASE framework, network and security services are integrated and delivered via the cloud. There is a software component, a platform or integration component, and a networking component. Security Service Edge (SSE) is a part of SASE that focuses on integrated cloud security at the edge/user level. 

The other component of SASE, the WAN edge piece, focuses on optimization of networking services, including software-defined wide area networking (SD-WAN), WAN optimization and quality of service.

To put it simply, SSE is really the security software half of the SASE framework. SASE is focused on consistency of security for all devices, users, and hardware, and that new policies are rolled out across the organization with ease.

Where Does DNS Security Fit In To Secure Service Edge?

Protective DNS is a key element of a secure web gateway (SWG). In fact, for many businesses, their DNS protection forms the backbone of their secure web gateway, as it is the primary barrier against malware, ransomware, and phishing websites, and is where policies for acceptable use are configured and managed. In legacy contexts, these two elements might be handled by a firewall, but with remote and distributed workforces it has become much more effective to use a DNS security tool as your secure web gateway.

  • New DNS based threats are detected and either automatically blocked via an existing policy, or added to block-lists used by multiple networks, roaming clients, or relays.
  • Policies for web access and content filtering are created from a central location and rolled out instantaneously.
  • Inspect DNS packets used to communicate IP addresses. DNS security is typically the only security layer that properly registers DNS-based threats and anomalous DNS activity or traffic.
  • Unlike legacy appliances and hardware, DNS security is cloud-based and protects users on all device types whether in or out of the office.

How To Enhance Your SSE Solution With DNS Security

Adding a layer of DNS security that integrates with your other security tools is a critical component of a Security Service Edge (SSE) minded strategy. It forms a key element of your Secure Web Gateway by inspecting DNS packets, protecting against DNS-based threats, and controlling web access and content filtering.

MORE Cybersecurity

Cybersecurity Report Mid-year 2022

Inside this report, you’ll see there’s been significant increases in botnet, DDoS, and phishing attacks, often on critical systems and infrastructure.

Get the Report

SIEM Integration with Data Export Feature

Data Export feature allows customers to transmit DNS query data from DNSFilter to an external location in real-time.

Learn More about Data Export

Lifesaver Program

Current OpenDNS customers get FREE DNS security through September 2022 when you commit to a 1-year deal with DNSFilter.

Get More Details

An Interview with Remote Work Expert Kaleem Clarkson

‍Companies and their employees are seeing the benefits of moving workforces to a virtual (or work from home) distribution. We sat down with remote work expert, Kaleem Clarkson, for a deeper dive.

Domain Intelligence from Full-Scope Cyber Threat Intelligence: An Introspective

Alex Applegate, Threat Intelligence Researcher at DNSFilter, shares what went into his decision to shift his cybersecurity focus to domain intelligence research.

RSAC 2022: The Rise of DNS-Based Attacks

With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.