- Why DNSFilter
by Steve Staden on Oct 30, 2023 5:19:00 PM
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber protection that DNS protection has to offer.
The security service edge comprises three core services:
CASB is a middleman that sits between a user and access to cloud-based apps. It monitors all activities and enforces security policies.
Zero trust network access creates contextual identities at the user level for all applications and tools that may be accessed remotely.
These components are all focused on cybersecurity protection and identity verification at the granular level, and together form the whole of “Security Service Edge” as defined by Gartner.
SASE is a cloud architecture purpose-built for security. SASE architecture includes the following:
In the SASE framework, network and security services are integrated and delivered via the cloud. There is a software component, a platform or integration component, and a networking component. Security Service Edge (SSE) is a part of SASE that focuses on integrated cloud security at the edge/user level.
The other component of SASE, the WAN edge piece, focuses on optimization of networking services, including software-defined wide area networking (SD-WAN), WAN optimization and quality of service.
To put it simply, SSE is a pillar that focuses on the security controls of the SASE framework. SASE is more holistic, encompassing the network controls and security for all devices, users, and hardware, and means that new policies are rolled out across the organization with ease.
Protective DNS is a key element of a secure web gateway (SWG). In fact, for many businesses, their DNS protection forms the backbone of their secure web gateway, as it is the primary barrier against malware, ransomware, and phishing websites, and is where policies for acceptable use are configured and managed. This is all while providing the necessary reporting, logging, and insights in the dashboard (or to a SIEM) for observability. In legacy contexts, these two elements might be handled by a firewall, but with remote and distributed workforces it has become much more effective to use protective DNS as your secure web gateway.
Adding DNS protection that integrates with your other security tools is a critical component of a Security Service Edge (SSE) minded strategy. It forms a key element of your Secure Web Gateway by inspecting DNS packets, protecting against threats, controlling web access and content filtering, and providing observability.
When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.