Alex

InfoSec Pro

SSE vs SASE: What’s the Difference?

What is SASE? 

The Secure Access Service Edge (SASE) category was created by Gartner in 2019 to define the convergence of networking and security capabilities into a single cloud-native service. SASE has, therefore, two pillars: networking and security.  

The networking pillar of SASE focuses on the resiliency and optimization of access and includes capabilities such as SD-WAN, WAN optimization, and quality of service. The security pillar of SASE secures network traffic and application access by converging SWGCASBZTNA, and FWaaS, to enforce corporate security policies on all users and locations.  

What is SSE? 

Two years after introducing SASE, Gartner introduced a new category called Security Service Edge (SSE). SSE describes a limited scope of network security convergence, which combines SWG, CASB/DLP and ZTNA into one, cloud-native service. SSE provides secure access to internet, SaaS and specific internal applications, without directly addressing secure access to WAN resources. These remain part of a separate technology stack including technologies such as SD-WAN, Next Generation Firewalls (NGFWs), and global network backbones.  

SASE vs SSE: What’s the Difference? 

SSE can be thought of as a key portion of SASE’s security pillar. SASE takes a broader and more holistic approach to secure and optimized access, addressing both optimization of the user experience and securing all access and traffic against threats, attacks, and data loss.  

SASE or SSE: Which Will You Choose? 

IT professionals are faced with the decision of how they approach the “converged future” of their IT infrastructure. Some enterprises will opt for full SASE convergence and others will approach their transformation journey in multiple phases, starting with SSE-driven security transformation and later converging the SD-WAN layer, as needed. Opting for SSE solution that is part of a single-vendor SASE platform is a strategic decision, that leaves the path open for future network transformation, as well as architectural convergence, greater business agility, operational simplicity and lower TCO. 

2020 – What a year!

The FireEye security breach disclosure and the SolarWinds affair are just here to remind us that despite all the efforts in CyberSecurity and InfoSec, there is a long journey ahead and lots of stuff to do. I’ve been busy all over the year to perform risk assessments and help organizations to improve their security posture. I see many workloads moving from on premise to the cloud, new TTPs are emerging and Blue Teamers need to work harder to protect company’s most valueable assets.

Get-FileHash

The Get-FileHash cmdlet computes the hash value for a file by using a specified hash algorithm. A hash value is a unique value that corresponds to the content of the file. Rather than identifying the contents of a file by its file name, extension, or other designation, a hash assigns a unique value to the contents of a file. File names and extensions can be changed without altering the content of the file, and without changing the hash value. Similarly, the file’s content can be changed without changing the name or extension. However, changing even a single character in the contents of a file changes the hash value of the file.

The purpose of hash values is to provide a cryptographically-secure way to verify that the contents of a file have not been changed. While some hash algorithms, including MD5 and SHA1, are no longer considered secure against attack, the goal of a secure hash algorithm is to render it impossible to change the contents of a file-either by accident, or by malicious or unauthorized attempt-and maintain the same hash value. You can also use hash values to determine if two different files have exactly the same content. If the hash values of two files are identical, the contents of the files are also identical.

By default, the Get-FileHash cmdlet uses the SHA256 algorithm, although any hash algorithm that is supported by the target operating system can be used.