SASE
What is SASE?
SASESASE is a cloud-delivered architecture, coined by Gartner in 2019, that converges SD-WAN with security services like SWG, CASB, ZTNA, and FWaaS at the network edge.
Secure Access Service Edge (SASE) is a Gartner-defined architecture that merges wide-area networking and security into a single cloud-native service consumed close to the user. The networking side is typically SD-WAN; the security stack — known as Security Service Edge (SSE) — bundles secure web gateway, cloud access security broker, zero trust network access, and firewall-as-a-service, all controlled by identity- and context-aware policies. By inspecting traffic at globally distributed points of presence, SASE replaces the traditional hub-and-spoke model with low-latency, encrypted access to SaaS, internet, and private apps. It is now the dominant blueprint for hybrid and remote workforce security.
● Examples
- 01
A hybrid workforce reaches Microsoft 365 through a SASE PoP that enforces DLP, CASB, and ZTNA policies.
- 02
Branch offices replace MPLS with SD-WAN backhauled into a SASE provider for unified inspection.
● Frequently asked questions
What is SASE?
SASE is a cloud-delivered architecture, coined by Gartner in 2019, that converges SD-WAN with security services like SWG, CASB, ZTNA, and FWaaS at the network edge. It belongs to the Network Security category of cybersecurity.
What does SASE mean?
SASE is a cloud-delivered architecture, coined by Gartner in 2019, that converges SD-WAN with security services like SWG, CASB, ZTNA, and FWaaS at the network edge.
How does SASE work?
Secure Access Service Edge (SASE) is a Gartner-defined architecture that merges wide-area networking and security into a single cloud-native service consumed close to the user. The networking side is typically SD-WAN; the security stack — known as Security Service Edge (SSE) — bundles secure web gateway, cloud access security broker, zero trust network access, and firewall-as-a-service, all controlled by identity- and context-aware policies. By inspecting traffic at globally distributed points of presence, SASE replaces the traditional hub-and-spoke model with low-latency, encrypted access to SaaS, internet, and private apps. It is now the dominant blueprint for hybrid and remote workforce security.
How do you defend against SASE?
Defences for SASE typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SASE?
Common alternative names include: Secure Access Service Edge.
● Related terms
- network-security№ 1086
SSE
SSE is the security half of SASE — a cloud-delivered bundle of SWG, CASB, ZTNA, and often DLP and FWaaS that protects user traffic to internet, SaaS, and private apps.
- network-security№ 1272
ZTNA
ZTNA is a model that grants users access to specific private applications only after continuous identity, device, and context checks — never network-level access by default.
- network-security№ 1119
SWG
A Secure Web Gateway (SWG) is a proxy — on-prem or cloud — that inspects user web traffic, enforces acceptable-use policy, and blocks malware, phishing, and data exfiltration.
- cloud-security№ 148
CASB (Cloud Access Security Broker)
A policy enforcement point that sits between users and cloud/SaaS applications to enforce visibility, data protection, and threat controls.
- network-security№ 1219
WAAP
WAAP (Web Application and API Protection) is the modern evolution of WAF, adding API security, bot management, and DDoS protection into a unified cloud service.