What Is Security Service Edge (SSE)

First defined by Gartner, Security Service Edge (SSE) is a collection of security services that enable secure access to the web, cloud services and private applications. SSE technologies perform a variety of security functions, including access control, data security, threat protection, security monitoring and acceptable-use control. SSE technologies are typically delivered as a cloud-based service but may include on-premises or agent-based components.

SSE technologies form one half of a Secure Access Service Edge (SASE) architecture. SASE solutions converge networking and security technologies in a single cloud-delivered platform to improve security while simplifying network management. Along with technologies that form the security service edge, or SSE, the SASE technology includes Software-defined Wide Area Networking (SD-WAN) to enable more efficient direct-to-cloud connectivity.

SASE and Security Service Edge technologies are a response to the growing complexity of managing and securing modern IT networks. As organizations increasingly rely on cloud computing, the traditional network perimeter has disappeared, making legacy network security solutions all but obsolete. More employees are working outside the office than in it, usually connecting to cloud services and internal IT resources on personal devices through unsecured connections. At the same time, cyber threats continue to proliferate faster than ever, seeking to exploit the new attack vectors created by hybrid workforces and highly distributed IT environments. These trends have added enormous complexity and cost to the task of securing the enterprise, and security teams face increasing pressure from constrained budgets and talent shortages.

Enter the Security Service Edge. SSE technologies simplify security by converging multiple technologies in a single cloud-based platform. Security teams can manage Zero Trust policies for the entire organization, with access and enforcement provided through one endpoint agent rather than many. Integration is the strong suit of Security Service Edge. SSE enables organizations to manage access to the web, cloud and internal apps from one console, rather than managing multiple tools that each generate their own set of alerts and false positives.

This all-in-one approach makes it safer for people to work anywhere while enabling fast access to the cloud apps and internal resources they need.

SSE combines several key technologies that contribute to a multilayered approach to security.

Zero Trust Network Access (ZTNA) 

ZTNA is a gateway that enables secure access to private applications without the risks and complexities of VPNs. Applying Zero Trust principles to remote access, ZTNA requires continual authentication and authorization for each user and device and provides access only to the specific resources needed to perform a task at any given time. This prevents attackers or unauthorized users who have accessed the network from moving freely within it to access and compromise other assets.

Cloud Access Security Broker (CASB) 

CASBs are gateways that enable identity-based access control to cloud apps, allowing users on managed or unmanaged devices to easily and safely access cloud resources from anywhere. Sitting between users and cloud services, CASBs enforce security policies for traffic flowing to and from the cloud, inspecting traffic to identify threats, manage authentication, profile devices and perform other security functions. Forcepoint CASB uses a unique reverse proxy technology that enables secure connection through use cases that are traditionally difficult – such as users who need to connect on personal devices or guests who need access to the network. 

Secure Web Gateway (SWG)

SWGs filter and inspect web traffic to prevent unwanted traffic from entering the network and sensitive data from leaving it. SWGs enforce security policies by inspecting web traffic and blocking access to malicious apps or websites that violate company policies. SWGs also include capabilities for URL filtering, data loss prevention, application control, antivirus and HTTPS inspection.

Organizations can realize significant benefits with a SASE solution that combines secure SD-WAN and technologies in the Security Service Edge. SSE and SASE services improve operations and security by:

• Providing secure connectivity for the hybrid workforce. SSE enables organizations to provide consistent security on work-issued and personal devices for users anytime and anywhere.
• Simplifying security management. By converging multiple technologies within a Security Service Edge, SSE solutions enable all-in-one management and delivery of critical security functions both on-site and in the cloud.
• Reducing costs. When using a single SSE and SASE vendor, organizations can eliminate the need for multiple point products and vendor subscriptions. With a cloud-based SSE offering, organizations save money by avoiding the capital costs of software and hardware as well as the cost of managing and maintaining multiple point solutions.
• Enhancing performance. By moving security to the edge, SSE minimizes latency to enable better, more efficient performance.
• Increasing scalability. Security Service Edge technologies can scale up and down rapidly to meet evolving business requirements.

Forcepoint ONE is an all-in-one, cloud-native security platform that provides a single-vendor solution for the Security Service Edge. SSE technology from Forcepoint includes SWG, CASB and ZTNA solutions. Forcepoint ONE integrates seamlessly with Forcepoint FlexEdge Secure SD-WAN to provide a comprehensive, single-vendor SASE offering.

With Forcepoint ONE, organizations can:

• Empower faster and safer work from anywhere. Forcepoint ONE lets users work where they want and how they want, providing secure access in the cloud, on the web and to private apps with agent-based and agentless deployment.
• Replace aging and disparate infrastructure. A unified cloud service enables organizations to lower operating expenses and capitalize on the AWS hyperscaler platform.
• Support Zero Trust and SASE. Forcepoint ONE enforces Zero Trust principles, using identity-based access control to grant least-privileged access to employees, contractors and guests. Forcepoint’s secure SD-WAN enables faster, more reliable connections while minimizing management burdens for IT teams.
• Simplifying compliance. With Forcepoint ONE, security teams can implement strong controls for global data and privacy regulations using over 190 pre-defined policies available out of the box. Forcepoint ONE delivers continuous visibility into how users interact with data, enabling teams to maintain a clear view of compliance across the organization.