DNS Protection's Role in Security Service Edge (SSE) and Secure Access Service Edge (SASE)

Listen to this article instead
4:39


TL;DR:
SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called
Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber protection that DNS protection has to offer.

The security service edge comprises three core services:

  • Secure access to the internet and web by way of a secure web gateway (SWG). Secure Web Gateways protect users from online threats in addition to applying and enforcing corporate acceptable use policies.
  • Secure access to SaaS and cloud apps via a cloud access security broker (CASB)

CASB is a middleman that sits between a user and access to cloud-based apps. It monitors all activities and enforces security policies.

  • Secure remote access to private apps through zero trust network access (ZTNA)

Zero trust network access creates contextual identities at the user level for all applications and tools that may be accessed remotely.

These components are all focused on cybersecurity protection and identity verification at the granular level, and together form the whole of “Security Service Edge” as defined by Gartner.

How Is Security Service Edge Different Than SASE?

SASE is a cloud architecture purpose-built for security. SASE architecture includes the following:

  • Remote access to company resources (versus a traditional VPN setup)
  • Cloud-aware network access with each request inspected
  • Network security and access controls. This can include DNS security, firewalls, and CASB solutions
  • SD-WAN capabilities that optimize traffic across any transport service
  • Threat detection and monitoring

In the SASE framework, network and security services are integrated and delivered via the cloud. There is a software component, a platform or integration component, and a networking component. Security Service Edge (SSE) is a part of SASE that focuses on integrated cloud security at the edge/user level. 

The other component of SASE, the WAN edge piece, focuses on optimization of networking services, including software-defined wide area networking (SD-WAN), WAN optimization and quality of service.

To put it simply, SSE is a pillar that focuses on the security controls of the SASE framework. SASE is more holistic, encompassing the network controls and security for all devices, users, and hardware, and means that new policies are rolled out across the organization with ease.

Where Does DNS Protection Fit into Secure Service Edge?

  • Protective DNS is a key element of a secure web gateway (SWG). In fact, for many businesses, their DNS protection forms the backbone of their secure web gateway, as it is the primary barrier against malware, ransomware, and phishing websites, and is where policies for acceptable use are configured and managed. This is all while providing the necessary reporting, logging, and insights in the dashboard (or to a SIEM) for observability. In legacy contexts, these two elements might be handled by a firewall, but with remote and distributed workforces it has become much more effective to use protective DNS as your secure web gateway.

    • New threats are detected and either automatically blocked via an existing policy, or added to block-lists used by multiple networks, roaming clients, or relays.
    • Policies for web access and content filtering are created from a central location and rolled out instantaneously.
    • DNS protection is typically the only security layer that properly registers DNS-based threats and anomalous DNS activity or traffic.
    • Unlike legacy appliances and hardware, protective DNS is cloud-based and protects users on all device types whether in or out of the office.
    • Reporting and logging provide visibility and enable an understanding as to what is happening on the network, giving end users the ability to drill in and connect protection data to other data via a SIEM.

How To Enhance Your SSE Solution With DNS Security

Adding DNS protection that integrates with your other security tools is a critical component of a Security Service Edge (SSE) minded strategy. It forms a key element of your Secure Web Gateway by inspecting DNS packets, protecting against threats, controlling web access and content filtering, and providing observability.

Search
  • There are no suggestions because the search field is empty.
Latest posts
2025 Cybersecurity Predictions: It’s Not Just AI, Here’s How Cybersecurity Will be Transformed in 2025 2025 Cybersecurity Predictions: It’s Not Just AI, Here’s How Cybersecurity Will be Transformed in 2025

Earlier this month I joined Mikey Pruitt, our Global Partner Evangelist, on the DNSFilter podcast dnsUNFILTERED to discuss my 2025 cybersecurity predictions. We had a lot of fun and covered all of the points I’ll outline here, but I wanted to go deeper. My 30 years of cybersecurity experience have given me a strong sense of where we’re heading as an industry—the shift to the cloud in many ways is a precursor in the adoption of AI and the future...

From Reactive to Proactive: How to Create a DNS Security Strategy that Stops Attacks From Reactive to Proactive: How to Create a DNS Security Strategy that Stops Attacks

Most businesses only think about DNS security after an attack has already occurred. By then, the damage is done - downtime, lost revenue, compromised data, and a tarnished reputation. In an environment where cyber threats are constantly evolving, a reactive approach to DNS security simply isn’t enough.

How MSPs Can Enhance Customer Experience with Technology How MSPs Can Enhance Customer Experience with Technology

Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.