Aryaka's Sassy Additions - The SASE Bandwagon Continues To Gather Pace Five Years On...

I’ve talked a lot about SASE in this ‘ere blog, including the SASE Network Scorecard I developed earlier in the year.

For those who didn’t see that, here’s an example of one vendor completing it: https://www.netskope.com/resources/reports-guides/network-scorecard-for-the-netskope-newedge-sase-cloud  – and if you look back among this blog history you’ll see a Q&A with one of the original founding fathers of the framework (try saying that after a few frozen Margheritas) Joe Skorupa. Here’s the point – SASE is now over five years in the making and yet – unlike many proposed security/other tech mash-ups (who remembers SysSecOps? I thought not…) SASE is still blazing a trail and bigger than ever.

As I’ve also noted previously, as is typical of a Gartner-defined framework such as SASE/SSE, there are those vendors who were naturals, and those who – er – basically jumped on the biggest of security bandwagons out there. One vendor whose existence pre-dated SASE but is of the “natural fit” variety, is Aryaka. I recently had a most excellent briefing with Aryaka’s Chief Product Officer, Renuka Nadkarni, which exemplified the push that is still behind SASE. Given that the vendor based its original product offering on delivering secure WanOp then SD-WAN as a service, the migration to SASE was basically native, but such is the complexity now of the complete SASE offering, that even those vendors born to the SASE manor are still developing and expanding their product offering.

You can see what Renuka had to say about the product updates here: https://www.youtube.com/watch?v=ni5MLrUTOfw – but in summary, the two key elements involved one home-made feature and another one c/o a strategic alliance with another old client of mine, Menlo Security. The home-grown element comes in the form of CASB –  Cloud Access Security Broker –  essentially an on-prem or cloud-based security policy enforcement point, placed between cloud service consumers and CSPs to combine and interpolate enterprise security policies as cloud-based resources are accessed. It’s fair to say that this is one instance where Aryaka is playing catch-up with some of its competitors, but then they still have a lot of catching up to do on many other aspects of Aryaka’s service delivery!

The vendor defines its CASB offering as primarily providing:

  • Comprehensive Visibility: Unlock a complete view of your cloud environment—from user activity and data access to potential risks— empowering you to make informed security decisions.
  • Granular Access Control: Enforce fine-grained access policies based on user identity, device, location, and other contextual factors, ensuring that only authorised users can access sensitive data and applications.
  • Innovative Threat Protection: Leverage cutting-edge threat intelligence and machine learning algorithms to detect and prevent sophisticated attacks, such as malware, ransomware, and insider threats.

For me, the key feature here – and one that continues to dominate conversations with vendors and their customers – is the Visibility aspect. It’s amazing, nay, shocking, how many companies in pretty well any market vertical simply don’t know what their IT estate actually consists of. Throw a multi-cloud strategy into the scenario and that view becomes even more, well, cloudy… To use an old line of mine, how can you secure something if you don’t even know it’s there?

Moving onto the Menlo Security alliance (memories of dodgy videos shot in Hotel du Vin, Exeter – no, not “dodgy” in that sense!) Aryaka has effectively fast-tracked its way to being able to offer remote browser capabilities, as part of its SASE offering. Menlo effectively invented the idea of a “browser interception” layer, so that hapless users – think remote/WFH/WFA – are protected on their t’Interweb journey from being exposed to malware, phishing, and being held to cyber ransom when landing on some dodgy (yes, I do mean that kind of “dodgy” in this instance) sites full of hidden perils. Menlo used to offer a freebie browser plug-in that told you every single element on a page that was trying to find its way onto your PC/laptop/phone. Even I was scared! To implement these capabilities, Aryaka simply re-routes customer traffic directly from their edge devices to the Menlo Secure Cloud Browser and then back onto Aryaka’s private core network. As the version 2 of the caveman said, don’t bother reinventing the wheel, so what Aryaka has done here is another victory for CSaaS (Common Sense as a Service).

It will be interesting to see what lies ahead on Aryaka’s roadmap, and even more interesting if I get the opportunity for a close-up inspection of its SASE offering, a mere 10 years after my original report on the product! I suspect there’s been the odd change or two (thousand) 😊