Aryaka adds SWG, FWaaS in pursuit of unified SASE

Secure access service edge (SASE) architectures are defined by the close integration of network connectivity and security in the cloud delivered as a service to enterprise WAN users. So, it makes sense for enterprises to seek out platforms that unify many SASE functions.

That is the model that Aryaka is pursuing, as it announced this week that its Zero Trust WAN SASE solution now includes Secure Web Gateway (SWG) and Firewall-as-a-Service (FWaaS) capabilities. Both are considered required core elements of the Secure Service Edge (SSE) portion of the SASE architecture.

This should help speed the rollout of these cloud-based security functions, an effort that would be more time-consuming and require more integration work if SWG, FWaaS and other SASE capabilities were each delivered as point products, Aryaka said.

David Ginsburg, Aryaka VP of Product and Solutions Marketing, told Fierce Telecom via email, “The enterprise should plan for a WAN based on Zero-Trust principles that incorporates a pervasive architecture where connectivity and security may be deployed at any point. It relies on a distributed data plane and unified orchestration and control. The way to implement this is via a unified SASE architecture.”

Aryaka’s journey to a unified SASE architecture got a big boost from its 2021 acquisition of Secucloud. Its efforts have been paying off, as research firm Dell’Oro Group back in July recognized Aryaka is one of only four SASE vendors capable of delivering “a unified secure access service edge solution that tightly combines security and network connectivity.” The other three are Versa Networks, Cato Networks and VMware.

That may help Aryaka’s approach gain notice in a rapidly expanding universe of SASE vendors that are taking a variety of different approaches to delivering the integration, efficiency, simplicity and cost-savings that SASE promises.

Acknowledging that the market is becoming more confusing for enterprises setting out to understand and migrate to SASE architectures, Ginsburg said, “What enterprises have to do is understand what they need and how it must integrate into their existing environment without rip-and-replace. In some instances, they are now set up for unified planning, where the networking and security teams are working together. Here, they may adopt a more complete SASE architecture. In others, the teams may be separate, and the networking team may focus more on connectivity, while the security team may focus just on the SSE. In any case, what needs to happen is for the enterprise to determine how to proceed, while not deploying something that will lead them into a cul-de-sac.”

SWG and FWaaS fit with the Zero Trust networking principles that are a key aspect of SASE architectures, but FWaaS is a relatively new capability that is still finding its way to market traction. Dell’Oro recently noted that while demand for virtual firewall solutions was up 61% in Q2 2022 compared to last year, revenue from traditional firewall hardware appliances still grew 12% year over year.

“While cloud-delivered network security solutions, like security service edge, have taken a rightful position in the enterprise security architecture, we still see a relevant role for firewall appliances,” said Mauricio Sanchez, Dell'Oro's Research Director for Network Security, and SASE & SD-WAN, in a statement. “Firewalls are foundational to good enterprise network security hygiene, and we do not foresee any solution fully displacing them over the next five years.”

Ginsburg said that in the short term enterprises may continue to use a mix of different firewall solutions.

“In the past, enterprises would have deployed on-premises firewalls. With the movement to the cloud, delivering this as a service at the cloud-edge as part of SASE is a natural evolution,” he stated. “But what we’ll see is a hybrid environment for the foreseeable feature, combining traditional on-prem (or datacenter-based) physical firewalls, on-prem virtual firewalls, such as those offered by our partners Check Point and Palo Alto, and integrated into our managed SD-WAN CPE, and then cloud-edge virtual firewalls such as those integrated in our Services PoPs and enabling FWaaS. Depending upon your destination – internet, SaaS, IaaS, datacenter – you will need different security capabilities.”