Coming to me in the form of Sonicwall’s Cloud Secure Edge (at a monthly, per-user cost), I understand the basics of what they say it’s going to do, but I also have been doing this long enough to understand when someone’s using a lot of buzzwords and scare tactics to hype a much simpler concept that I feel I am not as much up on. I would welcome any and all comments from those of you with any experience in implementing/utilizing/understanding SSE. Thanks in advance!
Avoid Sonicwall
It’s a hosted vpn.
Right…but is it somehow “more secure” than just a simple SSL VPN client? Granted, I have to put in a password, so anyone who compromises that password now can setup the same, so a password-less solution is inherently “more secure” in that regard…but aside from that…?
It’s probably IPsec, not ssl.
Enterprise grade firewalls should be cert, MFA or SAML. I wouldn’t expect a simple username/password in use today.
It’s not more or less secure than the same setup on an in-house firewall.
Hadn’t heard of it, reading up on it I think my employer (a very large company) has already implemented a form of it effectively. For us it’s taken the form of a trusted auth service for all of our internal websites/services with everything now being directly Internet facing. This means that you can access (almost) everything without a VPN from anywhere, and it removes the idea of “internal” traffic being trustworthy. It’s mostly been pretty nice from a user perspective.
It also sounds like a buzzword that a lot of companies are trying to use to sell you bundles of saas products.
Thank you! The whole thing feels like another “the cloud”, or “AI” push, and I instantly distrust anything that leverages fear as a sales tool. From what I’m seeing, it feels like there’s potential for improving the user experience, so I’m glad to hear that aligns with your perspective!
Much like Zero Trust it looks like a framework on providing access to privileged information based on policies. Looks to integrate zero trust with a cloud firewall and session broker.
Where I’m trying to get is, zero-trust being a good framework, does it make sense to go with SW’s proposal, or can I do it myself for less/no cost with other solutions out there? It seems like MS has an offering under “Global Secure Access” that might be bundled in with Office365 premium, so I’ve started focusing there…
As a rule of thumb IMO the fewer features you implement with M365 the better.
Yeah, I get that. The disruption to everyone’s workday switching to FOSS services would be immediate and (figuratively) violent…but I’ve had some conversations down that road…
I’m not talking about FOSS. It’s just M365 really sucks to administrate and when I see how you’re supposed to configure it and what the defaults are, I’m regularly like
My take is only valid for my environment, I think 😅 What’s your environment and threat model? Are you feeling that your current defenses are insufficient, is there an actual or potential increase in attacks? Are you finding yourself struggling to manage and secure company infrastructure with everyone’s personal devices connecting to it? Are your users frustrated with the security you do have in place? Or, are you looking to add new layers to address a deficiency?
IMO cloud services like this are either overpriced now or will get overpriced in the future; they usually work fine until there’s an outage or until they get compromised. But, I haven’t had to run a large corporate environment yet, and I could see the allure of offloading all the security onto an external vendor that we can blame (and sue) if things go wrong down the track.
edit: reading u/False’s comment it does sound like it’s at least a decent user experience, at least if they’re using the Sonicwall product you’re looking at. You can almost certainly build an equivalent service internally with FOSS tools, but will the user experience be as good/seamless? That’s a lot less certain.
My customer is a mid-large size environment with not a lot of tech-savvy folk who are always frustrated with additional security, so anything that would decrease the number of MFA pushes passwords they have to remember would be a win. For that matter, decreasing the number of hours spent admin-ing those things is also desireable. Currently, we’re just using simple SSL VPN to access on-prem file/print services.
