Christian Burgert/ Februar 4, 2025/ Allgemein

ZTNA, SASE, SSE, CASB… viele Begriffe doch was bedeuten diese und wie stehen diese im Verhältnis. Hier mal einige dieser „Schlagwörter“ und wie man diese einkategorisieren kann. Viele Wörter kommen von Gartner, einige sind Marketing diverser Firmen, welche hier versucht worden sind richtig gegenüber zu stellen.

  • SASE (Secure Access Service Edge)
    • Networking
      equivalent: WAN Edge
      • QoS (Quality of Service
      • Link Load Balancing
      • WAN Optimization
      • Caching
      • Routing
      • VPN
      • SD-WAN (Service defined wide-area Network)
      • (Next-Gen) Firewalling
    • SSE (Security Service Edge) 
      equivalent: ZTE (Zero Trust Exchange)
      • CSG (Cloud Security Gateway)
      • SWG (Secure Web Gateway)
        some: Zero Trust Web Access
      • FWaaS (Firewall as a Service)
      • CASB (Cloud Access Security Broker)
      • DLP (Data Loss Loss Prevention)
      • CBI (Cloud Browser Isolation)
      • ZTA (Zero Trust Access)
        Least-Access-Control / User, IoT, OT, Workload
        • ZTNA (Zero Trust Network Access)
          Replace VPN with Zero Trust
          equivalent: SDP (Software defined Perimeter)
        • ZTAA (Zero Trust Application Access)
        • ZTNA with Application Protection
        • Workload Segmentation
          (Zero-Trust) Micro-Segmentation
      • Data Protection

Non-Sense Marketing – Buzz-Worts & Äquivalent

Viele Hersteller bringen neue Begriffe ins Rennen. Doch es ist eigentlich mehr dem Motto „viel Lärm um nichts“…

Buzz-WortÄquivalentNote
Non-Sense MarketingBullshit Marketing
ZTNA 2.0
Palo Alto		ZTNAKlingt einfach besser. 
ZTNA 1.0 nach Palo war wohl nicht ganz der Gartner Definition gleichzusetzen… 
Zero Trust SASESASEMarketingbegriff von Zscaler
Zero Trust SD-WAN
Marketingbegriff von Zscaler
Zero Trust WAN ev. von Gartner  
ZTWA (Zero Trust Workload Access) ZTNA for Workloads mit Protection
ZTAA (Zero Trust Application Access)ZTNA for Application mit Protection
Zero Trust Network SecurityWorkload Segmentation

Definitionen – Nach Gartner

Secure access service edge (SASE)

Secure access service edge (SASE) delivers converged network and security as a service capabilities, including SD-WAN, SWG, CASB, NGFW and zero trust network access (ZTNA). SASE supports branch office, remote worker and on-premises secure access use cases. SASE is primarily delivered as a service and enables zero trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.

vgl.  https://www.gartner.com/en/information-technology/glossary/secure-access-service-edge-sase

Cloud Access Security Broker (CASB)

Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

vgl.  https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs

Security service edge (SSE)

Security service edge (SSE) secures access to the web, cloud services and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and may include on-premises or agent-based components.

vgl.  https://www.gartner.com/en/information-technology/glossary/security-service-edge-sse

Secure Web Gateway (SWG)

Secure Web gateway (SWG) solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.

vgl.  https://www.gartner.com/en/information-technology/glossary/secure-web-gateway

Zero Trust Network Access (ZTNA)

Zero trust network access (ZTNA) is a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.

vgl.  https://www.gartner.com/en/information-technology/glossary/zero-trust-network-access-ztna-

Share this Post