MEF Infinite Edge SASE Deep Dive with VMware and Spirent

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
let's get our third deep dive session started for today and i'm thankful to be joined by expert panelists today craig connors chief technology officer of sd-wan and sassy at vmware and mark cohn principal technology strategist virtualization spirent thank you both so much for sharing your time and your talents with us today looking forward to having a good time you okay yeah great thank you thanks for having me john oh good good good good craig let's jump straight into this and help me understand what are the trends that are shaping the security landscape today yeah thanks john i think there's a couple important trends that are shaping the security landscape and really leading us down this path towards the secure access service edge or sassy the first is that you know classically when we deployed security techniques they were deployed in the perimeter at the branch in a firewall you know signature based security mechanisms deployed in asics and we were able to categorize threats and then react to those threats when they were seen and now in the modern world we have a couple different challenges to that one is that the perimeter is dissolving people are moving all over the place the second is that threats are evolving and so we have advanced security techniques like remote browser isolation like sandboxing like network threat analytics that really require cloud scale computing to deliver effectively and so what sassy allows us to do is deliver some of those advanced threat techniques in the cloud but in a way where they're close enough to users that they don't add a significant amount of latency and you know as mark and i were talking about users are shifting from inside the office to outside the office so that notion of the perimeter dissolving and work from anywhere is becoming more and more important especially in light of the pandemic and and i would uh echo what craig was saying because spirent like many other companies are in a situation where we are we're we're not even sure when we would come back to the office and even after the pandemic when we when everything settles out we've seen some survey data that indicates that up to a third of employees that were in an office before covet 19 are planning to stay at home or and and likely to be working from anywhere so we need to have a architecture that is going to address this changing in environment driven by the cloud that's a it's a great add-on mark and i appreciate you sharing all that and craig as you as you mentioned also it's that elevated exposure to people can continue to be working at home and where that's going to take us so i love how we kind of build that as the basis so we'll continue on that thought craig if you could just define sassy and why it's eliciting so much attention today right i think it was it was already exciting before this worked from anywhere shift it's it's it's extra exciting now it is uh you know there's there's a couple different things that we always talk about in security one is that you know when when we give keynotes at vmware we like to throw up this slide of all the security vendors in the industry and there's like a thousand logos on there right and and that itself is a security risk because if i'm in the sock and i've got to manage a different firewall vendor and a different cws vendor and a different zero trust vendor and you know all of my different piece parts of security are coming from all these different places it becomes a full-time job just to normalize what's going on in order to deliver that consistent security policy for everyone so as apps modernize and they move from the data center to the cloud as users move from the branch to anywhere we want a way of simplifying our security stack centralizing things as much as we can and and simply delivering that consistent policy to users so that we don't have such an enormous task in the sock of trying to manage this for our security business how would you like to add on to that mark uh well sassy in essence provides a distributed architecture where we're moving functionality that was traditionally deployed within the the customer environment the cpe and moving that to the edge and the edge is one of the most exciting areas of the cloud and as craig was implying this is going to be a new frontier where we're going to see a lot of a lot of different possibilities as sassy unfolds sure and how about if you would can you walk us through the sassy architecture yeah so let me walk you through you know our architecture and of course i brought a slide to show what the vmware sassy architecture looks like but i think at a high level you'll see the same core components coming through no matter which vendor you talk to on the on our diagram on the left side we have the access technologies and on the right side we have you know the security technologies when it comes to access there's the sd-wan obviously near and dear to my heart as the cto of sd-wan that's where your branch offices your retail stores your distribution centers are accessing what we call sassy pops those cloud points of presence that are geographically distributed to allow users to access those security services in a low latency way and then you have some form of zero trust or secure access so that users who aren't sitting in the branch can access from anywhere those same sassy pops and you know going back to that consistency model we talked about earlier get access to those same set of security services on the right when you talk about security there's really two different core types that we look at at vmware first is cloud web security so we're delivering this through a partnership with menlo security this is securing my web and sas applications things like casby anti-malware url filtering remote browser isolation for securing those internet applications and then you have next-gen firewalling where you want to be able to secure the things that are happening in your data center in your ias so again anti-malware url filtering some of the same techniques but you've also got ids ips and network threat analytics playing a big role and i'm sure you know mark being aspiring and talking to lots of different vendors you've seen a little bit different twist on this diagram but i bet they all look kind of the same as ours does yeah and i would uh i would tend to agree with uh with craig that the architecture is an architecture it's not an implementation so we're going to see various very i mean a number of variants that are going to be based on the the same model which is to distribute the cloud security functions in the cloud and because of the complexity of this environment because of the number of vendors that we're talking about i mean one vendor per security function and other providers of various security and infrastructure components this is a very complex environment and because of the especially the multi-vendor aspect to this of sassy this is one of the main motivations why the mef stepped in leveraging the momentum of the sd-wan project to consider the industry's first attempt to standardize the sassy architecture and not only do we need to standardize a service but we also have to rethink and examine the role of testing in that service because we're going to need to validate and assure the various different functions as well as the end-to-end service and and not to mention the existing infrastructure that the whole environment is built upon yeah and if i if i could just add to mark's point a little bit there you know he mentioned multivendor and i think that's that's really key when when sassy was conceived of i guess you know the idea was it was going to be a single vendor single pane of glass solution and i think you know the network security folks that are are listening to this are probably thinking well that sounds ideal but that's probably not realistic right and so it's it you know you want to simplify things as much as you can you want to provide a common cloud platform where you can interconnect these different security vendors but i think for most of us the reality is we're not all going to go to a single vendor tomorrow and so as we chart that evolution maybe from multi-vendor to single vendor or as we live in perpetuity in this multi-vendor world to mark's point you know how do i certify this that's where meth standards and techniques from spyrin become really really important because now it's not just trusting that the vendor's delivering what they said i've got to take two solutions and make sure that they're inter-operating in in a standard reliable secure way nope so true so you're saying that single pane of glass that's a that's a dream we can hope right we can still have hope for that come on craig hey we're gonna deliver it at vmware so if everyone wants to go pure vmware single pane of glass we've got the solution for you all right but we know that's not true for everyone so we'll accommodate both approaches well then talk me through what would you say are some of the best use cases that your customers are looking for yeah so you know i'll give a couple different examples and and the first one is a financial services customer that we have large across the united states and one of the challenges that they've faced is that they've shifted their work model as a result of the pandemic and it's not not a temporary thing they've made a permanent shift where they're going to reduce their retail footprint and instead of having folks sitting in the office five days a week they're going to rotate them through the office so folks will work from home some days and they'll work from the office some days and that will allow them to reduce their spend on on capital expenditure and things like that and so as a result they still want to be able to deliver that consistent security approach that we talked about earlier one technique that a lot of big companies do when it comes to securing the devices and applications is using remote remote desktop technology right and so this this company is using vmware's remote desktop technology the pcs live in the office the users whether they're working from home or they're working in the office they're accessing the same pc it's just a matter of whether i'm actually sitting at the mouse and keyboard or i'm sitting at home in remote desktoping into that same device that's sitting in my office and using their legacy approach what they had to do in order to access those machines is to connect via their traditional vpn so they have a big vpn heading in st louis they connect back to st louis and back to the office well that means for me so i'm in san jose california and if i need to access my pc that's sitting in san jose california i'm actually vpning to st louis back to san jose and then i'm adding all of this latency and it's really degrading my experience just to achieve that secure environment with sassy we've got these points of presence that are distributed around the united states and so those users now instead of going back to saint louis they're connecting no matter where they are to the closest sassy pop and this in the example i gave it happens to be in san jose so now i connect to a pop in san jose i'm authenticated using xero trust i hop on the network and go directly to the san jose office and so i've cut my latency down from an order of magnitude in order to access that use case and and i think you'll find similar use cases like that in the the remote work shift environment the other big use case that we've seen at vmware is folks that are hosting their cloud security services on-prem are finding that you know i talked about in the beginning some of these advanced security techniques that require cloud scale computing well when you start deploying them yourself you realize it's not as easy as deploying firewalls used to be now i've got to manage this elastic set of racks of 50 compute servers to do remote browser isolation and that's a big burden that i would like to offload onto a managed service and so you know one user benefit this low latency access the sock benefit the consistency and now you have the network management benefit of simplifying the deployment in the lab and that that makes it better for for basically everyone in the network which is kind of what we really want in any solution right and i'm sure mark you've seen similar benefits like this in talking to aspiring customers about why they're making the move to sassy and what they're hoping to achieve uh we and craig we have and the the architecture is very exciting to many customers because of the nature of the workforce today we talked about the trend toward a work from home or work from anywhere just paradigm shift that's very dramatic that it was already underway prior to the pandemic but was certainly accelerated and and i don't think we're going to go back as we discussed before but that actually introduces some major challenges to managing this environment that we didn't have before think of the attack surface which which went from a physical perimeter to now we have in an almost a greater number of home networks that don't have enterprise class security protection and we need to rethink how the home network environment fits into the broader enterprise environment when it comes to the number one priority for many cios i just saw some data from a very large survey which is security again where over 40 percent of those ceios are increasing their security spend as they look at 2021 especially on the tail end of major security breaches in the past two years and one one of the things that we have to think about is that when we're talking about a home user in particular because these were the use cases or at least part of the use cases that craig was mentioning the home user is largely on their own so the ability to minimize downtime and to be able to provide this this notion of multi-layer troubleshooting is even more critical in this environment we don't have an it organization that you can wander down to the next uh the next office over we can't just pick up another computer these are home users that have a very limited environment and and sassy is going to revolutionize how we're going to be able to address this new class of user that's going to be here for over the long term yeah i think you know a lot of people are probably thinking but didn't we already shift to remote work like isn't this a solved problem um and then i think really what happened is and i'll i'll say like vmware it these guys are heroes because on friday they said hey 30 000 people don't come to the office on monday and hey i.t staff make sure you're ready for that uh and so what we had was was literally heroics from these network teams all over the world at all these big companies making sure that people could just keep doing their jobs and now you know we've got time to take a breath and say you know as mark said this is the new normal going forward okay well let's figure out how we would do this right and how can we fix uh and robustify i guess if i can make that word up some of the the things we bandage together to make this work really quickly overnight and how can we make this secure and reliable for the long term so that we really can make this the new normal and make it a a solution that the sock and the knock and everybody's comfortable supporting for the long term that's good thank you craig robustify i'm actually going to write that down in case i have to get like a pictionary or something i have to define that or use that in a sentence uh trademark that's a good word and you're right i think we there's a lot of heroes literally watching this in terms of what they've done how heroic it truly is and making everyone accessible and usable from their home base uh mark dig in for me a little bit and how about the assessment of how how sassy is going to unfold and even address what are some of the accelerators and maybe even what's going to limit the adoption well like many networking technologies sassy is going to unfold based on a hybrid model we've had the chance to talk to not only some of our traditional customers which are technology providers as well as managed service providers and even security companies but we've also talked to some enterprise end users as well which we traditionally haven't uh served as as much as the other segments and what they have indicated is that they don't want to necessarily see a a a monolithic solution provided by a single vendor what they're going to do is integrate elements that they already have in place that are already deployed in existing data centers or even on dedicated servers and and and be able to bring on board cloud security functions as the edge is gains momentum within these uh within these enterprise environments and the hybrid environment just adds complexity in terms of management and in terms of validation of an assurance of how these end-to-end services are going to be delivered i mean if we had a streamlined single vendor solution it would be relatively straightforward we would work with that vendor we would integrate with that network management system or and and not only that security management systems whether it's a cm platform or whatever it might be but in this environment we have to be even extra vigilant to be able to think about how we're going to address disparate environments and multiple vendors security functions not to mention the infrastructure functions which adds a as a degree of complexity and and that's going to necessitate that we think through a multi-layer testing strategy that is that that builds upon the traditional network testing but expands into a very different set of security testing procedures facilities and even tools and security testing is much less structured it is more ad hoc it needs to be programmable to address an ever-changing set of threats in the in the in the environment and sashi lends itself to to restore some order by removing functions that may have been deployed at the end user and the data center and now are going to be deployed in the cloud and provides that that opportunity to centralize these functions as we migrate to a more cloud-native environment it's not going to start there but it's certainly going to end up there and and the memphis is going to play a role here as well we had established the meth security test and certification group which is examining how we can test how we can validate and and assure these new security services especially not just sassy but other meth initiatives like the application security for sd-wan program as well so what we are going to see is a is a is an environment that individual users are going to dictate how their journey unfolds and what we need to be able to do whether you're a sassy provider like vmware or a network provider or a a provider of of testing assurance solutions like spyron we need to be able to adapt into that very you know that that that pseudo-customized environment to be able to address their you know each individual needs excellent anything you'd like to wrap up with craig yeah i would just like to add you know in terms of adoption it's pretty exciting that we talk about the sort of classic crossing the chasm model and and innovators leading the way and that's not what we see in sassy i mean i mentioned that large financial services customer that's using us for our sassy solution those are not usually the first movers and so you can see how much excitement there is about this technology when companies that are usually very hesitant to adopt these techniques are adopting them to accommodate this new type of work environment i think when it comes to challenges just to build on mark's point you know we're bringing together a lot of different things zero trust sd-wan firewalling cloud web security deploying points of presence in the cloud and if you look at the vendors that are getting in the sassy space you know most of them aren't experts in all of those areas and so the impetus is on us as vendors you know at vmware even though we have workspace one zero trust even though we have nsx you know distributed firewall and some of these security techniques i think classically were not thought of as a security company and i think for some security companies they're not classically thought of as cloud companies delivering cloud points of presence and so the onus is on us to convince the users that we're the right solution to entrust their network to and that's where folks like meth inspire will help us in building that trust with the user base so that they feel comfortable making the move because like i said the need is obviously there as seen by those early adopters thank you so much craig and you're right you do bring customers together just like this whole entire meth infinite edge series has brought so many people together and thank you so much for sharing your time and your talents yourself as well mark so everyone out there watching put your hands together cheers high fives one more time for craig connors chief technology officer of sd-wan and sassy for vmware and mark cohen principal technology strategist virtualization perspirent thank you so much for joining us and folks what a great day it has been and a perfect way to wrap up episode 2 of the meth infinite edge series here to wrap things up officially is your host john
Info
Channel: VMware SASE
Views: 151
Rating: 5 out of 5
Keywords: Network Security, SASE, SD-WAN, SDWAN
Id: KGcvmTQGaxA
Channel Id: undefined
Length: 23min 33sec (1413 seconds)
Published: Wed Mar 17 2021
Related Videos
happy birthday Jeanrose 😍 Enjoy Your day
Boss tepin vlogs
7.1K
VMware Care at the Edge
VMware SASE
142
Simon Sinek 2021 - The Speech That Broke The Internet - Most MOTIVATIONAL Ever
Alpha Leaders
414K
Speeding up VCE Deployment in AWS infrastructure as code
VMware SASE
69
Zscaler, SASE Outbound inspection and protection, Season 1, Episode 3
Security Architecture Podcast
3.1K
Enabling Secure Cloud Transformation with the SASE Framework (T11665)
Palo Alto Networks Ignite
2.7K
Windstream chooses VMware SD-WAN
VMware SASE
106
Stanford Engineering Hero Lecture: Morris Chang in conversation with President John L. Hennessy
stanfordonline
204K
Harmonize Remote Teams with VMware Secure Access
VMware SASE
123
System administration complete course from beginner to advanced | IT administrator full course
Geek's Lesson
3M
Top 10 Certifications For 2021 | Highest Paying Certifications | Best IT Certifications |Simplilearn
Simplilearn
772K
What is SASE?
Michael Ferguson
8.4K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.