When data sharing and circulation become a rigid need, business networks that were originally isolated from each other break the boundaries and move towards convergence.
When an enterprise's data center is no longer the de facto "center of data," marginalization becomes one of the many services that users need to access.
With the rapid popularization of digital technologies such as cloud computing, IoT, and AI, enterprise network architectures are becoming increasingly complex, and traditional network security architectures are unsustainable.
How to improve the flexibility and scalability of the network under the new situation, and how to build a unified security defense line of "cloud-network-edge" from the perspective of the new IT architecture have become the key propositions in the construction of enterprise WAN.
A few days ago, after the 6th SD-WAN & SASE Conference and Cloud Network Conference, 51CTO interviewed Li Xiaodong, the first-line product manager, to discuss the above topics. From the perspective of the first line, we can not only see the innovation path of enterprise network architecture upgrade, but also get a glimpse of the trend changes contained in enterprise cloud edge security protection.
The wind starts at the end of Qingping. In the ICT industry, the development of one or several key technologies often leads to changes in their segments, which in turn pushes the industry forward in synergy, forming a synergy and pushing the industry into a new development cycle. In the current development of enterprise WAN, SD-WAN and SASE are two of the roles that cannot be ignored.
Gartner's latest 2023 China ICT Maturity Curve shows that SD-WAN is on a steady rally in China's ICT market after the bubble burst. In contrast, SASE, as a concept proposed by Gartner in 2019, is more new to Chinese enterprise users. SASE is not a specific technology, but more like a part of the broader evolution of network security architecture depicted by Gartner, as a product of a combination of WAN cloud and network security, providing a new solution to the traditional network security framework torn apart by cloud computing and mobile computing.
Some people may say that SD-WAN technology itself can provide some basic security for enterprise network environments, so why do we need SASE?Li Xiaodong explained: "With the increase of branches, mobile devices and cloud services of enterprises, the complex and dynamic network environment requires more flexible and efficient network security solutions. In recent years, the digitalization of enterprises has accelerated, but at the same time, many new security threats have also emerged, which have the characteristics of fast variant speed, concealment and persistence, and require rapid response and disposal of security protection. ”
In the wake of this evolution of the network environment, there is a growing realization that relying solely on traditional SD-WAN security features may not be sufficient to defend against modern cyber threats. DYXnet's layout of SASE service architecture is also to add stronger security on the basis of SD-WAN. By integrating multiple security services such as firewalls, CASBs, and ZTNAs into a comprehensive resource pool, organizations gain access to comprehensive network and security capabilities. SASE embeds security genes in the technical architecture system and network, and truly establishes an endogenous security system to better cope with increasingly complex security threats.
In recent years, AI applications represented by ChatGPT have become smash hits. Such new technologies and applications not only improve the efficiency of production and life, but also provide new attack vectors for cyber attacks, making attack implementation more flexible and more hidden, making threat detection and tracing more difficult.
At present, many security threats have begun to use AI empowerment to achieve higher attack efficiency. For example, attackers use AI to generate malware to better evade detection and defenseOr use AI to perform cyberattacks, such as DDoS attacks, SQL injection attacks, and malicious traffic attacks. AI is a double-edged sword, and how to use it is a matter of the sword-wielder.
In this context, FRONTLINE has also begun to look for its own exploration - working with leading security partners to connect with cloud intelligent engines to respond to various new security threats with more intelligent detection methods. With the support of AI technology, intelligent threat detection and protection can be realized, such as using AI technology for behavioral analysis and machine Xi, which can more accurately detect abnormal activities and potential threats in the network, especially improve the ability to identify unknown threats.
Li Xiaodong described this process as follows: After a new virus is generated, it can be detected at multiple levels through the cloud intelligent engine, and after the threat is detected, it can independently learn and Xi, and synchronize the results to the entire network SASE POP to achieve overall network immunity. In other words, DYXnet SASE can integrate real-time threat intelligence and then conduct agile blocking based on massive threat intelligence to respond to emerging threats and attacks.
For FRONTLINE, with services and resource capabilities such as SD-WAN, SASE, and edge cloud, and observing the implementation of AI in thousands of industries, exploring the layout of "edge AI" seems to be a natural choice.
Edge AI is used to process the data generated by edge terminals in real time to reduce latency, as well as processed traffic, reduce the use of network bandwidth, and then take advantage of the flexibility of edge computing deployment, bringing certain cost advantages. Li Xiaodong explained that FRONTLINE is committed to building an integrated solution for cloud and edge.
IDC**, by 2025, there will be 41.4 billion IoT devices in the world, and 73,147 EB of data will be generated during this period, about a quarter of which will be generated in real time. China's "14th Five-Year Plan" also clearly proposes to "coordinate the development of cloud services and edge computing services". Whether it is from the market trend or policy orientation, it can be seen that cloud-edge-end integration will definitely become an important evolution direction in the future.
Li Xiaodong introduced that with the support of the first-line cloud edge-end architecture, AI application capabilities can be sunk to the edge cloud and the device side for linkage, providing enterprises with field-level AI services and responding to needs intelligently and agilely. However, the security protection around this innovative interconnection scenario should not be ignored.
In response to this challenge, the first line also has corresponding plans: on the one hand, it will establish a security domain based on the SASE architecture, and build an edge computing domain with public cloud + edge cloud + SD-WAN. Based on dual-domain linkage, it implements flexible scheduling of edge AI and SASE capabilities, helping enterprises carry out multi-scenario protection and smart officeOn the other hand, the SD-WAN & SASE management platform is promoted to realize the adaptation and integration of cloud AI applications, edge clouds and intelligent terminals, and is driven by refined policies to carry out unified and visual management of the data interconnection and security situation of the whole chain of heterogeneous IT architecture. With a safety net, the development of edge AI can be further enhanced.
If SD-WAN and SASE are the key variables in the current transformation of enterprise WAN technology systems, then AI is the catalyst for accelerating the transformation, and cloud-edge-device integration is the beachhead that many enterprises are aiming at in this wave. From the perspective of the front line, it can be found that they are continuing to extend the boundaries of "cloud-network-security" service capabilities, and strive to open up the security and intelligent empowerment of "cloud-network-edge". As for the endgame of the game, we have reason to believe that, like any previous wave of technological change, it will be a story of "thousands of hard work, blown into the wild sand and gold".