[1] It uses cloud and edge computing technologies to reduce the latency that results from backhauling all WAN traffic over long distances to one or a few corporate data centers, due to the increased movement off-premises of dispersed users and their applications.
SASE SD-WAN functions may include traffic prioritization, WAN optimization, converged backbones and self-healing using artificial intelligence platforms AIOps to improve reliability and performance.
SASE vendors may contract with several backbone providers and peering partners to offer customers fast, low-latency WAN performance for long-distance PoP-to-PoP connections.
[8] SASE is driven by the rise of mobile, edge and cloud computing in the enterprise at the expense of the LAN and corporate data center.
SASE providers can optimize and route traffic through high-performance backbones contracted with carrier and peering partners.
Performance is also increased by implementing all security functions with a single-pass architecture inside a single PoP, to avoid unnecessary routing.
[2] Criticism of SASE has come from several sources, including IDC and IHS Markit, as cited in a November 9, 2019 sdxcentral post written by Tobias Mann.
Clifford Grossner of IHS Markit criticizes the lack of analytics, artificial intelligence and machine learning as part of the SASE concept and the likelihood that enterprises won't want to get all SD-WAN and security functions from a single vendor.
The central controller sets policies and prioritizes, optimizes and routes WAN traffic, selecting the best link and path dynamically for optimum performance.
NGFW combines a traditional firewall with other security and networking functions geared to the virtualized data center.
While SASE focuses security on WAN connections, a NGFW can be deployed anywhere including internally in the data center.
Research firm Forrester refers to a SASE-like type of converged network and security stack as Zero Trust Edge (ZTE).
[13] Forrester describes its model as similar to Gartner’s, but with additional emphasis on incorporating zero trust principles to authenticate and authorize users.