Netskope will offer its Endpoint SD-WAN targeted at remote workers, rounding out the vendor's secure access service edge (SASE) portfolio with what it claims to be the first ever software-based unified SASE client.

The vendor’s security services edge (SSE) combined with the new Endpoint SD-WAN is essentially a “SASE for your laptop,” Netskope SVP Parag Thakore said. The SD-WAN will leverage the unified SASE client, a software delivered to user endpoints without requiring any hardware appliance, he told SDxCentral.

Netskope considers this the first true SASE product for remote workers, arguing current solutions rely on legacy clients like VPN combined with SSE for those use cases. Thakore explained that VPN clients cannot optimize performance so users typically have to also deploy an SD-WAN appliance for home offices. These are not integrated SASE scenarios, he said. Instead, VPN, zero-trust network access (ZTNA), secure web gateway (SWG), cloud access service broker (Cloud Access Security Broker), data loss prevention (DLP) and SD-WAN appliances are often used as point products to form a disaggregated SASE.

“All these point products are just an operational nightmare, and it has really high costs,” Thakore said.

Netskope later this year will introduce general availability of the unified SASE client, which Thakore described as a “single agent that has Netskope Endpoint SD-WAN and SSE running in a unified software form factor on your laptop.”

The Netskope Endpoint SD-WAN built into a laptop ensures the same quality of experience as SD-WAN hardware appliances, Thakore said.

“To me, everything kind of starts with the [artificial intelligence (AI)]-driven operations framework, where we can go much deeper into your applications, traffic, devices, health stats, and then we have all of those analytics,” he added.

The software-based SD-WAN uses application-aware prioritization and dynamic path selection, and flags anomalies to automatically remediate poor last-mile performance. Similar to Netskope’s Borderless SD-WAN, the endpoint product uses a context-aware zero-trust policy.

The vendor has a cloud discovery engine supporting 60,000 applications through the Netskope SASE gateway that assigns a cloud confidence index to each Application for automatic prioritization and configuration.

“Netskope's strength for SSE is that it is context aware. It's not just applications, but it's Application, Application risk, user, user risk, device and device risk,” Thakore said.

The unified software for both functions of SASE – SSE and SD-WAN – also simplifies network management for remote users.

“You need that one platform, one software, one policy, one console, one architecture, and it doesn't matter whether the user is working in a branch or the user is working remotely from their workplace or in a cafe,” Thakore added. “You want to deliver the same level of high-performance connectivity and security no matter where that user is.”

Thakore pointed out that legacy VPN clients lack the contextual awareness of SD-WAN appliances. For example, “you cannot say Zoom is a high priority on your VPN clients,” he said.

Additionally, Netskope claims the Endpoint SD-WAN eliminates single-tunnel shortcomings of traditional remote access VPNs by connecting with multiple public and private data centers simultaneously. This enables users with policy-based direct-to-app access.

“With VPNs, you are backhauling the traffic, you're sending it back to your data center. But you're also paying a lot for the egress cost,” Thakore said.

Similarly to a modern SD-WAN appliance, the Endpoint SD-WAN connects users to multiple destinations, allowing web and Software-as-a-Service traffic to traverse through the Netskope SSE directly to cloud providers like Amazon Web Services (AWS) or Microsoft Azure. Based on their policy, users can steer that traffic from the client directly to their on-premises applications.

“That software can be in your branch, it can be in the endpoint, it can be in IoT like an ATM machine, or it could be in a multicloud environment like AWS, Azure or Google Cloud Platform,” Thakore said. “But that power of building that one consistent software across the board gives you that high-performance connectivity and security, and then have that one platform experience on top of it.”