SASE Security Tech Conference 2026 —
SASE Security Conference 2026
SASE Security Tech Conference 2026 Zero Trust SD-WAN SWG CASB ZTNA FWaaS AI Cloud Zscaler Palo Alto Netskope Cloudflare
| Component | Function | Replaces | Key Vendor |
|---|---|---|---|
| SD-WAN | เชื่อมสาขา ผ่าน Internet | MPLS | VMware VeloCloud Fortinet |
| SWG | กรอง Web Traffic Malware | Web Proxy | Zscaler Netskope |
| CASB | ควบคุม SaaS Access | Shadow IT Control | Netskope Microsoft |
| ZTNA | Zero Trust Access แทน VPN | VPN | Zscaler Palo Alto Cloudflare |
| FWaaS | Firewall บน Cloud | Hardware Firewall | Palo Alto Fortinet |
| DLP | ป้องกันข้อมูลรั่ว | On-prem DLP | Zscaler Netskope Symantec |
SASE Architecture
# === SASE Architecture Design ===
from dataclasses import dataclass
@dataclass
class SASEComponent:
component: str
deployment: str
policy: str
integration: str
monitoring: str
components = [
SASEComponent("SD-WAN",
"Branch Router → SASE PoP → Cloud/DC",
"App-based Routing QoS Failover",
"เชื่อมกับ SWG ZTNA ผ่าน SASE Platform",
"Bandwidth Latency Jitter Packet Loss"),
SASEComponent("SWG (Secure Web Gateway)",
"Cloud Proxy ทุก Web Traffic ผ่าน SWG",
"URL Filtering Malware Scan SSL Inspection",
"ใช้ร่วมกับ CASB DLP สำหรับ Inline Protection",
"Blocked URLs Malware Detected Bandwidth"),
SASEComponent("CASB",
"API Mode (Out-of-band) + Inline (Forward Proxy)",
"Sanctioned/Unsanctioned App Sharing Control",
"เชื่อมกับ SWG สำหรับ Inline DLP สำหรับ Data",
"Shadow IT Score App Usage Data Sharing"),
SASEComponent("ZTNA",
"Agent-based + Agentless (Browser)",
"Identity + Device + Context → Allow/Deny",
"เชื่อมกับ IdP (Okta Azure AD) + EDR",
"Auth Success/Fail Device Compliance Access Log"),
SASEComponent("FWaaS",
"Cloud Firewall ทุก Traffic ผ่าน SASE PoP",
"L3-L7 Rules IPS Threat Prevention",
"ใช้ร่วมกับ SD-WAN สำหรับ Branch Traffic",
"Rules Hit Threats Blocked Traffic Volume"),
]
print("=== SASE Components ===")
for c in components:
print(f"\n [{c.component}]")
print(f" Deploy: {c.deployment}")
print(f" Policy: {c.policy}")
print(f" Integration: {c.integration}")
print(f" Monitor: {c.monitoring}")Zero Trust Implementation
# === Zero Trust with SASE ===
# Zero Trust Principles:
# 1. Never Trust, Always Verify
# 2. Least Privilege Access
# 3. Assume Breach
# 4. Verify Explicitly (Identity + Device + Context)
# 5. Microsegmentation
@dataclass
class ZeroTrustPolicy:
access_type: str
identity_check: str
device_check: str
context_check: str
action: str
policies = [
ZeroTrustPolicy("Corporate App (Internal)",
"SSO + MFA (Okta/Azure AD)",
"EDR Installed + OS Updated + Encrypted",
"Corporate Network หรือ Trusted Location",
"Allow Full Access"),
ZeroTrustPolicy("Corporate App (Remote)",
"SSO + MFA + Passwordless (FIDO2)",
"EDR + Managed Device + Compliance Check",
"Any Network (ผ่าน ZTNA Tunnel)",
"Allow Limited Access (No Download)"),
ZeroTrustPolicy("SaaS App (Office 365)",
"SSO + Conditional Access",
"Managed หรือ BYOD + MDM Enrolled",
"Any Location + Risk Score < Medium",
"Allow + DLP Inline"),
ZeroTrustPolicy("Admin Access (AWS Console)",
"SSO + MFA + Privileged Access (PAM)",
"Managed Device + Hardened OS",
"Trusted Network + Time-based (Business Hours)",
"Allow + Session Recording + Audit"),
ZeroTrustPolicy("Guest/Contractor",
"External IdP + MFA",
"Agentless (Browser-based ZTNA)",
"Any Location",
"Allow Specific App Only + Watermark"),
]
print("=== Zero Trust Policies ===")
for p in policies:
print(f"\n [{p.access_type}]")
print(f" Identity: {p.identity_check}")
print(f" Device: {p.device_check}")
print(f" Context: {p.context_check}")
print(f" Action: {p.action}")Implementation Roadmap
# === SASE Implementation ===
@dataclass
class Phase:
phase: str
duration: str
tasks: str
success_criteria: str
risk: str
phases = [
Phase("Phase 1: Assessment",
"4-6 สัปดาห์",
"Network Audit Security Gap Analysis Vendor Evaluation RFP",
"Gap Report Vendor Shortlist Budget Approved",
"ข้อมูลไม่ครบ Stakeholder ไม่ Align"),
Phase("Phase 2: Design",
"4-8 สัปดาห์",
"Architecture Design Policy Framework Integration Plan",
"Architecture Doc Policy Matrix Migration Plan",
"Over-engineering เลือก Vendor ผิด"),
Phase("Phase 3: Pilot",
"4-6 สัปดาห์",
"Deploy 1 สาขา/แผนก Test SD-WAN SWG ZTNA",
"Performance OK Security Test Pass User Feedback",
"Performance Issue Compatibility Problem"),
Phase("Phase 4: Migration",
"8-16 สัปดาห์",
"Roll out ทีละสาขา SD-WAN → SWG → CASB → ZTNA",
"All Sites Migrated VPN Retired Legacy FW Off",
"Downtime User Resistance App Compatibility"),
Phase("Phase 5: Optimize",
"Ongoing",
"Policy Tuning DLP Rules CASB Shadow IT Monitor",
"False Positive < 5% User Satisfaction > 80%",
"Alert Fatigue Policy Drift"),
]
print("=== Implementation Roadmap ===")
for p in phases:
print(f"\n [{p.phase}] Duration: {p.duration}")
print(f" Tasks: {p.tasks}")
print(f" Success: {p.success_criteria}")
print(f" Risk: {p.risk}")เคล็ดลับ
- Single Vendor: เลือก Vendor เดียวครบ ลด Complexity
- ZTNA First: เริ่มจาก ZTNA แทน VPN ก่อน เห็นผลเร็ว
- Pilot: ทดลองกลุ่มเล็กก่อน Roll out ทั้งองค์กร
- DEM: วัด User Experience ตลอด ไม่ให้ Security กระทบ Productivity
- Training: อบรม User เรื่อง Zero Trust ก่อน Deploy
SASE คืออะไร
Network + Security Cloud SD-WAN SWG CASB ZTNA FWaaS DLP Gartner Zero Trust Zscaler Palo Alto Netskope Cloudflare Fortinet