-
More and more services, resources and systems are currently being migrated to the cloud. Whether public, private or hybrid cloud, the implementation of security is one of the most crucial issues, especially as traditional perimeter security is failing in areas such as SD-WAN or the Internet of Things (IoT).
The insecure internet is thus becoming part of companies' IT infrastructures, which are moving more and more services there. The security architecture must therefore also adapt. In such environments, it makes sense and is productive to maintain the rules centrally and apply them decentrally.
With Secure Access Service Edge (SASE) and Secure Service Edge (SSE), policies decide on every access at the edge of the network areas (edge). This can be from the company network, from the home office or from freely accessible public networks such as guest WLANs or hotspots.
With SASE or SSE, the various security solutions that can be used to secure such an environment, such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Cloud-Based Firewall and Zero Trust Network Access (ZTNA), are combined in a standardized solution.
This course presents the options for implementing a security-centric cloud infrastructure with SASE or SSE, as well as best practices and migration options. In addition, different providers, their advantages and disadvantages and the possibilities of their solutions are compared.
-
Course Contents
-
- Cloud security and security-centric infrastructure
- SSE versus SASE
- Advantages and limitations of SSE and SASE
- Interaction between classic security and SSE or SASE
- Cloud Access Security Broker (CASB)
- Secure web gateway (SWG)
- Cloud-based firewall
- Zero Trust Network Access (ZTNA)
- Identity and access management (IAM)
- Multi-factor authentication (MFA)
- IDS/IPS
- Sandbox and remote browser isolation (RBI)
- Endpoint detection and response and eXtended detection and response
- Managed detection and response
- SSE and SASE architectures and use cases
- Migration to SSE or SASE
- SSE solutions such as Cisco Umbrella, Palo Alto Networks, Zscaler
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
This course is suitable for anyone who wants to gain an insight into the structure and operation of modern SASE and SSE solutions.
In this course, security managers and security consultants in particular will learn about the benefits of this central security architecture.
-
Knowledge Prerequisites
-
This course requires a basic understanding of SD-WAN solutions and security systems and how they work.
| 1 | Enterprise Security Model und SD-WAN |
| 1.1 | Häufige Architekturen |
| 1.1.1 | Hub&Spoke |
| 1.1.2 | Lokale DIA & SD-WAN |
| 1.1.3 | Einzeln stehende Systeme |
| 1.2 | WAN-Transportnetze |
| 1.2.1 | MPLS / SD-WAN |
| 1.2.2 | IPSec VPNs und TLS VPNs |
| 1.2.3 | 1Remote Access: Tunnel-Optionen |
| 2 | Trend zu SD-WAN, XDR und SASE |
| 2.1 | Trends im Umfeld WAN-Architekturen |
| 2.2 | Security Trends: EDR und XDR |
| 2.3 | Nicht ideal: Hub and Spoke |
| 2.4 | Moderne Security-Konzepte |
| 2.4.1 | Routing zu sicheren Zielen |
| 2.4.2 | Lokale Perimeter Security |
| 2.4.3 | Secure Service Edge (SSE) |
| 3 | Markt und SASE-Grundlagen |
| 3.1 | Marktüberblick |
| 3.1.1 | Markttrends |
| 3.2 | Compliance |
| 3.3 | Triebfedern für SASE |
| 3.3.1 | Komplexität klassischer Security-Lösungen |
| 3.3.2 | Umstieg schafft Mehrwerte |
| 3.3.3 | Finanzielle Aspekte |
| 3.3.4 | Typische Kunden |
| 3.4 | Was ist SASE? |
| 3.4.1 | Ziele von SASE |
| 3.4.2 | Definition SASE |
| 3.5 | SASE Bestandteile |
| 3.5.1 | Zero Trust Security |
| 3.5.2 | Zero Trust Network Access (ZTNA) |
| 3.5.3 | Identity and Access Management |
| 3.5.4 | Marktüberblick Identity Access Management |
| 3.5.5 | Zusammenspiel der Schutz-Maßnahmen |
| 3.5.6 | Secure Web Gateway (SWG) |
| 3.5.7 | Aufgaben von Next Generation Firewalls |
| 3.5.8 | Cloud Access Security Broker (CASB) |
| 3.5.9 | Weitergehende Leistungsmerkmale |
| 3.5.10 | Advanced Persistent Threats (APT) |
| 3.5.11 | Mikro- und Makrosegmentierung |
| 3.6 | SASE Möglichkeiten und Grenzen |
| 3.6.1 | SASE: Aktueller Stand |
| 3.7 | Anbieterlandschaft |
| 4 | SASE im Einsatz |
| 4.1 | SASE Architekturen und Use Cases |
| 4.2 | SASE-Kriterien für die Anbieterauswahl |
| 4.3 | Einfluss der SASE-Lösung auf das WAN-Design |
| 4.3.1 | Leistungsmerkmale der SSE-Lösung |
| 4.3.2 | Integration von SASE in andere Management-Lösungen |
| 4.3.3 | Steuerung des SASE-Verkehrs mittels SSE-Anbieter |
| 5 | Herstellerlösungen |
| 5.1 | Cisco Umbrella |
| 5.1.1 | Cisco Umbrella Secure Internet Gateway (SIG) |
| 5.1.2 | Meraki SASE – Cisco+ Secure Connect |
| 5.2 | Fortinet SASE |
| 5.3 | Juniper Security Director Cloud und Juniper Secure Edge |
| 5.4 | Netskope Security Cloud |
| 5.5 | Palo Alto Networks Prisma Access |
| 5.6 | Skyhigh Security Service Edge |
| 5.7 | VMware SASE |
| 5.8 | Zscaler |
| 6 | Migration zu SASE |
| 6.1 | Bestandsaufnahme der aktuellen Situation |
| 6.2 | Festlegung von Umfang und Zielen |
| 6.3 | Erarbeitung des Designs und Migrationsplanes |
| 6.4 | Vorbereitung des Netzwerks |
| 6.5 | Implementierung der SASE-Lösung |
| 6.5.1 | Phasen der Implementierung |
| 6.6 | SASE Optimierung und Lifecycle Management |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
More and more services, resources and systems are currently being migrated to the cloud. Whether public, private or hybrid cloud, the implementation of security is one of the most crucial issues, especially as traditional perimeter security is failing in areas such as SD-WAN or the Internet of Things (IoT).
The insecure internet is thus becoming part of companies' IT infrastructures, which are moving more and more services there. The security architecture must therefore also adapt. In such environments, it makes sense and is productive to maintain the rules centrally and apply them decentrally.
With Secure Access Service Edge (SASE) and Secure Service Edge (SSE), policies decide on every access at the edge of the network areas (edge). This can be from the company network, from the home office or from freely accessible public networks such as guest WLANs or hotspots.
With SASE or SSE, the various security solutions that can be used to secure such an environment, such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Cloud-Based Firewall and Zero Trust Network Access (ZTNA), are combined in a standardized solution.
This course presents the options for implementing a security-centric cloud infrastructure with SASE or SSE, as well as best practices and migration options. In addition, different providers, their advantages and disadvantages and the possibilities of their solutions are compared.
-
Course Contents
-
- Cloud security and security-centric infrastructure
- SSE versus SASE
- Advantages and limitations of SSE and SASE
- Interaction between classic security and SSE or SASE
- Cloud Access Security Broker (CASB)
- Secure web gateway (SWG)
- Cloud-based firewall
- Zero Trust Network Access (ZTNA)
- Identity and access management (IAM)
- Multi-factor authentication (MFA)
- IDS/IPS
- Sandbox and remote browser isolation (RBI)
- Endpoint detection and response and eXtended detection and response
- Managed detection and response
- SSE and SASE architectures and use cases
- Migration to SSE or SASE
- SSE solutions such as Cisco Umbrella, Palo Alto Networks, Zscaler
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
This course is suitable for anyone who wants to gain an insight into the structure and operation of modern SASE and SSE solutions.
In this course, security managers and security consultants in particular will learn about the benefits of this central security architecture.
-
Knowledge Prerequisites
-
This course requires a basic understanding of SD-WAN solutions and security systems and how they work.
| 1 | Enterprise Security Model und SD-WAN |
| 1.1 | Häufige Architekturen |
| 1.1.1 | Hub&Spoke |
| 1.1.2 | Lokale DIA & SD-WAN |
| 1.1.3 | Einzeln stehende Systeme |
| 1.2 | WAN-Transportnetze |
| 1.2.1 | MPLS / SD-WAN |
| 1.2.2 | IPSec VPNs und TLS VPNs |
| 1.2.3 | 1Remote Access: Tunnel-Optionen |
| 2 | Trend zu SD-WAN, XDR und SASE |
| 2.1 | Trends im Umfeld WAN-Architekturen |
| 2.2 | Security Trends: EDR und XDR |
| 2.3 | Nicht ideal: Hub and Spoke |
| 2.4 | Moderne Security-Konzepte |
| 2.4.1 | Routing zu sicheren Zielen |
| 2.4.2 | Lokale Perimeter Security |
| 2.4.3 | Secure Service Edge (SSE) |
| 3 | Markt und SASE-Grundlagen |
| 3.1 | Marktüberblick |
| 3.1.1 | Markttrends |
| 3.2 | Compliance |
| 3.3 | Triebfedern für SASE |
| 3.3.1 | Komplexität klassischer Security-Lösungen |
| 3.3.2 | Umstieg schafft Mehrwerte |
| 3.3.3 | Finanzielle Aspekte |
| 3.3.4 | Typische Kunden |
| 3.4 | Was ist SASE? |
| 3.4.1 | Ziele von SASE |
| 3.4.2 | Definition SASE |
| 3.5 | SASE Bestandteile |
| 3.5.1 | Zero Trust Security |
| 3.5.2 | Zero Trust Network Access (ZTNA) |
| 3.5.3 | Identity and Access Management |
| 3.5.4 | Marktüberblick Identity Access Management |
| 3.5.5 | Zusammenspiel der Schutz-Maßnahmen |
| 3.5.6 | Secure Web Gateway (SWG) |
| 3.5.7 | Aufgaben von Next Generation Firewalls |
| 3.5.8 | Cloud Access Security Broker (CASB) |
| 3.5.9 | Weitergehende Leistungsmerkmale |
| 3.5.10 | Advanced Persistent Threats (APT) |
| 3.5.11 | Mikro- und Makrosegmentierung |
| 3.6 | SASE Möglichkeiten und Grenzen |
| 3.6.1 | SASE: Aktueller Stand |
| 3.7 | Anbieterlandschaft |
| 4 | SASE im Einsatz |
| 4.1 | SASE Architekturen und Use Cases |
| 4.2 | SASE-Kriterien für die Anbieterauswahl |
| 4.3 | Einfluss der SASE-Lösung auf das WAN-Design |
| 4.3.1 | Leistungsmerkmale der SSE-Lösung |
| 4.3.2 | Integration von SASE in andere Management-Lösungen |
| 4.3.3 | Steuerung des SASE-Verkehrs mittels SSE-Anbieter |
| 5 | Herstellerlösungen |
| 5.1 | Cisco Umbrella |
| 5.1.1 | Cisco Umbrella Secure Internet Gateway (SIG) |
| 5.1.2 | Meraki SASE – Cisco+ Secure Connect |
| 5.2 | Fortinet SASE |
| 5.3 | Juniper Security Director Cloud und Juniper Secure Edge |
| 5.4 | Netskope Security Cloud |
| 5.5 | Palo Alto Networks Prisma Access |
| 5.6 | Skyhigh Security Service Edge |
| 5.7 | VMware SASE |
| 5.8 | Zscaler |
| 6 | Migration zu SASE |
| 6.1 | Bestandsaufnahme der aktuellen Situation |
| 6.2 | Festlegung von Umfang und Zielen |
| 6.3 | Erarbeitung des Designs und Migrationsplanes |
| 6.4 | Vorbereitung des Netzwerks |
| 6.5 | Implementierung der SASE-Lösung |
| 6.5.1 | Phasen der Implementierung |
| 6.6 | SASE Optimierung und Lifecycle Management |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German