Cyber Security Fundamentals

Secure Access Service Edge (SASE) is a modern approach that combines wide area networking with cloud‑delivered security to provide secure, reliable access to applications and data from any location.

As organisations adopt hybrid work and cloud services, SASE helps maintain consistent security and user experience without relying on traditional, data centre‑centric designs.

CyberLab explains what SASE is, the core components, how it differs from Security Service Edge (SSE), and when to prioritise each.

SASE (pronounced “sassi” or “sassy”) converges SD‑WAN capabilities with cloud‑based security controls. Instead of routing all traffic through a central data centre, SASE enforces security as close as possible to the user, device or branch, and then connects to applications wherever they live, whether in public cloud, private data centres or SaaS.

At its core, SASE:

• Uses identity as the primary control point. Policies follow the user, device and context, not an IP address or fixed location.
• Delivers networking and security as a service, so controls are consistent and scalable.
• Improves user experience by steering traffic intelligently and enforcing security without unnecessary backhaul.

SASE brings together several building blocks. Individual features may already exist in many environments; SASE unifies them with a single policy and delivery model.

1) Software‑defined Wide Area Network (SD‑WAN)

SD‑WAN uses software to route traffic over multiple links such as MPLS, broadband and LTE. It prioritises important applications, improves resilience and reduces reliance on costly private circuits. Policies decide the best path based on performance, availability and business need.

2) Cloud Access Security Broker (CASB)

A CASB sits between users and cloud services to apply enterprise security policies. Typical functions include authentication, authorisation, data loss prevention, encryption or tokenisation, device posture checks, logging and threat detection for SaaS usage.

3) Firewall as a Service (FWaaS)

FWaaS delivers next‑generation firewall capabilities from the cloud. Instead of running and scaling on‑premises appliances, traffic is inspected in the provider’s fabric using a consistent rule set for all locations and users.

4) Zero Trust Network Access (ZTNA)

ZTNA replaces broad network access with explicit, least‑privilege access to specific applications. Every request is authenticated and authorised based on identity, device health and context. The principle is simple: never trust, always verify.

5) Secure Web Gateway (SWG)

An SWG protects users when accessing the web. It filters malicious content, enforces acceptable use policies, applies DNS and URL controls, and inspects traffic for threats and data exfiltration.

Security Service Edge (SSE) focuses on the security stack of SASE without the SD‑WAN element. SSE typically includes ZTNA, CASB, SWG and FWaaS delivered from the cloud. It is often the fastest path to modernise security for a distributed workforce when the underlying WAN is not being replaced.

• Choose SSE when the priority is to standardise and uplift security controls for remote users, branches and cloud access, while keeping the existing WAN in place.
• Choose SASE when you also want to modernise the WAN, consolidate providers and policies, and optimise performance end to end.

1. User or device connects from any location.
2. Traffic is steered to the nearest point of presence for policy enforcement.
3. Identity, device posture and context are evaluated.
4. Security controls are applied: ZTNA for private apps, SWG and CASB for web and SaaS, FWaaS for general traffic.
5. SD‑WAN selects the optimal path, delivering consistent performance and security.

This model removes unnecessary backhaul, improves visibility and simplifies operations with one policy plane.

1. Consistent security everywhere: The same policies apply to users in the office, at home or on the move.
2. Identity‑centric control: Policies follow users and devices, improving auditability and incident response.
3. Better user experience: Local breakout and smart routing reduce latency and improve SaaS performance.
4. Operational simplicity: Fewer point products, centralised policy and unified monitoring.
5. Scalability and agility: Capacity and features scale as a service, not by installing new hardware.
6. Stronger zero trust posture: Minimise implicit trust and reduce lateral movement.

1. Map use cases and traffic flows
   Identify who needs access to what, from where and on which devices. Prioritise high‑value applications and sensitive data.
2. Establish identity and device health as gates
   Integrate identity providers and device management so that policy decisions consider user role and device posture.
3. Start with SSE for quick wins
   Deploy ZTNA for private apps, SWG and CASB for web and SaaS, and FWaaS for consistent inspection. This can coexist with your current WAN.
4. Plan SD‑WAN evolution
   When ready, add SD‑WAN to consolidate connectivity, improve performance and complete the SASE model.
5. Consolidate vendors and policies
   Aim to reduce overlap and complexity. Fewer consoles and a single policy model make operations more effective.
6. Measure and iterate
   Track user experience, incident rates and policy coverage. Use findings to refine posture and roadmap.

1. Treating SASE as a product rather than an architecture and operating model.
2. Lifting and shifting legacy allow‑all access instead of enforcing least privilege.
3. Ignoring identity and device posture in policy decisions.
4. Running overlapping tools without a plan to consolidate, which increases cost and weakens visibility.
5. Neglecting change management and training, which are essential for adoption.

CyberLab helps organisations assess where SASE or SSE fits, design a pragmatic roadmap and implement the right controls at the right pace. If your team would like to explore options or validate your direction, we are available for a free initial consultation to discuss goals, constraints and next steps.

We help organisations work securely from anywhere, with security that is consistent, proportionate and easy to manage.

With Sophos continuing to phase out legacy on-premise platforms in favour of next-generation cloud-managed solutions, now is the perfect time to revisit the benefits of Synchronised Security – and how it can deliver measurable savings across your organisation.

Synchronised Security is Sophos’ integrated cyber security ecosystem. It connects endpoint, firewall, mobile, email, Wi-Fi, and encryption products through Sophos Central, a cloud-native platform that enables real-time data sharing and automated incident response. [sophos.com]

This system:

• Automatically isolates compromised endpoints
• Shares telemetry across products to detect lateral movement
• Restricts access for non-compliant devices
• Provides unified visibility and control from a single dashboard

1. Reduced IT Security Headcount

Sophos Central’s automation and AI-native threat response mean that 95% of incidents are resolved without human intervention. This allows teams to focus on strategic remediation, reducing the need for large security teams.

2. Time Saved on Admin Tasks

Sophos Central consolidates data across all security products, reducing the time spent on manual updates and investigations. Sophos reports a 50% reduction in time and effort spent by IT teams on day-to-day security operations.

3. Faster Incident Identification

Thanks to synchronised telemetry and automated scanning, the time to identify threats has dropped by 90%, enabling faster containment and reduced exposure.

4. Fewer Security Incidents

Sophos customers report an 85% reduction in the number of incidents requiring investigation, thanks to proactive threat detection and cross-product intelligence.

5. Minimised Downtime

Devices under investigation remain online and protected, thanks to endpoint isolation and continuous updates – even during containment. This avoids the productivity loss associated with manual quarantining.

• Sophos MDR Bundles for MSPs now include extended data retention, network detection, and Microsoft 365 response actions.
• Firewall + Endpoint Integration Offers provide free trials and discounts for new customers.
• Command-line controls allow fine-tuning of synchronised security behaviour for advanced users.

Whether you’re migrating from legacy Sophos products or looking to reduce IT costs without sacrificing protection, Synchronised Security offers a future-proof solution. Flexible licensing options – including monthly billing – help preserve cash flow while scaling your defences.

Our host explains what risk management is and why it is important for businesses that are looking to increase their cyber security.

Topics include:

• What is cyber risk management?
• Five steps of Cyber Risk Management

Cyber risk management has, for the most part, always been an element of any businesses risk strategy or management plan. Historically this was a case of making sure we were safe from Denial-of-Service attacks or disruptive/malicious software threats.

Today however the risks that businesses face in the digital workspace are both legion in number and variety; and the intent behind them is different. The impact they have on our business has similarly changed, it is no longer about causing a nuisance and/or disrupting the operation of a business and the services it offers.

Cyber risk management is now about taking a much more focussed approach on the risks posed by todays (and tomorrows) cyber threats; this means understanding and prioritising the types of cyber threat that are most relevant to your business, determining the magnitude of the impact they could have on your ability to work and trade normally, and developing/implementing solutions and countermeasures to mitigate those risks.

Identifying Risks

This involves assessing your systems, processes, and data to identify potential vulnerabilities and threats.

The first step to identifying risks to your business is to understand the mission-critical areas of your digital environment.

Key questions to identify these are: 

• Which servers and/or services are critical to your ability to support business as usual operation?
• What would be the impact on your business if these critical elements were unavailable?

Assessing the Likelihood & Impact

Once potential risks have been identified, the next step is evaluating the likelihood of each risk occurring and what potential impact on the organisation if it does occur.

The financial risks to a business today are without doubt the elephant in the room, they are often intangible and very difficult to measure, it’s easy to dismiss expensive cyber security solutions and “run the risk” of a significant cyber incident not happening – every day organisations discover that hard way that the financial risks they thought were acceptable turn out to be orders of magnitude higher than they anticipated.

Of course, not every cyber security ‘incident’ is apocalyptic in nature but there are some that are, and their ramifications need to be understood to the greatest extent possible.

Prioritising Risks

Based on the likelihood and impact of each risk, the organization should prioritize the risks that need to be addressed first. Don’t waste time on risks that are not credible at the expense of those that are. A key consideration for prioritising risk is asking how long could you sustain operations if one or more of these systems were lost?

Using a risk assessment framework is one of the best ways to prioritise the risks that have been identified. There are numerous frameworks freely available that assess risks using different approaches, its often a good idea to assess the same risks in different ways and compare the results to help you understand the severity of the risk to you; risks identified as concerns by both are a safe starting point as to where your priorities lie.

Implementing Controls

Businesses should implement proper controls to mitigate or eliminate the risks identified. These controls can include technical solutions such as firewalls and antivirus software, as well as policies and procedures to improve security awareness and incident response.

Consider how changing the way you operate might affect the risks you have identified, can small process changes or introducing security features of your existing solutions – such as encryption of data at rest – mitigate or eliminate the risks you have identified for little or no cost?

Monitoring and Reviewing

For most effective risk management, businesses need to be continuously monitoring their systems and processes. This is key to ensuring that the cyber security controls that have been implemented are effective and that new risks are identified and dealt with.

Many of us are only conducting perfunctory cyber risk assessments and we would greatly benefit from adjusting our approach, Gartner’s studies have led them to the same conclusion…

With the increasing frequency and sophistication of cyber attacks, it is crucial for SMEs to adopt robust cyber security practices to safeguard their business and data.

This blog focuses on essential cyber security best practices tailored for SMEs, highlighting key resources and actionable steps to protect your business.

Implementing effective cyber security measures doesn’t require a massive budget or extensive expertise.

Employee Training and Awareness

Educate your staff about common cyber threats such as phishing, malware, and social engineering. Regular training sessions can help employees recognise and avoid potential security risks.

Strong Password Policies

Encourage the use of strong, unique passwords for all accounts. Implement multi-factor authentication (MFA) wherever possible to add an extra layer of security.
Regular Software Updates: Keep all software, including operating systems and applications, up to date with the latest security patches. Regular updates help protect against known vulnerabilities.

Data Encryption

Encrypt sensitive data both in transit and at rest. This ensures that even if data is intercepted or accessed without authorisation, it remains unreadable.

Backup and Recovery Plans

Regularly back up your data and ensure that backups are stored securely. Test your recovery plan to ensure that you can quickly restore operations in the event of a cyber incident.

Gain Cyber Essentials

Achieving Cyber Essentials certification demonstrates your commitment to cyber security and provides a solid foundation for your security practices.

Cyber Essentials is a UK government-backed certification scheme led by IASME, designed to help organisations of all sizes protect against common online threats.

The scheme covers five key areas:

• Firewalls and Internet Gateways: Implementing firewalls to secure your internet connection.
• Secure Configuration: Ensuring that systems are configured securely to reduce vulnerabilities.
• Access Control: Managing user access to data and services to minimise risk.
• Malware Protection: Installing and maintaining anti-malware solutions.
• Patch Management: Keeping software up to date with the latest security patches.

By adhering to these principles, SMEs can significantly reduce their risk of cyber attacks and improve their overall security posture.

Here are additional steps small businesses can take to protect themselves from cyber threats.

Conduct Regular Security Audits

Periodically review your organisation’s security posture, taking a holistic approach that assesses to identify and address any vulnerabilities or gaps. There are several, open-source industry standards and security frameworks available online that organisations, including SMEs, can align to such as NIST, CIS Critical Security Controls SME Companion, and NCSC. CIS even offers a free Controls Self-Assessment Tool (CIS CSAT) to help you get started.

Vulnerability Management

Regularly identify, assess, and mitigate vulnerabilities in your systems. Using Cyber Security as a Service (CSaaS) solutions, such as HackRisk, can help you stay on top of vulnerabilities without the need for a dedicated in-house team

Develop an Incident Response Plan

Prepare for potential security incidents by creating a response plan. Outline procedures for detecting, responding to, and recovering from cyber-attacks. Sophos offers a free incident response planning guide which can be downloaded here.

Utilise Cloud Security Solutions

Many cloud service providers offer robust security features that can help SMEs protect their data and applications.

Outsource to Experts

If maintaining an in-house cyber security team is not feasible, consider outsourcing to a dedicated team of experts. Services such as those offered by Sophos provide ongoing support and incident response capabilities, alleviating some of the cost and resource burdens.

Communication Protocols

Establish clear protocols for communicating internally and externally during a security incident. This ensures that information is disseminated quickly and accurately, minimising confusion and mitigating damage.

Identity and Access Management, often shortened to just IAM, is the practise of ensuring that identity of who and what is accessing your environment is under control – that is, you have systems and, by association, data that can only be accessed by users and devices that you have authorised.

But it’s a lot more than just that, in any organisation people come and go, it is also about making sure that when users (or devices) should no longer be authorised to access your systems that they are not still able to do so.

It sounds simple, but in a busy organisation it is easy for simply disabling a user account to be forgotten. Removing access for users or devices is a vitally important step in any cyber security strategy, especially under unfortunate circumstances when people leave a business on bad terms.

Identity and Access Management is a crucial aspect of cyber security. It involves controlling who and what can access your systems and data. Access to data, systems, and services need to be protected. Understanding who or what needs access, and under what conditions, is just as important as knowing who needs to be kept out.

Data is the lifeblood of any business; in any digital organisation today it is a critical component in maintaining business as usual operation, theft, access denial or destruction of data is not only disruptive, but without good backups it can be devastating at scale.

The next step is controlling access to the data. Any organisation will have sensitive data, and that data is sensitive for a reason, it would likely be detrimental to the business if lost or released publicly. Ensuring the data is only accessible to parties that are trusted and need to access the sensitive data is another essential part of Identity and Access Management.

Which brings us to the how. In modern IT the term identity encompasses much more than just the user account in active directory, there can be multiple associated devices the instantaneous status of which can be leveraged to provide additional security. For example, you could consider whether a device is managed by the organisation? What is the patch status of a laptop? Is the mobile device jail-broken or rooted?

The steps below are suggestions on things that can be done, they are by no means exhaustive and not every step is applicable or appropriate for every organisation; but by implementing these elements you can have confidence that you are doing IAM right:

Identity and Access Management Policies

Organisations should look to develop appropriate IAM policies and processes.

• Control who and what can access your systems and data. A good IAM policy that covers who should have access to which systems, data or functionality, why, and under what circumstances.
• Consider all potential types of user including full and part-time staff, contractors, volunteers, students, and visitors.
• Ensure the policy covers what and how audit records are acquired, and how they are safeguarded against tampering, and an identification of which actions or processes, if any, should require more than one person to perform or authorise them.
• Policies should not just cover systems you control, but also wherever your organisational identities can be used – for example, consider the websites or online services that staff can create an account by using their work email address.

Login Methods

Establish and prove the identity of users, devices, or systems, with enough confidence to make access control decisions. Single sign-on (SSO) may be available using your organisational identity for some online services to help you control access to those services (and revoke access along with someone’s work account when they leave your organisation).

New Starters, Movers and Leavers

Ensure your account management processes include a ‘joiners, movers and leavers’ policy, so access can be revoked when no longer needed, or changed for movers. Temporary accounts should also be removed or suspended when no longer required.

By following these steps, you can ensure that only individuals and systems that are authorised to have access to data or services are allowed to do so. This will result in less impact on staff’s workday by getting IAM right across an organisation, smoother collaboration with customers, suppliers, and partners.