What is SASE and why is MFA is no longer enough?

IT Support
Nate Work
3
min

What is SASE and why is MFA is no longer enough?

Share on:
Nate Work
on
June 4, 2025

Multi-factor authentication is no longer enough

I used to think - and tell our clients - that multi-factor authentication (MFA) would be all they'd need to keep threat actors out of their systems.

We implemented all of these security measures for a client:

- a very good email filter

- security awareness training

- automated phishing simulation campaigns

- app-based multi-factor authentication in Microsoft 365

So how did their account get popped? A phishing email got through the filter and the recipient opened the email, clicked a link, and provided not only her Microsoft 365 email address and password but also her MFA code - straight to the threat actor.

We were *this close* to wrapping up our SASE implementation, which would have prevented the threat actor from getting in even with the MFA code, but this isn't horseshoes, so it didn't.

Just as MFA was the thing that stopped breaches 10 years ago, today, not at least discussing SASE is nearly malpractice.

So, what's SASE and how does is prevent breaches?

Years ago, one could pretty well assume that most of an organization's PCs lived in an office behind one public IP address, so an org's security team could rely on that IP address to distinguish your org's PCs from all of the other PCs on the internet. Security teams could deny access to cloud services like Microsoft 365 except for PCs at your office.

Today, many organizations' PCs permanently live outside their HQ, so security teams can no longer rely on their office's public IP address to distinguish their trusted PCs from any other PC on the internet.

Here's where SASE products come in. By putting SASE software on your PCs, and routing their internet traffic through your dedicated SASE public IP address, we can once again rely on your public IP address to identify your org's PCs from threat actors' PCs.

Great, but how does that make us more secure?

Now that we can once again identify your trusted PCs by their SASE IP address no matter where they are on the planet, we can configure Microsoft 365 to allow only your PCs to connect, denying access to threat actors' PCs because they aren't on your dedicated SASE IP address. Even if a threat actor has your Microsoft 365 password and multi-factor authentication code, they still couldn't get in.

Interested in securing your environment with a SASE solution?

Drops us a line!

Share on:
What is SASE and why is MFA is no longer enough?
arrow button

Featured Articles

See all articles
IT Support

Reduced-fee IT support for in-need not-for-profits

I'd like to try an experiment. I'd like to offer our IT support services for a greatly reduced fee to not-for-profits...
read more
arrow button
Innovative Technologies

Windows or macOS?

As much as I love my MacBook, here are two compelling reasons why they're the wrong solution for small businesses.
read more
arrow button
IT Support

Autodesk products: Qt platform plugin could be initialized

C'mon, Autodesk, let us automate hotfixes already!
read more
arrow button
See all articles
Qore logo
We provide passionately delivered, security-focused managed IT services to small businesses, including expert-level cloud and network infrastructure design and implementation.

Location

277 S. Washington St.
Suite 210
Alexandria, VA 22314

Contact

(703) 683-2919
Get Started
Get Started
© Qore 2018(Automation date)
Qore logo
We provide passionately delivered IT support services, computer support to expert-level cloud and network infrastructure design and implementation.
© 2023. All rights reserved