The rise of digital transformation has created an imperative for organizations to adopt more dynamic, scalable, and secure solutions for their network and security infrastructure. Secure Access Service Edge (SASE) has become the go-to framework for delivering comprehensive security and networking services from the cloud. AI has become a pervasive tool that can be integrated everywhere where there is data that can be leveraged. AI-driven capabilities for managed SASE are now essential for delivering superior performance, improving security posture, and optimizing the overall customer experience. In this article, it is highlighted how AI is being utilized on three different levels at Open Systems to provide a more effective, efficient, and proactive SASE service: at the tech stack, on network and security data level as well as in operations.

Tech Stack: Orchestration and Leveraging AI in Components

At the heart of SASE lies its ability to seamlessly orchestrate network and security functions. This is what is accomplished with the unified Open Systems SASE platform. By integrating AI of individual product components, both the functionality and the efficiency of SASE services can be improved. For example, AI for application discovery in the network as well as email or web security:

• ML-Based Application Discovery: Machine learning (ML) is used to automatically discover and classify applications running on the network. Instead of manually defining policies, the AI system identifies new applications, assesses their risk, and automatically adjusts security policies in real-time. This reduces manual oversight and hence, allows us to invest more time for customer projects, while ensuring that network and security policies are always up to date with the latest application landscape.
• Context-Based Phishing and Malware Detection: AI-powered web and email security services employ advanced contextual analysis to detect phishing and malware threats in real-time. Traditional methods rely on static rule-based systems, whereas AI algorithms continuously learn from incoming traffic and historical patterns to better identify evolving threats. This enables quicker detection and more accurate blocking of phishing attempts and malware infections, even in complex and sophisticated attack vectors.

Proactive Service Optimization: Data-Driven Decisions for Improved Performance

AI doesn't just react to issues; it also anticipates challenges and optimizes performance before problems occur. Since SASE spans across network and security, a lot of monitoring and log data is produced. By leveraging this data from both the network and security layers, AI enhances service delivery and enables more effective, intelligent decision-making.

• Digital Twin for WAN Performance Testing: Using digital twin technology, AI creates a virtual replica of the wide-area network (WAN). This allows the system to simulate and test network changes under different scenarios, assessing the impact on performance and stability. Before implementing actual changes, such as software upgrades or routing adjustments, the digital twin can help ensure that the modifications will not cause disruptions or degrade user experience..
• Threat Detection and Mitigation Automation: AI continuously aggregates and analyzes data from various Security Service Edge (SSE) services. By correlating traffic patterns, security alerts, and historical incident data, AI can better detect threats and remediate them faster. For example, we are currently working on automating the detection and remediation of impersonation attacks. What is interesting here: customers benefit from what is seen across the entire customer base. Open Systems can proactively block traffic from compromised machines protecting customers which have not yet been attacked.
  In the future, AI will also be used to create company-specific risk profiling, improving protection and reducing risks even further.

Operations Center: Automation and Service-Specific Agents

The key piece of a managed SASE service is the effective deployment and configuration as well as the smooth operations and continuous optimization of the tech stack. Here, Open Systems can leverage the data of 10+ years of service management residing in our ticket system and documentation. The combination of this data and a lot of human intelligence (HI) from our own engineers working in the Operations Center puts Open Systems in a prime spot to define and shape the AIOps approach of the future for SASE services. The following scalable AIOps basis has been established with an agentic workflow platform:

• A conductor agent dispatches queries to agents which mimic experts for a specific domain, for example to handle ISP maintenance windows or Secure Web Gateway (SWG) change (see below). An agent may consist of several sub-agents, each leveraging large language model (LLM) and Retrieval-Augmented Generation (RAG) technology.
• The agents leverage the very same tools humans – our own Operations Center engineers – use. They check blocklists, look at traffic and prepare policy changes.
• We see it's nearly impossible to reach 100% accuracy due to complexity of the domain, customizations and corner cases. For these cases, we are following a human-in-the-loop approach where the agents ask back and ultimately propose a solution – which comes pre-configured – for a human to accept or not. This human in the loop can be the Open Systems Operations Center engineer or the customer.

Hence, the Operations Center plays a critical role in maintaining the seamless functionality of a managed SASE service. AI enables a more automated, responsive, and proactive approach to managing incidents and ongoing operations. Two examples of Open Systems AIOps in action:

• Automation of ISP Maintenance: Routine maintenance, such as ISP failover or link repairs, can disrupt business operations if not properly managed. AI-driven automation in the Operations Center ensures that maintenance processes are executed smoothly, without impacting end-user experience. Whether it's automatically processing ISP maintenance information, rerouting traffic during an ISP failure or updating network configurations during scheduled maintenance, AI ensures minimal downtime and improved service continuity.
• Advisor for Secure Web Gateway Changes: Security-related changes, such as modifications to web filtering in Secure Web Gateway configurations, are necessary for responding to new threats or evolving user behavior. AI-powered advisory systems can analyze current network traffic, user behavior, and emerging security threats to provide intelligent recommendations for changes. This allows our customers’ as well as Open Systems’ Operations Center to make proactive adjustments to security policies, further reducing the risk of potential breaches.

On top of shaping AIOps to drive operational excellence, we are also looking into innovating how users interact with the SASE services in the future.

Key Benefits of AI-Enhanced Managed SASE Services:

1. Operational Efficiency: Automation and AI-driven decision-making improve the efficiency of operations, enabling faster issue resolution, reduced downtime, and optimized resource allocation.
2. Proactive Security Posture: With AI continually analyzing network and security data, organizations can stay ahead of potential risks by automatically adjusting configurations based on real-time insights.
3. Faster Threat Detection and Response: AI-powered threat detection capabilities reduce the time to identify and mitigate security incidents, significantly lowering the risk of a breach.
4. Personalized Risk Management: AI’s ability to assess company-specific risk profiles and continuously adjust security measures ensures that each organization’s network is protected in a way that matches their unique requirements.
5. Better Customer Experience: With reduced downtime, better threat detection, and optimized network performance, end-users enjoy a more seamless and secure experience.

Conclusion:

AI is transforming the landscape of managed SASE services by adding an intelligent layer of automation, orchestration, and proactive optimization. By leveraging AI technologies such as machine learning for risk classification, digital twins to predict outcomes, and an agentic workflow platform leveraging LLM and RAG for operations, businesses can achieve a more secure, efficient, and resilient network and security infrastructure. As a result, they can not only respond to current challenges but also anticipate and mitigate future risks before they impact operations.

This future-ready approach ensures that organizations can scale securely and efficiently, empowering them to focus on their core business while leaving the complexities of network security to a fully optimized, AI-powered SASE service.