Here's the 10 top/best SASE vendors for August 2021:
Last updated: 17th August 2021
- Cato Networks - the first SD WAN vendor to fully converge SD WAN features and SASE into one cloud native product security as a service product.
- Cisco - Meraki and Viptela are both capable of leveraging Cisco technologies which includes Cisco Umbrella to deliver full SASE capability.
- Cloudflare - fully featured SASE security and network optimisation with a comprehensive portfolio of products with integration into SD WAN vendor solutions.
- Forcepoint - focussed on a data first approach allowing early detection of risks and low touch management of day to day security operations.
- Fortinet - advanced SASE security with native support for 4G/5G across selected devices, good option for companies requiring SD WAN capability.
- Open Systems - good combination of both SASE security and SD WAN delivered via their comprehensive management and analytics portal.
- Palo Alto - leading SASE security offering which is currently delivered as edge hardware with cloud configuration and orchestration together with SD WAN from their CloudGenix purchase.
- Versa - capability to deliver full SASE via their Classic and Titan products allowing Versa to deal with both simple and complex requirements with a focus on cloud delivered orchestration.
- Velocloud by VMWare - SASE is delivered via strategic public gateways connected to multiple ISPs for cloud delivered SASE and SD WAN.
- Zscaler - offering both SD WAN and SASE from 150 Dara centres across multiple regions, Zscaler process billions of transactions per day with high availability.
We compare 10 leading SASE security vendors with an overview of the market.
2020 was a boon to vendors providing the technology that enabled society’s sudden transition to a remote, online lifestyle. Chief among them was SD-WAN, which became critical for organisations needing to maintain robust connectivity for work-from-home (WFH) employees tethered to video conferences for much of the day.
However, organisations soon realised that once they delivered reliable baseline communications, user and data security was the next layer of their hierarchy of needs. As we mentioned in our article on domestic SD-WAN vendors, “Security is the hottest sub-segment of the SD WAN market, with the emerging SASE market, which adds security features to an SD WAN solution, expected to more than double annually over the next several years, reaching 60 percent of SD WAN deployments by 2024 according to Gartner.”
“Security is the hottest sub-segment of the SD WAN market, with the emerging SASE market, which adds security features to an SD WAN solution, expected to more than double annually over the next several years.”
- Dell’Oro expects the SASE market to grow at 116 percent annually over the next five years, resulting in more than a 20-fold increase in revenues from 2020. Sales will start out primarily as SASE software bundled with hardware appliances, but will transition to a combination of software and cloud services managed by a carrier, ISP or SASE vendor.
- 650 Group is less bullish, but still predicts SASE revenue to quintuple by 2025 for a CAGR of 38 percent.
- Revenue at Zscaler, one of the few public pure-plays on cloud-based SASE products, is increasing 55 percent annually with billings up 71 percent year-over-year, numbers will make it a billion dollar company by mid-2022. Zscaler illustrates the potential for rapid expansion of SASE usage, with 5,000 customers, including 500 in Forbes’ Global 2000, and more than 20 million seats licensed accessing Zscaler’s services from one of 150 data centers worldwide.
“SASE is a collection of network, user and application security technologies tailored for remote, edge locations like a branch office, retail store, warehouse or employee home.”
What are the primary features of SASE?
SASE is a Gartner neologism that has evolved into both a marketing buzzword and nascent product category. Despite differences in implementation, vendors invariably agree with Gartner’s canonical definition as comprising five elements.
- SD-WAN virtual network overlay that aggregates one or more physical networks, such as home broadband cable and DSL or branch office carrier Ethernet and 5G, into a logical connection. As we detail in our earlier report, SD-WAN uses a software control plane to improve link reliability, performance and predictability and that also allows inserting network services like those provided by SASE.
- Next-generation firewall-as-a-service (FWaaS) that duplicates the features of a next-gen hardware firewall. Using software firewalls on a software-defined network like an SD-WAN allows for NFV (network function virtualization) service insertion at any point on the network, including edge locations like a branch office or employee’s virtual desktop environment.
- Secure Web Gateway (SWG) is an L7 Web content filter that supplements L3-L7 firewalls to block malicious traffic, enforce content and data access policies and monitor web traffic to identify potentially harmful anomalies or capacity bottlenecks. Unlike NGFWs, which are ‘bumps on the wire’, SWGs proxy servers that terminate traffic, which allows them to detect exploits that firewalls might miss.
- Cloud Access Security Broker (CASB) extends SWG, which focuses on Web content, to any Web- or cloud-based application, notably the many SaaS products WFH employees regularly use. CASB traditionally provides four features — traffic and application visibility, policy compliance, data security such as anomaly detection, sandboxing of suspicious code and enforcing TLS, and threat protection for SaaS applications.
- Zero-trust network access (ZTNA) is a granular replacement for point-to-point (or client-to-gateway) VPNs to improve network and application security. While VPNs protect network traffic from unauthorised snooping, without carefully designing subnets and gateway termination points, they don't limit user access once authenticated on the VPN. In contrast, ZTNA treats every network connection attempt — for example, accessing a file share or collaboration system — as a separate transaction that requires authentication and authorisation before establishing a temporary encrypted TLS connection. ZTNA security policies are defined by three factors:
How to evaluate and compare SASE vendors?
“We agree with Aryaka product director Paul Liesenberg when he says that delivering the SASE vision requires a seamlessly orchestrated, cloud-first network and full-security stack.”
- Network performance (throughput, latency, jitter, availability)
- SaaS application coverage
- Integration with existing security systems and enterprise directories
- Global or regional coverage (POPs)
- Client support and limitations (if any).
“Understand that given the immaturity and rapidly evolving nature of SASE products, buyers are unlikely to find any products excelling at every requirement, thus, prioritisation is critical.”
Finally, assess the vendor’s business and service model since there are three primary avenues for procuring SASE services:
- Directly from a SASE developer operating a cloud network-as-a-service (NaaS), typically by renting IaaS resources from one of the hyperscale cloud providers (AWS, Azure, Google Cloud, Alibaba Cloud), which provides broad international coverage and high availability.
- From a national or regional carrier like AT&T, Verizon, CenturyLink or Comcast.
- From a regional or national managed service provider (MSP).
Who are the top 10 SASE security vendors?
“Beware that much like the consolidation that happened in the SD-WAN market, most pure-play SASE vendors will be acquisition targets of larger firms, so their products might end up rebranded over the next year or two.”
What SASE solution does Cato Networks offer?
Cato offers SD-WAN and SASE services using cloud infrastructure and a cloud-native architecture via a network of 60 POPs on-ramps on every continent. The service optimises network connectivity to IaaS and SaaS products using a “single pass engine” that performs packet routing, optimisation and security processing. Cato also provides ZTNA identity-based authentication for access controls, QoS and threat analysis.
What SASE solution does Cisco offer?
What SASE solution does Cloudflare offer?
What SASE solution does Forcepoint offer?
What SASE solution does Fortinet offer?
What SASE solution does Open Systems offer?
What SASE solution does Palo Alto Networks offer?
What SASE solution does Versa offer?
What SASE solution does VeloCloud offer?
What SASE solution does Zscaler offer?
What are use cases for SASE and the recommendations?
- Integration with existing network infrastructure and management software. For example, organisations with significant investments in Cisco or VMware products should start evaluations with them.
- Internal integration among SASE components. Some providers use NFV service chaining to link disparate security modules, using a single management UI to control them, however, connecting this way can reduce performance, complicate management and leave gaps in security.
- Reduce evaluation overhead by keeping detailed product bake-offs to two finalists.
Is there a tool to shortlist SASE vendors and providers?
Click here to take our short quiz, answer 10 questions to received your SASE recommendations.