Join today’s leading executives online at the Data Summit on March 9th. Register here.
Though the category is just a few years old at this point, secure access service edge (SASE) has gotten a large amount of momentum in the market in a short period of time. Now, Gartner — the research firm whose analysts coined the term SASE in 2019 — is splitting off a segment from the category in a sign of how the cybersecurity market is evolving.
In actuality, Gartner already did this split last summer, with the introduction of the term “security service edge” (SSE) — a solution category focused on securing access to cloud services, private apps and the web.
But today, the research firm disclosed what everyone was really waiting for: The inaugural Magic Quadrant ranking of the top vendors in the SSE market.
In its Magic Quadrant for Security Service Edge, Gartner included 11 vendors overall, with three positioned in the “leaders” quadrant – Zscaler, Netskope, and McAfee Enterprise.
Another six companies were listed in the new Gartner report as “honorable mentions,” but were left out of the Magic Quadrant itself due to a lack of some of the core SSE functionality as of the end of August 2021 (Microsoft among them).
Securing remote workers
The idea of SASE is to offer a more dynamic and decentralized security architecture than existing network security architectures, since it accounts for the large number of users, devices, applications and data that are now located outside the enterprise perimeter.
SASE offers a flexible and “anywhere, anytime” approach to providing secure remote access by delivering multiple capabilities, including secure web gateway (SWG) for protecting devices from web-based threats; cloud access security broker (CASB), which serves as an intermediary between users and cloud providers to ensure enforcement of security policies; next-generation firewalls; and zero-trust network access (ZTNA), which considers context — such as identity, location, and device health — before granting remote access to applications.
SASE can include other capabilities as well, but those have been the four core capabilities that Gartner analysts have pointed to in the past.
A simple way to understand SSE, vs. SASE, is that security service edge decouples the primary security elements from the networking (i.e. firewall) part of SASE. Gartner’s Magic Quadrant report points to SWG, CASB, and ZTNA as the necessary components of a complete security service edge offering.
With this split, the idea most likely is that customers may not always want, or need, firewalls as part of their remote access solution. (Zscaler CEO Jay Chaudhry would argue that zero trust, in fact, brings the opposite architecture from that of a traditional network firewall.)
And last year, Gartner introduced its Magic Quadrant for Network Firewalls for the first time — which only overlaps with the SSE Magic Quadrant on four vendors (more on that below). Thus, a SASE Magic Quadrant, were Gartner to produce one, would seemingly only have four vendors in it right now based on their assessment.
Will we find out that SSE, and not SASE, is really the larger need in the market? We shall see. In its Magic Quadrant report, Gartner forecast that 80% of organizations that want security services in the vein of what SSE offers will choose a consolidated platform rather than standalone solutions (i.e. standalone CASB, SWG and ZTNA). That’s up from 15% last year, Gartner said.
For now, here are some more details on the leaders, and on where the rest of the vendors landed, in Gartner’s 2022 SSE Magic Quadrant. Gartner’s ranking is based in part on a vendor’s ability to execute on the product/service, core capabilities, overall viability, sales execution/pricing, market responsiveness/record, marketing execution and customer experience. Other criteria included “completeness of vision” in areas such as market understanding, marketing/sales strategy, product strategy and innovation.
‘Leaders’ in SSE
In a news release, Zscaler said its solution uses “proxy-based architecture [that’s] built on an industry-leading SSE framework to deliver superior security, data protection with full SSL inspection, a great user experience, and eliminate the attack surface by directly connecting users to applications, never networks.”
“The Zero Trust Exchange is powered by the world’s largest security cloud, with 10+ years of operational excellence enabling us to process 200B+ daily transactions and stop 150M+ threats per day for the largest, most demanding organizations around the globe,” the company said.
In a news release, Netskope said its solution “delivers SSE through a comprehensive, cloud-native platform of technologies that enable secure enterprise digital transformation and secure work-from-anywhere connectivity using integrated Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) capabilities, with Remote Browser Isolation (RBI) and Cloud Firewall included as well.”
“Netskope’s architecture also includes NewEdge, the world’s fastest-growing and most-connected private cloud, which enables fast and secure access from any location to data, applications, and websites wherever they reside,” the company said.
While the company created from the combination of McAfee Enterprise and FireEye rebranded as Trellix last month, the plan has been to spin out one business — the security service edge portfolio — as a separate company this quarter. However for the time being, the SSE business is continuing to go by the name McAfee Enterprise.
In a news release, the McAfee Enterprise SSE business said that its Mvision Unified Cloud Edge (UCE) solution offers “a comprehensive, converged approach to security. It’s cloud-native, architected for the SSE market and boasts next-gen Secure Web Gateway (SWG), market-leading Cloud Access Security Broker (CASB), and the industry’s first data-aware Zero Trust Access Network (ZTNA) solution, empowering cloud and network transformation for enterprise users.”
In addition to SWG, CASB, and ZTNA, Mvision UCE also offers data loss prevention (DLP), remote browser isolation (RBI), and Firewall-as-a-Service (FWaaS), “enabling comprehensive data and threat protection, along with fast and secure direct-to-internet access for the distributed workforce,” the news release said.
Here is the full list of vendors in the 2022 Gartner Magic Quadrant for Security Service Edge (including notation on which vendors overlap with the 2021 Magic Quadrant for Network Firewalls):
Palo Alto Networks (ranked as a leader in Network Firewalls MQ)
Cisco (ranked as a challenger in Network Firewalls MQ)
Bitglass, which is now owned by Forcepoint
Forcepoint (ranked as a niche player in Network Firewalls MQ)
Versa (ranked as a visionary in Network Firewalls MQ)