GigaOm Radar for Secure Access Service Edge (SASE)v2.0

1. Executive Summary

Secure access service edge (SASE) is a security framework that converges network security functions with software-defined wide-area networking (SD-WAN) capabilities to support the dynamic, secure access needs of organizations. Delivered primarily as a cloud-native service, SASE enables organizations to apply consistent security policies and network management across all users and devices, irrespective of location, providing a robust security posture.

Supporting branch office, on-premises, and remote worker secure access use cases, SASE includes five major technologies—cloud access security broker (CASB), firewall as a service (FWaaS), secure web gateways (SWG), SD-WAN, and zero-trust network access (ZTNA)—along with additional capabilities, such as data loss protection (DLP) and remote browser isolation (RBI). Furthermore, the cloud-native SASE stack applies security and compliance policies in real time, integrating and centralizing the management of services in a cloud-based platform to deliver agility, cost efficiency, and scalability.

The SASE landscape is expanding as enterprises seek an all-in-one networking and security solution. While some vendors offer a single-vendor SASE solution, others partner with third-party niche solution vendors to fill the gaps. With each bringing its unique expertise and capabilities to the SASE framework, vendors offering SASE solutions come from various segments of the IT industry:

• Established networking and SD-WAN vendors integrating security features into their networking platforms
• Security vendors expanding their portfolios to include network solutions under the SASE umbrella
• Cloud service providers integrating networking and security services into their cloud platforms
• Emerging vendors developing cloud-native SASE solutions from the ground up
• Telecommunications companies offering integrated network and security solutions, including 5G as the primary transport

Vendors provide a variety of single-vendor, hybrid (combining SASE capabilities with existing networking or security solutions), or multivendor SASE solutions integrating various network and security services and offering different levels of control, security, and flexibility to cater to the diverse needs of organizations. Each solution has unique features and capabilities, with the best choice depending on an organization’s specific requirements and preferences.

While the choice between single-vendor and multivendor SASE depends on an organization’s particular needs and circumstances, single-vendor SASE solutions provide simplified management and enhanced security outcomes via a unified approach. On the other hand, multivendor SASE solutions often provide best-of-breed capabilities, risk diversification, and a more flexible approach to securing diverse network environments. For this report, we are considering only single-vendor SASE solutions with support for interim hybrid deployments.

This is our second year evaluating the SASE space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 19 top SASE solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading SASE offerings, and help decision-makers evaluate these solutions to make a more informed investment decision.