The market for managed security services is shifting as enterprises weigh their requirements for cloud-based security capabilities and vendors refine their feature sets and product integrations.
Converged security services can offer significant benefits to enterprises when it comes to manageability, scalability, security, and price, according to research firm Gartner, which introduced the term SASE, or secure access service edge. SASE is a network architecture that combines software-defined wide area networking (SD-WAN) and security functionality into a unified cloud service that promises simplified WAN deployments, improved efficiency and security, and application-specific bandwidth policies.
A security-centric offshoot of SASE is security service edge, or SSE, which is essentially SASE minus the SD-WAN. SSE combines several key security functions – including a cloud-access security broker (CASB), secure web gateway, zero-trust network access (ZTNA), and a next-generation firewall – into a cloud-based service to streamline management.
Lately, SSE vendors are adding even more security functions. According to Gartner's new Magic Quadrant for Security Service Edge (available from vendors including Netskope, Palo Alto Networks and Zscaler via registration), some SSE vendors now also offer CASB protection for API calls, remote browser isolation, cloud security posture management, digital experience monitoring, and user and entity behavior analytics.
At the same time, the market is also undergoing some leadership changes, according to Gartner. Mergers, acquisitions, and momentum shifts have shaken up the players in Gartner’s SSE matrix. Cloudflare is a newcomer, Palo Alto is rising in the ranks, and Skyhigh Security is finding its footing following the split of McAfee Enterprise businesses, for example.
SSE adoption set to rise
By 2026, 85% of organizations looking for a CASB, secure web gateway, or ZTNA will obtain these from a converged solution rather than from separate vendors, Gartner predicts. Today, SSE market penetration is between 5% and 20%, says Garner analyst Charlie Winckless. That's roughly the same as that of SASE, he says.
Gartner coined the term SASE in 2019, and the idea exploded in popularity in 2020 during the height of the pandemic as enterprises looked for scalable solutions to provide secure network access to remote employees. Today, SASE still offers significant enterprise benefits, but not all companies are ready to switch to adopt the full SASE stack. Many already have various parts from different vendors or aren't yet ready to upgrade from their legacy solutions.
In 2022, only 10% of enterprise buyers got all their SASE technologies from a single vendor, according to Gartner's SASE market guide, released last fall. One particular challenge to single-vendor SASE adoption is that SASE includes both networking and security components. But, especially in large enterprises, these are often purchased by different parts of the IT organization. Networking and security teams may have separate budgets, separate deployment timelines, and different vendor selection criteria.
Enter SSE. Moving to an SSE platform for cloud security, instead of going all the way to SASE, can be an easier transition for IT teams.
Still, Garner's Winckless, who is one of the authors of the new SSE Magic Quadrant, urges companies that plan to buy SSE and SD-WAN separately to not make those decisions in isolation. "I would counsel those two teams to work together to select something that can be tightly coupled, even if not a single vendor," he says.
SASE and SSE overlap
Internal silos aren't the only obstacle to full SASE adoption. Not many vendors can offer the full SASE technology stack yet, Winckless says. Take, for example, Netskope, the top vendor in the SSE Magic Quadrant. "Netskope only recently purchased an on-prem SD-WAN," Winckless says.
And those vendors that do offer both SSE and SD-WAN are typically much better at one or the other, he says. Today, there are only three vendors that are in both the SD-WAN and the SSE Magic Quadrants: Cisco, Palo Alto, and Forcepoint.
But this landscape is changing quickly. "We're seeing a number of new vendors trying to enter the space," Winckless says. "And a lot of the standalone ZTNA vendors are adding SASE-like capabilities."
Other vendors are moving in by buying up providers that offer missing pieces. For example, earlier this spring, Hewlett Packard Enterprise beefed up its network security portfolio by purchasing SSE provider Axis Security. The company already had SD-WAN via Aruba Networks.
SSE market landscape
Gartner’s take on the SSE vendors’ different strengths and challenges illustrates some of the market dynamics.
Palo Alto moved from challenger to leader in the Magic Quadrant. Palo Alto is now offering a much more integrated experience, says Winckless. "They've made significant improvements in the SaaS security, in the way they deliver the services, and in their integrated architecture," he says.
Netskope and Zscaler are the only other two vendors in the leader quadrant. Among Netskope’s strengths are its advanced data security capabilities and a strong ZTNA offering that includes in-line DLP inspection, Gartner says, along with strong revenue, growth, and SSE market mindshare. Zscaler’s strengths include its extensive network (including a large number of its own points of presence), a strong ecosystem of partners and API integrations, and strong revenue growth from a large customer base.
One newcomer to the SSE Magic Quadrant is Cloudflare, which entered the SSE market in 2022 with its acquisition of CASB vendor Vectrix. The company also has the largest number of cloud POPs in the market and offers network functionality via its Magic WAN services and integrations with several SD-WAN vendors. But it's still new to the space, and it doesn't yet support most enterprise data security cases, according to Gartner.
According to Winckless, SASE vendor Versa was dropped from the SSE Magic Quadrant this year because it didn't have enough momentum as an SSE offering. "Their focus is more in the networking and the SASE area rather than in dedicated SSE," he says.
Another big change in this year's Magic Quadrant is that McAfee, which was in the leader quadrant last year, has undergone some changes. After it was acquired by private equity giant Symphony Technology, most of the company was merged with FireEye's products business to create endpoint protection company Trellix. But the part of McAfee with the SSE functions, which used to be Skyhigh Networks before McAfee acquired it in 2018, is now Skyhigh Security.
The split created some disruption. Skyhigh isn't a leader but instead fell to the visionaries quadrant because of the disruption to sales. Plus, the company was busy with restructuring instead of focusing on building new capabilities this past year. They're still rebuilding their channel and dealing with other external issues, says Winckless.
New SSE features
SSE vendors have been expanding their feature sets this past year, says Winckless, in some cases going beyond cloud security. For example, Forcepoint and Zscaler are offering endpoint data loss prevention.
SSE vendors have long offered DLP when it comes to online traffic, spotting instances of, say, employees uploading sensitive data to cloud storage systems. Endpoint DLP takes this a step further and looks at device-based data loss, such as saving sensitive data to a USB drive. "That's not an SSE thing," Winckless says.
Other new features include cloud and SaaS security management, which is the ability to look at how SaaS applications are configured. "The vendors are looking to be a one-stop-shop for SaaS security," says Winckless. "That's probably the biggest area I'm seeing people expand into."
Typical use cases would be spotting if a Salesforce administrator made a configuration change that reduced security, or a user allowed a questionable third-party app access to their Office 365 account. "We've seen SaaS apps with significant problems due to interconnections," says Winckless. "These connections are going around the edge of the existing CASB.
Finally, SSE vendors have long made use of AI and machine learning, Winckless says, but now generative AI is starting to appear. The traditional use of the technology is to look for potential anomalies, such as with advanced user behavior analytics, he says.
Generative AI has the potential to expand the boundaries of how AI is used in this space. For example, generative AI can be used as part of an admin interface or a user interface to help people interact with the SSE platforms. In fact, in mid-June, Zscaler announced the use of generative AI to power a natural language interface to its products. The company said it will also use generative AI to recommend security policies and perform impact analysis and to expand data loss prevention to include video and audio files.
"There are opportunities for AI, and it’s exploding in multiple areas," says Winckless.
But it's too early yet to tell whether enterprises will find value in the technology. "There's certainly a lot of interest, but we'll see how effective it can be," Winckless says.