Secure Access Service Edge (SASE) helps enterprises securely connect today's workforce, which may be in a main office, branch office, mobile, or working from home. There are many offerings on the market today. Here is our compilation of the top SASE vendors to consider.
Why Choose a SASE Vendor?
No matter where a person, device, or site is located, SASE helps provide connectivity services while layering on advanced security services, including Zero Trust capabilities.
An enterprise may take a do-it-yourself approach to implementing SASE, but the complexity is often too much to handle. It involves integrating numerous SASE components that combine Secure Service Edge and WAN Edge Services. Most enterprises do not have the required expertise in all areas. Even if they do, the drain on resources diverts staff and budget from core business functions.
As a result, most enterprises are turning to SASE vendors to build, deliver, and manage services. One sticking point is that the term SASE vendor is a bit ill-defined. A SASE vendor might be a traditional WAN and remote connectivity services provider that has bundled cloud-based security offerings into one solution. Or it might be a traditional WAN security solution provider (e.g., a firewall, secure web gateway, cloud-access security broker, or VPN supplier) that makes its offerings available with a WAN services partner. Or it can be anything in between.
The best SASE vendors for 2023 / 2024
Here we provide some very basic information about the leading SASE vendors and the top SASE offerings so you can assess what is available. (The list is alphabetical, so there is no ranking.)
But note: There are many companies in the market that say they are SASE vendors because they have one or two essential elements for a complete SASE solution. So, we do not have every company that claims to be a SASE vendor. We selected the following companies as representatives of the best in the market. If you disagree, we’d love to hear from you. Email us at [email protected].
One more thing before we get into our brief list of vendors, SASE technology can be quite complex, and there is a wide range of SASE vendors available. For guidance on how to select the right one for your organization, visit our article, What to Consider When Choosing a SASE Vendor.
Barracuda Networks has been a long-time provider of cloud-first security solutions. Over recent years, it has bolstered these offerings to provide a platform called Barracuda SecureEdge, a SASE solution for secure hybrid and remote work.
Barracuda SecureEdge combines a secure SD-WAN, Firewall-as-a-Service, Zero Trust Network Access, and Secure Web Gateway capabilities. It is a single-vendor enterprise security solution. The offering is delivered as a service. Enterprises can use it to securely connect users, sites, and IoT devices. Beyond connecting devices, the solution can be used to secure applications and cloud/hybrid environments.
There are additional security capabilities for remote users, including Zero Trust enforcement, URL filtering, and traffic optimization.
Cato Networks was one of the first providers to embrace SASE. Its Cato SASE Cloud combines SD-WAN with a full complement of cloud security features. It has a global backbone to deliver those services.
Cato’s cloud-native security stack, SSE 360, bundles capabilities, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), Zero Trust Network Access (ZTNA/SDP), and Firewall as a Service (FWaaS) with Advanced Threat Prevention (IPS, Next Generation Anti-malware). Additionally, Cato SASE Cloud lets users connect via zero-trust network access to on-premises and cloud applications.
Cisco has been synonymous with internetworking for decades. Over the years, it has expanded into remote access and security. It offers a SASE-as-a-service solution called Cisco+ Secure Connect. The solution can be used to secure remote workers accessing corporate and cloud resources, as well as the enterprise edge.
The solution integrates client-based and clientless remote worker access, native Cisco Meraki SD-WAN connectivity, and cloud-based security capabilities with Zero-Trust Network Access (ZTNA).
There are currently two packages: Cisco+ Secure Connect Essentials and Cisco+ Secure Connect Advantage. The latter offers enhanced security capabilities, including Layer 7 cloud-delivered firewall + IPS, inline data loss prevention, cloud malware detection, and malware analytics.
Citrix has long been known for its remote access solutions. It now offers a secure access solution, which provides a unified stack of cloud-delivered services. These services can be used to support today’s hybrid work environment. Specifically, Citrix combines unified, secure access and a zero-trust approach to secure application access.
The Citrix solution offers the ability to secure applications from unauthorized access, application-level threats, browser-based attacks, and more. Additionally, the secure access solution from Citrix ensures users can securely access applications no matter where they work. It makes of zero trust network access technology.
Cloudflare is perhaps best known for its content delivery network and DDoS mitigation services. Its SASE offering, Cloudflare One, is a Zero Trust network-as-a-service platform that allows IT to dynamically connect users to enterprise resources, with identity-based security controls delivered close to users, wherever they are.
The solution combines network connectivity services with Zero Trust security services on a purpose-built global network. The offering includes support for Zero Trust network access (ZTNA), Cloud access security broker (CASB), Secure Web Gateway (SWG), and Firewall as a Service (FaaS).
Additionally, Cloudflare One provides WAN-as-a-Service through partnerships with SD-WAN vendors. The service lets an enterprise directly connect data centers and branch offices with Cloudflare Network Interconnect (CNI) to increase reliability and improve performance.
Fortinet has long been known for its cybersecurity offerings, selling security solutions like firewalls, endpoint security, and intrusion detection systems. It has complemented those offerings with a single-vendor SASE solution called FortiSASE.
FortiSASE provides cloud-delivered security and networking for remote users. It offers a full set of networking and security capabilities, including SWG, Universal ZTNA, CASB, FWaaS, and secure SD-WAN integration—all managed with one UI.
FortiSASE lets enterprises choose to perform security with local FortiGate (the company’s firewall offering) or connect branch offices to FortiSASE for security inspection in the cloud through FortiGate NGFW and Fortinet Secure SD-WAN.
Juniper Networks is known for network infrastructure solutions, including routing and switching solutions. For SASE, it offers the Juniper Secure Access Service Edge (SASE) that allows users, wherever they are working, to securely connect to applications via zero trust access.
Additionally, Juniper offers cloud-based SASE using a full-stack Security Service Edge (SSE) and SD-WAN capabilities.
Netskope is known for its cloud security offerings that include a VPN solution and the use of Zero Trust principles to protect data. Its Netskope SASE solution combines Netskope's Intelligent SSE with its Borderless WAN to provide a single-vendor SASE solution.
Additionally, enterprises can invoke Netskope Intelligent SSE services like NG-SWG, FWaaS, and more or insert on-premises security services like Firewall and IPS/IDS for east-west traffic.
Palo Alto Networks
Palo Alto Networks is known as a cybersecurity company. Its core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security.
Its SASE offering is Prisma Access, which provides a unified platform that consolidates security products into a single networking and security stack. The solution can be used to secure all apps used by a hybrid workforce, regardless of whether users are. It makes use of ZTNA 2.0 to secure access to resources and protect application data and traffic. Additionally, Prisma SASE extends Zero Trust to branch locations with Prisma SD-WAN.
Perimeter 81 is known for cloud-based security offerings, including cloud-based remote access, VPN, secure web gateways, Zero Trust solutions, and more. Its SASE platform combines network and security functions into one unified network security service solution.
The company has focused on Security Service Edge (SSE) and Zero Trust Network Access (ZTNA) technologies to help enterprises transform their network security strategies and replace legacy solutions that do not meet the security needs of businesses anymore.
The SASE includes FaaS, CASB, SWG, and more. The company also offers a Zero Trust NaaS solution.
Zscaler is known for its Zero Trust solutions. It has leveraged those capabilities for its SASE offering.
Security is built into the core of the platform. From secure web gateway (SWG) to cloud access security broker (CASB) and zero trust network access (ZTNA), all connections are inspected regardless of user, endpoint, app, or encryption.
These technologies are integrated and used in its Zscaler Zero Trust Exchange, which is a cloud-native SASE platform. Enterprises can use the solution to secure sites, applications, and users globally.
Other SASE companies to consider
Given the great enterprise interest in SASE, many other companies have a role to play in the market. For example, an enterprise that has worked with a vendor offering remote access or security solutions or services might turn to that company for SASE help even if the vendor does not offer a formal SASE solution. Additionally, some vendors might fit into the SASE framework yet not tout their offering as SASE.
Regardless of the situation, there are companies like Forcepoint, Versa, VMware, and more that can play a significant role in meeting the combined networking and security requirements of different enterprises.
The Top SASE Vendors: Key Takeaways
The most important point when it comes to teaming with a top SASE vendor is that the companies in the market offer a wide array of services and solutions. Some of the vendors deliver a complete and managed SASE service. These offerings are often called single-vendor SASE solutions. Others supply either critical SD-WAN or cloud-based security solutions and then, in turn, team with a vendor or provider that complements their offering to build a complete SASE solution.
Given this breakdown of the market, it is no surprise to see that companies considered to be top SASE vendors are very familiar. On the provider side, some, like Cato Networks, have been focused on secure SD-WAN for many years. On the solutions side, you see all the established network and remote access security vendors like Cisco, Fortinet, Zscaler, and more.