GigaOm Radar for Secure Access Service Edge (SASE)v1.0

1. Executive Summary

Secure access service edge (SASE) is a security framework that converges network security functions with wide area networking (WAN) capabilities to support the dynamic, secure access needs of organizations. Delivered primarily as a cloud-native service, SASE enables organizations to apply consistent security policies and network management across all users and devices, irrespective of location, providing a robust security posture.

Supporting branch office, on-premises, and remote worker secure access use cases, SASE’s major components are: a cloud access security broker (CASB), firewall as a service (FWaaS), secure web gateways (SWG), software-defined WAN (SD-WAN), and zero-trust network access (ZTNA). SASE’s cloud-native stack applies security and compliance policies in real time, integrating and centralizing management of services in a cloud-based platform to deliver agility, cost efficiency, and scalability.

While some vendors offer the full stack of features, some partner with other companies to fill the gaps. With each bringing their unique expertise and capabilities to the SASE framework, vendors offering SASE solutions come from various segments of the IT industry, including:

• Networking and SD-WAN vendors integrating security features into their networking platforms.
• Security vendors expanding their portfolios to include network solutions under the SASE umbrella.
• Cloud service providers integrating networking and security services into their cloud platforms.
• Emerging vendors developing cloud-native SASE solutions from the ground up.
• Telecommunications companies offering integrated network and security solutions.

Vendors provide a variety of single-vendor, hybrid (combining SASE capabilities with existing networking or security solutions), or multivendor SASE solutions integrating various network and security services and offering different levels of control, security, and flexibility to cater to the diverse needs of organizations. Each solution has unique features and capabilities, with the best choice depending on the specific requirements and preferences of an organization.

While the choice between single-vendor and multivendor SASE depends on an organization’s particular needs and circumstances, single-vendor SASE solutions provide simplified management and enhanced security outcomes via a unified approach. On the other hand, multivendor SASE solutions often provide best-of-breed capabilities, risk diversification, and a more flexible approach to securing diverse network environments. For the purpose of this report, we are considering only single-vendor SASE solutions with support for interim hybrid deployments.

This is our first year evaluating the SASE space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 18 of the top SASE solutions in the market and compares offerings against the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the category and its underlying technology, identify leading SASE offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.