Report:

Magic Quadrant for Single-Vendor SASE

How does Gartner define the Single-Vendor SASE market in 2024?

Gartner defines single-vendor secure access service edge (SASE) offerings as those that deliver multiple converged-network and security-as-a-service capabilities, such as software-defined wide-area network (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling and zero trust network access (ZTNA). These offerings use a cloud-centric architecture and are delivered by one vendor. SASE securely connects users and devices with applications. It supports branch office, remote worker and on-premises general internet security, private application access and cloud service consumption use cases.

Key Facts for Magic Quadrant for Single-Vendor SASE in 2024

• Publication Date: 03-Jul-2024
• Document ID: G00800940
• Coverage: Global
• Authors: Andrew Lerner, Neil MacDonald
• Core Purpose: To help I&O leaders responsible for networking work with their security colleagues and cut through marketing hype when selecting single-vendor SASE vendors by evaluating vendors' ability to execute and completeness of vision in this dynamic market.

Strategic Planning Assumptions

• By 2027, 65% of new SD-WAN purchases will be part of a single-vendor SASE offering, an increase from 20% in 2024

How was the Single-Vendor SASE market evolved in 2024?

• The single-vendor SASE market remains dynamic with more viable vendors and offerings now available
• Nine vendors qualified for this research with three Leaders (Cato Networks, Netskope, Palo Alto Networks), two Challengers (Fortinet, Versa Networks), one Visionary (Cisco), and three Niche Players (Cloudflare, Forcepoint, HPE)
• Over 10,000 organizations are using a vendor's primary single-vendor SASE offering
• Client interest in single-vendor SASE has more than doubled year over year
• Multiple vendors now have single-vendor SASE offerings but few offer required breadth and depth with full integration
• Market includes must-have capabilities: secure web access via proxy, in-line SaaS visibility and access controls, identity-based secure remote access to private applications, dynamic traffic steering, firewalling, and centralized management
• Buyers increasingly prefer unified offerings with single management console, agent, policy engine, and data lake
• Digital experience monitoring has moved from optional to expected capability
• GenAI enhancement within vendor consoles has been a rapid area of innovation over the past 12 months
• ZTNA is transitioning from remote-only to Universal ZTNA for users regardless of location

What product features are required to be included in this year's evaluation?

• Secure web access via proxy
• In-line SaaS visibility and access controls
• Identity-, context- and policy-based secure remote access to private applications
• A branch appliance that supports dynamic traffic steering out of multiple physical, locally attached WAN interfaces, with steering based on applications (not just IPs/ports)
• Firewalling to secure traffic bidirectionally across networks
• Centralized management that covers all of the above capabilities of the offering (with both GUI and API) enabling visibility, troubleshooting, reporting and enables granular configuration and policy changes

What are the common features of top products in the Single-Vendor SASE space?

• Unified management delivered by a single console covering all capabilities of the offering (with GUI and API) enabling visibility, troubleshooting, reporting, and enabling granular configuration and policy changes
• The ability to secure end-user browsing via RBI or a secure enterprise browser
• Sensitive data visibility and control

Scope Exclusions

• Vendor is exiting the market or ceasing sales of the product
• Vendor is ceasing development of new features
• Offering is a collection of individual products without native integration
• Vendor requires three or more management consoles to operate enterprise SASE offering
• Vendor unable to provide single-support experience to customers
• Vendor relies on other product vendors to deliver majority of SASE functionality
• Vendor only delivers offering as a managed service

Inclusion Criteria

Vendors must, among other requirements:

• Generally available single-vendor SASE offering as of 1 March 2024
• Commercial support and maintenance (24/7) for multiple continents
• Active participation in enterprise SASE market
• Secure web access via proxy
• In-line SaaS visibility and access controls for at least three SaaS enterprise suites
• Identity- and context-based secure remote access to private applications (ZTNA)
• Firewall capability for bidirectional traffic security
• Branch appliance with dynamic traffic steering across multiple WAN interfaces
• Sensitive data inspection policies via in-line network data inspection
• Endpoint software agent for SASE connectivity
• Centralized management with GUI and API
• Customer ability to directly manage and administer full offering (DIY)
• Single-pass scanning for malware/sensitive data
• Single sign-on (SSO) integration with third-party identity providers
• POP infrastructure in 15 distinct geographic metropolitan cities across at least two continents
• At least 250 unique enterprise customers OR 75 new customers OR 75 large enterprise customers

Ability to Execute — Relative Weighting

• Product or Service - High
• Overall Viability - High
• Sales Execution/Pricing - Medium
• Market Responsiveness/Record - Medium
• Marketing Execution - Medium
• Customer Experience - High
• Operations - NotRated

Completeness of Vision — Relative Weighting

• Market Understanding - Medium
• Marketing Strategy - Low
• Sales Strategy - Medium
• Offering (Product) Strategy - High
• Business Model - NotRated
• Vertical/Industry Strategy - NotRated
• Innovation - High
• Geographic Strategy - Low

Reference

• Gartner, Magic Quadrant for Single-Vendor SASE, 03-Jul-2024, ID G00800940

View Leaders
View Vendor Movements