Demand for secure access service edge (SASE) has grown tremendously during the pandemic. As adoption picks up, vendors are promising feature-rich and integrated SASE solutions. Customers have different needs when it comes to SASE, however, and it\u2019s not always easy to understand what a SASE provider is offering.\nAs an approach, SASE combines networking and security into a scalable cloud service that fits with the remote and hybrid work models companies use today. Potential benefits include easier network and security management, flexibility to scale up or down as business needs require, and lower costs.\nFunctionally, the five main pillars of SASE are SD-WAN, firewall-as-a-service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA).\nMany SASE vendors don\u2019t yet have the full stack of features, and some partner with other companies to fill the gaps.\nThe SASE vendor-selection process is complicated further by the fact that vendors are differentiating themselves by promising additional capabilities such as remote browser isolation, data loss prevention, AI and machine-learning integration to automate IT functions, self-healing for improved operational efficiency, and IoT security.\nGiven the wide range of SASE capabilities, some industry watchers are predicting SASE adoption paths will prioritize either networking or security functions, depending on an enterprise\u2019s most pressing requirements.\nAccording to Gartner, instead of using multiple vendors to get cloud-delivered SWG, CASB, ZTNA, and FWaaS, 30% of enterprises will use a single vendor by 2024, up from less than 5% in 2020.\nThe security side of SASE, which includes CASB, SWG, and ZTNA, has seen the most adoption lately, since that\u2019s the biggest pain point for many enterprises. As a result, Gartner has split security out into its own category, which it calls security service edge (SSE).\nThe research firm expects to see SSE bundles gain in enterprise interest. For example, by 2025, instead of choosing a dedicated vendor for ZTNA, 70% of organizations will choose an SSE provider instead, says Gartner, up from 20% in 2021.\nThe transition to get the full SASE stack from a single vendor will take longer, says Charlie Winckless, senior research director at Gartner.\n\u201cI think that SSE is growing extremely fast as organizations try to tackle employees that are now everywhere \u2013 and nobody wants to bring everything back to a data center and then push it back out to the cloud again,\u201d Winckless says. \u201cWe really see the SSE market converting to a market much faster than the overall SASE.\u201d\nPros and cons of single-vendor SASE\nFull-stack SASE vendors offer a solution where all five key SASE technologies are available from a single company, which could result in better integration \u2013 but not all vendors offer all the SASE pieces.\nSASE vendors tend to start out either with a network or with a security focus, says Mauricio Sanchez, research director for network security, SASE, and SD-WAN at market research firm Dell\u2019Oro Group. And SASE customers also tend to break down the same way, he says. Networking and security teams have different criteria for their vendors, different purchasing timelines, and different budgets.\nSingle-vendor SASE is more appealing to mid-market and smaller enterprises because they have fewer staff and might not have separate network and security teams, Sanchez says. \u201cIt\u2019s a small team that has multiple roles, and so they\u2019re looking to press that easier button.\u201d\nGetting everything from one vendor means that you\u2019re not always getting the best-of-breed product for each service. In addition, some enterprises are worrying about putting all of their eggs in one basket. \u201cClients doing that have to be extremely careful that they\u2019re not getting substandard products on either the SD-WAN or especially on the SSE side from those vendors,\u201d Winckless says.\nThe biggest marketing message of single-vendor SASE \u2013 tight integration \u2013 isn\u2019t always all that it\u2019s cracked up to be, Winckless warns. Since it\u2019s still early, many full-stack SASE vendors have bought other companies in order to fill gaps, and they may not have fully integrated the tools yet. \u201cIntegration is hard,\u201d he says.\nSometimes, he adds, vendors that partner to get the full SASE stack might wind up with better integrations.\nSIngle-vendor SASE providers\nWhether looking for single-stack or vendors with strengths in particular areas, there\u2019s a lot of choice when it comes to SASE.\nDell\u2019Oro Group listed 35 SASE vendors in its September report.\nGartner lists 11 SASE vendors and nine honorable mentions in their SSE Magic Quadrant, and 15 in the WAN Edge Magic Quadrant, with three vendors appearing on both lists \u2014 Versa, Cisco and Palo Alto Networks. In June, Gartner released a report that listed eight full-stack SASE vendors. The five other companies are Cato Networks, Forcepoint, Open Systems, Fortinet, and Citrix.\nThe following are full-stack vendors with the strongest features sets, industry adoption, and analyst evaluations.\nCato Networks\nThe Cato SASE Cloud is built from the ground up, and with the addition of CASB in February, is now a full stack offering. Data loss and remote browser isolation will be added later this year.\nCato\u2019s SASE cloud has a global private backbone with over 70 points of presence worldwide that Cato owns and has control over. Cato also offers managed detection and response which can be activated and used immediately.\nThe redesigned self-service Cato Management Application, announced in December, has functionalities for controlling the entire service through a single dashboard.\nCisco\nCisco\u2019s approach to SASE combines network, security, and observability capabilities into a single cloud-managed offering. in recent months, Cisco added features including the ability to support remote browser isolation, data loss prevention, and cloud malware detection.\nAccording to IDC, Cisco leads the SD-WAN market with 37% market share, and it was determined to be the overall SASE leader in revenue share for 2021 by Dell\u2019Oro Group.\nCisco shows up frequently on Gartner clients\u2019 shortlists for SSE, and clients liked the affordability and ease of use of its entry-level SSE offerings. However, some reported it\u2019s difficult to understand what\u2019s required to gain complete SSE functionality from Cisco.\nCisco\u2019s SD-WAN revenue comes from internal development as well as a series of acquisitions including Meraki in 2012, Viptela in 2017, Duo Security in 2018, and ThousandEyes in 2020.\nForcepoint\nForcepoint recently launched Forcepoint ONE, its new all-in-one SSE built on AWS\u2019 Hyperscaler platform, offering 300 points of presence around the world, says Jim Fulton, vice president of product marketing at Forcepoint.\nThe company offers integrated cloud data loss prevention and remote browser isolation at no extra cost to customers.\nForcepoint acquired SSE company Bitglass in late 2021 and acquired remote browser isolation company Cyberinc in May 2021 for its remote browser isolation solution.\nFortinet\nFortinet is a leader in Gartner\u2019s Magic Quadrant for WAN Edge Infrastructure.\nFortinet acquired the startup Opaq in 2020 as part of its pivot from SD-WAN to SASE.\u00a0Fortinet introduced its integrated SASE solution, FortiSASE, after the acquisition, and it includes FWaaS, SWG, ZTNA, next generation firewall, data loss prevention, and an intrusion prevention system.\nGartner says\u00a0Fortinet's FortiSASE platform is largely unproven in the market but also says the company has high customer experience scores.\nOpen Systems\nOpen Systems\u2019 SASE+ includes the full stack as a combination of in-house, partners, and open-source components.\nThe company has 187 customers with a total presence in 184 countries and a CAGR of 15% over the last five years. Open Systems focuses on multinational small and medium-sized enterprises with 1,000 to 10,000 employees.\nIn the future, the company plans to offer self-service features, a simpler user authentication process, advanced phishing protection with an integrated AI-based engine, and ZTNA browser-based access to SaaS applications.\nPalo Alto Networks\nPalo Alto appears more frequently than many other vendors on client shortlists, according to Gartner, though client feedback indicates that it can be expensive and confusing to achieve full SSE functionality.\nIn a January report by identity and access management company Okta, Palo Alto was the most-used remote access solution.\nIn 2021, Palo Alto introduced new CASB features including zero-day protection. It also released ION 1200 which gives organizations the ability to deliver 5G WAN to branch networks as part of the Prisma SASE solution, and added AIOps capabilities using machine learning and analytics to automate IT operations and provide real-time analysis and detection of IT issues.\nPalo Alto also recently introduced new Prisma SASE enhancements for managed service providers aimed to simplify management and support SASE services for customers.\nVersa Networks\nIn March 2021, a report by analyst firm EMA identified Versa SASE as having the most SASE-supported functions.\nVersa is a leader in The 2021 Magic Quadrant for WAN Edge Infrastructure and a niche player in the 2022 Magic Quadrant for Security Service Edge.\nAccording to Gartner, even though it offers all SASE functions, Versa appeals primarily to existing SD-WAN customers, but the company says it\u2019s seeing particular interest from new customers who need support in real time applications such as video, unified communications, and real time IoT.\nVersa\u2019s SASE offering includes secure SD-WAN, ZTNA, SWG, CASB, FWaaS, and remote browser isolation. Versa also has multi cloud support and is investing in 5G and IoT security.\nVersa has some major customers, including BP and Capital One. \u201cWe are over 90 regions, over 90 PoPs, and that\u2019s growing,\u201d says Michael Wood, chief marketing officer at Versa. \u201cI think this year we\u2019ll get to 100 if not over.\u201d\nVersa is available as a cloud service where enterprises can operate, manage, and host their own private Versa Cloud Gateways wherever they want.\nVMware\nVMware SASE is developed in-house and includes SD-WAN, ZTNA, CASB, FWaaS, and SWG.\nIn addition to the standard SASE features, VMware offers data loss prevention, URL filtering, and remote browser isolation. VMware is a leader in Gartner\u2019s Magic Quadrant for WAN Edge Infrastructure. It\u2019s VMware\u2019s Cloud Web Security service has about 150 points of presence globally.\nVMware says it also works with third-party vendors for those customers who wish to get some parts of the SASE stack elsewhere.\nFor example, VMware offers enhanced integration with Zscaler to make it easy to deploy and manage a joint VMware-Zscaler SASE solution, says Abe Ankumah, vice president of product management for VMware SASE.\nPartial-stack SASE vendors\nMany large enterprises are focused on a dual-vendor SASE solution, and they don\u2019t necessarily want or need one provider for everything.\nSome partial-stack vendors offer a stronger networking product, some offer better security features, and separate teams within a large company can pick their vendors based on those strengths.\nNetskope and Zcaler are top picks for customers looking for a dual-vendor solution from the security side, says Gartner\u2019s Winckless.\nAkamai\nBest known as a content delivery network provider, Akamai has around 4,200 PoPs and 365,000 servers in more than 135 countries and over 1,350 networks around the world. Its security offerings include ZTNA, SWG, CASB, multi-factor authentication, network access control, and web application and API protection.\nAkamai plans to launch a FWaaS offering in the near future. Akamai purchased micro-segmentation company Guardicore in late 2021 to extend its zero-trust security portfolio to fight malware and ransomware.\nAkamai doesn\u2019t provide SD-WAN solutions, but says its products integrate with leading SD-WAN vendors\u2019 infrastructure.\nBarracuda Networks\nThrough its CloudGen WAN and CloudGen Access platform, Barracuda offers four of the five core SASE components: FWaaS, SD-WAN, ZTNA, and SWG. It\u2019s missing a dedicated CASB piece, but the company says that a lot of the CASB functionality is already in place. The company\u2019s SASE platform also includes malware scanning, content filtering, DDoS protection, and an intrusion prevention system.\nBarracuda says that its core technology stack was developed in-house while specialized technologies like forward error correction were purchased from partners. The company says it\u2019s working on a full set of web application and API-protection services that will also be integrated into its SASE platform.\nBarracuda\u2019s SASE platform boasts a tight integration with Microsoft Azure. Barracuda provides private SASE services in Azure and uses Azure\u2019s global network as a connectivity backbone.\nThe company focuses on mid-size enterprises and managed service providers. But despite Barracuda claiming to have more than 200,000 customers, Gartner says the company has low visibility in the SASE market, which will limit its ability to grow.\nCloudflare\nCloudflare began as a content delivery network provider. Today, its Cloudflare One solution offers ZTNA, SWG, and FWaaS along with remote browser isolation, DNS filtering, DDoS protection and other threat and data protections using a single management interface.\nCloudflare acquired Vectrix, a CASB company, in February and it partnered with VMware, Aruba, and Infovista for the SD-WAN piece in 2021.\niboss\niboss offers a containerized zero-trust service that's deployed in more than 100 PoPs globally. It provides SWG, CASB, ZTNA, FWaaS, remote browser isolation, anti-malware, and anti-phishing features. It doesn\u2019t offer SD-WAN but says it integrates with all major SD-WAN solutions.\nAccording to the company, its zero trust platform differs from that of other vendors because it covers both Internet-facing and internal network edges with the same security edge, while other companies have different edges for Internet and private connections, resulting in different levels of protection and visibility.\nGartner says iboss SASE customers automatically receive a license for the ZTNA product, instead of having to pay separately for the zero-trust feature. That makes the pricing more attractive and increases the overall value of the iboss SASE platform.\nLookout\nGartner says Lookout appears less frequently on shortlists but has strong data security capabilities and a strong sales strategy for a relatively small vendor.\nLookout\u2019s SASE offering is called Lookout Security Platform, and the company partners with HPE, VMware, and Versa for its SD-WAN.\nThe Lookout Security Platform has CASB, ZTNA, SWG, user and entity behavior analytics, data loss prevention, and enterprise digital rights management. FWaaS is not offered.\nNetskope\nNetskope is considered a leader in Gartner\u2019s Magic Quadrant for SSE and appears frequently on clients\u2019 shortlists. Netskope\u2019s SASE offering is called the Netskope Intelligent Security Service Edge.\nNetskope Intelligent SSE offers security components including SWG, CASB, ZTNA, cloud security posture management, FWaaS, data loss prevention, and user and entity behavior analytics. SaaS security posture management and remote browser isolation were also introduced in the last year.\nNetskope doesn\u2019t offer SD-WAN, but it says it can integrate seamlessly with SD-WAN technologies.\nPerimeter 81\nPerimeter 81\u2019s SASE product, the Cybersecurity Experience Platform, was developed in-house and includes ZTNA, FWaaS, and SWG. CASB is in their product roadmap. The company has over 2,200 customers, over 40 global points of presence, and its growth has been 400% year over year.\nPerimeter 81\u2019s cloud-delivered ZTNA was recently recognized by Forrester as a zero trust leader. The analyst firm called it the best option for smaller enterprises that need a ZTNA service because they can sign up quickly and onboard dozens of applications in less than a month using its self-service portal.\nZscaler\nZscaler is a leader in Gartner\u2019s Magic Quadrant for SSE and is frequently seen on shortlists. In the past year it\u2019s improved its CASB offering by introducing API integrations with more SaaS applications, integrating remote browser isolation, and improving data security features.\nZscaler offers SWG, CASB, FWaaS, and ZTNA and has a global presence through more than 150 of its data centers. Gartner estimates that it has a large share of the market for cloud-based SWGs and ZTNA.\nThe company is missing the SD-WAN piece but offers it through partners including Silver Peak, Viptela, and VMware. According to Gartner, it has stronger partnerships with tighter integrations than other vendor.