Inventory: 11 foreign SASE vendors

SASE (Secure Access Service Edge) is a networking technology that combines WAN functions with network security functions such as SWG, CASB, FWaaS and ZTNA. It can help IT teams optimize access performance, reduce operational complexity, and enhance security posture globally.

[[431386]]

Secure Service Access Edge (SASE)

The SASE cloud architecture provides a single network connection and protects all enterprise resources, including physical resources, cloud resources, and mobile resources. An ideal SASE solution should be identity-driven, cloud-native, and support all edges and global distribution.

Netskope's research shows that by 2024, at least 40% of enterprises are expected to have a clear strategy for using SASE. SASE solutions will help small to large enterprises deal with security incidents such as networks, account anomalies, malware, system anomalies, policy violations, social engineering, etc., as shown in the figure below. According to MarketWatch, the global SASE market is expected to reach US$396.4 million by 2026.

In order to take advantage of the SASE platform, a cloud-native and cloud-based architecture is required. This architecture should support all edges and have PoP points distributed globally. A SASE platform with key geographic coverage can enable users to achieve high efficiency in competition and meet low latency requirements. Platforms with proxy-based capabilities can facilitate policy-based access, and some pre-built features can provide network functions such as QoS.

A few things to consider when choosing a SASE vendor:

1) The solution provided by SASE vendors should be a service that integrates network and security. The solution should be a cloud-native platform with enterprise-grade network functions (such as SD-WAN and WAN acceleration) and security services (such as FWaaS, IPS, SWG, etc.).

2) To maximize the platform benefits, the platform should be cloud-native.

3) An ideal SASE solution should have a private backbone network supported by a global SLA.

4) ZTNA is another basic requirement of SASE and a must-have feature. It can help enterprises configure access channels for applications based on cloud and mobile users, local users and resources.

5) A simple, intuitive and stable management platform will reduce the complexity of use.

Why SASE platforms require cloud-native architecture

SASE platforms fuse network and security functions with the appropriate software architecture, rather than just combining network and security features through integration tools. SASE vendors with cloud-native architectures will provide the greatest flexibility, lowest latency, and meet resource requirements.

The following diagram shows the components of a SASE platform:

Best SASE Companies Compared:

Let’s review all of the SASE vendors listed below.

1. Cato SASE

Cato SASE Cloud is a globally converged cloud-native service. It connects all branches, clouds, people, and data centers. It supports gradual deployment to replace or expand previous network services and security point solutions. It provides end-to-end routing optimization for WAN and cloud traffic.

Function:

• Cato SASE Cloud has a self-healing architecture.
• It provides features such as NG firewall, secure web gateway, advanced threat protection, cloud and mobile security.
• Includes cloud optimization, WAN optimization, and global routing optimization functions.
• Remote access (SDP / ZTNA).

The Cato management application has the ability to control the entire service. The tool helps with complete network and security policy configuration and provides detailed analysis of security events and network traffic.

Summarize:

Cato SASE has a self-healing architecture, so it can provide maximum service uptime. It has a global private backbone network of more than 65 PoP points, connected through multiple SLA-backed network providers.

website:

https://www.catonetworks.com/sase/?utm_source=software_testing&utm_medium=banner&utm_campaign=top_sase_vendors

2. Twingate

Best suited for configuring and managing enterprise-wide access controls.

Twingate is a secure remote access platform for distributed workers. Traditional, network-centric VPN approaches are old and difficult to maintain, which leaves room for security breaches. VPN solutions have issues such as public gateway exposure, lateral attack vulnerabilities, and maintenance difficulties.

Twingate provides a solution that makes the network invisible to the Internet, thereby reducing exposure to attacks. This platform has the characteristics of management availability, client availability, no public gateway, support for all applications, fast and easy deployment.

Function:

• Twingate is a cloud-based service that provides rapid implementation of modern zero-trust networks.
• IT teams will be able to easily configure software-defined perimeters without requiring infrastructure changes.
• Allow teams to centrally manage user access to a variety of internal applications, both on-premises and in the cloud.

Summarize:

Twingate is a secure, efficient, zero-trust alternative to enterprise VPNs. It is more secure and maintainable than any VPN, and is a scalable platform with minimal maintenance requirements.

website:

https://www.twingate.com/

3. Netskope

Best suited to deliver a secure platform that is data-centric, cloud-smart, and fast.

Netskope SASE is a unified solution for network and security businesses. It follows a data-centric approach so data and users are protected everywhere.

Netskope provides effective security controls for the secure use of cloud and network. It provides advanced analytics, private access, NextGen SWG, CASB, and public cloud security.

Function:

• Netskope's real-time and cloud-native security features provide enterprises with always-on security assurance.
• Its next-generation SWG is a comprehensive network security solution with advanced data and threat protection and content filtering capabilities.
• CASB is an advanced data and threat protection management for cloud applications such as Office 365.
• It provides visibility, compliance, and threat protection for critical workloads and sensitive data in AWS, Google Cloud Platform, and Microsoft Azure.

Summarize:

Netskope has solutions for cloud-native ZTNA, advanced analytics, next-generation SWG, CASB, and public cloud security.

website:

https://www.netskope.com/what-is-sase

4. Zscaler

Provide the best security services.

Zscaler provides a SASE platform for cloud and mobile. Zscaler Internet Access protects users from threats and data breaches. Zscaler Private Access allows authorized access to applications and data for protection.

Zscaler business-to-business has the ability to protect access to B2B applications.

To provide optimal bandwidth and low latency, Zscaler delivers security and policy solutions from more than one hundred and fifty locations.

Function:

• Zscaler has a proxy-based architecture that allows it to fully inspect encrypted traffic.
• ZTNA provides native application segmentation by limiting access.
• Stop targeted attacks with a zero attack surface that prevents source networks and identities from being exposed to the internet.
• It has a local, multi-tenant cloud architecture that can provide dynamic expansion as needed.

Summarize:

Zscaler's automated cloud-delivered service is easy to deploy and manage, and is a scalable platform.

website:

https://www.zscaler.com/products/secure-access-service-edge

5. Barracuda Networks

Best solutions for security, application delivery, and data protection.

Barracuda CloudGen Access is a cloud-native platform that provides enterprises with secure access to SaaS applications, internal applications, and devices. It is a device-agnostic solution. It provides device security through an agent without access to the device. Most of the computation, logic, and protection are performed on the device.

Function:

• Barracuda CloudGen Access features protection against phishing and other malware domains through a secure gateway that resides on the device.
• Access proxies integrated with identity provide secure access to internal applications. These proxies are powered by a zero trust strategy.
• To enforce policies, it performs continuous verification of user identities and devices, while also continuously authenticating applications.

in conclusion:

The Barracuda SASE solution will provide seamless, consistent, secure network access that is easy to deploy and manage, with the ability to protect critical data and applications.

website:

https://www.barracuda.com/

6. VMware

Best suited for reliable application delivery to mobile clients.

VMware provides a cloud-native SASE architecture that combines and delivers multiple solutions such as SD-WAN gateways, VMware secure access, ZTNA solutions, SWG, CASB, and VMware NSX firewalls through PoP points.

Function:

• VMware has features that enable enterprise-wide cloud strategies, expand new operating models, migrate workloads to the cloud, and can help address a variety of use cases related to cloud resources.
• It has the capability to protect distributed users and applications from internal and external threats at all levels: network, data, application, and user.
• It enables users to provide reliable application delivery to mobile clients, campuses, etc. even under poor network conditions.

Summarize:

VMware provides network and security services for branch edge, IoT devices, campus and mobile users. Use this solution to gain the agility and operational simplicity to build and scale a new global WAN.

website:

https://www.vmware.com/content/microsites/sase/home.html

7. Perimeter 81

Best suited for simple transition to cloud environments and comprehensive visibility.

The Perimeter 81 SASE platform is a unified network security service solution that integrates network and security functions. It provides solutions for zero-trust application access, zero-trust network access, software-defined perimeters, and business virtual private network solutions. It is suitable for both small and medium-sized enterprises.

It can be used in various scenarios such as unified cloud management, zero-trust NaaS, firewall as a service, cloud sandbox, DNS security, SaaS security, endpoint security, endpoint compliance, etc.

Function:

• Zero Trust Application Access provides features such as fully auditable access, advanced threat protection, inspection and logging of all traffic, high-performance design, comprehensive API integration, and least privilege access control.
• Its zero-trust network solution provides multi-region deployment, precise split tunneling, point-to-point interconnection, policy-based segmentation, built-in two-factor authentication, network auditing and monitoring, and other capabilities.
• To protect networks and critical assets from external threats, Perimeter 81 provides an SDP (Software Defined Perimeter) solution with features such as adaptability, global access, precise segmentation, and secure encryption.
• It also provides enterprises with the next generation of secure virtual private network solutions.

Summarize:

Perimeter 81 has basic features for securing and managing networks, advanced features for all businesses, and security features for enterprises. The cloud management platform features dedicated global gateways, fast and easy network deployment, policy-based segmentation, and more.

website:

https://www.perimeter81.com/

8. Fortinet

Best suited for consistent protection of dynamic and distributed networks.

Fortinet SASE solution provides cloud-delivered security for distributed networks. It combines multiple features such as ZTNA, SWG, cloud-delivered NGFW, etc. It will provide consistent protection at all network edges. It has enterprise-grade security features.

FortiSASE includes various tools and features such as DLP, SWG, ZTNA, VPN, Sandboxing, IPS, DNS, etc.

Function:

• FortiSASE has the ability to automatically prevent malicious domains. It can identify these domains in real time and protect the core network.
• Its intrusion prevention system constantly monitors the network for malicious activity.
• To protect web access from internal and external risks, it has the function of SWG (Secure Web Gateway).
• It has the capability to extend zero-trust network access to remote users.

Summarize:

Fortinet offers a fully integrated set of SASE solutions with extensive security-driven networking capabilities, intuitive deployment, and management.

website:

https://www.fortinet.com/products/sase

9. PaloAlto Network

Complete, best-in-class security.

PaloAlto Prisma Access has complete cloud-delivered security. It provides best-in-class security features to protect all applications. It includes FWaaS, SWG, ADEM, ZTNA, CASB, and IoT solutions.

Function:

• FWaaS provides a complete set of security features including threat protection and URL filtering to prevent remote addresses from being compromised.
• The SWG capability leverages static analysis and machine learning to avoid threats from within the network.
• Gain full visibility with the help of Autonomous Digital Experience Management (ADEM).

Summarize:

Plato Alto Prisma Access is a single cloud-delivered platform that protects access to all applications and against all threats.

website:

https://www.paloaltonetworks.com/resources/sase

10. Akamai Enterprise Application Access

Best suited for providing secure remote access to applications.

Akamai Enterprise Application Access is a cloud architecture that closes inbound firewall ports and ensures only authorized users and devices can access internal applications. It enables these applications to remain hidden from the Internet and public networks.

It is suitable for various application scenarios, such as secure access to cloud applications, remote and third-party applications, accelerating mergers and acquisitions, replacing traditional virtual private networks, etc.

Function:

• Gain secure access to business-critical applications regardless of location and application type. It eliminates the need to provide blanket network access.
• Multiple threat signals from third-party applications, devices, and users all help to strengthen access decisions.
• It has functions such as IdP, MFA, SSO, end-to-end encryption, and load balancing.

Summarize:

Akamai provides a user- or application-centric model to provide secure access capabilities. It is built on the Akamai intelligent edge platform, so it can provide extremely high scalability. At the same time, Akamai also reduces technical complexity.

website:

https://www.akamai.com/us/en/products/security/enterprise-application-access.jsp

11. Cisco

Secure access from any address.

Cisco provides a cloud-native SASE solution with leading network and security capabilities on a single platform. It can use the existing equipment base and simplify the transformation process, making it a simple and flexible solution.

Function:

• Cisco SASE has features that simplify policy creation and management.
• It protects all users and devices at any address.
• The Cisco SASE platform provides cloud-scale architecture, simplified in-cloud security, zero-trust access, and simplicity.
• Provides flexible and optimized SD-WAN network performance.
• It has security functions such as security gateway, cloud access security agent, firewall, ZTNA, etc.

Summarize:

Cisco's SASE combines SD-WAN and VPN capabilities with security features such as secure gateways and firewalls.

website:

https://www.cisco.com/c/en/us/products/security/sase.html

in conclusion

Most of the network and security solutions available in the market are not suitable for cloud-centric, mobile-first digital enterprises. SASE vendors merge network and security functions into a cloud-native solution. This reduces costs and increases simplicity and flexibility.

SASE solutions can help companies quickly develop and deliver new products and shorten the time required to respond to changes in demand.

Hopefully, this detailed SASE vendor review, comparison, and summary article can give you a preliminary understanding of the market.