SASE: The Single-Vendor Approach and the Managed Services Model Remain a Minority

Eight vendors were ranked in 2023, nine last year, eleven this time: the single-vendor SASE Magic Quadrant is expanding.

Gartner estimates that about ten other players have on their roadmaps solutions likely to meet the inclusion criteria. Among them are possibly Aryaka, Barracuda, Ericsson, Huawei and iboss. All five nevertheless receive an “honorable mention,” rather than appearing in the Magic Quadrant for now.

The range of offerings covered here remains minority: the trend is still clearly toward sourcing networking (SD-WAN) and security (SSE) building blocks from separate vendors. As for the managed SASE model, interest is limited, particularly compared with managed SD-WAN.

The interest in the universal zero-trust (zero trust in practice) (UZTNA, applied to campus and branch environments as well as remote users) is, on the contrary, rising. The same goes for options concerning data sovereignty and infrastructure.

11 vendors, 4 “leaders”

The execution axis of the Magic Quadrant reflects the ability to effectively meet demand. The ranked vendors are positioned as follows:

The situation on the “Vision” axis (focused on strategies) is as follows :

Complex and high pricing—or both

From one year to the next, the circle of “leaders” widened: Fortinet joined Cato Networks, Netskope and Palo Alto Networks.

Only one vendor is credited with a favorable note on pricing: Fortinet, deemed “competitive,” even though its two-tier pricing for PoPs can create confusion.
The assessment is less favorable for Netskope (pricing more complex than for other vendors), Palo Alto Networks (higher), and Cato Networks (both more complex and more expensive).

Gaps in on-prem security

Remarks regarding on-prem security are also rather negative. Cato Networks, in particular, lacks an IPS (intrusion prevention system) and content filtering capabilities. At Palo Alto, the ION appliances do not measure up to the autonomous PAN-OS firewall.

Fortinet is singled out for its handling of private applications. Reason: its system involves permanently exposing a port to the Internet, increasing security risks.

Cato Networks and Netskope, distinguished for customer experience and innovation

In terms of customer experience, Cato Networks and Netskope outperform the average; Fortinet trails behind.

Cato Networks and Netskope also stand out for innovation. The former for its agentic AI roadmap, which “should shape the market,” and the latter for its plans around post-quantum cryptography and extending SASE to AI agents.

The Palo Alto secure enterprise browser is unlikely to disrupt the market

Viewed against its current offering, Palo Alto’s solution appears robust, both for SD-WAN and SSE. Gartner also praises the company’s ability to respond to needs in a timely manner and its financial viability.
However, it is unlikely that its secure enterprise browser (Prisma Access Browser) will reshape the market.

Netskope lacks SD-WAN experience

Gartner doubts Netskope’s financial viability, citing limited information provided, and notes a lack of SD-WAN experience, the business historically focusing on security.
Still, a strong point for product strategy: current and planned improvements align with needs for both networking and security.

Fortinet has room to improve on customer experience…

Not praised for on-prem security or customer experience, Fortinet is nonetheless viewed as viable above average (mainly financially) and for its product strategy (planned improvements in generative AI, post-quantum cryptography, and universal ZTNA).

… and Cato Networks on sovereignty

Beyond the above elements, Cato Networks benefits from an effective marketing approach aimed at large enterprises. Its capacity to assist with sovereignty requirements, particularly regarding log storage, is less evident.