The Future of Secure Service Edge (SSE): Moving Towards Platform-Centric Solutions
It has been anticipated: according to Gartner, the Secure Service Edge (SSE) is increasingly becoming a platform-based market. This shift reflects a broader trend in the IT industry towards integrated offerings, with many market segments now being characterized by comprehensive platforms. Recently, Gartner’s analysis has highlighted this evolution across various IT market segments, with some vendors even earning recognition in dedicated Magic Quadrant reports—a testament to their broad, platform-oriented portfolios. Notably, industry areas such as primary storage, DevOps solutions, and Data & Analytics tools are now often associated with platform strategies.
The SSE market is no exception to this trend. Rather than remaining a collection of disparate features, SSE offerings are becoming more homogenized, unified under integrated platforms. Last year, Gartner observed that this was already evolving rather than undergoing a sudden revolution. Most vendors were offering single, unified management consoles that oversee a complete suite of SSE capabilities. This year, Gartner affirms that this trend continues, emphasizing a deeper maturity in the market. It notes that many of the capabilities traditionally viewed as differentiated, such as Remote Browser Isolation (RBI), Firewall-as-a-Service (FWaaS), and Data Loss Protection (DLP), are now considered commoditized. As a result, differentiation increasingly relies on specific use cases that appeal mainly to more advanced clients.
From PoPs to Zero Trust Network Access (ZTNA): A More Uniform Market
While most vendors aim to provide either integrated SD-WAN modules or consider adding them soon, most buyers continue to adopt a dual-vendor strategy. This may reflect organizational segregation between network and security teams. In terms of infrastructure deployment, the strategies are varied, ranging from physical Points of Presence (PoPs) to cloud-based solutions. Despite this variety, Gartner observes that infrastructural choices do not significantly impact end-user experiences and are generally low priorities for most clients. Nonetheless, some capabilities are now increasingly deployed on-premises, especially for disaster recovery and universal ZTNA use cases.
The functional requirements to be included in the SSE Magic Quadrant reveal the level of market convergence. In particular, access to private applications must be secured both with and without agents, supporting UDP and TCP protocols—especially on client devices running Windows, macOS, iOS, and Android. This ensures comprehensive coverage in secure application access.
Market Leaders and Evaluating Vendors
Gartner’s Magic Quadrant evaluates vendors based on two axes: “Vision,” which reflects their foresight, strategic plans, and differentiation, and “Execution,” which measures their ability to meet current market demands through customer experience, product performance, and service quality. The overall placement reflects a combination of these axes.
Regarding “Execution,” the positioning is as follows:
| Rank | Vendor | Annual Change |
|——–|——————————|————–|
| 1 | Zscaler | +2 |
| 2 | Netskope | -1 |
| 3 | Palo Alto Networks | -1 |
| 4 | Fortinet | = |
| 5 | Versa Networks | = |
| 6 | Skyhigh Security | +3 |
| 7 | Cloudflare | -1 |
| 8 | iboss | = |
| 9 | Broadcom | -2 |
On the “Vision” axis:
| Rank | Vendor | Annual Change |
|——–|——————————|————–|
| 1 | Netskope | = |
| 2 | Zscaler | +1 |
| 3 | Palo Alto Networks | -1 |
| 4 | Cloudflare | +2 |
| 5 | Fortinet | +4 |
| 6 | Skyhigh Security | -1 |
| 7 | iboss | = |
| 8 | Broadcom | = |
| 9 | Versa Networks | +1 |
Gartner concluded its latest vendor review by October 31, 2024. To qualify for inclusion, vendors were required to generate at least $40 million over the past 12 months from their SSE offerings and to support at least 500 clients with more than 1,000 seats, using at least two of the three core SSE capabilities: SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), and ZTNA (Zero Trust Network Access). These criteria eliminated some well-known vendors—such as Lookout, which received an “Honorable Mention,” along with Check Point (lacking multi-mode SaaS protection), Cisco (insufficient client base and seats), HPE (no native SaaS protection), and Microsoft (incomplete endpoint support and limited SWG capabilities).
As in previous years, the “Leaders” quadrant features Netskope, Palo Alto Networks, and Zscaler, each recognized for their comprehensive offerings and strategic vision.
Netskope: Slow to Add Advanced Features
Last year, Gartner praised Netskope for its deep understanding of the market—particularly through its product roadmap—its robust product features, especially regarding data security, and its strategic geographic positioning with well-placed PoPs, offering bandwidth parity and feature consistency across regions.
In 2024, Gartner maintains that Netskope’s market comprehension remains a strength, evidencing broad coverage of use cases and strong technical capabilities across all SSE segments. Its frequent presence in vendor shortlists underscores its market relevance. However, criticisms persist regarding the Digital Experience Management (DEM) component, which Gartner noted had been slow to integrate and improve. The licensing model also drew some concerns for being complex and difficult to interpret, alongside its higher-than-average pricing.
This year, while DEM is still mentioned, Gartner emphasizes a broader issue: Netskope’s sluggish pace in adding more advanced functionalities. Notably, the pricing complexity appears to have been alleviated, but the console’s language support remains limited to English, and targeting mid-market segments has proven ineffective.
Palo Alto Networks: High Cost and Complex Pricing
In 2024, Palo Alto Networks distinguished itself with a strong product lineup, centered on the Strata Cloud Manager platform that unifies SSE functions with on-premise firewalls. The company’s innovative strides—through new hires, industry alliances, and AI integrations—also reinforce its market position. Its financial stability remains a key asset, providing confidence in ongoing investments.
However, Gartner notes that Palo Alto’s licensing continues to be complex and expensive, a trend that persisted from previous reviews. The company’s product roadmap was previously criticized for lacking clear differentiation, especially with the RBI feature. Although the acquisition of Talon Cyber Security at the end of 2023 has enhanced RBI support, the overall coverage remains limited and less effective for a broad spectrum of use cases. Additionally, language support for the platform—interface, documentation, and support—remains predominantly in English, limiting accessibility for international customers.
Persistent Performance Issues at Zscaler
Zscaler, in 2024, was recognized for its rapid growth, surpassing market average, and its wide geographic coverage—including a presence in China. Its marketing messaging, emphasizing global reach and responsiveness, continues to resonate, keeping it in the leaders’ quadrant. Gartner also highlighted its recently simplified pricing structure, which aims to facilitate easier onboarding for new customers.
However, performance issues continue to cast a shadow. Last year, Zscaler was criticized for complex and escalating renewal prices, along with persistent feedback from clients about performance degradation. Gartner confirms these concerns persist into 2024, noting that the company remains one of the more expensive SSE vendors. The situation prompts continued vigilance regarding its diversification efforts into Security Operations (SecOps) and how these strategic directions may impact its SSE business.
Overall, Gartner’s latest review underscores that the SSE market is reaching a more mature, platform-driven state, where vendor differentiation increasingly hinges on specific use cases and strategic vision. Despite ongoing challenges, key players such as Netskope, Palo Alto Networks, and Zscaler remain at the forefront, each with their unique strengths and areas for improvement.
