Review and Summary of Gartner’s 2024 SASE Magic Quadrant

If you’d like to compare the 2024 report with 2023, you can find my review of the 2023 Magic Quadrant here.

Gartner Predictions for Single-Vendor SASE

Gartner always includes a few predictions at the start of their reports. This data comes from the various methods of research they do. Here is this year’s SASE prediction:

• By 2027, 65% of new software-defined wide-area network (SD-WAN) purchases will be part of a single-vendor SASE offering, an increase from 20% in 2024.

We are seeing this hold true more and more. The conversations I have with companies looking for new SD-WAN platforms almost always morph into a conversation about SASE. They might end up deploying full SASE instead of just SD-WAN, or they start planning for a holistic SASE solution in the near future. Either way, SD-WAN is increasingly becoming a feature of SASE instead of a point product on its own.

How Gartner Defines Single-Vendor SASE

Gartner defines single-vendor SASE as a solution provided by one vendor who offers multiple SASE features in a cloud-centric architecture. The solution should support branch offices, remote workers, on-premises general security, private application access, and cloud service consumption use cases.

To be included in this report, the platform must include:

• Secure web access via proxy (usually SWG (secure web gateway))
• In-line SaaS visibility and access controls (usually CASB (cloud access security broker))
• Identity-, context-, and policy-based secure remote access to private applications (usually ZTNA (zero trust network access))
• A branch appliance that supports dynamic traffic steering out of multiple WAN interfaces with application-based steering
• Firewalling
• Centralized management that covers all of the above features
• The ability for customers to define sensitive data inspection policies and apply them via in-line network data inspection.
• An endpoint software agent for connecting users to the SASE offering.
• The ability for customers to manage the full offering themselves.
• Single-pass scanning for malware/sensitive data
• Support for SSO integration with 3rd party vendors
• POP infrastructure in at least 15 geographic cities, including at least 3 cities each on two separate continents. The POPs must be in highly secure facilities and offer firewall, web proxy, private access, and in-line SaaS control.

Keep in mind that Gartner gathered all information for this report by March 1, 2024, so things may have changed since then for certain providers!

SASE Challengers

Versa Networks

• Versa’s primary offering is Versa Secure Access Fabric (VSAF), which is a unified SASE platform.
• Their customers tend to be enterprises and large enterprises in Asia, North America, and Europe.
• Future investments will focus on improved security policy automation and extending SASE to the LAN, cloud, and data center.
• They have strong SD-WAN and security features with a single management console.
• Versa offers a strong price-per-feature value for customers.

Cautions: Their planned product enhancements lag competitors, their technical product documentation is lacking, and their marketing lags competitors which can make it difficult to attract new customers.

Fortinet

• Fortinet’s primary offering is FortiSASE integrated with FortiGate appliances.
• Customers tend to be all sizes and they operate on a global basis.
• Future investments will be in using AI to improve operations and bringing additional Fortinet products into the SASE offering.
• Fortinet has strong SD-WAN and firewall functionality.
• They provide excellent value in terms of features vs. cost.

Cautions: Fortinet’s POP selection is confusing for clients, their customer experience lags their competition, and their planned innovations are unlikely to disrupt the market.

After the 2023 Magic Quadrant came out, I met with the Fortinet team at their HQ in San Jose, CA they addressed a few of last year’s cautions. At the time, they had increased their POP footprint from 19 POPs to 120 POPs globally, and expected to be in the Leaders Quadrant this year. That said, Gartner stated that these POPs are a mix of Fortinet-owned and Google-based), and by default, customers only have access to four POPs unless they request to add more. From my perspective, this is still a limitation when compared to the competition, especially for traveling or remote employees.

SASE Leaders

Palo Alto Networks

• Palo Alto’s primary offering is Prisma SASE, a unified SASE platform.
• They operate on a global basis and their clients tend to be enterprises or large enterprises.
• Future investments will focus on browser security and security policy automation.
• Palo Alto has strong security and networking features, a proven track record in this space, and strong financial viability.

Cautions: Palo Alto’s offering is expensive compared to other vendors, there is limited support for non-English UIs and technical support, and their new Strata Cloud Manager is less intuitive than the previous user interface.

Cato

• Cato offers a unified cloud-based SASE platform with a simple and intuitive customer portal.
• Can service customers of all sizes, but are primarily focused on midsize enterprises in North America, Europe, and Asia.
• Expected to make future investments in simplifying security management, leveraging AI, and enhancing on-premises security.
• Cato delivers an above-average customer experience.

Cautions: Cato’s pricing model can be complex as it’s dependent on site bandwidth, their geographic strategy lags compared to the competition, and some security capabilities (SaaS control and visibility, and on-premises firewalling) are limited.

NetSkope

• Netskope’s primary offering is Netskope cloud security paired with Borderless SD-WAN appliances.
• Netskope’s operations are global (with a strong geographic strategy compared to others) and their customers tend to be enterprises or large enterprises.
• Future investments will be focusing on edge computing use cases.
• Gartner customers report a strong customer expereince.

Cautions: Administrators must use multiple consoles to manage the whole platform, they were late to the market with a GA product, and there is limited financial information about them which creates uncertainty over long-term viability.

SASE Visionaries

Cisco

• Cisco’s primary SASE offering is Cisco Secure Connect which includes the Meraki dashboard (said to be very straightforward and intuitive) to manage security and SD-WAN appliances. ThousandEyes can be added.
• Secure Connect is global and the customers tend to be midmarket and enterprises.
• Future investments will likely be extending SASE functionality to campus and branch network infrastructure, and leveraging AI.

Cautions: Cisco Secure Connect has product limitations when compared to others. This includes the ability to secure private applications and SaaS, and enable adaptive access. Also, their POP footprint lags most of their competitors.

SASE Niche Players

Cloudflare

• Cloudflare’s primary offering is Cloudflare One, a unified SASE platform with an intuitive user interface.
• Customers tend to be all sizes and global, but they have a concentration in the SMB and midsize enterprise space.
• Future investments will focus on enhancing automation of data security and extending SASE functionality into public cloud.
• Cloudflare has the most geographically-dispersed POPs out of anyone here.

Cautions: Cloudflare’s local SD-WAN and firewall capabilities are very limited compared to others, they were later to the market with their branch appliance, and their enterprise SASE pricing is much higher than other vendors.

HPE

• HPE’s primary offering is the HPE Aruba Networking Unified SASE, which includes HPE Aruba SSE integrated with EdgeConnect SD-WAN appliances.
• HPE operates globally and their SASE customers tend to be all sizes.
• Future investments will be in filling out their portfolio, simplifying product operations, and extending SASE further into branch network infrastructure.
• HPE has strong SD-WAN and ZTNA capabilities.
• They deliver good customer experience compared to their competition.

Cautions: Security functionality (SaaS visibility/control, data security, threat protection, and web proxy) lag most other vendors and their POPs are geographically limited compared to others.

Forcepoint

• Primary offering is Forcepoint ONE security integrated with FlexEdge Secure SD-WAN.
• Their customers tend to be enterprises and large enterprises in Asia, North America, South America, and Europe.
• Future investments will focus on data security and improving its agent.
• Very strong security capabilities that can be deployed on-premises or in the cloud.

Cautions: Their customer experience is lower than other vendors and their sales and marketing strategies lag their competitors, which could limit their ability to grow in this market.

Honorable Mentions

Along with the four main quadrants, we also have a list of honorable mentions that were close to making it into a quadrant but missed the mark in some way (as of March 1, 2024). Here’s what Gartner had to say about why they didn’t make the cut:

• Aryaka: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Barracuda: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Broadcom (VMware): Has relevant technology and is investing, but they are undergoing a product transition to leverage Symantec for security, which currently has a requirement for two or more management consoles.
• Check Point: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Ericsson (Cradlepoint): Has relevant technology and is investing, but did not meet customer adoption criteria.
• iBoss: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Juniper: Has relevant technology, but did not meet product inclusion criteria.
• SonicWall: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Sophos: Has relevant technology and is investing, but did not meet product inclusion criteria.
• Zscaler: Has relevant technology and is investing, but did not meet product inclusion criteria.

As you can see, most of them fell short on the product inclusion criteria (the list is at the top of this article).

Inclusion Criteria

The product and feature inclusion criteria is further up on this post. In addition to those feature requirements, the vendors must:

• Overall Adoption: Have at least 250 unique enterprise customers that have deployed the vendor’s primary SASE offering
• Recent Adoption: Have at least 75 new unique enterprise customers after March 1, 2023.
• Large Enterprise Adoption: Have at least 75 large unique enterprise customers.
• Address at least two use cases for single-vendor SASE.
• Have at least 25 unique SASE customers headquartered in two continents (e.g., 25 customers headquartered in Asia and a separate 25 customers headquartered in North America.

“Enterprises” must have at least $50 million in annual revenues or 100-1,000 employees.

“Large Enterprises” must have at least $1 billion in annual revenues and/or over 1,000 employess.

My Thoughts This Year

It seems as though more and more vendors are converging their solutions into a single-vendor SASE approach. Because of this, I’m glad to see Cato in the Leaders Quadrant this year as they were really the first vendor to go to market with this type of solution before SASE was even conceptualized as a term. Can we believe there was a time without SASE?!

I’m honestly surprised to see Netskope in the Leaders Quadrant beside Cato and Palo Alto. I have nothing against them, I just haven’t worked with them or managed service providers that offer Netskope very much, but maybe as more and more MSPs adopt them as a SASE offering, that’ll change.

It’s exciting to see all of these products innovate and change over the years and I’m excited to see what comes the rest of this year and into 2025. From the looks of it, it sounds like we’re getting more robust security and even ventures into leveraging AI in SASE!