10 SASE Companies Making Moves: Q1 2023

Competition in the secure access service edge (SASE) market heated up at the start of the year, with major product launches, acquisitions and executive poachings.

SASE Surge

Even as the economy experienced further wobbles to start off the year, the activity among cybersecurity companies showed few signs of a slowdown — particularly for those who are considered top vendors in the SASE market, such as Check Point, Cisco, Palo Alto Networks and Zscaler. SASE, or secure access service edge, has continued its surge amid the critical need for many businesses to provide their distributed workforce with secure access to corporate applications and resources.

[Related: Palo Alto Networks CEO Nikesh Arora On SASE, AI And Why Partners Are ‘More Important’ Than Ever]

Total revenue in the SASE market jumped 34 percent in 2022 to reach $6 billion, according to figures from Dell’Oro Group. It marked the third year in a row when year-over-year growth in SASE revenue surpassed 30 percent, the firm reported. With the arrival of hybrid workforces and an increasing reliance on cloud-based SaaS applications, SASE aims to be a more-secure and more-manageable access solution for today’s businesses. In part, this can enable replacement of VPNs with remote access systems that are based on zero trust principles, which are harder for attackers to exploit.

Gartner — whose analysts coined the term SASE in 2019 — points to five key capabilities that should be a part of any SASE deployment: SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), next-gen firewall (NGFW) and zero trust network access (ZTNA). Together, those capabilities enable “zero trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies,” and can provide this secure access whether workers are in the office or working remotely, according to Gartner.

While not all SASE vendors have been left unscathed by the economic environment — Zscaler disclosed a 3-percent layoff round early this month, for instance — other SASE providers including Cloudflare and Palo Alto Networks have noted that they haven’t seen a need to shed staff so far. Anecdotally, SASE providers would seem to be among the best examples in the tech industry of companies that are proving resilient through this downturn, thanks to a product set that is still getting customers to open their wallets.

In terms of major moves by SASE companies during the first quarter of 2023, a number of vendors introduced new product capabilities for their SASE platforms, while one vendor announced a big acquisition to expand its offering in the space. And notably, two vendors poached channel executives from rival SASE providers, to serve as their new channel chiefs, during the initial months of the year.

What follows are details on some of the big moves by 10 top SASE companies in Q1 of 2023.

Aryaka

Originally known as an SD-WAN specialist, Aryaka has expanded in recent years to become a provider of a full SASE platform, including through its 2021 acquisition of Secucloud. Aryaka says it was the first vendor to offer a true zero trust wide-area network leveraging a “unified SASE architecture.”

On Wednesday, Aryaka made its next big move by unveiling a SASE offering targeted at small and medium-sized enterprises. The managed offering aims to provide SASE and SD-WAN that ensures both security and performance while also being affordable for smaller enterprises, the company said.

The SASE and SD-WAN offerings for small and medium-sized enterprises also represent a strong revenue opportunity for channel partners, particularly those that are looking to expand into new industry verticals or markets, Aryaka said in a news release.

Cato Networks

The Cato SASE Cloud brings together Cato SD-WAN with Cato SSE 360, the company’s cloud-native security service edge offering. In 2022, Cato Networks’ annual recurring revenue surpassed $100 million, the company disclosed.

In January, the company announced that channel veteran Frank Rauch (pictured) — formerly of the channel chief at companies including Check Point and VMware — has joined Cato as its global channel chief. Cato Networks does 100 percent of its business through the channel and is well-known to partners, especially those that are making the connection between security and SD-WAN, Rauch told CRN.

Check Point

Check Point Software Technologies added a key piece to its SASE platform with the debut of its in-house SD-WAN offering in February. The SD-WAN “software blade” in the Check Point Quantum Gateways platform will enable both strong security as well as optimal performance for internet and network connections, according to the company.

Taking the time to develop its own SD-WAN in-house will ultimately pay off, thanks to the tight integration that Check Point is able to offer with the network gateway, Check Point co-founder and CEO Gil Shwed told CRN. “We worked on that for a long time,” Shwed said. “We really needed to make sure that the security and the [SD-WAN] actually work together very, very closely. We use the same engine to classify the traffic. We use all the same management to build that together. This is a really, really tight integration within the same gateway.”

Meanwhile, Check Point also announced in Q1 that it has brought aboard a new executive to lead its product strategy going forward. The company announced Feb. 28 that it has hired Nataly Kremer (pictured), a longtime R&D leader at AT&T, as its new chief product officer and head of R&D. Kremer had spent the prior 12 years with AT&T, where she headed the company’s software and delivery group and served as general manager of its Israel R&D center. Longtime Check Point Chief Product Officer Dorit Dor has moved into the role of chief technology officer.

Cisco

During Q1, Cisco announced an extension of support on its SASE platform to additional parts of its portfolio. Cisco’s single-vendor SASE platform, Cisco Plus Secure Connect, had already been available with support for Meraki SD-WAN — but in February the company announced it’s now available with support for the Cisco SD-WAN (Viptela) solution.

“I think our partners will really appreciate understand [that] we’ve integrated web security controls into our Cisco Meraki solution,” said Tom Gillis (pictured), senior vice president and general manager of the Cisco Security Business Group. “That’s something our partners have enjoyed huge success with — taking that very deeply in our market. And so it’s super easy to add URL filtering, anti-malware capability, all from that Meraki dashboard, where it’s just easy to deploy this stuff, easy to consume … If you’re a Meraki customer, it’s just in your Meraki dashboard. If you’re a Viptela customer, you’ll get the same capability that’s cross-launched into your Viptela dashboard.”

Cloudflare

In January, Cloudflare added another key piece to its its SASE platform, Cloudflare One, with the introduction of its Magic WAN Connector. The software-defined solution can be utilized for securely connecting businesses to the web, the company said. With the addition of Magic WAN Connector, “Cloudflare One is now a true integrated SASE security and networking solution,” the company said in a news release.

The rollout follows the company’s announcement, last June, of the Cloudflare One Partner Program, which aims to enable channel partners such as resellers and system integrators to more effectively deliver Cloudflare’s SASE platform to customers. During Cloudflare’s recent quarterly earnings call, co-founder and CEO Matthew Prince noted that “channel remains a big opportunity for us.”

“I think that we’re seeing both the traditional resellers as well as some of the [global system integrators] that are increasingly adopting Cloudflare,” Prince said, pointing to the company’s zero trust-focused portfolio as “the big opportunity here.”

“Those are very much products that oftentimes we are winning [customers] in cooperation with the channel partner. And those initial wins help unlock future wins going forward,” he said.

Fortinet

Fortinet says that its SASE platform, FortiSASE, stands out as the “most integrated single-vendor SASE solution on the market.” In March, Fortinet unveiled a number of updates meant to better enable distributed work, including upgrades to the integration with FortiGate Secure Edge. The enhancements “give teams even more granular control and flexibility to choose when to perform security on-premises or in the cloud to optimize user experience,” which should prove especially useful for providing consistent security to a hybrid workforce, the company said in a news release.

Other updates to FortiSASE include enhancements to secure internet access performance, expanded connectivity for the Secure SD-WAN hub (for secure private access) and cloud access security broker (CASB) improvements for SaaS secure access, which “expand application coverage and provide deeper control of SaaS application behavior and the ability to restrict tenants’ access control,” Fortinet said.

Hewlett Packard Enterprise

One of the biggest SASE moves of Q1 was the announcement by Hewlett Packard Enterprise that it’s reached an agreement to acquire Axis Security. Combining the Axis offering in security service edge (SSE) with the HPE Aruba networking platform — including SD-WAN from the acquisition of Silver Peak — will ultimately give HPE “the most comprehensive” offering in SASE, HPE CEO Antonio Neri (pictured) told CRN.

“All of this will be fully integrated into our HPE GreenLake platform, which will be offered as a subscription service,” Neri said. “Therefore, our partners will be able to sell all these solutions to drive a SASE model with recurring revenue, while also selling the underlying connectivity that comes with it.”

The Axis Security acquisition is expected to close in HPE’s second fiscal quarter, ending April 30. Terms of the deal were not disclosed.

Palo Alto Networks

In a recent interview with CRN, and in the company’s recent quarterly earnings call, CEO Nikesh Arora (pictured) touted SASE as one of the cybersecurity giant’s biggest growth areas of the moment. The company closed its first $40 million SASE deal during its fiscal second quarter, and over the past six quarters, Palo Alto Networks has generated about $1 billion in bookings from its Prisma SASE business, Arora said during the quarterly call. The vendor disclosed it now has 4,000 SASE customers and saw its annual recurring revenue for SASE grow by 50 percent during its latest quarter.

In mid-March, Palo Alto Networks also announced a forthcoming set of new features for Prisma SASE, focused around AI and automation. The capabilities include AIOps that is natively integrated in order to bring greater automation to IT operations. The addition of AIOps — which uses AI-driven detection as well as predictive analytics — offers benefits such as proactive remediation of issues that could cause a service outage.

Other updates include several enhancements to SD-WAN, including improved visibility through the Prisma SD-WAN Command Center; integrated IoT security; and an on-premises controller for Prisma SD-WAN.

Meanwhile, in January, Palo Alto Networks announced more details about changes to its NextWave channel program — with many of the updates aimed at bolstering emerging partner opportunities in areas such as SASE.

Skyhigh Security

Skyhigh Security — formerly the security service edge (SSE) business of McAfee Enterprise — aims to simplify SASE for customers by converging its SSE offering with a number of tightly integrated SD-WAN platforms. Supported SD-WAN platforms include Cisco Viptela, Fortinet FortiGate and VMware VeloCloud.

In February, Skyhigh Security announced its first distinct partner program since the split of McAfee Enterprise last year, which is initially focused on reseller and distributor partners. The Skyhigh Security Altitude Partner Program includes generous backend rebates, deal registration, a new partner portal and a commitment that 100 percent of business will transact through the channel, according to Scott Goree, vice president of worldwide channels at Skyhigh Security.

Skyhigh’s Altitude program includes three tiers — registered, essential and advanced. The program offers a revamped training platform, available through the portal, for sales and technical training that partners can take free of charge to move up to a higher tier, Goree said. In terms of financial benefits, the new program offers double-digit backend rebates for advanced-tier partners and “slightly less” for essential-tier partners, according to Goree.

Zscaler

Like Skyhigh Security, Zscaler also enables the delivery of SASE to customers through tight integrations with leading SD-WAN providers. Those include VMware, HPE, Cisco, Fortinet and Palo Alto Networks.

On Feb. 1, the company announced the launch of Zscaler Resilience, which it called “the industry’s first cloud resilience for SSE.” The offering provides new capabilities that aim to keep interconnections to apps intact even in the event of a major security incident. Zscaler Resilience includes disaster recovery capabilities that allow customer operations to directly connect to Zscaler’s Private Service Edge in the event of a serious incident, allowing updated security policies to continue to be followed.

Meanwhile, Zscaler in March disclosed it had poached Palo Alto Networks channel veteran Karl Soderlund (pictured) as its new top channel executive. Soderlund, who was named senior vice president of global partners and alliances at Zscaler, told CRN that he was motivated to make the switch in part because “Zscaler is in build mode right now.” In mid-February, Zscaler announced an agreement to acquire Canonic Security, a startup focused on protecting against attacks that target software-as-a-service.