Netskope, Zscaler, Palo Alto Networks Lead Gartner’s SSE Magic Quadrant For 2023
Gartner recognized 10 security service edge (SSE) vendors in the second edition of its Magic Quadrant ranking for the fast-growing cybersecurity category.
SSE Magic Quadrant
For the countless organizations looking to enable hybrid and distributed workforces in 2023, providing secure access to corporate applications, data and other resources remains a top priority. Capabilities that are now widely seen as essential include zero trust network access (ZTNA) as a more-secure alternative to VPNs; cloud access security broker (CASB) for protecting the use of cloud-based applications; and secure web gateway (SWG) for protecting web usage. Increasingly, these capabilities are coming as a single package, as part of a unified security service edge (SSE) platform.
At research firm Gartner, analysts coined the term SASE (secure access service edge) in 2019 to denote a platform that offers both the security and networking elements needed for enabling modern remote access to applications and data. Gartner analysts then introduced SSE as a category in 2021, on the idea that the security components involved in SASE deserve a category of their own that’s distinct from the networking elements such as SD-WAN.
Gartner’s inaugural SSE Magic Quadrant was released in 2022. This week, the research firm debuted the 2023 edition of the SSE Magic Quadrant vendor ranking. The new Gartner Magic Quadrant for SSE recognizes 10 cybersecurity vendors, with Netskope, Zscaler and Palo Alto Networks named “leaders” in SSE in the report. Other major vendors recognized by Gartner included Cloudflare, Cisco and Skyhigh Security (formerly the SSE business of McAfee Enterprise). The Gartner Magic Quadrant rankings are a highly influential and closely watched indicator of how key players compare in numerous segments of the tech industry.
Gartner defines the “core capabilities” of a cloud-based SSE platform as including SWG, CASB and ZTNA, ultimately providing a modern way to secure user and endpoint traffic across hybrid and distributed teams. SSE platforms are “primarily cloud-delivered,” according to the research firm. SSE offerings can include numerous other capabilities, as well — such as remote browser isolation, cloud security posture management, SaaS security posture management and advanced data protection functionality, Gartner said in its report.
There were just a few major changes in the 2023 SSE Magic Quadrant, as compared to last year’s ranking. Cybersecurity giant Palo Alto Networks had appeared in the “challengers” quadrant in Gartner’s 2022 SSE Magic Quadrant, suggesting that the company’s “completeness of vision” was not as robust as that of several of the leaders, and that its “ability to execute” ranked behind that of Zscaler, according to the 2022 ranking. But for the 2023 SSE Magic Quadrant, Palo Alto Networks moved into the coveted “leaders” quadrant after extending the capabilities for its Prisma Access platform in 2022, according to Gartner. Meanwhile, Cloudflare appeared in the SSE Magic Quadrant ranking for the first time as part of the 2023 report.
Gartner said it assessed the SSE vendors based on capabilities that were available as of Aug. 30, 2022.
What follows are key details on the 10 vendors who appeared in Gartner’s SSE Magic Quadrant for 2023.
Gartner ranked Netskope at No. 1 for both vision and execution in the 2023 SSE Magic Quadrant.
Originally best known for its CASB technology, Netskope has expanded to provide a full SSE offering, its Netskope Intelligent SSE platform. Along with CASB, key components include its SWG technology (known as Next-Gen SWG) and its ZTNA offering (Netskope Private Access). Recent enhancements cited by Gartner included the expansion of Netskope’s data loss prevention (DLP) capability to cover endpoints and the extension of its ZTNA offering to additional use cases. Other moves included two M&A deals in 2022 — the acquisition of Infiot, bringing SD-WAN technology into the platform, as well as the acquisition of WootCloud for improved IoT visibility.
Strengths: Netskope has “strong revenue and growth” compared to other SSE vendors, according to Gartner, and the company “appears frequently” on customer shortlists for the technology. Gartner also cited Netskope’s “advanced” capabilities on data security; a simplified SKU and packaging model; and a “strong” ZTNA offering, including capabilities around in-line DLP inspection.
Cautions: Gartner said that Netskope has a “complicated” administration console as a result of dividing it into two separate environments. Clients told Gartner that Netskope is often among the “most expensive” SSE options. The company’s SSE platform also doesn’t provide “advanced” capabilities in digital experience management (DEM).
Gartner ranked Zscaler at No. 2 for both vision and execution in the 2023 SSE Magic Quadrant.
Among the pioneers in the SWG space, Zscaler now offers comprehensive SSE capabilities available in several different offerings — all of which leverage the company’s Zero Trust Exchange technology for connecting users, apps and devices, using zero trust principles such as least-privileged access. Zscaler Private Access is the company’s standalone ZTNA offering, while Zscaler Internet Access is a full SSE platform. Zscaler for Users extends further by combining those two offerings with Zscaler Digital User Experience for detecting and fixing issues that are affecting apps, devices and networks. Recent enhancements cited by Gartner included Zscaler’s addition of IoT discovery capabilities (through the acquisition of Priatta Networks) and security workflow automation (through the acquisition of ShiftRight). On data security, Zscaler launched automated data classification as well as improved inspection for email and endpoint DLP.
Strengths: Zscaler has “strong revenue growth” from a sizable base, according to Gartner, and the company has excelled at crafting a marketing message that “appeals to many organizations” — which has helped land Zscaler on many customer shortlists for SSE. Gartner also cited Zscaler’s “extensive” network, “strong” partner ecosystem and integrations with tools in many related segments including endpoint detection and response (EDR), security information and event management (SIEM) and SD-WAN.
Cautions: Gartner said that Zscaler’s console does not have a “leading” user experience, and some capabilities have a “convoluted” configuration process. Clients told Gartner that pricing and “perceived sales arrogance” can be issues in working with Zscaler, in particular at renewal time for its products.
Leader: Palo Alto Networks
Gartner ranked Palo Alto Networks at third overall on execution in the 2023 SSE Magic Quadrant ranking, and at fourth overall for vision.
Palo Alto Networks’ SSE platform, Prisma Access, has sought to offer advantages that include ZTNA technology that goes beyond existing products that are “too trusting and can put customers at significant risk,” the company has said. Prisma Access enables what the company calls “ZTNA 2.0,” which “solves these problems by removing implicit trust to help ensure organizations are properly secured.”
After appearing in the “challengers” quadrant in the 2022 SSE Magic Quadrant, Palo Alto Networks has now moved into the “leaders” quadrant after extending the capabilities for Prisma Access, including through better integration with the vendor’s Prisma SD-WAN and enhancements to its ZTNA offering, according to Gartner.
Strengths: Palo Alto Networks is “strong” financially and has been heavily investing in development of its SSE platform, according to Gartner. The research firm also cited Palo Alto Networks’ “complete unified console” for SSE and “simplified” management, as well as strong capabilities around ZTNA and AI/ML, such as categorization of URL categories powered by deep learning and “advanced” DNS security.
Cautions: Gartner said that Palo Alto Networks’ console requires clients to choose between two methods of administration upfront, and “cannot change this after the fact.” Clients told Gartner that licensing for the vendor “remains complex and confusing,” and that the Prisma Access offering appeals “primarily” to existing customers of the vendor.
Visionary: Skyhigh Security
Gartner ranked Skyhigh Security third overall in the 2023 SSE Magic Quadrant for vision, and fifth overall on execution.
Skyhigh Security was formerly the SSE business of McAfee Enterprise, which had been ranked in the “leaders” quadrant in the 2022 SSE Magic Quadrant. In February, Skyhigh Security announced its first distinct partner program since the split of McAfee Enterprise last year, which is initially focused on reseller and distributor partners.
Strengths: Skyhigh Security offers a “robust and mature” set of SSE controls, according to Gartner. The company benefits from being tightly integrated with the security product suite from Trellix, which was the other business formed through the split of McAfee Enterprise. Skyhigh Security has “excellent” capabilities around data security, and other strengths include its SaaS security posture management (SSPM capabilities), Gartner said.
Cautions: Skyhigh Security suffers from some limitations in its service availability, especially when it comes to customers outside of North America and Europe, according to Gartner. The company’s presence in the market, as well as its channel program, is “weaker” compared to other top competitors, and Skyhigh has been shortlisted by Gartner clients less often than other competitors, the research firm said. The split of McAfee Enterprise has “disrupted” Skyhigh’s sales efforts, impacting its growth during the Magic Quadrant evaluation cycle, Gartner said.
Forcepoint ranked sixth overall in the SSE Magic Quadrant for vision, and seventh overall on execution.
Forcepoint is aiming to stand out in SSE with what it’s calling its “data-first” platform, which promises to provide “better control over how people get to business applications and use sensitive data.”
Strengths: Forcepoint offers data security controls that are “strong” and “customizable,” according to Gartner. The company enjoys a “good presence” in terms of deployment worldwide, the research firm said.
Cautions: Not all Forcepoint capabilities have been integrated into its SSE platform, according to Gartner, and functionality such as endpoint DLP requires a separate agent. The company’s SmartEdge agent is also only made available on Windows and macOS, Gartner noted.
Lookout was tied for fourth overall on vision in the 2023 SSE Magic Quadrant, and ranked ninth overall for execution.
Strengths: Lookout offers data security capabilities that is “strong” and includes several “advanced” features, according to Gartner. The vendor benefits from “good reseller channels,” the research firm noted.
Cautions: Lookout’s SSE platform has smaller market share and lower visibility than “most” of the other SSE vendors in the Magic Quadrant, according to Gartner. The platform appears “less frequently” on customer shortlists, according to the research firm.
Gartner ranked Cisco at No. 4 for execution, but at No. 10 for vision in the 2023 SSE Magic Quadrant.
Cisco debuted its single-vendor SASE platform, Cisco Plus Secure Connect, in 2022. The platform integrates elements of its SSE offering with Meraki SD-WAN — and as of February, it’s now available with support for the Cisco SD-WAN (Viptela) solution, as well.
Strengths: A highlight of Cisco’s SSE offering was the replacement of its Duo Beyond clientless ZTNA with the new agentless ZTNA, Gartner said. Cisco is also “strongly represented” in the market, according to the research firm, and its ThousandEyes DEM offering is “fully featured” (though it’s separate from the SSE platform, Gartner noted).
Cautions: During the Magic Quadrant evaluation cycle, Cisco did make improvements to the integration of its SSE platform, but its offering continues to depend on a number of discrete products that are “only partially integrated,” Gartner said. Additionally, Cisco’s private access offering does not provide ZTNA, given that it’s built around a VPN-as-a-service offering (AnyConnect), according to the research firm.
Niche Player: iboss
Overall in the 2023 SSE Magic Quadrant, Gartner ranked iboss at No. 8 for execution and No. 7 for vision.
Recent enhancements to the iboss SSE platform include new DLP functionality and integrations with CrowdStrike and SentinelOne.
Strengths: iboss promises a “strong” availability SLA (seven-nines) along with a latency SLA of just 100 milliseconds. Standard features at all levels include ZTNA and firewall-as-a-service, despite being considered among the “lower-priced” SSE offerings, according to Gartner.
Cautions: iboss “lacks focus” on support for SaaS, according to Gartner. The vendor also doesn’t offer SSPM, while also having “few” SaaS apps that are integrated with its CASB product, the research firm said.
Niche Player: Broadcom
Overall in the 2023 SSE Magic Quadrant, Gartner ranked Broadcom at No. 8 for vision and No. 6 for execution.
Broadcom’s SSE platform consists of products from its Symantec acquisition in 2019 — Symantec Network Protection and Symantec DLP Cloud. Recent enhancements included debuting its own firewall-as-a-service and developing an agent to cover all SSE services as well as enterprise DLP, according to Gartner.
Strengths: Broadcom is financially stable and “well-funded,” Gartner said. The company’s data security capabilities covers a “wide range” of areas, the research firm noted.
Cautions: Broadcom is predominantly focused on the “largest companies” and has limited appeal to smaller companies, Gartner said. The vendor’s cloud-based SSE platform is shortlisted less often than competitors in the security service edge market, according to Gartner.
Niche Player: Cloudflare
Cloudflare, which appeared on the SSE Magic Quadrant for the first time in the 2023 report, was ranked at No. 9 for vision and at No. 10 for execution.
Cloudflare has been increasingly focused on offering capabilities for enabling zero trust security, leveraging its global network. The company’s SASE platform, Cloudflare One, has seen numerous updates over the past year. Cloudflare was added to the SSE Magic Quadrant following the acquisition of CASB startup Vectrix last year, Gartner said. Other enhancements have included the acquisition of email security vendor Area 1 security and the launch of clientless web isolation, Gartner noted.
Strengths: Cloudflare’s “strong” presence globally and customer set across numerous verticals and geographies is a major asset for the company’s security growth push, Gartner said. The company also provides a “simple” pricing tier, and has the most cloud points of presence in the market, according to the research firm. Other strengths include network functionality, via its Magic WAN network-as-a-service offering and SD-WAN integrations, as well as a 100-percent SLA for uptime.
Cautions: Currently, Cloudflare lacks a “significant” base of deployments apart from small business and proof of concept implementations, according to Gartner, and the research firm said it “rarely” sees Cloudflare shortlisted by customers for SSE. The vendor’s data security capabilities are also “nascent” and the majority of use cases for enterprise data security are not yet supported, Gartner said.
Gartner gave “honorable mentions” to five SSE vendors that were not included in the Magic Quadrant. Those vendors were Akamai, Cato Networks, Fortinet, Microsoft and Trend Micro.
The research firm said it excluded the vendors on account of not meeting certain requirements such as around capabilities, scale or coverage.