Zscaler, Netskope, McAfee Top Gartner’s First SSE Magic Quadrant

From Zscaler and McAfee Enterprise to Cisco and Palo Alto Networks, CRN breaks down Gartner’s new 2022 Magic Quadrant for Security Service Edge.

Gartner’s First-Ever Security Service Edge Magic Quadrant

The security service edge (SSE) market is red-hot as businesses with hybrid workforces are clamoring for consistent security solutions from the cloud.

Leading the global security service edge market are cybersecurity all-stars Zscaler, Netskope and McAfee Enterprise, as well as technology giants like Cisco and Palo Alto Networks, according to Gartner’s first-ever 2022 Magic Quadrant for Security Service Edge (McAfee Enterprise was renamed SkyHigh Security earlier this week after the Gartner report was published).

Total market revenue for SSE was approximately $2.5 billion in 2020, with the market growing at upwards of 21 percent year over year. The biggest market trends that are driving adoption of security service edge solutions include the hybrid workforce model, SD-WAN transformation and a significant increase in cloud adoption.

By 2025, 70 percent of organizations that implement agent-based zero trust network access will choose an SSE provider rather than a stand-along offering, up from 20 percent in 2021, according to IT research firm Gartner.

Another Gartner market prediction is that by 2025, 80 percent of organizations seeking to buy SSE-related services will purchase a consolidated SSE solution, compared to a stand-along cloud access security broker, secure web gateways and zero trust network access offerings, up from only 15 percent in 2021.

Security service edge technology secures access to the web, cloud services and private applications.

Key cybersecurity SSE capabilities include access control, data security, security monitoring, threat protection and acceptable-use control enforced by network-based and API-based integration. Gartner said SSE is primarily delivered as a cloud-based service, and may include on-premises or agent-based components.

Gartner’s SSE Magic Quadrant ranks vendors on their ability to execute and completeness of vision and places them in four categories: Niche Players (low on vision and execution), Visionaries (good vision but low execution), Challengers (good execution but low vision) and Leaders (excelling in both vision and execution).

CRN breaks down the 10 vendors in Gartner’s 2022 Magic Quadrant for Security Service Edge that are leading the world in SSE.

Leader: Zscaler

Zscaler took home the No. 1 spot for execution on Gartner’s Magic Quadrant for Security Service Edge. The company also ranks fourth for vision on the quadrant.

The San Jose, Calif.-based company offers Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA) and Zscaler Digital Experience (ZDX) services. It also offers CSPM and Zscaler Cloud Protection, which includes identity-based segmentation of workloads. Last year, the company acquired cloud infrastructure entitlement management vendor Trustdome, and deception technology standout Smokescreen.

Strength: Zscaler has a track record of innovation and continues to invest before its competitors to provide interesting innovation. The company has a strong marketing message that boosts its mind share in the market.

Weakness: Zscaler’s clients frequently identify its pricing as their top complaint, particularly at renewal time, Gartner said.

Leader: McAfee Enterprise

McAfee Enterprise took home the gold for vision on Gartner’s Magic Quadrant for Security Service Edge. The company also ranks fifth in execution on the quadrant.

The San Jose, Calif.-based company offers the MVISION Unified Cloud Edge (UCE) service. It also offers other security products, such as XDR and endpoint security offerings. In October, McAfee Enterprise owner Symphony Technology Group acquired FireEye and merged the two companies.

Strength: McAfee Enterprise has one of the simplest and most competitive pricing models in the market, Gartner said. The company has acquired and integrated remote browser isolation (RBI) technology to improve the efficacy of its SSE.

Weakness: McAfee Enterprise has a large installed base, but Gartner estimates that its growth in SSE seats and new customers is slower than that of Zscaler and Netskope.

Leader: Netskope

Netskope ranks third in both execution and vision on Gartner’s Magic Quadrant. The Santa Clara, Calif.-based company offers its Next Gen Secure Web Gateway, CASB and Netskope Private Access.

Last year, the company acquired Randed for remote browser isolation and integrated it into its SSE offerings, releasing a new firewall as-a-service (FWaaS) offering. Netspoke also acquired SaaS API integrator Kloudless in order to offer SaaS security posture management functionality.

Strength: Netskope offers advanced data security capabilities, including machine learning. Netskope is one of the best-funded private companies with an estimated $1 billion in private funding.

Weakness: Netskope’s cloud firewall does not support Layer 7 firewall controls outside of HTTP and HTTPS applications. The company has a “cautious approach” to releasing new features for its platform, Gartner said.

Challenger: Palo Alto Networks

Longtime security giant Palo Alto Networks offers Prisma Access and SaaS Security services for SSE, while also providing a wide range of other network and cloud security products.

The Santa Clara, Calif.-based company ranks second in execution on Gartner’s Magic Quadrant for Security Service Edge, and amongst the bottom half of the pack for vision. Last year, Palo Alto Networks launched Prisma Access 2.0, which includes updated cloud management and monitoring capabilities, as well as CloudBlades to support API integration with third-party technologies.

Strength: Palo Alto Networks has a massive security portfolio. It successfully positions Prisma Access as a viable alternative to other SSE offerings, with hybrid benefits for customers.

Weakness: Client feedback from Gartner indicates that it is expensive and confusing to achieve full SSE functionality with Palo Alto Networks.

Challenger: Cisco

The worldwide networking kingpin SSE offers are part of Cisco’s Cloud Security line, including Cisco Umbrella, Cloudlock and Duo Beyond. Cisco owns a massive portfolio of security, networking and infrastructure products.

The San Jose, Calif.-based networking giant ranks fourth for execution on Gartner’s Magic Quadrant and near the bottom for vision. Cisco recently added in-line data loss prevention and an identity proofing service to its Umbrella Cloud Security Service.

Strength: Cisco has a large market share in the SSE market, primarily for its Umbrella product line and continues to invest significantly in its products. Customers like Cisco’s affordability and ease of use of its entry-level SSE offerings.

Weakness: Cisco provides limited security options for unmanaged device access to SaaS applications outside a corporate network. It also offers only basic data security controls, applied through separate policies for in-line data and data at rest.

Visionary: Bitglass (Forcepoint)

Bitglass was acquired by Forcepoint, who also ranks on Gartner’s SSE Magic Quadrant, in October.

Bitglass offers its Secure Web Gateway, Cloud Access Security Broker, and Zero Trust Network Access solutions. The company recently announced cloud-managed SmartEdge Secure Web Gateway (SWG) virtual appliances for branch offices, which provide SWG services to all devices at a branch. Bitglass, now part of Forcepoint, ranks fifth for vision on Gartner’s Magic Quadrant and amongst bottom half of the pack for execution.

Strength: Bitglass offers a strong set of data security controls. Customers enjoy the company’s support responsiveness, powerful features for data security and Field Programmable SASE Logic feature for power users.

Weakness: Bitglass is one of the smallest companies in this market. It does not have the same levels of market share and client visibility as leading SSE vendors.

Visionary: Lookout

Lookout won second place in terms of vision on Gartner’s Magic Quadrant and near the bottom of the pack for execution. The San Francisco-based company provides cloud access security broker (CASB), secure web gateway and zero trust network access services, as well as mobile endpoint security products.

Lookout acquired CipherCloud last year to expand its Mobile Endpoint Security product offerings into the SSE market. It recently integrated CipherCloud’s SSE technology into its product and rebranded it as Lookout’s first generally available integrated SSE offering.

Strength: Lookout has strong data security capabilities including watermarking, encryption, tokenization and the ability to automatically apply data classification labels to content.

Weakness: Lookout has few SD-WAN partnerships, and focuses on threat defense for mobile operating systems rather than nonmobile devices. The company also lacks a firewall as-a-service offering.

Niche Player: Broadcom

Broadcom’s SSE offering includes Symantec Web Security Service, a cloud access security broker solution CloudSOC, and Symantec Secure Access Cloud for zero trust network access.

Broadcom still has a strong presence in the market with its appliance-based secure web gateway (SWG) business. Last year, the San Jose, Calif.-based company launched its Symantec CloudSOC Mirror Gateway, which uses remote browser isolation to secure unmanaged device access to SaaS and private applications.

Strength: Overall, Broadcom is a well-funded, large public company with a massive portfolio of semiconductor and software products. For SSE, Broadcom has simplified its pricing by selling only cloud-based SSE licenses.

Weakness: Broadcom’s sales strategy focuses on the largest companies worldwide, which limits its appeal to smaller companies. Organizations outside this category find it difficult to purchase or receive support from Broadcom.

Niche Player: iboss

Boston-based iboss offers its Secure Access Service Edge (SASE) cloud platform.

Iboss has hired a slew of new executive leaders from other vendors in the SSE market to bolster its marketing and sales channels as well as product. In August, iboss released a new RBI capability and eliminated its dependency on Microsoft Cloud App Security for advanced cloud access security broker functionality in order to launch its first integrated SSE offering.

Strength: All iboss customers receive zero-trust network access (ZTNA) licenses, with no separate license is required. The new RBI and data security capabilities are applied across web, cloud services and private applications.

Weakness: The company’s SSE offering integrates with few SaaS applications via API. Iboss has fewer strategic Tier 1 sales partners and managed security service provider partners to sell its solutions compared to other vendors.

Niche Player: Versa

Versa released its SSE functionality on the Versa Operating System (VOS) in late 2020, enabling its Versa SASE security services to be part of an overall SASE framework.

The San Jose, Calif.-based company also offers WAN edge infrastructure products. Versa built its SSE on its VOS, which enables it to build a tightly integrated set of SSE features that can be used as part of its cloud service or within its range of hardware offerings.

Strength: Versa has a strong set of data security controls that can be applied both in-line and for data at rest in SaaS applications.

Weakness: Versa SASE’s UI is complicated in terms of building security policies and troubleshooting. The company has limited market visibility and market share as a security vendor.

Niche Player: Forcepoint

Forcepoint was acquired by private equity firm Francisco Partners last year and has been buying companies at a fast pace. In May, Forcepoint acquired Deep Secure for its Content, Disarm & Reconstruction (CDR) technology, as well as SSE vendor Bitglass in October.

The core of Forcepoint’s SSE service comprises its Cloud Security Gateway, Cloud Access Security Broker and Private Access products. Additionally, the Austin, Texas-based company provides firewalls and other security products.

Strength: Backed now by Francisco Partners, Forcepoint is investing heavily in SSE innovation. The company’s new Neo agent can automatically optimize functionality for the endpoint between direct connect and proxy connect modes.

Weakness: Forcepoint’s SSE lacks strong integration between components at the management and reporting layers. As a result, multiple consoles are required to access different aspects of the service.