The Gartner® Magic Quadrant™ for SSE
Security Service Edge (SSE) definition
Gartner® defined the concept of SASE in 2019. The maturity of the market now allows them to publish a version of the Magic Quadrant™ concerning the security part of SASE: the SSE. The Security Service Edge aims to secure access to the web, cloud services and private applications. This includes access control, data security, threat protection and security event management. In other words, the CASB, SWG, FWaaS, ZTNA and DLP building blocks.
The SSE is mainly delivered as a cloud service and can include on-premises or agent-based components.
Magic Quadrant™ 2022 for Security Service Edge
This is the first edition of this Gartner® quadrant, and it will probably be updated next year with new players.
We've included a few excerpts that we think are technically interesting to note about Nomios' partners in this SSE quadrant.
Security solutions are, as always, relative to your business context, we encourage you to contact us to define the best solution for your company.
Leaders in the SSE Magic Quadrant™
McAfee Enterprise's SSE offering is the MVISION Unified Cloud Edge service. IT also offers other security products, such as XDR and endpoint security.
McAfee Enterprise offers a complete and tightly integrated suite of SSE services, which includes integrated RBI and advanced data security capabilities across SWG, CASB and ZTNA offerings.
However, they developed developed and released ZTNA and FWaaS capabilities for its SSE offering later than other vendors in this market. These are fully featured capabilities, but they are new and, so far, the subject of limited feedback from customers.
The SSE Challengers
Cisco's SSE products are a collection of solutions, valuable in their own right, but without a unified console at the moment.
The entry-level of their SSE solutions offers an affordable and easy to install solution such as Umbrella DNS Security Essentials and XDR SecureX.
The offering includes CTI with TALOS and API interactions for custom threat intelligence.
The choice of Cisco is indicated as particularly valuable in combination with an SD-WAN requirement.
Palo Alto Networks
Prisma Access is often chosen for its hybrid on-premise and SaaS integration.
Palo Alto's security portfolio is much broader than SSE and customers appreciate the integration of proxy functionality into Prisma Access, without deploying an agent.
The ZTNA in-line, object-based policy for segmenting users and applications allows for a consistent set of rules for mobile and on-site users.
The Palo Alto SSE is not yet fully integrated. Several different modules need to be configured to achieve a complete SSE, which can be costly.
Customers report a relative complexity in integrating and operating Prisma Access for existing customers used to Palo Alto firewall configuration.
Bitglass was acquired in 2021 by Forcepoint, which is why there are two Forcepoint entries in the 2022 ranking.
Bitglass has a proprietary AJAX-VM technology that allows agentless access to the cloud.
They rely on AWS as their point of presence around the world and distribute mainly to North America and Europe, but they also have a smaller presence in Asia/Pacific and South America. The SmartEdge agent decrypts and inspects content directly, making the solution less dependent on cloud processing and latency.
Forcepoint's ZTNA solution has some limitations, for example, it does not support UDP applications.
Bitglass has focused on adding new points of presence at the expense of core SSE features such as FWaaS.
The Niche Players of the ESS
A key strength of Forcepoint is that it provides a dashboard of users at risk. Customers can create custom policies to assess risk and take appropriate action.
The latest innovations on the intelligent agent seem relevant and show continued investment in innovation.
The offering is not yet well integrated, several consoles are still needed to manage all the components of the SSE.
The choice to perform ZTNA only on WEB applications limits the possibilities of the solution.
A quick reminder of the Magic Quadrant™ categories
Leaders are vendors of strong momentum (in terms of sales and mind share growth). They have track records for delivering well-integrated SSE components with advanced functionality, as well as a product strategy that aligns with the market trend for providing easy-to-use advanced features and making business investments for the future. Leaders have effective sales and distribution channels for their entire product portfolios and a vision for how SSE offerings are positioned within the context of organizations’ wider SASE transformations.
Challengers are established vendors that offer SSE components which may not be tightly integrated or which lack sophisticated features. Challengers perform well for a significant market segment, but they may be lacking advanced features or have gaps in their product offerings. Buyers of Challengers’ products and services typically focus on individual SSE components, rather than the full range of SSE requirements, or are motivated by strategic relationships with these vendors.
Visionaries are distinguished by technical and/or product innovation, but lack either the track record of execution and high visibility of Leaders or the corporate resources of Challengers. Buyers should expect advanced, integrated SSE offerings from Visionaries, but be wary of strategic reliance on these vendors and monitor their viability closely. Often, Visionaries represent good candidates for acquisition by other vendors. Thus, Visionaries’ customers run a slightly higher risk of business disruption.
Niche Players’ products are typically solid solutions in terms of one or more discrete SSE components, but they lack the sophistication, advanced capabilities or integration of Visionaries’ offerings. Additionally, Niche Players lack either the market presence or resources of Challengers. Niche Players may have a strong presence in a specific region, or target organizations of a specific size. They deserve attention from the types of buyers on which they focus.