Securing access to the web, cloud services, and private applications is an imperative for all enterprises. As organizations increasingly adopt hybrid work models, cloud-first strategies, and genAI tools, security service edge (SSE) platforms have gained enterprise interest.
SSE consolidates multiple access-related point products into a single, cloud-centric offering. At a minimum, SSE combines three main technologies: cloud-access security broker (CASB), secure web gateway, and zero-trust network access (ZTNA). To stand out in the crowded market, SSE offerings today must also include advanced data protections, generative AI controls, and deep SaaS visibility, among other capabilities.
SSE differs from SASE (secure access service edge), which includes networking capabilities such as SD-WAN and firewall as a service along with CASB, secure web gateway and ZTNA. Both the SSE and SASE terms were coined by Gartner. SSE is focused on security services, while SASE bundles security plus network connectivity. Enterprises often adopt SSE solutions as a first step toward a broader SASE approach, opting to initially strengthen their security posture and then gradually integrate the networking capabilities included in SASE as needed.
Nearly 80% of 713 IT and cybersecurity leaders surveyed for a new HPE report said their organizations plan to implement SSE within 24 months, and 64% of those same respondents said they consider SASE very important for their security strategy. SSE often replaces legacy security appliances, as 62% of organizations indicated that they “plan to eliminate VPN concentrators,” the HPE report notes. “At the same time, many seek to reduce reliance on dedicated SSL inspection, DDoS, and firewall applications, signaling a shift to cloud-delivered SSE security that simplifies infrastructure while strengthening protection.”
It’s a market that attracts vendors from both the networking and security worlds—as well as buyers from both networking and security teams.
“Various security-focused vendors offer the SSE portion of an SASE architecture for purchase and use by security buyers. At the same time, vendors in the WAN edge infrastructure market cover the networking portion of the SASE framework considered by networking buyers,” Gartner writes in its newly released 2025 Magic Quadrant for SSE. “Data from Gartner surveys and client inquiries indicate that most buyers are planning for a two-vendor strategy for SASE. However, more are taking a single-vendor SASE approach, and the difference in capability between SSE vendors and SASE platform vendors is rapidly closing.”
Critical SSE capabilities
Gartner defines SSE as “an offering that secures access to the web, cloud services, and private applications regardless of the location of the user, the device they are using, or where that application is hosted.”
“[SSE] provides a range of security capabilities, including adaptive access based on identity and context, malware protection, data security, and threat prevention, as well as the associated analytics and visibility,” Gartner writes. “It enables more direct connectivity for hybrid users by reducing latency and providing the potential for improved user experience.”
Must-haves include advanced data protection capabilities – such as unified data leak protection (DLP), content-aware encryption, and label-based controls – that enable enterprises to enforce consistent data security policies across web, cloud, and private applications.
Securing Software-as-a-Service (SaaS) applications is another important area, according to Gartner. SaaS security posture management (SSPM) and deep API integrations provide real-time visibility into SaaS app usage, configurations, and user behaviors, which Gartner says can help security teams remediate risks before they become incidents. Gartner defines SSPM as a category of tools that continuously assess and manage the security posture of SaaS apps.
Another capability that sets leading vendors apart from other competitors is support for genAI controls, which is a growing concern as more employees interact with tools like ChatGPT and Google Gemini. This capability enables IT teams to monitor, restrict, or redact sensitive data uploads to genAI platforms, reducing the risk of unintentional data leakage. ZTNA architecture helps to provide seamless, context-aware access to private applications without exposing network infrastructure, enhancing security while reducing dependency on legacy VPNs.
Other necessary capabilities for a complete SSE solution include digital experience monitoring (DEM) and AI-driven automation and coaching, according to Gartner. DEM capabilities should include integrated tools to measure latency, app performance, and user experience. SSE solutions should also provide embedded AI assistants to support administrators with automated user coaching, threat detection, and policy enforcement.
Taken together, these capabilities can enable security teams to enforce granular policies, respond quickly to threats, and deliver a smoother user experience.
SSE leaders and challengers
In its SSE Magic Quadrant report, Gartner categorizes vendors into one of four buckets: leaders, challengers, niche players, and visionaries.
According to Gartner, leaders have strong momentum in terms of sales and mindshare, are known to deliver well-integrated SSE components with advanced functionality, and clearly understand the market. The “leaders” in Gartner’s SSE analysis are:
- Zscaler: Strengths include strong marketing presence and a new pricing model as well as a track record of being early to market. The company also unified its multiple consoles into one unified console and launched a simplified pricing model. Gartner cautions that this vendor is typically one of the most expensive, which is a common concern for Gartner clients, the report states.
- Netskope: Strengths include strong technical capabilities across all areas of SSE and can support the vast majority of customer use cases. Gartner cautions that Netskope does not target the midmarket effectively and focuses its sales efforts on large organizations. The company is also slow to introduce new features, such as DEM, to its product compared to others in the market, Gartner reports.
- Palo Alto Networks: Strengths include Palo Alto Networks’ clear vision for innovating with AI technologies in its platform and its configuration integration with its existing firewalls, which allows customers to leverage a single interface. Gartner cautions that clients describe Palo Alto Networks’ Prisma Access pricing as complex, expensive, and sometimes difficult to interpret.
For challengers, Gartner says these vendors “offer SSE components that may not be tightly integrated or may lack sophisticated features and alignment with the market’s direction. They may compensate for this with a strong sales channel (possibly in adjacent security areas), strategic relationships, or extensive visibility in the market.” The sole “challenger” according to Gartner is:
- Fortinet: Strengths include a large existing customer base that it can leverage to expand its SSE presence and its highly competitive pricing for the technical features offered when Fortinet’s own non-Google Cloud Platform (GCP)-hosted POPs can be used. Gartner cautions that Fortinet’s approach to ZTNA and FortiOS-everywhere design limit its appeal to non-Fortinet customers.
SSE niche players
Niche players offer products that are “typically solid offerings in terms of one or more discrete SSE components but are focused on fewer areas, such as technical capabilities, geographic support, or vertical industries.” The “niche players” in Gartner’s report are:
- Cloudflare: Strengths include the largest POP network for onramping traffic to its cloud, which enables it to support clients with coverage needs in more remote areas of the world. The company is also a large and publicly traded company with a solid investment in SSE. Gartner cautions that Cloudflare’s technical capabilities lag behind others in this market in areas such as data security, SaaS discovery, risk scoring, and adaptive access, and its pricing is high for the level of capability delivered.
- Skyhigh Security: Strengths include strong data security and SaaS security capabilities via the company’s SSE platform. The company also offers technical functionality at a relatively low cost, according to Gartner. Still, Gartner cautions that the vendor has a smaller market share, and Gartner clients express uncertainty about the impact of senior management changes on the company’s direction.
- iBoss: Strengths include strong web security capabilities and customizable user-risk-scoring capabilities and good global POP coverage, enabling support for geographically dispersed clients. The company is expanding its sales and marketing efforts to grow its presence. Gartner cautions that iBoss’ product cost is higher than that of other vendors in the market for equivalent functionality and the vendor offers fewer SaaS security capabilities such as the number of API integrations and SSPM as well as less mature DEM than its competitors.
- Broadcom: Strengths include strong data security integration with its enterprise DLP offering and the company’s market approach and support strategy focus on the needs of very large, complex enterprises. Gartner also points out that Broadcom offers a broadly installed endpoint protection platform (EPP) and endpoint detection and response (EDR) and the company has converged this with its SSE agent. Gartner cautions that Broadcom’s SSE appeals primarily to existing customers and prospects already committed to the broader portfolio of cybersecurity and infrastructure that this vendor supplies. And Gartner reports that Broadcom has multiple consoles and less integration in its SSE than is typical in this market.
- Versa Networks: Strengths offers a broad set of capabilities across its entire SSE portfolio, POPs near major population centers, competitive pricing for the technical capabilities offered. Gartner cautions that Versa’s vision and focus are on sovereign SASE and endpoint security approaches and, according to Gartner, fall short on completeness of vision compared to leaders in SSE.
Gartner also includes a bucket for visionaries, but the SSE Magic Quadrant does not identify any visionaries currently in the market. Gartner did identify several “honorable mentions” including: Check Point Software Technologies, Cisco Systems, HPE (Aruba Networking), Lookout, and Microsoft.
Copies of the SSE Magic Quadrant are available from a number of vendors included in the report, such as here and here, for readers who register.
Source:: Network World