Who are the best SSE Vendors? (Security Service Edge)

What is a SSE vendor solution?

Gartner created a new market category called Security Service Edge (SSE) which refers to the security capabilities required to implement a SASE architecture, unifying CASB, ZTNA, and SWG into a single-vendor, cloud-delivered solution. 

Top rated SSE (Security Service Edge) vendors and providers matrix.

Why did Gartner create the SSE (Security Service Edge) definition?

Gartner's decision to create the SSE market was driven mainly by:

• The need to consistently address organisations' dynamic, secure access requirements 
• Many enterprise security teams make purchasing decisions in silos
• Many WAN edge infrastructure vendors do not offer the complete security stack

IT teams should consider the following factors when evaluating SSE vendors and MSPs:

• Support for the core SSE capabilities delivered as a cloud-native service through geographically distributed PoPs
• Consistent policy enforcement across all edges and channels with a unified policy engine
• Support for local data storage and access requirements

1. Zscaler SSE Solution

What are Zscaler's SSE features?

Zscaler Cloud Security Platform is Zscaler's SSE solution unifying ZTNA, SWG, and CASB delivered through a cloud-first architecture. The solution brings together two flagship products, including Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA), with APIs that automate policy creation and machine learning technology that enables auto-segmentation.

Zscaler Cloud Security Platform offers threat prevention, access control, and data protection for encrypted and unencrypted traffic across all ports and protocols. The cloud-based architecture delivers DLP with exact data matching, FWaaS, cloud browser isolation, inline cloud sandbox, IPS, DNS security, web content filtering, and SaaS and Cloud Security Posture Management (SSPM/CSPM), protecting users and data regardless of the location and access device.

Who are Zscaler's SSE competitors?

Zscaler is one of the few vendors offering a cloud-native and cloud-first SSE architecture that secures all users and applications regardless of the location, access device, and data. Furthermore, Zscaler offers Zscaler Digital Experience, a subscription service designed to predict user experience and application performance issues, focusing on Microsoft 365 productivity applications. 

With over one hundred and fifty (150) geo-distributed PoPs and three subscription models with add-ons available, Zscaler expands to global companies across all industry verticals.

How does Zscaler SSE integrate with cloud vendors?

Zscaler integrates with cloud applications via API, direct connections with the major public cloud providers via co-location facilities, and forward proxy via the ZApp agent.

2. Palo Alto Networks Prisma SSE Solution

What are Palo Alto's SSE features?

Prisma Access is Palo Alto Networks' implementation of SASE, incorporating the three core SSE capabilities, including ZTNA, SWG, and CASB, into a single, cloud-delivered platform. Prisma Access supports client-based cloud access through the Global Protect agent, clientless access via SAML proxy redirection (reverse proxy), API, SD-WAN, and IPsec tunnels.

Who are Palo Alto's SSE competitors?

Prisma Access offers encrypted application access, authentication, bi-directional SSL inspection, policy management, DLP, VPN, threat detection, Shadow IT visibility, IoT security, DNS security, and FWaaS featuring threat prevention, web content filtering, and sandboxing. 

How does Palo Alto SSE integrate with cloud vendors?

Like Zscaler, Prisma Access offers proactive user experience remediation via Autonomous Digital Experience Management (ADEM), allowing customers to identify and remediate performance issues before impacting users. 

3. Cisco Umbrella SSE Solution

What are Cisco Umbrella's SSE features?

Umbrella is Cisco's SSE implementation, converging SWG, CASB, and ZTNA into a single-vendor, cloud-delivered security platform, directly integrating with Cisco SD-WAN. 

Cisco Umbrella offers DNS-layer security, interactive threat intelligence powered by Cisco Talos Intelligence Group, FWaaS, XDR through Cisco SecureX, remote browser isolation, and malware protection. 

Who are Cisco Umbrella's competitors?

Cisco Umbrella is a cloud-native security platform delivered globally across thirty-seven (37) PoPs. While the solution offers a single-vendor, feature-rich SSE solution, as of March 2022, it lacks cloud DLP and IPS, which Cisco is currently developing.   

How does Cisco Umbrella integrate with cloud vendors?

Cisco Umbrella supports client-based cloud access through the Cisco AnyConnect client. Furthermore, users can access select cloud applications via DNS-based redirection, IPsec tunnels, PAC files, and proxy chaining.

4. Cato Networks SSE Solution

What are Cato Networks SSE features?

Cato Networks delivers SSE through Cato SASE Cloud, featuring the three core SSE capabilities: SWG, ZTNA, and CASB. The solution also offers SD-WAN over a global private backbone. 

Cato SASE cloud offers application-aware next-generation FWaaS, web content filtering, SSL inspection, standard and next-generation malware protection, and IPS. Furthermore, Cato Networks offers Managed Threat Detection and Response (MDR) as an add-on to help detect compromised endpoints. 

Who are Cato Networks competitors?

Cato SASE is a cloud-native security platform delivered globally across more than sixty (60) PoPs, converging networking and security capabilities. While the solution offers single-vendor, feature-rich networking and security capabilities, as of March 2022, it lacks cloud DLP. 

Cato Networks, however, plans to integrate this capability in H1 2022. 

How does Cato Networks integrate with cloud vendors?

Cato Networks supports client-based cloud access through the Cato Client. Furthermore, users can access select web applications in a clientless mode via the Cato Application Portal through single sign-on and IaaS applications via direct cloud DC integrations (IPsec and Cato vSocket).

5. Netskope SSE Solution

What are Netskope's SSE features?

Netskope Security Service Edge (SSE) is a cloud-native security platform delivering ZTNA, next-generation SWG, and multimode CASB. The solution employs a single policy engine managed from a central console, with a single-pass architecture for improved throughput and latency. The solution also enables integration with third-party SD-WAN vendors.

Netskope SSE offers DLP, advanced threat prevention, FWaaS, remote browser isolation, user/entity behavior analytics (UEBA), and advanced analytics (NAA).

Who are Netskope's SSE competitors?

Netskope adds artificial intelligence and machine learning technology to its SSE offering for more accurate web and cloud app categorization and malicious document analysis. Additionally, the solution can detect sensitive data contained in screenshots and images.

How does Netskope integrate with cloud vendors?

Netskope SSE supports client-based cloud access through the Netskope Client. Furthermore, users can access cloud apps in a clientless mode via SD-WAN, PAC files, forward proxy, and APIs.

6. Proofpoint SSE Solution

What are Proofpoint's SSE features?

Information and Cloud Security Platform is Proofpoint's SSE implementation, offering ZTNA, SWG, and CASB. The solution is a collection of many Proofpoint products delivered from the cloud, managed from a central console, and available globally with support for local data storage. 

Proofpoint Information and Cloud Security Platform features inline and real-time endpoint and email DLP, email encryption, remote browser isolation, advanced threat protection with UEBA, micro-segmentation, and threat intelligence powered by Nexus Threat Graph.

Who are Proofpoint's SSE competitors?

Like Forcepoint, Proofpoint has an extensible DLP capability extending endpoint, email, cloud, and web offered as part of the Proofpoint Information and Cloud Security Platform, with the ability to store data locally to help customers meet data compliance and regulations. 

How does Proofpoint SSE integrate with cloud vendors?

Netskope supports agent-based cloud access via a lightweight endpoint agent. Furthermore, Proofpoint CASB supports API and proxy-based deployments.

7. Barracuda Networks SSE Solution

What are Barracuda's SSE features?

Barracuda offers two cloud-based products that deliver SSE capabilities, including CloudGen WAN and CloudGen Access. CloudGen WAN offers SWG and CloudGen Access brings ZTNA. In addition to security capabilities, CloudGen WAN also includes SD-WAN as part of Barracuda's SASE offering. 

CloudGen WAN delivers next-generation FWaaS, web content filtering, advanced threat prevention with cloud sandboxing, SSL inspection, IDS/IPS, malware protection, network segmentation, and real-time monitoring. Furthermore, CloudGen Access offers conditional and contextual access policies, RBAC and ABAC, and on-device phishing and threat protection. 

What are Barracuda's SSE competitors?

Barracuda has a close partnership with Microsoft Azure, leveraging the Microsoft Global Network to deliver direct access to Microsoft 365 productivity apps with greater performance levels. Unlike other vendors in the SSE space, Barracuda does not offer a complete CASB solution covering all cloud service models.

How does Barracuda integrate with cloud vendors?

Barracuda offers flexible cloud integration options, including a device agent (CloudGen Access App) for ZTNA via mTLS tunnels, IPsec tunnels, direct connections to Microsoft Azure, and SD-WAN.

8. Menlo Security SSE Solution

What are Menlo Security's SSE features?

Menlo's Cloud Security Platform converges SWG, CASB, and ZTNA delivered from the cloud. Menlo's ZTNA solution is Menlo Private Access (MPA), providing safe, scalable, and least-privilege access to internal applications for any user regardless of location and access device. The platform consists of a tiered architecture comprising an elastic edge, FWaaS with modularized cybersecurity capabilities, and an Elastic Isolation Core, all managed from a single console. 

Menlo's Cloud Security Platform features DLP, remote browser isolation with zero-day protection, email link isolation, malware detection and prevention, phishing prevention, and SSL inspection. 

Who are Menlo Security's SSE competitors?

Menlo built its Cloud Security Platform on Elastic Isolation Core technology designed to transfer the web browsing process from the endpoint to the cloud to enable complete isolation of breaches and attacks away from the users. The isolation technology brings document isolation and read-only web access. The solution also provides flexible and extensible integration with third-party tools through open APIs, allowing the customers to leverage existing investments in security. 

How does Menlo Security SSE integrate with cloud vendors?

Menlo Security Platform offers flexible cloud integrations, including endpoint agents (Menlo Connect), SD-WAN integration, SAML-, IP-based, and X-headers reverse-proxy, forward-proxy, PAC files, and IP tunnels, including IPsec and GRE.

9. Cloudflare SSE Solution

What are Cloudflare's SSE features?

Cloudflare One is Cloudflare's implementation of SASE, delivering two of the three core SSE core components, ZTNA and SWG, with CASB controls built into the ZTNA service and single-pass traffic inspection. The solution also includes SD-WAN with private routing and load balancing.

The cybersecurity features offered by Cloudflare One include web content filtering, application control, DNS security, remote browser isolation, SSL inspection, inline cloud DLP, identity and device posture access rules, FWaaS, and DDoS mitigation. 

Who are Cloudflare's SSE competitors?

Cloudflare One is built on the Cloudflare Global Network, extending to 250 cities worldwide with 9,800 interconnects across over 1,600 co-location facilities, 121 TB capacity, and a 100% uptime SLA. Cloudflare also offers native DDoS mitigation, traffic acceleration, and DNS rewrite in its web security services. 

How does Cloudflare SSE integrate with cloud vendors?

Cloudflare One offers flexible cloud onramps, including clientless access, device agents for forward-proxy access, IP tunnels, and direct connections.

10. Forcepoint SSE Solution

What are Forcepoint's SSE features?

Forcepoint ONE is Forcepoint's SSE solution, a single-agent, cloud security platform converging ZTNA, SWG, and CASB, with a unified policy set managed from a central console. 

Forcepoint ONE offers many security capabilities, including DLP, web content filtering, SSL inspection, malware protection, and threat protection. Among the top-rated features are remote browser isolation (RBI) from the Cyberinc acquisition, file sanitizing through Content Disarm and Reconstruction (CDR), and zero-day sandboxing powered by the Deep Secure addition.

Who are Forcepoint's SSE competitors?

Forcepoint ONE uses an agent-based architecture to extend the core SSE capabilities to the endpoint. Instead of forwarding all end-user traffic to the nearest PoP for inspection and policy enforcement, the Forcepoint ONE unified agent performs intelligent routing to enable on-device traffic encryption, decryption, inspection, and control, significantly improving performance and latency. Furthermore, Forcepoint is also one of the few vendors offering an enterprise DLP solution managed from a central console with a single policy set, covering cloud, endpoint, Internet, and email. Lastly, Forcepoint built Forcepoint ONE exclusively in AWS with over three hundred (300) PoPs worldwide, extending to community clouds such as AWS GovCloud, with 99.99% uptime.

How does Forcepoint integrate with cloud vendors?

Forcepoint ONE enables access to cloud applications through API, reverse proxy, and forward proxy.

Further Information

Which vendors are best for UK SSE? 

UK-based customers with some global connectivity requirements should consider SSE solutions offering multiple in-country PoPs and in-country (UK), or in-region (EU) data storage and inspection support to comply with privacy requirements:

• Proofpoint: global PoPs with support for local data storage
• Zscaler: multiple PoPs in the UK located in London and Manchester, with local storage support in Germany, Netherlands, and Switzerland only 
• Forcepoint: multiple PoPs in the UK, with data sovereignty controls
• Netskope: multiple PoPs in the UK, with alignment to Cyber Essentials, ISO 27001, and UK Government's G-Cloud 12 Framework
• Fortinet: multiple PoPs in the UK, with local data storage support in France

Which vendors are best for Global SSE?

Global customers, particularly those doing business in countries with strict data protection and sovereignty laws, such as Mainland China, Germany, and Russia, should consider SSE vendors offering the full SSE security stack within such countries, including:

• Forcepoint: multiple PoPs with data sovereignty controls, located in the U.S., Sweden, Russia, Hong Kong, Germany, France, Brazil, UK, Australia, Japan, Italy, and South Africa. 
• Zscaler: multiple PoPs in countries with data sovereignty laws, such as the US, Australia, Germany, Russia, Sweden, France, Nigeria, and the UK.
• Palo Alto: multiple PoPs in countries with data sovereignty laws, such as Hong Kong, Russia, the U.K., France, South Africa, Brazil, Germany, the US, Australia, Nigeria, and Vietnam. 
• Cisco: multiple PoPs in countries with data sovereignty laws, such as South Africa, the US, the U.K., Germany, Hong Kong, Australia, Italy, Japan, France, and Brazil.
• Cloudflare: operating in over one hundred countries (100), including Mainland China and Russia.

Which vendors are best for US SSE?

US-based customers with some global connectivity requirements should consider SSE solutions offering multiple dispersed, in-country PoPs with local data storage and inspection support to comply with privacy requirements:

• Proofpoint: global PoPs with support for local data storage
• Cisco: multiple PoPs in the US.
• Zscaler: fourteen (14) PoPs in the US. 
• Palo Alto: eleven (11) Prisma Access locations across the US
• Forcepoint: six (6) PoPs in the US.
• Netskope: multiple PoPs in the U.S.
• Fortinet: multiple PoPs in the US.
• Barracuda: available in any Microsoft Azure, AWS, and Google Cloud Platform US region

FAQs

How does Security Service Edge (SSE) compare with SASE? 

The Security Service Edge (SSE) is a component of SASE that unifies security services such as SWG, CASB, and ZTNA. Networking and security are two of the many aspects that make up a SASE solution. These focus on improving user experience with cloud apps, reducing costs for businesses.