Cloud Access Security Brokers (CASB) , Governance & Risk Management , Next-Generation Technologies & Secure Development

Netskope, Zscaler, Palo Alto Lead SSE Gartner Magic Quadrant

Palo Alto Enters Leaders Area While Skyhigh Security Falls From Leader to Visionary
Netskope, Zscaler, Palo Alto Lead SSE Gartner Magic Quadrant

A surging Palo Alto Networks has joined stalwarts Netskope and Zscaler atop Gartner's security service edge ranking, while Skyhigh Security fell from leader to visionary.

See Also: Is Cyberstorage the New Paradigm for Data Security?

"Palo has come together and started to produce more of an SSE and less of a VPN-type environment," Gartner Senior Director Analyst Charlie Winckless told Information Security Media Group. "Last year, they were a much more fragmented experience. This year, they have moved much more to a single, unified SSE console that's cloud-delivered."

Netskope joined Palo Alto Networks as a big winner in Gartner's second-ever SSE Magic Quadrant, catapulting from third to first in both execution ability and completeness of vision. Zscaler and Palo Alto Networks each fell one position in execution ability - tumbling to second and third, respectively - while Cisco and Skyhigh Security, then McAfee Enterprise, held steady at fourth and fifth in execution ability.

"We take into account not just, 'Are they public or private?' but also the depth and breadth of funding and their ability to acquire additional funding rounds going forward," Winckless said in explaining his decision to rank venture-backed Netskope ahead of publicly traded Zscaler and Palo Alto Networks. "Netskope is showing a strong viability in this market space."

More wholesale changes occurred in completeness of vision. Skyhigh Security tumbled from first to third, Lookout sank from second to fifth, and Forcepoint fell from fifth to sixth. On the positive side of the ledger, Zscaler improved from fourth to second in completeness of vision, and Palo Alto Networks leapfrogged from seventh to fourth (see: Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant).

'One-Trick Ponies Are a Little Bit of a Struggle'

Winckless has seen a greater focus on SaaS security posture management from SSE vendors as clients become more aware of how much of their data is in Office 365 or Google Workspace. The complexity of managing SaaS applications across their entire life cycle has prompted Zscaler's acquisition of Canonic Security and Netskope's buy of Kloudless as customers increasingly prioritize data security in buying decisions.

Even companies such as Netskope and Zscaler that started as pure-play SSE vendors have taken advantages of acquisitions to broaden their total addressable market, Winckless said. Netskope got into SD-WAN and single-vendor SASE through its 2022 buy of Infiot while Zscaler developed a cloud security offering through its acquisitions of Edgewise Networks and Cloudneeti in 2020 to tell customers a broader story.

"One-trick ponies are a little bit of a struggle, and I think we do see diversification even with the pure-plays," Winckless said. "Markets do consolidate, and there are not many vendors in security who sell just one area."

Zscaler led the SSE category with 28% market share in 2022, while Cisco and Broadcom took second and third place with a combined market share of 30%, market research group Dell'Oro Group said in March. The worldwide SSE market expanded by 38% - or nearly $1 billion - in 2022, and 20 technology vendors were playing in the space, Dell'Oro Group found.

"Palo has come together and started to produce more of an SSE and less of a VPN-type environment."
– Charlie Winckless, senior director analyst, Gartner

In the overall $6 billion secure access service edge market, SSE represents nearly 60% of revenue and SD-WAN accounts for the remaining 40%, according to Dell'Oro Group. Cisco remained the overall SASE leader in 2022 with 17% revenue share, while Zscaler took the silver with 16% share and Broadcom took the bronze with 7% share. Single-vendor SASE now comprises 45% of the market, Dell'Oro Group found (see: Palo Alto, Versa, Cisco Lead First-Ever SASE Tech Evaluation).

Outside of the leaders, here's how Gartner sees the SSE market:

  • Visionaries: Skyhigh Security, Lookout, Forcepoint
  • Challenger: Cisco
  • Niche Players: iboss, Broadcom, Cloudflare
  • Honorable Mentions: Akamai, Cato Networks, Fortinet, Microsoft, Trend Micro

Cloudflare was added to the Magic Quadrant after acquiring API-based cloud access security broker Vectrix in February 2022, while Versa Networks was dropped from the list after failing to rank among the top 20 SSE vendors in Gartner's market momentum index this year.

Netskope Shifts From Trust Binary to Trust Gradients

Netskope has tapped into artificial intelligence and machine learning to classify data and threats and gain visibility into where traffic is going, said Chief Strategy Officer Jason Clark. The company historically offered separate products for safeguarding web, cloud and data center traffic, but Clark said Netskope now provides a single spot for visibility into the security posture of a company's users, locations and data.

Netskope has moved away from a trust binary and instead assigns a trust score between zero and 100 to each SaaS application based on the endpoint, user and geography, which determines what level of access and permissions are granted, Clark said. The company can securely connect users to AWS or Zoom much faster than peers and offers data protection that's head and shoulders above its rivals, he said (see: Netskope CEO Sanjay Beri on Pushing Into SD-WAN, IoT Defense).

"The biggest value we offer is context to drive adaptive trust and help businesses make better decisions," Clark told ISMG. "If data didn't exist, security teams wouldn't exist. We are, by far, the best for data protection."

Gartner chided Netskope for high cost, lacking fully integrated SD-WAN and advanced digital experience management capabilities, and splitting its admin console into two primary management environments. Clark said Netskope is planning to add advanced DEM capabilities, is currently writing Infiot's SD-WAN into its code base, offers administration from one integrated console, and ties pricing to the protection offered.

"We want to be careful on how fast we move and make sure the code is good," Clark said. "We spend more than any of those other SSE vendors on innovation."

Zscaler Extends Protection From Users to Workloads, Devices

Zscaler has extended its SSE platform beyond users to offer similar protections to workloads, IoT and OT devices and third-party contractors and customers looking to access authenticated apps, said Field CTO Sanjit Ganguli. The company has extended what it's done for user access to internet and private access apps to cover workload-to-workload, internet-to-workload and OT-to-workload access, Ganguli said.

The company has also embedded artificial intelligence technology into its segmentation, data classification, root cause analysis and phishing and command-and-control prevention offerings, he said. Ganguli said Zscaler has made significant enhancements around CNAPP, offers protection for workload communication as well as posture control and has integrated with Siemens to deliver IoT protection (see: How to Distinguish True Zero Trust From Imposters).

"As a leader in secure web gateway for many years, the architecture that we provide is cloud-native," Ganguli told ISMG. "And the way that our platform has been built is exactly what allows us to scale to the level that we're able to scale to."

Gartner criticized Zscaler for pricing and perceived sales arrogance, lacking consistent ZTNA and CASB posture checks, using multiple consoles for configuration, and slowly releasing common SSE features. Ganguli said Zscaler is working to unify and simplify its portals, has high customer net promoter scores and Gartner Peer Insight ratings, and has released many new features since the research period ended.

"We have introduced a significant number of features that were not evaluated," Ganguli said. "It's more of an issue of timing versus any actual slowdown in innovation."

Palo Alto Networks Takes on Phishing Kits, MITM Attacks

Palo Alto Networks has begun using in-line artificial intelligence and machine learning to stop phishing kits and man-in-the-middle attacks against secure web gateways, said Kumar Ramachandran, senior vice president for SASE products. The company's enhanced SaaS security posture management tool supports more than 80 apps, continuously checks posture, and automatically corrects any drift that's occurred.

The company's zero trust network access tool applies deep security inspections for all traffic, while its digital experience management pinpoints performance problems and automatically addresses them. Ramachandran said the Palo Alto Networks inspection process works the same regardless of where apps reside and monitors the entire transaction for any changes in user behavior (see: Nikesh Arora on Palo Alto's Approach to Supply Chain Defense).

"We have the complete amount of data required to solve a problem, and we are able to observe data across all these areas at scale," Ramachandran told ISMG. "We get correct data and we get consistent data. That's the reason why our AI and ML processes are providing efficacy at a level the rest of the industry is not able to match."

Gartner criticized Palo Alto for complex and confusing licensing, lacking native remote browser isolation, forcing clients to choose between cloud-based and on-premises SSE and appealing largely to existing clients. Ramachandran said Palo Alto has worked to simplify licensing, has good adoption by net new customers, will address RBI if there's sufficient customer demand, and doesn't see interest in hybrid management.

"We see a very healthy balance between existing Palo Alto customers and net new customers to Palo Alto that are brought by Prisma SASE," Ramachandran said. "SSE is a huge focus area for us, and it's absolutely resulting in net new customers."

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.