Secure Access Service Edge (SASE) Platforms

Secure Access Service Edge (SASE) Platforms Overview

Secure access service edge software, often referred to as SASE, is a cybersecurity offering that encompasses enterprises’ security across all edges. In doing so, SASE platforms are unifying networking, via an SD-WAN foundation, with a range of security features placed as close to the end-user as possible without existing on the end-user’s device. SASE platforms are designed for global organizations and enterprises.


There are some core differences between SASE offerings and traditional enterprise security tools. For instance, SASE should:

  • Have a cloud-native architecture, in contrast with on-premise or virtual machine-based technology

  • Be globally distributed, in order to place the security measures as close to the end-user’s access point as possible

  • Be entity-focused, rather than perimeter-focused. This is a conceptual approach to securing an organization’s edges that better adapts to mobile-first and IoT environments that are becoming commonplace.

  • Be a unified, single-pass platform, rather than a collection of point solutions or acquired products merged into a SASE-esque offering. A singular architecture is crucial to maintaining network performance without sacrificing security.

SASE’s centralized networking and security architecture comes with several benefits over patchwork solutions, especially for global enterprises. Consolidating disparate functions into a single platform allows for more efficient networking and security. For instance, using a single system mitigates latency that would otherwise come from passing data across multiple security tools and networks globally. A centralized solution also reduces redundant systems costs and enables more efficient networking and security management.

Secure Access Service Edge (SASE) Products

(1-18 of 18) Sorted by Most Reviews

The list of products below is based purely on reviews (sorted from most to least). There is no paid placement and analyst opinions do not influence their rankings. Here is our Promise to Buyers to ensure information on our site is reliable, useful, and worthy of your trust.

Twingate

Twingate allows businesses to secure remote access to their private applications, data, and environments, whether they are on-premise or in the cloud. Built to make the lives of DevOps teams, IT teams, and end users easier, it replaces outdated corporate VPNs which were not built…

Cloudflare Zero Trust Services

Cloudflare's Zero Trust Network Access (ZTNA) technologies create secure boundaries around applications. When resources are protected with ZTNA, users are only allowed to access resources after verifying the identity, context, and policy adherence of each specific request. Cloudflare'…

Palo Alto Networks Prisma Access

Prisma Access from Palo Alto Networks is designed for SASE to deliver the networking and security that organizations need in a purpose-built cloud-delivered infrastructure. Prisma Access uses a common cloud-based infrastructure that delivers protection from over 100+ locations around…

Versa SASE

Versa SASE integrates a comprehensive set of services through VOS™ (Versa Operating System, formerly FlexVNF) delivering security, networking, SD-WAN, and analytics. Built to run in the most complex environments, Versa SASE provides the flexibility and elasticity for simple, scalable,…

Barracuda CloudGen WAN

Barracuda CloudGen WAN is designed to combine ease of use, full security, and cloud-native SD-WAN connectivity, to utilize Microsoft Global Network as a WAN backbone instead of MPLS or leased lines. Deployed directly from the Azure Marketplace, Barracuda CloudGen WAN is available…

Cato Networks

Israeli company Cato Networks provide a secure access service edge (SASE) solution, designed to replace MPLS and multiple networking and security point solutions with a converged WAN transformation platform built for the digital business.

Secucloud SASE (ECS2)

Secucloud boasts a proven SASE platform that combines a global private backbone, a network security stack, and support for cloud resources and mobile devices. Now from Aryaka (acquired May, 2021), Secucloud offers solutions for small business, homes, but also enterprises,including…

Juniper Security Director

Security Director is a portal to SASE, bridging current security deployments with a future SASE rollout. Security Director enables organizations to manage security anywhere and everywhere, on-premise and in the cloud with unified policy management that follows users, devices, and…

McAfee MVISION Unified Cloud Edge

McAfee's MVISION Unified Cloud Edge (UCE) protects data from device to cloud and prevents web-based and cloud-native threats that are invisible to the corporate network. It is a framework for implementing a Secure Access Service Edge (SASE) architecture and a safe way to accelerate…

Barracuda CloudGen Access (Fyde)

Barracuda CloudGen Access (formerly Fyde, acquired by Barracuda November 2020) enables Zero Trust Access to apps and data from any device and location. Users can implement a software-defined perimeter to ensure security of cloud and SaaS applications and provide remote, conditional,…

Check Point Harmony Connect (Odo Security)

Check Point’s Harmony Connect, bolstered with technology acquired with Odo Security in November 2020, is a Secure Access Service Edge (SASE) Solution, that unifies 11 different cloud security services, is built to prevent sophisticated cyber attacks, and is designed to improve the…

Open Systems SASE+

With a network of global access points, Open Systems states that SASE+ secures users no matter where they work. It aims to deliver direct, fast, and reliable connections to the internet and cloud and is centrally managed to make it easy to expand reach to anywhere and anything. SASE+…

FortiSASE (OPAQ Networks)

FortiSASE is a scalable cloud-delivered security as a service that enables flexible, anytime and anywhere secure access for work from anywhere users. Leveraging FortiOS and the Fortinet Security Fabric, FortiSASE aims to provide frictionless orchestration between cloud-delivered…

Zscaler Cloud Platform

The Zscaler Cloud Security Platform is a SASE service built from the ground up for performance and scalability. As a globally distributed platform, users are a short hop to their applications, and through peering with hundreds of partners in major internet exchanges around the world…

iboss Zero Trust Edge

The iboss Zero Trust Edge, from iboss headquartered in Boston, aims to prevent breaches by making applications, data and services inaccessible to attackers while allowing trusted users to securely and directly connect to protected resources from anywhere.

Akamai Enterprise Application Access

Akamai Enterprise Application Access is a cloud architecture that employs Zero Trust policies to protect an organization's network edges.

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service from the company of the same name in Tel Aviv, designed to simplify secure network, cloud and application access for the modern and distributed workforce.

NordLayer (formerly NordVPN Teams)

NordLayer is an adaptive network access security solution for modern businesses from Nord Security. The solution aims to help organizations of all sizes to fulfil scaling and integration challenges when building a modern secure remote access solution, within an ever-evolving SASE…

Learn More About Secure Access Service Edge (SASE) Platforms

What is Secure Access Service Edge (SASE) Software?

Secure access service edge software, often referred to as SASE, is a cybersecurity offering that encompasses enterprises’ security across all edges. In doing so, SASE platforms are unifying networking, via an SD-WAN foundation, with a range of security features placed as close to the end-user as possible without existing on the end-user’s device. SASE platforms are designed for global organizations and enterprises.


There are some core differences between SASE offerings and traditional enterprise security tools. For instance, SASE should:

  • Have a cloud-native architecture, in contrast with on-premise or virtual machine-based technology

  • Be globally distributed, in order to place the security measures as close to the end-user’s access point as possible

  • Be entity-focused, rather than perimeter-focused. This is a conceptual approach to securing an organization’s edges that better adapts to mobile-first and IoT environments that are becoming commonplace.

  • Be a unified, single-pass platform, rather than a collection of point solutions or acquired products merged into a SASE-esque offering. A singular architecture is crucial to maintaining network performance without sacrificing security.

SASE’s centralized networking and security architecture comes with several benefits over patchwork solutions, especially for global enterprises. Consolidating disparate functions into a single platform allows for more efficient networking and security. For instance, using a single system mitigates latency that would otherwise come from passing data across multiple security tools and networks globally. A centralized solution also reduces redundant systems costs and enables more efficient networking and security management.

SASE Capabilities

SASE is based on 2 core areas-- networking and edge security. Networking is managed via an SD-WAN capability, which can be native to the SASE platform or integrated as a 3rd-party offering.


On top of this SD-WAN functionality, SASE products provide a range of security features placed globally. SASE products should include most or all of these core security functions:

  • Next-Generation Firewall as a Service

  • Zero Trust policies for protection against external and internal threats

  • Secure web gateways

  • Cloud access security broker

  • Data Loss Prevention and data protection policies


SASE Platform Comparison

As a still-developing market, comparing existing or emerging SASE products may be challenging. Consider these factors when comparing products:


  1. Architecture: How each vendor structures its SASE offering matters. Cloud-native, single-pass infrastructure provides crucial performance benefits compared to VM or on-premise products hosted in the cloud.

  2. Networking vs. security legacy: most SASE providers have origins in either networking or security products. Their legacy and prior experience in each space can signal the depth and robustness of their features in each aspect of SASE. There are some vendors that have specialized in SASE offerings, these are still a minority.

  3. Global distribution: SASE offerings should be globally distributed, but buyers should focus on the distribution of datacenters and access points where their end-users are. How well does each vendor cover the areas where your edges are actually found?


Pricing Information

Pricing and licensing models are likely to change over time as the SASE market matures. SD-WAN-centric platforms may trend more towards pricing per bandwidth amount, while security-centric vendors are more likely to adopt pricing per entity, or location, per month.


Related Categories

Frequently Asked Questions

What is a Secure Access Service Edge?

Secure Access Service Edge is an emerging technology that unifies global networking and security into a single platform. They usually do so by hosting a cloud-native architecture on datacenters around the world to bring security tools as close to the network edge and endpoints as possible.

What’s the difference between SASE and SD-WAN?

SASE builds on SD-WAN concepts to natively integrate security capabilities into global networking. However, SD-WAN is not native to the cloud, and can only be adapted to cloud environments after the fact. SD-WAN also connects disparate locations to a central private network, while SASE allows for dispersed networking.

Why is SASE necessary?

SASE platforms enable more efficient and scalable networking at a global level, while also providing modern security necessary for global enterprises.

Who uses SASE?

SASE is used by large enterprises with a global presence, particularly those with a heavy reliance on reliable networking and robust data security across the enterprise.