A core element of ZTNA is that security is based on identity, rather than, say, IP address. This makes it more adaptable for a mobile workforce, but requires additional levels of authentication, such as multi-factor authentication and behavioral analytics.
What other technologies may be part of SASE?
In addition to those four core security capabilities, various vendors offer a range of additional features.
These include web application and API protection, remote browser isolation, DLP, DNS, unified threat protection, and network sandboxes. Two features many enterprises will find attractive are network privacy protection and traffic dispersion, which make it difficult for threat actors to find enterprise assets by tracking their IP addresses or eavesdrop on traffic streams.
Other optional capabilities include Wi-Fi-hotspot protection, support for legacy VPNs, and protection for offline edge-computing devices or systems.
Centralized access to network and security data can allow companies to run holistic behavior analytics and spot threats and anomalies that otherwise wouldn’t be apparent in siloed systems. When these analytics are delivered as a cloud-based service, it will be easier to include updated threat data and other external intelligence.
The ultimate goal of bringing all these technologies together under the SASE umbrella is to give enterprises flexible and consistent security, better performance, and less complexity – all at a lower total cost of ownership.
Enterprises should be able to get the scale they need without having to hire a correspondingly large number of network and security administrators.
Survey the SASE vendor landscape
The SASE market is complex. Vendors include pure-play SASE, SD-WAN vendors expanding into security, security vendors expanding into networking) multivendor SASE, and single-vendor SASE. It’s also worth noting that the “leader” quadrant in analyst reports changes frequently.
What is multivendor SASE?
Refers to a SASE platform that is provided by multiple vendors. This means you’d source that different components of the SASE platform, such as the secure web gateway (SWG), cloud access security broker (CASB), and zero-trust network access (ZTNA) from different vendors. This allows you to choose the best-of-breed solutions for each component of the platform. By using multivendor SASE platform, you avoid being tied to a single vendor and reduce the risk of vendor lock-in. On the negative side, managing multiple vendors is time-consuming than managing a single-vendor solution. Also, issues among vendors can impact the performance, efficiency and reliability of the SASE solution.
What is single-vendor SASE
Single-vendor SASE refers to a solution that is provided by a single vendor. This means that all of the components of the SASE platform, such as the secure web gateway (SWG), cloud access security broker (CASB), and zero-trust network access (ZTNA) are delivered by a single vendor. Advantages of single-vendor SASE include simplified management, smoother integration and enhanced support. Disadvantages include vendor lock-in, more limited capabilities compared to multivendor platforms, and higher costs for large organizations.
Many SASE vendors have used APIs to connect separate security and networking tools. By 2026, the market has matured. single-vendor SASE — where the policy, the code, and the cloud are all owned by one company — is now the standard for reducing “operational drag” and avoiding security gaps between the network and applications.
Who are the top SASE providers?
The SASE landscape has shifted from a fragmented market of point solutions to a platform-first era dominated by single-vendor SASE. While established networking incumbents remain powerful, the top tier is now defined by those who have successfully integrated AI-security posture management (AI-SPPM) and sovereign data controls into their global backbones.
The industry has seen significant consolidation: HPE has fully integrated Juniper Networks’ AI-driven security. Broadcom has finalized the transition of VMware’s SASE into the VeloCloud ecosystem; and Check Point has absorbed Perimeter 81 into its Harmony platform.
The current market leaders are categorized as follows:
- The platform leaders: Palo Alto Networks (Prisma Access) and Zscaler continue to set the pace for enterprise-scale universal SASE, providing seamless security for both remote and on-premises workforces.
- AI and cloud-native pioneers: Cato Networks remains the benchmark for pure-play SASE, while Netskope and Cloudflare lead the way in protecting data as it moves between users and generative AI models.
- Integrated infrastructure giants: Cisco, Fortinet, and the newly expanded HPE (Juniper) offer the deepest integration between hardware and security, making them the choice for organizations with complex branch-office needs.
- Specialized and emerging tier: Versa, Akamai, and Skyhigh Security provide specialized edge security and low-latency performance for high-traffic or regulated industries.
How to adopt SASE
Enterprises that must support a large, distributed workforce, a complicated edge with far-flung devices, and hybrid/multi-cloud applications should have SASE on their radar. For those with existing WAN investments, the logical first step is to investigate your WAN provider’s SASE services or preferred partners.
On the other hand, if your existing WAN investments are sunk costs that you’d prefer to walk away from, SASE offers a way to outsource and consolidate both WAN and security functions.
Over time, the line between SASE and SD-WAN will blur, so choosing one over the other won’t necessarily lock you into a particular path, aside from the constraints that vendors might erect.
For most enterprises, however, SASE will be part of a hybrid WAN/security approach. Traditional networking and security systems will handle pre-existing connections between data centers and branch offices, while it will be used to handle new connections, devices, users, and locations.
SASE isn’t a cure-all for network and security issues, nor is it guaranteed to prevent future disruptions, but it will allow companies to respond faster to disruptions or crises and to minimize their impact on the enterprise. In addition, it will allow companies to be better positioned to take advantage of new technologies, such as edge computing, 5G and mobile AI.
