Gartner’s Market Guide to Single-Vendor SASE Offerings: The Closest Thing You’ll Get to a SASE Magic Quadrant

Listen to post:
Getting your Trinity Audio player ready...

Ever since Secure Access Service Edge (SASE) was adopted by every significant networking provider and network security vendor, IT leaders have been waiting for a Gartner SASE Magic Quadrant.

And for good reason.

The industry has seen widely different approaches to what’s being marketed as SASE. Some companies partnered with each other to offer a joint solution with slightly integrated products. For example, Zscaler and any number of SD-WAN partners. Others simply rebranded their existing solutions as SASE. Think VMware SD-WAN (previously VeloCloud) turning into VMware SASE.

Market consolidation has brought together still other companies with disparate services requiring years’ worth of integration. As an example, consider HPE, Aruba and Silver Peak and the integration work ahead of them to make a cohesive SASE product. Meanwhile, we at Cato Networks chose a different path: to build a fully converged, global networking and security solution from the ground up. Gartner calls this “single-vendor SASE.”

A SASE Magic Quadrant would clear up the confusion in the industry and separate the leaders from losers. But while Gartner may not yet be ready to issue a SASE Magic Quadrant, the firm has issued the next best thing — Market Guide for Single-Vendor SASE. The report takes a close look at the SASE market and specifically at single-vendor SASE.

The Single-Vendor SASE Market is Projected to Grow Substantially

Gartner defines a single-vendor SASE offering as one that delivers converged network and security as-a-service capabilities using a cloud-centric architecture. Cato is the prototypical single-vendor SASE leader. Example services that are part of a single-vendor SASE offering are SD-WAN, SWG, FWaaS, ZTNA, and CASB. All of those service, and this is key, are fully converged together in the underlying architecture, service delivery, and management interface. They truly are one cloud service, which is what separate single-vendor SASE from other approaches. 

These converged services might also be the full roster of capabilities for the newest single-vendor SASE entries but they are only the starting point for Cato. In addition to those services, Cato also offers a global private backbone, data loss prevention (DLP), rapid CVE mitigation, managed threat detection and response, SaaS optimization, UC and UCaaS optimization, and a range of other capabilities. 

According to Gartner, there should be rapid growth in single-vendor SASE implementation in the next few years. While only 10% of deployments were single-vendor SASE solution last year, Gartner expects a third of all new SASE deployments by 2025 to be single-vendor. By the same timeframe, half the new SD-WAN purchases will be part of a single-vendor SASE offering.

The market’s growth is largely being driven by the desire for simplicity by reducing the number of deployed solutions and vendors. Of course, reducing complexity while still offering enterprise-class capabilities is something Cato has been delivering for years. 

Gartner® Market Guide for Single-Vendor SASE | Report

Cato Was Ahead of Its Time in This “Adolescent” Market 

“A single-vendor SASE must own or directly control (OEM, not service chain with a partner) each of the capabilities in the core category,” according to the report authors. A “well-architected” solution must have all services fully integrated, a single unified management plane and a single security policy, a unified and scalable software-based architecture, and flexibility and ease of use. The report lists core functional requirements in each of the areas of secure web gateway, cloud access security broker, zero trust network access, and software-defined WAN.

Gartner points out that there are several vendors in the “adolescent” industry that meet the analyst firm’s minimum requirements. There are more, still, that come close but aren’t quite there with their offerings.

Because single-vendor SASE brings together networking and security into one solution with many functions, Gartner recommends that a joint team of network professionals and security experts be appointed to evaluate the solutions based on the organization’s foremost needs.

Single-Vendor SASE Has Lots of Benefits

The benefits of single-vendor SASE are many. Gartner cites the following as reasons to go this route for a SASE solution: 

  • An improved security posture for the organization – This is based on reduced complexity of the various security functions, a single policy enforced everywhere, and a smaller attack surface.
  • Better use of network and security staff – Deployment times are reduced, fewer skills and resources are needed to manage a unified platform, a single policy is applied throughout the various security functions, and redundant activities go away.
  • Improved experiences for users and system administrators – Performance issues such as latency and jitter are easier to tame or eliminate, it’s easier to diagnose issues end-to-end, and there is a single repository for logs and other event data.

Of course, implementing such a solution can have its challenges as well—like how to deal with organizational siloes, and what to do about existing IT investments. Global coverage can be an issue for the early-stage vendors. Fortunately, Cato has extensive coverage with 75+ PoPs around the world today. Gartner says solution maturity can be an issue, but that’s mainly a problem for the neophyte vendors. With more than 8 years in the single-vendor SASE business behind us, Cato is one of – if not the – most mature vendor in the market.

Gartner Offers Recommendations

As with all Gartner guides, the research firm has recommendations pertaining to strategy and planning, evaluation, and deployment:

  • Establish a cross-functional team including people from both networking and security to increase the potential for a successful implementation.
  • Evaluate single-vendor SASE against the backdrop of multi-vendor and managed offerings to determine which method would provide the most flexibility.
  • “Choose single-vendor SASE offerings that provide single-pass scanning, single unified console and data lake covering all functions to improve user experience and staff efficacy.” (Spoiler alert: Cato provides all of these things.)
  • Do a Proof of Concept project with real locations and real users to see how well an offering can meet your needs. (Cato is happy to set you up with a PoC today.)

If you are looking for the most mature and feature-rich single-vendor SASE offering with the largest number of worldwide PoPs, look no further than Cato Networks. Request a demo at  

Related Topics