这是用户在 2025-5-1 18:09 为 https://www.gartner.com/doc/reprints?id=1-2HBZK5FR&ct=240418&st=sb 保存的双语快照页面,由 沉浸式翻译 提供双语支持。了解如何保存?

Licensed for Distribution
许可分发

Magic Quadrant for Security Service Edge
安全服务边缘魔力象限

15 April 2024  2024 年 4 月 15 日 - ID G00792702 - 38 min read
- 38 分钟阅读
By Charlie Winckless, Thomas Lintemuth,  and 1 more
查理·温克莱斯、托马斯·林特穆思和另外 1 位作者
Security service edge is a dynamic market focused on consolidating cloud-delivered point solutions and replacing or augmenting legacy hardware. This Magic Quadrant will help buyers evaluate 10 key vendors, ideally in the context of a SASE strategy and long before contracts are due for renewal.
安全服务边缘是一个动态市场,专注于整合云交付的点解决方案,并取代或增强传统硬件。本魔力象限将帮助买家评估 10 家关键供应商,理想情况下是在 SASE 策略的背景下,并且在合同续签之前。

Strategic Planning Assumptions
战略规划假设

By 2026, 85% of organizations seeking to secure their web, SaaS and private applications will obtain the security capabilities from a security service edge (SSE) offering.
到 2026 年,85%寻求保护其 Web、SaaS 和私有应用程序的组织将从安全服务边缘(SSE)提供中获得安全功能。
By 2026, 45% of organizations will prioritize advanced data security features for inspection and protection of data at rest and in motion as a selection criterion for SSE.
到 2026 年,45%的组织将把高级数据安全功能作为选择标准,用于检查和保护静态和动态数据。

Market Definition/Description
市场定义/描述

This document was revised on 18 April 2024. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
本文件于 2024 年 4 月 18 日修订。您所查看的是修正后的版本。如需更多信息,请参阅 gartner.com 上的更正页面。
Gartner defines security service edge (SSE) as a solution that secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where that application is hosted. SSE protects users from malicious and inappropriate content on the web and provides enhanced security and visibility for the SaaS and private applications accessed by end users.
Gartner 将安全服务边缘(SSE)定义为一种解决方案,无论用户或他们使用的设备的位置,无论应用程序托管在哪里,都能保护对 Web、云服务和私有应用程序的访问。SSE 保护用户免受网络上的恶意和不适当内容,并为终端用户访问的 SaaS 和私有应用程序提供增强的安全性和可见性。
Security service edge provides a primarily cloud-delivered solution to control access from end users and edge devices to applications (private or delivered via SaaS) as well as websites (and to a lesser extent general internet traffic). It provides a range of security capabilities, including adaptive access based on identity and context, malware protection, data security, and threat prevention as well as the associated analytics and visibility. It enables a hybrid workforce more efficiently than traditional on-premises solutions. Capabilities that are integrated across multiple traffic types and destinations allow a more seamless experience for both users and admins while maintaining a consistent security stance.
安全服务边缘提供了一种主要基于云的解决方案,用于控制终端用户和边缘设备对应用程序(私有或通过 SaaS 提供)以及网站(以及较少的通用互联网流量)的访问。它提供了一系列安全功能,包括基于身份和上下文的自适应访问、恶意软件保护、数据安全和威胁预防,以及相关的分析和可见性。它比传统的本地解决方案更有效地支持混合工作队伍。跨多种流量类型和目的地集成的功能,为用户和管理员提供更无缝的体验,同时保持一致的安全立场。

Must-Have Capabilities  必备功能

The must-have capabilities of this market include:
该市场必备的功能包括:
  • Identity-aware forward proxy (including encrypted traffic visibility and control, malware protection, threat prevention and URL filtering).
    身份感知正向代理(包括加密流量可见性和控制、恶意软件保护、威胁预防和 URL 过滤)。
  • Both inline (via identity-aware proxy supporting managed and unmanaged devices) and out-of-band (via API) protection of in-use SaaS apps including adaptive access, encrypted traffic visibility and control, data loss prevention (DLP), malware protection and threat prevention.
    包括自适应访问、加密流量可见性和控制、数据丢失预防(DLP)、恶意软件保护和威胁预防在内的 SaaS 应用程序的在线(通过支持管理和非管理设备的身份感知代理)和离线(通过 API)保护。
  • Adaptive and granular access (controlled by identity and context) to private and SaaS applications by both agent and agentless methods, and from managed and unmanaged devices.
    通过代理和无代理方式,从受管理和不受管理设备对私有和 SaaS 应用程序进行自适应和细粒度访问(由身份和上下文控制)。
  • Integration with identity providers for identity context and validation.
    与身份提供者集成以实现身份上下文和验证。

Standard Capabilities  标准功能

The standard capabilities of this market include:
该市场的标准功能包括:
  • Ability to apply controls consistently across multiple network and application destinations.
    能够在多个网络和应用程序目标之间一致地应用控制。
  • Support for managing and securing traffic from common endpoints (such as Windows, macOS, iOS and Android devices).
    支持管理和保护来自常见端点(如 Windows、macOS、iOS 和 Android 设备)的流量。
  • Integration with key enterprise technologies such as security information and event management (SIEM), extended detection and response (XDR), SD-WAN, and other adjacent technologies.
    与关键企业技术集成,如安全信息和事件管理(SIEM)、扩展检测和响应(XDR)、SD-WAN 以及其他相关技术。
  • Support for published and documented APIs that are accessible to the customer and that allow automation of common tasks and integration with other security platforms.
    支持公开和文档化的 API,可供客户访问,并允许自动化常见任务以及与其他安全平台集成。
  • Curated, managed, and risk-scored catalog of SaaS applications.
    精选、管理和风险评估的 SaaS 应用目录。
  • Support for controlled access from managed and unmanaged devices.
    支持从受管理和非受管理设备进行受控访问。

Optional Capabilities  可选功能

The optional capabilities of this market include:
该市场的可选功能包括:
  • Control over all ports and protocols.
    对所有端口和协议的控制。
  • Remote browser isolation (RBI) to enhance security across all network destinations and channels.
    通过远程浏览器隔离(RBI)增强对所有网络目的地和通道的安全性。
  • SaaS security posture management for visibility and remediation of SaaS configurations and visibility into SaaS plug-in applications.
    SaaS 安全态势管理,以实现 SaaS 配置的可见性和修复,以及对 SaaS 插件应用程序的可见性。
  • Continuous adaptive access controls across all channels based on initial connection status and any change in state during connection.
    基于初始连接状态和连接期间任何状态变化的连续自适应访问控制,覆盖所有通道。
  • Read, write and act upon labels from common data classification platforms.
    从常见的数据分类平台读取、写入并采取标签行动。
  • Embedded user entity behavior analytics (UEBA) to provide automated detection and response for anomalous and risky device and user behaviors.
    集成用户实体行为分析(UEBA),提供对异常和风险设备及用户行为的自动检测和响应。
  • Advanced data protection capabilities such as redaction, tombstoning, and on-the-fly encryption (both in-line and out-of-band) and advanced data detection capabilities such as exact data matching (EDM), optical character recognition (OCR) and machine learning (ML) classifiers.
    高级数据保护功能,如红 action、墓碑化、即时加密(在线和离线)以及高级数据检测功能,如精确数据匹配(EDM)、光学字符识别(OCR)和机器学习(ML)分类器。

Magic Quadrant  魔力四边形

Figure 1: Magic Quadrant for Security Service Edge
图 1:安全服务边缘魔力象限

Figure 1: Y24Q2 Magic Quadrant for Security Service Edge
Vendor Strengths and Cautions
供应商优势与注意事项
Broadcom  博通
Broadcom is a Niche Player in this Magic Quadrant. It is a very large organization, headquartered in Palo Alto, California, U.S. Its SSE offering consists of Symantec Network Protection and Symantec Data Loss Prevention (DLP) Cloud. These are administered via multiple single sign-on (SSO) integrated consoles. Other SSE functionality is provided by Symantec Endpoint Security Complete and Symantec DLP Core.
博通在本魔方象限中是一家利基玩家。它是一家非常大的组织,总部位于美国加利福尼亚州帕洛阿托。其 SSE 产品组合包括赛门铁克网络保护以及赛门铁克数据丢失预防(DLP)云服务。这些服务通过多个单点登录(SSO)集成控制台进行管理。其他 SSE 功能由赛门铁克端点安全完整版和赛门铁克 DLP 核心提供。
Broadcom’s operations are geographically diversified. Its clients tend to be very large enterprises in a wide variety of sectors.
博通的业务在地理上多元化。其客户往往是来自各个行业的超大型企业。
Broadcom plans to combine the components of its SSE offering into a single SKU.
博通计划将其 SSE 产品组合的组件合并为一个单一 SKU。
Broadcom completed the acquisition of VMware in November 2023 and plans to integrate it with its SSE offering. At the time of evaluation, however, Broadcom and VMware operated as separate entities, so the combined organization is not considered in this Magic Quadrant.
博通在 2023 年 11 月完成了对 VMware 的收购,并计划将其与自己的 SSE 产品组合进行整合。然而,在评估时,博通和 VMware 作为独立的实体运营,因此合并后的组织未纳入本次魔力象限的考量。
Strengths  优势
  • Overall viability: Broadcom is a very large and financially very strong company with a range of hardware and software products.
    综合可行性:博通是一家规模庞大、财务实力雄厚的公司,拥有广泛的硬件和软件产品。
  • Product offering: Broadcom’s SSE offering has strong threat prevention and data security capabilities. In particular, it can use the same classifiers, enforcement and engine as Broadcom’s Symantec DLP Core enterprise DLP offering.
    产品组合:博通的 SSE 产品组合具有强大的威胁预防和数据安全功能。特别是,它可以使用与博通 Symantec DLP Core 企业 DLP 产品相同的分类器、执行引擎和引擎。
  • Market record: Broadcom is a well-established vendor in the SSE space. It can integrate SSE with its on-premises web gateways and other ecosystem products, such as endpoint protection and enterprise DLP products.
    市场记录:博通在 SSE 领域是一家历史悠久的企业。它可以将 SSE 与其本地 Web 网关和其他生态系统产品(如端点保护和企业 DLP 产品)集成。
Cautions  注意事项
  • Customer experience: Broadcom focuses its sales and support primarily on the largest companies worldwide. Feedback from Gartner clients indicates that they continue to seek to replace Broadcom products with products from other vendors, being dissatisfied with many aspects of Broadcom, including its sales approach and ongoing support.
    客户体验:博通主要将销售和支持集中在全球最大的公司。Gartner 客户的反馈表明,他们仍在寻求用其他供应商的产品替换博通的产品,对博通的多方面(包括其销售方法和持续支持)感到不满意。
  • Product offering: Broadcom lacks a unified console and control plane for administration, and its multiple consoles have disparate appearances and approaches.
    产品提供:博通缺乏统一的控制台和管理控制平面,其多个控制台外观和操作方式各不相同。
  • Geographic strategy: Broadcom holds few regional security accreditations. Key omissions include Cyber Essentials in the U.K., Cloud Computing Compliance Controls Catalog (C5) in Germany and Infosec Registered Assessors Program (IRAP) in Australia.
    地理战略:博通持有少量区域安全认证。主要遗漏包括英国的 Cyber Essentials、德国的 Cloud Computing Compliance Controls Catalog (C5) 和澳大利亚的 Infosec Registered Assessors Program (IRAP)。
Cloudflare
Cloudflare is a Niche Player in this Magic Quadrant. It is a large infrastructure provider, headquartered in San Francisco, California, U.S. It has several security and infrastructure offerings. Its SSE offering, Cloudflare One, is administered by a single unified console and includes a free tier for up to 50 users.
Cloudflare 在本魔方象限中是一家利基玩家。它是一家大型基础设施提供商,总部位于美国加利福尼亚州旧金山。它提供多种安全和基础设施服务。其 SSE 产品 Cloudflare One 通过一个统一的控制台管理,并提供最多 50 个用户的免费层。
Cloudflare’s operations are geographically diversified. Its SSE clients tend to be small organizations or large organizations with small deployments.
Cloudflare 的运营地理分布广泛。其 SSE 客户通常是小型组织或大型组织的小规模部署。
In 2023, Cloudflare focused on expanding its DLP functionality and adding API integrations to support additional SaaS applications, as well as enhancing its zero-trust network access (ZTNA) to allow bidirectional connectivity. It plans to continue to extend DLP and reporting capabilities in 2024.
2023 年,Cloudflare 专注于扩展其数据泄露防护(DLP)功能,并添加 API 集成以支持更多 SaaS 应用程序,同时增强其零信任网络访问(ZTNA)以实现双向连接。它计划在 2024 年继续扩展 DLP 和报告功能。
Strengths  优势
  • Sales strategy: Cloudflare has a large and established customer base and the opportunity to expand within this base with its SSE product.
    销售策略:Cloudflare 拥有庞大且稳定的客户群,有机会通过其 SSE 产品在这个基础上进行扩展。
  • Geographic strategy: Cloudflare maintains a very strong presence near major population centers worldwide.
    地理战略:Cloudflare 在全球主要人口中心附近保持着非常强大的存在感。
  • Sales execution: Cloudflare offers a simple pricing model, with a tiered approach, including a free tier. It does not include a separate support line item in its quotes.
    销售执行:Cloudflare 提供简单的定价模式,采用分层方法,包括免费层。其报价中不包含单独的支持项目。
Cautions  注意事项
  • Product offering: Cloudflare lacks some key features in this market, including sandboxing of content, advanced DLP functionality, and customizable reporting and management. It maintains only a minimal collection of discoverable cloud services and lacks risk ratings for them.
    产品提供:Cloudflare 在此市场中缺乏一些关键功能,包括内容的沙箱隔离、高级数据丢失防护功能以及可定制的报告和管理。它仅维护一个最小的可发现云服务集合,并且缺乏对这些服务的风险评估。
  • Market responsiveness: As a late entrant to this market, Cloudflare has yet to fully respond to demand for common SSE features such as advanced DLP and file sandboxing. This reduces its appeal to the market’s more sophisticated security teams.
    市场响应能力:作为该市场的后进入者,Cloudflare 尚未完全响应对常见 SSE 功能(如高级数据丢失防护和文件沙箱隔离)的需求。这降低了其在市场更复杂的安全团队中的吸引力。
  • Innovation: Cloudflare’s R&D appears to be focused on closing technical gaps in its product (such as DLP and SaaS support) to catch up with mature players.
    创新:Cloudflare 的研发似乎专注于缩小其产品(如数据泄露防护和 SaaS 支持)的技术差距,以赶上成熟的竞争对手。
Fortinet
Fortinet is a Challenger in this Magic Quadrant. It is a large security equipment and software provider, headquartered in Sunnyvale, California U.S. Its SSE offering is FortiSASE, which comprises loosely integrated offerings and consoles from the Fortinet product catalog. FortiSASE requires Fortinet virtual machines or appliances from Fortinet’s catalog with inbound internet access open to support ZTNA use cases.
Fortinet 在这个魔力象限中是一家挑战者。它是一家总部位于美国加利福尼亚州森尼维尔的庞大网络安全设备和软件提供商。其 SSE 产品是 FortiSASE,它由 Fortinet 产品目录中的松散集成产品和控制台组成。FortiSASE 需要 Fortinet 的虚拟机或来自 Fortinet 目录的设备,并且需要开启入站互联网访问以支持 ZTNA 用例。
Fortinet’s operations are geographically diversified. Its clients cover a wide range of industries and are of all sizes.
Fortinet 的运营地理分布广泛。其客户涵盖众多行业,且规模各异。
Fortinet is focused on expanding its point of presence (POP) coverage, both organically and through a partnership with Google (Google Cloud), though Fortinet still limits the number of POPs a client can access. The Google-hosted and Fortinet-owned POP networks do not interoperate. Fortinet is also striving to integrate capabilities across its disparate product lines.
Fortinet 致力于扩大其接入点(POP)覆盖范围,无论是通过自身发展还是与谷歌(谷歌云)的合作,尽管 Fortinet 仍然限制了客户可以访问的 POP 数量。由谷歌托管且由 Fortinet 拥有的 POP 网络不互操作。Fortinet 还在努力整合其不同产品线的能力。
Strengths  优势
  • Sales strategy: In our assessment, Fortinet has a strong sales strategy to upsell and cross-sell to its sizable installed base.
    销售策略:在我们的评估中,Fortinet 拥有强大的销售策略,能够向其庞大的现有客户群进行增值销售和交叉销售。
  • Customer experience: Fortinet’s customer support is robust and well regarded by Gartner clients.
    客户体验:Fortinet 的客户支持强大且受到 Gartner 客户的良好评价。
  • Overall viability: Fortinet is a large, well-funded company that has stated publicly that it plans to invest in FortiSASE.
    综合可行性:Fortinet 是一家大型、资金雄厚的公司,已公开表示计划投资 FortiSASE。
Cautions  注意事项
  • Product offering: Our assessment is that Fortinet’s product is weaker than those of its competitors in all areas of evaluation for this Magic Quadrant. Its disparate consoles and loose integration of products under one SKU make for a solution suited primarily to existing Fortinet customers.
    产品提供:我们的评估认为,在本次魔力象限的所有评估领域中,Fortinet 的产品都不如竞争对手的产品。其分散的控制台和产品 SKU 下产品的松散集成,使得解决方案主要适用于现有 Fortinet 客户。
  • Geographic strategy: Fortinet’s POP coverage is less than expected in this market, and the expanded network of Google-hosted POPs does not currently integrate with Fortinet’s existing POP infrastructure. Customers can select only four POPs, unless they pay extra per POP for the option to select up to eight.
    地理战略:Fortinet 在此市场的 POP 覆盖范围低于预期,而扩展的 Google 托管 POP 网络目前尚未与 Fortinet 现有的 POP 基础设施集成。客户只能选择四个 POP,除非额外付费,否则无法选择多达八个 POP。
  • Market responsiveness: Fortinet entered this market late and lacks common SSE features such as advanced DLP, an integrated console and a unified control plane. It continues to require on-premises Fortinet appliances or virtual machines with inbound internet access open for ZTNA access.
    市场响应能力:Fortinet 进入该市场较晚,缺乏常见的 SSE 功能,如高级 DLP、集成控制台和统一控制平面。它仍然需要本地 Fortinet 设备或虚拟机,并保持入站互联网访问以实现 ZTNA 访问。
iboss
iboss is a Niche Player in this Magic Quadrant. It is a relatively small vendor, headquartered in Boston, Massachusetts, U.S. Its SSE offering is iboss Zero Trust SSE, which is the vendor’s primary product. It is managed via a single, unified console.
iboss 在该魔力象限中是细分市场参与者。它是一家相对较小的供应商,总部位于美国马萨诸塞州波士顿。其 SSE 产品为 iboss 零信任 SSE,这是该供应商的主要产品。它通过一个单一、统一的控制台进行管理。
iboss’s operations are focused in North America, but it maintains a global presence. It focuses on highly regulated industries.
iboss 的运营主要集中在北美,但它在全球范围内保持存在。它专注于高度监管的行业。
iboss remains highly focused on alignment with the U.S. National Institute of Standards and Technology (NIST) SP 800-207 Zero Trust Architecture publication. It is one of several vendors in this Magic Quadrant that announced enhanced integration with the CrowdStrike Falcon endpoint protection platform in 2023. This integration enables iboss to ingest threat signals and take enforcement actions from Falcon endpoint tools. iboss focuses more on secure web gateway (SWG) use cases than on SaaS security capabilities.
iboss 始终高度关注与美国国家标准与技术研究院(NIST)SP 800-207 零信任架构出版物的一致性。它是该魔力象限中宣布在 2023 年增强与 CrowdStrike Falcon 终端保护平台集成的几家供应商之一。此集成使 iboss 能够从 Falcon 终端工具中摄取威胁信号并采取执法行动。iboss 更专注于安全网关(SWG)用例,而不是 SaaS 安全功能。
Strengths  优势
  • Product offering: iboss offers good web security and adaptive access capabilities in its product.
    产品提供:iboss 在其产品中提供了良好的网络安全和自适应访问功能。
  • Sales strategy: iboss’s pricing model is simple, with additional features such as RBI included for all users, regardless of volume.
    销售策略:iboss 的定价模式简单,所有用户(无论数量)都包括额外的功能,如 RBI。
  • Geographic strategy: iboss has POPs located close to major population centers in most regions of the world, and can closely control data storage and processing.
    地理战略:iboss 在全球大多数地区的中心人口附近设有 POP,可以密切控制数据存储和处理。
Cautions  注意事项
  • Product offering: iboss has very few API integrations for SaaS applications. Its offering lacks other SaaS security features, such as SaaS security posture management (SSPM), and support for advanced API DLP use cases such as masking and tokenization of data records.
    产品提供:iboss 针对 SaaS 应用的 API 集成非常有限。其产品缺乏其他 SaaS 安全功能,例如 SaaS 安全态势管理(SSPM),以及对高级 API 数据泄露防护(DLP)用例的支持,如数据记录的掩码化和令牌化。
  • Overall viability: iboss is growing slower than other vendors in this market, and Gartner rarely sees it included on competitive shortlists.
    综合可行性:iboss 的增长速度低于该市场中的其他供应商,Gartner 很少看到它出现在竞争性短名单中。
  • Product strategy: In our opinion, iboss’s planned product enhancements, such as SD-WAN capabilities, employee monitoring and other roadmap items evaluated for this Magic Quadrant are unlikely to influence the shape of the broader enterprise SSE market.
    产品战略:据我们分析,iboss 计划的产品增强,如 SD-WAN 功能、员工监控以及其他为本次魔力象限评估的路线图项目,不太可能影响更广泛的 SSE 企业市场格局。
Lookout
Lookout is a Visionary in this Magic Quadrant. It is a relatively small vendor, headquartered in San Francisco, California, U.S. In addition to SSE, it offers mobile device security products. Its SSE platform, the Lookout Cloud Security Platform, includes Lookout Secure Internet Access, Lookout Secure Private Access and Lookout Secure Cloud Access offerings. These are managed via a single, unified console.
Lookout 在这个魔力象限中是一家愿景型企业。它是一家相对较小的供应商,总部位于美国加利福尼亚州旧金山。除了 SSE,它还提供移动设备安全产品。其 SSE 平台,即 Lookout 云安全平台,包括 Lookout 安全互联网访问、Lookout 安全私有访问和 Lookout 安全云访问等服务。这些服务通过一个单一、统一的控制台进行管理。
Lookout’s operations are concentrated in North America and EMEA, but the company also has a smaller presence in Asia/Pacific. Its clients tend to be midsize and large enterprises from multiple sectors.
Lookout 的运营主要集中在北美和欧洲/中东/非洲,但在亚太地区也有较小的业务。其客户通常是来自多个行业的中小型和大型企业。
In 2023, Lookout extended the ZTNA capabilities of Lookout Secure Private Access to support all ports and protocols, and partnered with Fortra to utilize its data classification capabilities in the Lookout Cloud Security Platform. Lookout also divested its consumer mobile security division to F-Secure, although this move was not directly related to SSE.
2023 年,Lookout 将 Lookout 安全私有访问的 ZTNA 功能扩展到支持所有端口和协议,并与 Fortra 合作,在 Lookout 云安全平台中利用其数据分类功能。虽然这一举措与 SSE 无直接关系,但 Lookout 还是将其消费级移动安全部门出售给了 F-Secure。
Strengths  优势
  • Product offering: Lookout offers strong data security capabilities in its SSE platform. These are integrated across all SSE traffic channels.
    产品提供:Lookout 在其 SSE 平台中提供了强大的数据安全功能,这些功能集成在所有 SSE 传输通道中。
  • Market understanding: In our assessment, Lookout has a good understanding of the SSE market’s direction and its competitors.
    市场理解:在我们的评估中,Lookout 对 SSE 市场方向及其竞争对手有良好的理解。
  • Sales strategy: Lookout’s integration of its SSE offering with its mobile security offering may appeal to industries with a strong need for mobile SSE security.
Cautions
  • Geographic strategy: Lookout does not operate as many POPs close to major population centers as do other vendors in this Magic Quadrant.
  • Sales execution: Lookout charges for extra elements. There are, for example, charges per SaaS application for API connections and cloud sandboxing.
  • Sales strategy: Lookout has fewer channel partners than other vendors in this Magic Quadrant (across all geographies). It relies instead on its relationships with Tier 1 telcos. Indications from Gartner clients are that Lookout rarely appears on competitive shortlists.
Netskope
Netskope is a Leader in this Magic Quadrant. It is a large organization, headquartered in Santa Clara, California, U.S. Its primary focus is SSE. Its SSE product is Netskope Intelligent Security Service Edge, which is managed via a single, unified console.
Netskope’s operations are geographically diversified. It has clients of all sizes in multiple industries.
Netskope has incorporated software-defined WAN (SD-WAN) technology from its 2022 acquisition of Infiot into its agent and made its Borderless SD-WAN generally available. Additionally, in September 2023, Netskope announced the acquisition of Kadiska to extend its digital experience monitoring (DEM) capabilities. Netskope has moved the functionality from its formerly separate Advanced Analytics SKU into its base product.
Strengths  优势
  • Geographic strategy: Netskope maintains POPs close to most major population centers, and claims that all its POPs have consistent bandwidth and feature availability.
    地理战略:Netskope 在其主要人口中心附近维护 POP 点,并声称其所有 POP 点都具有一致的带宽和功能可用性。
  • Product offering: Netskope has a strong set of controls across all supported traffic channels, with particular strength in data security.
    产品提供:Netskope 在所有支持的流量通道上拥有强大的控制能力,尤其在数据安全方面表现突出。
  • Market understanding: Netskope shows excellent understanding of the market’s direction and has a leading roadmap.
    市场理解:Netskope 对市场方向的了解出色,并拥有领先的路线图。
Cautions  注意事项
  • Innovation: Netskope has been slow to introduce DEM features to its platform and to enhance them.
    创新:Netskope 在将 DEM 功能引入其平台并增强这些功能方面进展缓慢。
  • Sales execution: Although Netskope offers consolidated SKUs for some of its offerings, Gartner clients report that its licensing remains hard to interpret in many cases. In addition, Netskope’s offering remains one of the more expensive in this market.
    销售执行:尽管 Netskope 为其部分产品提供了统一的 SKU,但 Gartner 客户报告称,其许可协议在很多情况下仍然难以理解。此外,Netskope 的提供方案仍然是该市场中较为昂贵的产品之一。
  • Marketing execution: Gartner estimates that Netskope’s ZTNA market share and growth in 2023 were lower than those of several other vendors in this market.
    市场执行:Gartner 估计,Netskope 在 2023 年的 ZTNA 市场份额和增长低于该市场其他几家供应商。
Palo Alto Networks
Palo Alto Networks is a Leader in this Magic Quadrant. It is a large company, headquartered in Santa Clara, California, U.S. It offers a range of security products, in addition to SSE. Its SSE offering is Prisma Access, which can be managed from a single, unified console that can also manage on-premises firewalls.
Palo Alto Networks 是本 Magic Quadrant 的领导者。它是一家大型公司,总部位于美国加利福尼亚州圣克拉拉。它提供一系列安全产品,包括 SSE。其 SSE 产品是 Prisma Access,可以从一个单一的、统一的控制台进行管理,该控制台还可以管理本地防火墙。
Palo Alto Networks’ operations are geographically diversified. It has clients of all sizes from a wide range of industries.
Palo Alto Networks 的运营地理分布广泛。它拥有来自各行各业的各种规模客户。
Palo Alto Networks has acquired Talon Cyber Security, a provider of an enterprise browser, which it plans to integrate with Prisma Access.
Palo Alto Networks 收购了企业浏览器提供商 Talon Cyber Security,计划将其与 Prisma Access 集成。
Strengths  优势
  • Overall viability: Palo Alto Networks is financially secure. It continues to invest in, and develop, its SSE offering into a competitive offering to support the transition of its sizable customer base to cloud-delivered security services.
    综合可行性:Palo Alto Networks 财务稳健。它继续投资并发展其 SSE 产品,使其成为具有竞争力的产品,以支持其庞大的客户群向云交付的安全服务过渡。
  • Product offering: Palo Alto Networks recently launched a new console (Strata Cloud Manager) that unifies the management of both on-premises firewalls and SSE and removes the requirement to select a management approach upon deployment.
    产品提供:Palo Alto Networks 最近推出了一款新的控制台(Strata Cloud Manager),该控制台统一管理本地防火墙和 SSE,并消除了在部署时选择管理方法的要求。
  • Innovation: Palo Alto Networks continues to invest in engineering talent for its SSE business unit. It is also investing in its AI assistant and strong industry partnerships.
    创新:Palo Alto Networks 继续对其 SSE 业务单元的工程技术人才进行投资。它还在投资其 AI 助手和强大的行业合作伙伴关系。
Cautions  注意事项
  • Sales execution: Gartner clients report that Palo Alto Networks’ licensing model is complex and difficult to understand, with inflexible and inflated pricing during sales motions.
    销售执行:Gartner 客户报告称,Palo Alto Networks 的许可模式复杂且难以理解,销售过程中存在不灵活和膨胀的价格。
  • Market responsiveness: Our assessment is that Palo Alto Networks’ product roadmap for RBI is insufficiently differentiated to have a significant impact on the SSE market.
    市场响应:我们的评估认为,Palo Alto Networks 的 RBI 产品路线图缺乏足够的差异化,无法对 SSE 市场产生重大影响。
  • Sales strategy: Feedback from Gartner clients indicates that Palo Alto Networks’ Prisma Access still appeals primarily to the company’s existing customers.
    销售策略:Gartner 客户的反馈表明,Palo Alto Networks 的 Prisma Access 仍然主要吸引公司现有客户。
Skyhigh Security
Skyhigh Security is a Visionary in this Magic Quadrant. Formerly the SSE business of McAfee Enterprise, Skyhigh Security is a relatively small vendor, headquartered in San Jose, California, U.S. Its SSE offering is Skyhigh Security Service Edge, which is administered from a single, unified console.
Skyhigh Security 在此魔力象限中是一家愿景型企业。它曾是 McAfee Enterprise 的 SSE 业务,Skyhigh Security 是一家相对较小的供应商,总部位于美国加利福尼亚州圣何塞。其 SSE 产品是 Skyhigh Security Service Edge,由一个单一的统一控制台管理。
Skyhigh Security’s operations are geographically diversified. Its clients range from small to very large, with a bias toward the financial services, healthcare and government sectors.
Skyhigh Security 的运营地理分布广泛。其客户从小型到大型不等,偏向于金融服务、医疗保健和政府部门。
Skyhigh Security moved to rebuild its channel partner network in 2023, under new leadership. It is one of several vendors in this Magic Quadrant that have announced closer integrations with CrowdStrike products in the past year. It also has tight integrations with Trellix.
Skyhigh Security 在 2023 年在新领导层的带领下,着手重建其渠道合作伙伴网络。它是过去一年中宣布与 CrowdStrike 产品更紧密集成的几家供应商之一。它还与 Trellix 有紧密的集成。
Strengths  优势
  • Product offering: Skyhigh Security has strong data security and SaaS security capabilities.
    产品提供:Skyhigh Security 拥有强大的数据安全和 SaaS 安全功能。
  • Sales strategy: Skyhigh Security has invested in reestablishing its channel presence, including by hiring new leaders to drive this initiative.
    销售策略:Skyhigh Security 投入资源重建其渠道影响力,包括聘请新领导推动这一举措。
  • Market understanding: Skyhigh Security maintains a clear vision of the market across all key capabilities, with a focus on a more data-centric approach.
    市场理解:Skyhigh Security 对所有关键能力都有清晰的市场愿景,并侧重于更数据驱动的做法。
Cautions  注意事项
  • Geographic strategy: Skyhigh Security does not run all its services in all its POPs but bases their availability on customer demand in an area. This is especially true for ZTNA and advanced services such as RBI.
    地理战略:Skyhigh Security 并非在所有其 POP(网络接入点)上运行所有服务,而是根据该地区的客户需求来决定服务的可用性。这对于 ZTNA(零信任网络访问)和 RBI(远程浏览器隔离)等高级服务尤其如此。
  • Overall viability: Skyhigh Security is growing more slowly than other vendors in this market, and Gartner rarely sees it included on competitive shortlists.
    综合可行性:Skyhigh Security 的增长速度比该市场中的其他供应商慢,Gartner 很少看到它被列入竞争性短名单。
  • Sales execution: Gartner sees Skyhigh Security as being focused largely on the government and financial services sectors and having less appeal to clients outside these areas.
    销售执行:Gartner 认为 Skyhigh Security 主要关注政府和金融服务行业,对这些行业以外的客户吸引力较小。
Versa Networks
Versa Networks is a Niche Player in this Magic Quadrant. It is headquartered in Santa Clara, California, U.S. It offers both SSE and single-vendor secure access services edge (SASE). Its SSE product is Versa Security Service Edge, which is administered via a single, unified console.
Versa Networks 是本 Magic Quadrant 中的利基玩家。它总部位于美国加利福尼亚州圣克拉拉。它提供 SSE 和单一供应商的网络安全访问服务边缘(SASE)。其 SSE 产品是 Versa 安全服务边缘,通过一个单一、统一的控制台进行管理。
Versa Networks’ operations are geographically diversified. Its clients tend to be small, midsize and large enterprises.
Versa Networks 的运营地理分布广泛。其客户通常是小型、中型和大型企业。
Versa Networks has extended some SSE functionality to on-premises deployments via both its own network infrastructure and software capable of running on some other vendors’ switches under the label of Versa Zero Trust Everywhere.
Versa Networks 通过其自身的网络基础设施以及能够在某些其他供应商的交换机上运行的软件,将一些 SSE 功能扩展到了本地部署,并以此标签命名为 Versa Zero Trust Everywhere。
Strengths  优势
  • Customer experience: Gartner clients generally rate the support they receive from Versa Networks as good.
    客户体验:Gartner 的客户通常认为他们从 Versa Networks 获得的支持很好。
  • Product offering: Versa Networks’ offering provides a flexible and configurable capability for assigning and adjusting dynamic risk scores to both users and devices.
    产品提供:Versa Networks 的产品提供了一种灵活且可配置的能力,可以对用户和设备分配和调整动态风险评分。
  • Geographic strategy: Versa Networks’ POP network covers the majority of major population centers. A log’s storage location is determined by the location of the POP that a user connects to.
    地理战略:Versa Networks 的 POP 网络覆盖了大多数主要人口中心。日志的存储位置由用户连接到的 POP 的位置决定。
Cautions  注意事项
  • Sales strategy: Gartner observes that Versa Networks sells through large global carriers, managed service providers, managed security service providers and distribution partners. There is limited consumer awareness of Versa Networks’ presence in the SSE market.
  • Marketing execution: Versa Networks is rarely seen on shortlists in this market. There is less awareness of its offerings in this market among Gartner clients.
  • Product strategy: Versa’s SSE platform is still catching up with capabilities such as DEM and endpoint detection and response that are already generally available in the market.
    产品策略:Versa 的 SSE 平台仍在追赶市场上已经普遍可用的功能,如 DEM 和端点检测与响应。
Zscaler
Zscaler is a Leader in this Magic Quadrant. It is a relatively large organization headquartered in San Jose, California, U.S. It focuses on its SSE offering, Zscaler for Users, use of which involves multiple consoles, integrated via SSO.
Zscaler 在本项魔力象限中是领导者。它是一家总部位于美国加利福尼亚州圣何塞的相对较大的组织。它专注于其 SSE 产品,Zscaler for Users,使用时涉及多个控制台,通过 SSO 集成。
Zscaler’s operations are geographically diversified. Its clients tend to be large and extra-large organizations across a wide range of industries.
Zscaler 的运营地理分布广泛。其客户通常是来自各个行业的大型和超大型组织。
In February 2023, Zscaler acquired Canonic Security for its SSPM technology, which it has since integrated with its SSE offering. At its annual user conference in June 2023, Zscaler announced a hardware Branch Connector to simplify forwarding of traffic to its SSE platform. Furthermore, Zscaler is one of several vendors in this Magic Quadrant offering enhanced integration with CrowdStrike for endpoint security signals.
2023 年 2 月,Zscaler 收购了 Canonic Security,以获取其 SSPM 技术,并将其与其 SSE 产品集成。在 2023 年 6 月的年度用户大会上,Zscaler 宣布推出硬件分支连接器,以简化流量转发到其 SSE 平台。此外,Zscaler 是多个在此魔力象限中提供与 CrowdStrike 端点安全信号增强集成的供应商之一。
Strengths  优势
  • Overall viability: Zscaler is a publicly traded company that continues to register strong revenue growth from a large base of customers. It continues to grow faster than the overall market.
    综合可行性:Zscaler 是一家上市公司,其收入持续强劲增长,客户基础庞大。它继续以比整体市场更快的速度增长。
  • Geographic strategy: Zscaler has POPs close to most major population centers, and operates in China. This presence is supported by a strong set of regional accreditations.
    地理战略:Zscaler 在大多数主要人口中心附近设有 POP 点,并在中国运营。这种存在得到了强大的区域认证的支持。
  • Marketing strategy: Zscaler has a strong marketing message that appeals to many organizations looking for a cloud-native security provider, and that generates strong mind share in this market. This results in Zscaler being frequently seen on shortlists.
    市场战略:Zscaler 拥有一个强大的营销信息,吸引了许多寻求云原生安全提供商的组织,并在该市场中产生了强大的心智份额。这导致 Zscaler 经常出现在候选名单上。
Cautions  注意事项
  • Sales execution: Zscaler has a complex price list. In addition, Gartner clients have expressed frustration with Zscaler’s periodic licensing updates, the need for per-bandwidth SKU add-ons for some use cases, and cost increases at renewal time.
    销售执行:Zscaler 的价格表复杂。此外,Gartner 的客户对 Zscaler 的周期性许可更新、某些用例中需要按带宽 SKU 附加组件以及续订时的成本增加表示了不满。
  • Customer experience: Gartner receives feedback about performance and latency problems more frequently from Zscaler customers than is typical for other vendors in this market.
    客户体验:Gartner 比其他市场中的其他供应商更频繁地收到来自 Zscaler 客户的关于性能和延迟问题的反馈。
  • Product strategy: Zscaler’s planned product enhancements, such as “zero-trust” SD-WAN capabilities and other roadmap items evaluated for this Magic Quadrant, are less likely to shape the broader enterprise SSE market.
    产品战略:Zscaler 计划的产品增强,如“零信任”SD-WAN 功能和其他为此 Magic Quadrant 评估的路线图项目,不太可能塑造更广泛的 SSE 企业市场。

Vendors Added and Dropped
新增和删除的供应商

We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor's appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.
我们会根据市场变化审查和调整我们的 Magic Quadrant 纳入标准。因此,任何 Magic Quadrant 中供应商的混合可能随时间而变化。一个供应商在一年中出现而在下一年未出现,并不一定意味着我们改变了对该供应商的看法。这可能反映了市场的变化,因此评估标准发生了变化,或者该供应商的焦点发生了变化。

Added  添加

  • Fortinet
  • Versa Networks

Dropped  删除

  • Cisco Systems, as its primary SSE offering, Cisco Secure Access, did not meet the customer and seat counts required as of 15 October 2023.
    思科系统公司作为其主要的安全服务边缘(SSE)产品,思科安全接入,截至 2023 年 10 月 15 日未能满足客户和座位数的要求。
  • Forcepoint, as it did not satisfy the requirement for mobile device agent support as of 15 October 2023.
    Forcepoint,截至 2023 年 10 月 15 日,未能满足移动设备代理支持的要求。

Inclusion and Exclusion Criteria
纳入和排除标准

To qualify for inclusion, a provider’s SSE offering must be:
要符合纳入条件,供应商的 SSE(服务边缘)产品必须满足以下要求:
  • Operated as a service. The offering must be delivered as a cloud service to ensure a better end-user experience when securing authorized users on allowed endpoints to appropriate services running in public or private clouds and on-premises environments.
    作为一项服务运营。该产品必须以云服务的形式提供,以确保在公共或私有云以及本地环境中为授权用户在允许的端点访问适当服务时获得更好的终端用户体验。
  • Broadly adopted independently of an SD-WAN capability offered by the same vendor. The product must be wholly independent of deploying with a physical SD-WAN, device or other edge networking component, but can be connected to existing edge devices and endpoints or by optional partnerships with networking or network firewall providers.
    独立于同一供应商提供的 SD-WAN(软件定义广域网)功能广泛采用。该产品必须完全独立于与物理 SD-WAN、设备或其他边缘网络组件一起部署,但可以连接到现有的边缘设备和端点,或者通过可选的与网络或网络防火墙提供商的合作伙伴关系实现连接。
A vendor’s core SSE offering must include several capabilities that support securing authorized users on allowed endpoints to appropriate services. These capabilities must have been generally available by 15 October 2023. The capabilities are:
供应商的核心 SSE 产品必须包括支持在允许的端点上为授权用户提供适当服务的几个功能。这些功能必须在 2023 年 10 月 15 日之前普遍可用。这些功能包括:
  • Secure access to the web via proxy. Provide URL filtering and advanced threat defense to protect users and enforce acceptable use policies.
    通过代理提供对网络的网络安全访问。提供 URL 过滤和高级威胁防御,以保护用户并执行可接受使用政策。
  • Secure usage of cloud services, both in-line and via API:
    云服务的安全使用,包括在线和通过 API:
    • Provide visibility, compliance enforcement, data security and threat protection for the use of SaaS applications.
      为 SaaS 应用程序的使用提供可见性、合规性执行、数据安全和威胁保护。
    • Both monitor and remediate issues via a proxy solution (in-line) and API integrations:
      通过代理解决方案(内联)和 API 集成来监控和修复问题:
      • API integration for cloud access security broker (CASB) functions must include at least five major enterprise suites (such as Microsoft 365, Google Workspace, Salesforce, Workday, GitHub, Atlassian and ServiceNow). At least one of these integrations must be with something other than a file-sharing or file storage application. API integrations with social media or free SaaS platforms (such as X [formerly Twitter], Reddit, YouTube or Facebook) are not included in this count.
        云访问安全代理(CASB)功能的 API 集成必须包括至少五个主要的企业套件(例如 Microsoft 365、Google Workspace、Salesforce、Workday、GitHub、Atlassian 和 ServiceNow)。其中至少一个集成必须是与文件共享或文件存储应用以外的应用。与社交媒体或免费 SaaS 平台(如 X[原 Twitter]、Reddit、YouTube 或 Facebook)的 API 集成不计入此数量。
      • In-line security must be provided from managed devices (including at least Windows, macOS, iOS and Android) to any SaaS application and be enforceable from unmanaged devices to known and explicitly sanctioned SaaS applications.
        从管理设备(包括至少 Windows、macOS、iOS 和 Android)到任何 SaaS 应用提供内联安全,并从非管理设备到已知且明确批准的 SaaS 应用强制执行。
  • Provide secure remote access to private applications:
    提供对私有应用的远程安全访问:
    • Create an identity- and context-based logical-access boundary that encompasses an enterprise user and an internally hosted application or set of applications.
      建立一个基于身份和上下文的逻辑访问边界,该边界包括企业用户和内部托管的应用程序或应用程序集。
    • Applications must be hidden from discovery and have access restricted via a trust broker to a named set of entities.
      应用程序必须从发现中隐藏,并通过信任代理对命名实体集进行访问限制。
    • Support both agent and agentless connection methods.
      支持代理和无代理的连接方法。
  • Connectivity must be provided from common operating systems, including at least Windows, macOS, iOS and Android.
    必须提供从常见的操作系统(包括至少 Windows、macOS、iOS 和 Android)的连接性。
An SSE vendor must also demonstrate scale relevant to enterprise-class organizations. At least two of the three criteria below must be met:
SSE 供应商还必须证明其规模与企业级组织相关。以下三个标准中至少满足两个:
  • Generated $40 million in revenue from the evaluated SSE offering between 1 September 2022 and 30 September 2023.
    在 2022 年 9 月 1 日至 2023 年 9 月 30 日期间,从评估的 SSE 产品中产生了 4000 万美元的收入。
  • Have at least 500 enterprise customers (over 1,000 seats) using at least two of the three must-have capabilities (excluding identity integration) of the evaluated SSE offering under support as of 1 October 2023.
    截至 2023 年 10 月 1 日,至少有 500 家(超过 1000 个座位)企业客户在使用评估的 SSE 产品中的至少两个必备功能(不包括身份集成),并且这些客户正在接受支持。
  • Have at least 4 million seats for the evaluated SSE offering under paid support as of 1 October 2023.
    截至 2023 年 10 月 1 日,所评估的 SSE 产品在付费支持下的座位数至少为 400 万。
An SSE vendor must also demonstrate relevance to global organizations by:
SSE 供应商还必须通过以下方式证明其与全球组织的相关性:
  • Demonstrating that its SSE service offers a minimum of 20 POPs globally, with at least two in each major global region (North America, EMEA and Asia/Pacific). Each counted POP must be hosted in a secure and managed facility and be locally supported, and have enabled capabilities for all the must-have capabilities of an SSE product.
    证明其 SSE 服务在全球范围内至少提供 20 个 POP,其中每个主要全球区域(北美、EMEA 和亚太地区)至少有两个。每个计数的 POP 必须托管在安全且受管理的设施中,并具有本地支持,同时具备 SSE 产品必须具备的所有功能。
  • Gartner receiving strong evidence that 10% or more of its customer base is outside its home region (North America, EMEA or Asia/Pacific).
    Gartner 收到强有力的证据,证明其客户群中有 10%或更多位于其家乡区域(北美、EMEA 或亚太地区)之外。
Lastly, an SSE vendor must rank among the top 20 organizations in Gartner’s Customer Interest Index for this Magic Quadrant. Data inputs used to calculate the Customer Interest Index for SSE included a balanced set of measures:
最后,SSE 供应商必须位列 Gartner 此 Magic Quadrant 客户兴趣指数前 20 名组织。计算 SSE 客户兴趣指数所使用的数据输入包括一系列平衡的指标:
  • Gartner end-user inquiry volume per vendor
    Gartner 每个供应商的终端用户咨询量
  • gartner.com search data   gartner.com 搜索数据
  • Gartner Peer Insights competitor mentions
    Gartner Peer Insights 中的竞争对手提及
  • Google trends data  谷歌趋势数据
  • Social media analysis  社交媒体分析
An SSE vendor is excluded from this Magic Quadrant if it failed to satisfy the inclusion criteria or if:
如果 SSE 供应商未能满足纳入标准,或者:
  • Its SSE functionality is primarily delivered with an SD-WAN platform as part of a single-vendor SASE offering, or its primary direction is toward a single-vendor SASE solution incorporating its own SD-WAN.
    其 SSE 功能主要通过 SD-WAN 平台作为单一供应商的 SASE 解决方案的一部分提供,或者其主要方向是向单一供应商的 SASE 解决方案发展,并整合其自身的 SD-WAN。
  • It is primarily a managed services provider and its SSE offering(s) mostly come as part of broader managed services provider contracts, or if it is a service provider leveraging third-party SSE services.
    主要是一家管理服务提供商,其 SSE 服务通常作为更广泛的管理服务提供商合同的一部分提供,或者如果它是利用第三方 SSE 服务的服务提供商。
  • It did not natively offer one or more of the must-have capabilities of an SSE offering prior to 15 October 2023. Vendors cannot rely on OEM partnerships for must-have capabilities.
    在 2023 年 10 月 15 日之前,它没有提供 SSE 服务所必需的一个或多个功能。供应商不能依赖于 OEM 合作伙伴关系来实现必需的功能。

Honorable Mentions  荣誉提名

  • Cisco Systems: This vendor announced general availability of Cisco Secure Access on 13 September 2023, but lacked the required number of customers and seats to be included in this report.
    思科系统:该供应商于 2023 年 9 月 13 日宣布了 Cisco Secure Access 的通用可用性,但缺乏所需数量的客户和座位,因此未包含在本报告中。
  • Forcepoint: This vendor provides cloud-delivered SWG, CASB, ZTNA, firewall as a service (FWaaS), RBI and DLP functionality with the Forcepoint ONE platform, but did not support a mobile traffic steering agent as of 15 October 2023.
    Forcepoint:该供应商提供基于云的 SWG、CASB、ZTNA、防火墙即服务(FWaaS)、RBI 和 DLP 功能,但截至 2023 年 10 月 15 日尚未支持移动流量引导代理。
  • Microsoft: This vendor provides a multimode CASB (Microsoft Defender for Cloud Apps) that offers inspection in-line and at rest via API integrations, and had SWG and ZTNA capabilities (Entra Internet Access and Entra Private Access) in public preview as of 11 July 2023. It has a large client base. We excluded Microsoft from this Magic Quadrant because it did not provide URL filtering and advanced threat defense to protect users and enforce acceptable use policies via proxy as of 15 October 2023.
    微软:该供应商提供多模式 CASB(Microsoft Defender for Cloud Apps),通过 API 集成提供在线和离线检查,截至 2023 年 7 月 11 日公共预览中具有 SWG 和 ZTNA 功能(Entra Internet Access 和 Entra Private Access)。它拥有庞大的客户群。我们排除了微软,因为它截至 2023 年 10 月 15 日没有提供通过代理进行 URL 过滤和高级威胁防御来保护用户和执行可接受使用政策。
  • Trend Micro: This vendor provides SWG, CASB and ZTNA by enabling Zero Trust Secure Access as part of its Trend Vision One platform. We excluded Trend Micro from this Magic Quadrant because it did not demonstrate that its SSE offering had the required scale and coverage relevant to enterprise-class organizations as of 15 October 2023.
    威瑞森:该供应商通过其 Trend Vision One 平台提供 SWG、CASB 和 ZTNA,以实现零信任安全访问。由于截至 2023 年 10 月 15 日,其 SSE 产品未展现出符合企业级组织所需的规模和覆盖范围,因此我们将威瑞森排除在本 Magic Quadrant 之外。

Evaluation Criteria  评估标准

Ability to Execute  执行能力

Product or Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships, as defined in the market definition and detailed in the subcriteria.
产品或服务:供应商提供的核心商品和服务,这些商品和服务在/服务于定义的市场。这包括当前的产品/服务功能、质量、功能集、技能等,无论是否通过原生方式或通过 OEM 协议/合作伙伴关系提供,具体定义在市场定义中,并在子标准中详细说明。
Subcriteria:  子准则:
  • Evaluation of key features for securing web, cloud services and private applications:
    评估确保网页、云服务和私有应用程序的关键功能:
    • Adaptive access controls  自适应访问控制
    • Advanced threat defense  高级威胁防御
    • API-based SaaS security controls
      基于 API 的 SaaS 安全控制
    • Cloud-delivered service  云交付服务
    • Data security visibility and controls
      数据安全可见性和控制
    • Forward proxy  代理服务器
    • In-line SaaS security controls
      线内 SaaS 安全控制
    • ZTNA  零信任网络访问(ZTNA)
  • Evaluation of other features, including (but not limited to):
    其他功能的评估,包括但不限于:
    • Advanced analytics  高级分析
    • DEM
    • FWaaS  软件定义广域网(FWaaS)
    • RBI  仓库银行(RBI)
    • SD-WAN integration  软件定义广域网集成(SD-WAN integration)
    • SSPM  安全策略管理平台(SSPM)
    • UEBA  用户和实体行为分析(UEBA)
Overall Viability: This includes an assessment of the overall organization’s financial health and the financial and practical success of the business unit. It also reflects the likelihood of the individual business unit continuing to invest in and offer the product and advance the state of the art within the organization’s portfolio of products.
总体可行性:这包括对整个组织的财务健康状况以及业务单元的财务和实际成功的评估。它还反映了单个业务单元继续投资和提供产品以及推动组织产品组合中产品技术水平进步的可能性。
Subcriteria:  子标准:
  • Sustained funding sources (venture capital or otherwise), including positive year-over-year growth in customers, seats and revenue.
    持续的资金来源(包括风险投资或其他),包括客户、座位和收入的年度同比增长。
  • The company’s overall ability to continue to serve new and existing customers through sufficient staffing and company growth.
    公司通过足够的员工和公司增长继续为新的和现有客户提供服务的能力。
Sales Execution/Pricing: The vendor’s capabilities in all presales activities and the structure that supports them. Included are deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
销售执行/定价:供应商在所有售前活动中的能力及其支持结构。包括交易管理、定价和谈判、售前支持和销售渠道的整体有效性。
Subcriteria:  子标准:
  • Pricing that is competitive and places few restrictions on which SSE features can be used.
    具有竞争力的定价,对 SSE 功能的使用限制很少。
  • Successful competition in deals that displace incumbents because of better value and customer use-case alignment, with effective sales, presales and marketing teams.
    在因价值更高和客户用例匹配度更好而取代现有供应商的交易中取得成功竞争,拥有有效的销售、售前和市场营销团队。
  • Wins in highly competitive shortlists.
    在高度竞争的短名单中获胜。
Market Responsiveness/Record: The ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor’s history of responsiveness.
市场响应/记录:在机会发展、竞争对手行动、客户需求演变和市场动态变化时,能够做出反应、改变方向、灵活应对并取得竞争优势的能力。此标准还考虑了供应商的响应历史。
Subcriteria:  子标准:
  • Track record of developing key SSE features faster than competitors.
    在开发关键 SSE 功能方面比竞争对手更快的记录。
  • Addressing of a wide range of use cases across SSE functionality.
    涵盖 SSE 功能范围内的广泛用例。
  • Enabling of the SSE portion of a SASE architecture for customers and the ability to support their transformation strategies.
    启用 SASE 架构中 SSE 部分的功能,以及支持客户转型策略的能力。
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization’s message in order to influence the market, promote the brand and business, increase awareness of products, and establish a positive identification with products, brands and the organization in the minds of buyers. This mind share can be driven by a combination of publicity, promotional, thought leadership, word-of-mouth and sales activities.
市场执行:设计用于传达组织信息、影响市场、推广品牌和业务、提高产品知名度以及在与买方心中建立产品、品牌和组织正面认同感的计划清晰度、质量、创造力和有效性。这种市场份额可以通过宣传、促销、思想领导力、口碑和销售活动等多种方式推动。
Subcriteria:  子标准:
  • Ability to capture mind share by frequently appearing on prospective customers’ shortlists for SSE.
    能够通过频繁出现在潜在客户 SSE 的短期名单中,来捕捉市场份额。
  • Demonstrated leadership for the SSE portion of SASE frameworks, including thought-leading research and clarity about the advantages of a stand-alone, integrated SSE service offering.
    在 SASE 框架的 SSE 部分展现出领导力,包括具有前瞻性的研究和关于独立、集成 SSE 服务提供的优势的清晰度。
Customer Experience: Relationships, products, services and programs that enable clients to be successful with the products evaluated. Included are the ways in which customers receive technical support or account support. Also relevant are ancillary tools, customer support programs (and the quality thereof), the availability of user groups and SLAs.
客户体验:使客户在使用评估产品时取得成功的关系、产品、服务和计划。包括客户获得技术支持或账户支持的方式。相关工具、客户支持计划(及其质量)、用户组的可用性以及服务等级协议(SLA)也适用。
Subcriteria:  子标准:
  • Overall satisfaction of customers across the entire cycle (from sales to support), based on input from multiple sources, including feedback from Gartner clients, Gartner Peer Insights feedback and other public sources of customer sentiment.
    基于来自多个来源的反馈,包括 Gartner 客户反馈、Gartner Peer Insights 反馈以及其他公开的客户情绪来源,对整个周期(从销售到支持)的客户满意度进行综合评估。
  • Evidence of strong, actionable SLAs that demonstrate ongoing stability of operations and remediations when breaches occur.
    强有力的、可执行的 SLA 证据,表明运营的持续稳定性和发生违规时的补救措施。

Ability to Execute Evaluation Criteria
执行评估标准的能力

Evaluation Criteria  评估标准Weighting  权重
Product or Service  产品或服务
High  
Overall Viability  综合可行性
High  
Sales Execution/Pricing  销售执行/定价
Low  
Market Responsiveness/Record
市场响应/记录
Medium  
Marketing Execution  营销执行
Medium  中等
Customer Experience  客户体验
High  
Operations  运营
NotRated  未评级
Source: Gartner (April 2024)
来源:Gartner(2024 年 4 月)

Completeness of Vision  视野完整性

Market Understanding: The vendor’s ability to understand buyers’ needs and to translate those needs into products and services. Vendors that show the highest degree of vision listen to and understand buyers’ wants and needs, and can shape or enhance those wants and needs with their added vision.
市场理解:供应商理解买家需求并将其转化为产品和服务的能力。展现出最高视野的供应商能够倾听并理解买家的需求和愿望,并能够通过他们的附加视野塑造或增强这些需求和愿望。
Subcriteria:  子标准:
  • Ability to respond to customers’ feature requests through internal development or well-executed technology acquisitions and integrations with vendors’ SSE services.
    通过内部开发或与供应商的 SSE 服务进行有效整合,能够响应客户的特性请求。
  • Ability to meet customers’ requirements in a timely manner, but also to decline customers’ requests if they do not add sufficient value or align with SSE services.
    能够及时满足客户需求,同时对于不足以增加价值或不与 SSE 服务相符的客户请求予以拒绝。
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
营销策略:一套清晰、独特的信息,在组织内部持续传达并通过网站、广告、客户项目和定位声明外部化。
Subcriteria:  子标准:
  • Ability to craft succinct marketing messages and efficiently communicate the value of an SSE offering to prospective customers.
    能够撰写简洁的营销信息,并有效地向潜在客户传达 SSE 产品价值。
  • Ability to target the right roles for SSE services (such as chief information security officer, CIO and non-IT buyer roles), as these services may be purchased by different organizational buyers.
    能够针对 SSE 服务(如首席信息安全官、CIO 和非 IT 采购角色)的正确角色进行定位,因为这些服务可能由不同的组织采购者购买。
Sales Strategy: The vendor’s strategy for selling products that uses an appropriate network of direct and indirect sales, marketing, service, and communication affiliates to extend the scope and depth of its market reach, skills, expertise, technologies, services and customer base.
销售策略:供应商销售产品的策略,使用适当的直接和间接销售、营销、服务、沟通合作伙伴网络,以扩大其市场覆盖范围、技能、专业知识、技术、服务和客户基础。
Subcriteria:  子标准:
  • Ability to create strategic alliances with the right partners to resell SSE services.
    能够与合适的合作伙伴建立战略联盟,以转售 SSE 服务。
  • A good mix of sales channels to reach prospective buyers across different markets, and a comprehensive channel partner strategy.
    在不同市场范围内接触潜在买家的良好销售渠道组合,以及全面的渠道合作伙伴策略。
Offering (Product) Strategy: The vendor’s approach to product development and delivery, with emphasis on differentiation, functionality, methodology and feature set as they relate to current and future requirements.
(产品)战略提供:供应商在产品开发与交付方面的方法,强调差异化、功能、方法和功能集,这些与当前和未来的需求相关。
Subcriteria:  子标准:
  • A comprehensive SSE strategic vision aligned with overall SASE customer requirements.
    与整体 SASE 客户需求相一致的全面 SSE 战略愿景。
  • An actionable roadmap for the short term to address any gaps in the SSE offering, and development of differentiating features.
    针对 SSE 产品中短期内的任何差距的可行路线图,以及不同特色功能的开发。
  • Understanding of the value of integration of SSE features and alignment with adjacent technologies (such as identity and access management [IAM], SIEM, XDR and SD-WAN) owned or provided by partnerships.
    理解 SSE 功能整合的价值以及与相邻技术(如身份和访问管理[IAM]、SIEM、XDR 和 SD-WAN)的整合,这些技术由合作伙伴拥有或提供。
Innovation: Direct, related, complementary, and synergistic layouts of resources, expertise or capital for investment, consolidation, and defensive or preemptive purposes.
创新:为投资、整合、防御或预防目的,直接、相关、互补和协同的资源、专业知识或资本的布局。
Subcriteria:  子标准:
  • Evidence of continued in-house research and development resulting in clear differentiators strongly aligned with the needs of the SSE market (for example, cloud service security, SSE cloud service delivery, web security and private application access).
    持续进行内部研发并产生与 SSE 市场(例如,云服务安全、SSE 云服务交付、网络安全和私有应用程序访问)需求高度一致的明显差异化成果。
  • Track record of consistently delivering roadmap features that are innovative in the market, rather than just developments to catch up with competitors’ offerings.
    具有持续交付市场创新性路线图功能的历史记录,而不仅仅是追赶竞争对手产品的发展。
Geographic Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of geographies outside its “home” or native geography, either directly or through partners, channels and subsidiaries, as appropriate for that geography and market.
地理战略:供应商针对其“本土”或原生地理区域以外的地理区域的具体需求,直接或通过合作伙伴、渠道和子公司等适当方式调配资源、技能和产品。
Subcriteria:  子标准:
  • Strong sales and support for different geographic regions, including strong regional channel support and regional certifications (such as FedRAMP, ISO 27001 and SOC 2).
    对不同地理区域的强大销售和支持,包括强大的区域渠道支持和区域认证(如 FedRAMP、ISO 27001 和 SOC 2)。
  • Consistent pricing across geographies to enable customers to purchase the service(s) consistently, regardless of customers’ location.
    在地理上保持一致的价格,以便客户可以一致地购买服务(或服务组合),无论客户位于何处。

Completeness of Vision Evaluation Criteria
视野完整性评估标准

Evaluation Criteria  评估标准Weighting  权重
Market Understanding  市场理解
High  
Marketing Strategy  营销策略
Low  
Sales Strategy  销售策略
High  
Offering (Product) Strategy
(产品)战略
High  
Business Model  商业模式
NotRated  未评级
Vertical/Industry Strategy
行业/垂直战略
NotRated  未评级
Innovation  创新
Medium  中等
Geographic Strategy  地理战略
Low  
Source: Gartner (April 2024)
来源:Gartner(2024 年 4 月)

Quadrant Descriptions  四象限描述

Leaders  领军者

Leaders are vendors with strong momentum in terms of sales and mind share. They have track records of delivering well-integrated SSE components with advanced functionality, as well as a product strategy that aligns with the market trend for providing easy-to-use advanced features and making business investments for the future. Leaders have effective sales and distribution channels for their entire product portfolios, a well-diversified vertical and geographic strategy, and a vision for how SSE offerings are positioned within the context of organizations’ wider SASE transformations.
领军者是那些在销售和市场份额方面具有强大动力的供应商。他们有良好的记录,能够提供高度集成的具有先进功能的服务功能扩展(SSE)组件,以及与市场趋势相一致的产品战略,提供易于使用的先进功能,并为未来的商业投资做出业务投资。领导者拥有其整个产品组合的有效销售和分销渠道,拥有多样化的垂直和地理战略,并有一个关于如何在组织更广泛的 SASE 转型背景下定位 SSE 产品的愿景。

Challengers  挑战者

Challengers offer SSE components that may not be tightly integrated or that may lack sophisticated features, and that lack alignment with the market’s direction. They may compensate for this with a strong sales channel (possibly in adjacent security areas), strategic relationships or extensive visibility in the market. They are often late to introduce new features, and lack a complete, unified product strategy. Challengers appeal largely to clients that have established strategic relationships with them.
挑战者提供可能没有紧密集成或缺乏复杂功能的 SSE 组件,并且与市场方向缺乏一致性。他们可能通过强大的销售渠道(可能在相邻的安全领域)、战略关系或市场中的广泛可见性来弥补这一点。他们通常较晚推出新功能,缺乏完整、统一的产品战略。挑战者主要吸引那些与他们建立了战略关系的客户。

Visionaries  感知者

Visionaries are distinguished by technical and/or product innovation, but lack either the track record of execution and the high visibility of Leaders or corporate resources such as strong sales channels and strategic relationships. Buyers should expect advanced, integrated SSE offerings from Visionaries, but be wary of strategic reliance on them and monitor their viability closely. Visionaries often represent good candidates for acquisition by other vendors. Thus, Visionaries’ customers run a slightly higher risk of business disruption.
感知者以其技术和/或产品创新而著称,但缺乏领导者或企业资源,如强大的销售渠道和战略关系的高可见性记录。买家应期待感知者提供先进、集成的 SSE 产品,但应警惕对他们的战略依赖,并密切关注其可行性。感知者通常是有其他供应商收购的良好候选人。因此,感知者的客户面临更高的业务中断风险。

Niche Players  利基玩家

Niche Players’ products are typically solid solutions in terms of one or more discrete SSE components, but are focused on fewer areas (such as technical capabilities, geographic support or vertical industries). Additionally, Niche Players lack the market presence and resources of Challengers and the forward-looking vision and market alignment of Visionaries. They merit attention from the types of buyers on which they focus.
专长玩家产品通常在某个或某些离散的 SSE 组件方面是稳健的解决方案,但专注于较少的领域(如技术能力、地理支持或垂直行业)。此外,专长玩家缺乏挑战者和愿景家在市场存在和资源方面的优势,以及前瞻性的视野和市场适应性。他们值得那些他们关注的买家关注。

Context  背景

SSE secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where the application is hosted. Various security-focused vendors offer the SSE portion of a SASE architecture for purchase and use by security buyers. At the same time, vendors in the WAN edge infrastructure market cover the networking portion of the SASE framework considered by networking buyers.
SSE 确保用户无论身处何地,使用何种设备,或应用程序托管在哪里,都能访问网络、云服务和私有应用程序。各种以安全为重点的供应商提供 SASE 架构的 SSE 部分,供安全买家购买和使用。同时,WAN 边缘基础设施市场的供应商覆盖了网络买家考虑的 SASE 框架中的网络部分。
Data from Gartner surveys and client inquiries indicates that most buyers are planning for a two-vendor strategy for SASE. More and more vendors, however, are taking a single-vendor SASE approach (see Magic Quadrant for Single-Vendor SASE), so we expect to see more purchases from these vendors, even if only their SSE capabilities are deployed.
Gartner 调查和客户咨询的数据显示,大多数买家正在计划采用双厂商的 SASE 策略。然而,越来越多的厂商正在采用单厂商的 SASE 方法(参见单厂商 SASE 魔力象限),因此我们预计这些厂商的采购量将会增加,即使只是部署了他们的 SSE 能力。
SSE customers are primarily looking to secure remote or hybrid workers who are accessing the public internet, cloud services and private applications. These customers may also want to secure remote users when their organization is virtual, is a heavy cloud consumer, or has no complex networking requirements for satellite locations.
SSE 客户主要希望保护远程或混合工作者访问公共互联网、云服务和私有应用程序。这些客户还可能希望在他们的组织虚拟化、是重度云消费者或对卫星位置没有复杂网络需求时保护远程用户。

Market Overview  市场概述

Product Evolution  产品演进

The SSE market is maturing, with changes increasingly being evolutionary rather than revolutionary. Most vendors have integrated their discrete components into a unified SSE platform configured from a single console. Customers should be wary of those still offering distinct capabilities and multiple consoles, even if these are tied to an SSE offering or integrated via SSO.
SSE 市场正在成熟,变化越来越多的是进化而非革命。大多数供应商已经将他们的离散组件集成到一个统一的 SSE 平台中,该平台可以从单个控制台配置。客户应警惕那些仍在提供独立功能和多个控制台的产品,即使这些产品与 SSE 产品相关或通过 SSO 集成。
Vendors continue to improve their functionality and integrate their capabilities into fewer distinct products and SKUs. They are adding ease-of-use and administration features such as advanced reporting, DEM, and better SaaS support both in terms of number of integrations and SSPM features. Vendor-owned SD-WAN is becoming more common, but, especially in larger organizations, dual-vendor SASE is still preferred and strong integrations with third parties are a requirement.
供应商继续改进其功能,并将他们的能力集成到更少的独立产品和 SKU 中。他们增加了易用性和管理功能,如高级报告、DEM 和更好的 SaaS 支持,包括集成数量和 SSPM 功能。供应商拥有的 SD-WAN 变得越来越普遍,但在大型组织中,双供应商 SASE 仍然更受欢迎,与第三方强大的集成是必需的。

Enterprise Integration  企业集成

Enterprise integration continues in areas such as XDR, where many vendors have partnered in the past year or offered integration touchpoints. Vendor-supplied XDR remains primarily a small-to-midsize enterprise area, and one where existing EPP vendors are likely to have an advantage.
企业集成持续在 XDR 等区域进行,过去一年中许多厂商已经合作或提供了集成触点。供应商提供的 XDR 主要针对中小型企业,并且现有 EPP 供应商可能具有优势。
The hype about generative AI is likely to be reflected in the SSE market. Wexpect vendors to add AI-enabled policy creation and optimization, reporting and analysis, and even data security capabilities to their SSE offerings.
关于生成式 AI 的炒作可能会在 SSE 市场中体现出来。预计供应商将在 SSE 产品中添加 AI 驱动的策略创建和优化、报告和分析,甚至数据安全功能。

SSE Architecture  SSE 架构

Vendors differ in terms of the architecture of their SSE offerings and delivery models. Vendor-owned POPs theoretically offer a lower cost of goods sold and therefore possibly lower price points, while cloud service provided POPs add more flexibility and the potential for faster deployments. Some vendors use a hybrid model, and increasingly some level of capability is offered on client premises for disaster recovery or universal ZTNA use cases. Several vendors also operate their own networks, and most have extensive peering with major cloud service providers and SaaS providers to offset the latency that inevitably arises from decryption and traffic analysis.
供应商在 SSE 产品架构和交付模式方面存在差异。供应商拥有的 POP 理论上可以降低商品销售成本,因此可能具有更低的价格点,而云服务提供的 POP 则增加了更多灵活性以及快速部署的潜力。一些供应商采用混合模式,并且越来越多地提供在客户端的某些能力,用于灾难恢复或通用 ZTNA 用例。一些供应商还运营自己的网络,并且大多数都与主要云服务提供商和 SaaS 提供商进行广泛的对等连接,以抵消解密和流量分析不可避免地带来的延迟。

Vendor Differentiation  供应商差异化

Vendors in this market display varying levels of maturity in terms of components and capabilities, such as in the depth and breadth of their SaaS security and data security capabilities, adaptive access capability, and anti-malware defenses. Capabilities such as protection of all ports and protocols from user devices are now common, and therefore are not seen as differentiating by the majority of Gartner clients. ZTNA is increasingly homogeneous, with all the vendors in this year’s Magic Quadrant being required to have both agent- and agentless capabilities and agents running on all major platforms.
本市场的供应商在组件和功能方面表现出成熟度的差异,例如在 SaaS 安全和数据安全能力的深度和广度、自适应访问能力和反恶意软件防御方面。保护用户设备上所有端口和协议的功能现在很常见,因此不被大多数 Gartner 客户视为差异化因素。ZTNA 越来越同质化,今年魔力象限中的所有供应商都必须具备代理和无代理能力,并且代理可以在所有主要平台上运行。

Market Drivers  市场驱动因素

Broad market trends that are driving adoption of SSE offerings include:
推动 SSE 产品采用的市场趋势包括:
  • Zero-trust networking: Interest in aligning security with zero trust remains strong, both in verticals where it is mandated and more generally. Partially as a consequence, zero-trust marketing abounds in the SSE space. Regardless of the definitions presented by vendors, SSE can enable zero-trust networking principles, as defined in Quick Answer: What Is Zero Trust Networking. These require that access to the network be granted only after access is authenticated and authorized, that network access be restricted to only necessary resources, and that network access be continuously adjusted in near real time, based on risk.
    零信任网络:对将安全与零信任对齐的兴趣依然强烈,无论是在强制实行的行业还是在更广泛的范围内。部分原因是,零信任营销在 SSE 领域盛行。无论供应商提出何种定义,SSE 都可以实现零信任网络原则,如快速问答:什么是零信任网络所述。这些原则要求仅在身份验证和授权后才能授予网络访问权限,将网络访问限制在仅必要的资源,并根据风险在近乎实时的基础上持续调整网络访问。
  • SaaS adoption: Adoption and growth rates for SaaS, platform as a service (PaaS) and IaaS continue to climb. Gartner estimates that SaaS is the largest cloud revenue generator (see Forecast: Public Cloud Services, Worldwide, 2021-2027, 4Q23 Update), and that it will grow at a compound annual rate of over 17% through 2027 (again, see Forecast: Public Cloud Services, Worldwide, 2021-2027, 4Q23 Update). Rapid cloud adoption creates a need to simplify and consolidate security delivered from the cloud for the cloud, rather than to try and force traffic through on-premises networks and data centers to secure access. It also increases the need for common security and controls, whether applications are hosted in a hyperscaler, delivered on-premises or moved to SaaS.
    SaaS 采用率:SaaS、平台即服务(PaaS)和 IaaS 的采用率和增长率持续上升。Gartner 估计,SaaS 是最大的云收入生成器(参见《全球公共云服务预测:2021-2027,2023 年 4 季度更新》),并且预计到 2027 年将以超过 17%的复合年增长率增长(参见《全球公共云服务预测:2021-2027,2023 年 4 季度更新》)。快速云采用需要简化并整合云提供的云安全,而不是试图通过本地网络和数据中心强制流量以保障访问安全。这也增加了对通用安全和控制的需求,无论应用是在超大规模云中托管、本地交付还是迁移到 SaaS。
  • Organizational silos: Most large organizations have separate networking and security teams. This creates two buying centers for SASE offerings, though in smaller enterprises more organizations are considering single-vendor SASE. In 2024 Strategic Roadmap for SASE Convergence, Gartner recommends consolidating existing networking and security contracts, and engaging networking and security engineers, before any technology evaluations. This will help to minimize duplicate spending, as well as to engage with stakeholders aiming to modernize branch office connectivity, pursue a zero-trust strategy, or secure and connect hybrid workers. In the long term, some organizations may create a unified team responsible for access engineering, spanning remote workers, branch office and edge locations. A single-vendor approach to implementing a SASE architecture is not required, but Gartner recommends that organizations have a strategic goal of reducing their SASE suppliers to either one vendor or two explicitly integrated vendors over the next few years.
    组织壁垒:大多数大型组织拥有独立的网络和安全团队。这为 SASE 产品创造了两个采购中心,尽管在较小的企业中,更多组织正在考虑单一供应商的 SASE。在 2024 年 SASE 融合战略路线图中,Gartner 建议在技术评估之前,合并现有的网络和安全合同,并聘请网络和安全工程师。这将有助于最小化重复支出,以及与旨在现代化分支机构连接、追求零信任策略或保护并连接混合工作者的利益相关者进行合作。从长远来看,一些组织可能会创建一个负责访问工程的综合团队,涵盖远程工作者、分支机构以及边缘位置。实施 SASE 架构不需要单一供应商的方法,但 Gartner 建议组织在接下来几年内将他们的 SASE 供应商减少到一家供应商或两家明确集成的供应商。

Evidence  证据

Throughout the course of a year, Gartner receives many inquiries about SSE and SASE technology. These inquiries help shape our views about the market and its vendors, as do other sources of publicly accessible data
Where possible, we also have drawn on customer reviews posted on Gartner’s Peer Insights platform.

Evaluation Criteria Definitions
评估标准定义

Ability to Execute

Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.
Additional Perspectives
reprint-promo-image
© 2025 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and Objectivity." Gartner research may not be used as input into or for the training or development of generative artificial intelligence, machine learning, algorithms, software, or related technologies.
© 2025 Gartner 公司及其关联公司。保留所有权利。Gartner 是 Gartner 公司及其关联公司的注册商标。未经 Gartner 事先书面许可,本出版物不得以任何形式复制或分发。本出版物包含 Gartner 研究组织的观点,不应被视为事实陈述。虽然本出版物中包含的信息是从被认为可靠的来源获得的,但 Gartner 对信息的准确性、完整性或充分性不承担任何保证。尽管 Gartner 的研究可能涉及法律和财务问题,但 Gartner 不提供法律或投资建议,其研究不应被解释或用作此类建议。您对本出版物的访问和使用受 Gartner 使用政策的约束。Gartner 以其独立性和客观性而自豪。其研究由其研究组织独立生产,不受任何第三方的影响或干预。 关于更多信息,请参阅《独立性和客观性指导原则》。Gartner 研究不得用于生成人工智能、机器学习、算法、软件或相关技术的输入、培训或开发。