The single-vendor secure access service edge (SASE) market segment grew 55% year-over-year in the first quarter of 2023, Dell’Oro Group reported, indicating a growing preference for single-vendor products over multi-vendor alternatives. Separately, Dell'Oro also noted that Zscaler surpassed Cisco as the top SASE revenue earner in the quarter for the first time.**
Single-vendor SASE providers are those that offer the full SASE portfolio as per Gartner’s definition: SD-WAN and a cloud-based security suite of tools called security service edge (SSE) which includes zero-trust network access (ZTNA), cloud access security broker (CASB), firewall-as-a-service (FWaaS) and secure web gateway (SWG).
Dell’Oro said that with the first-quarter growth, single-vendor SASE overtook the multi-vendor SASE portion of the market. In the near term, vendors that don’t offer both SD-WAN and SSE are “limiting their served available market (SAM),” according to Dell’Oro Research Director Mauricio Sanchez.
“I’m not yet saying that the multi-vendor SASE market will disappear long-term. I do believe the prospects for most vendors that don’t offer both will be challenging,” Sanchez told Fierce. He added that large vendors like Cisco or Palo Alto Networks -- both of which offer single-vendor SASE – are continuing to polish the SD-WAN and SSE capabilities in their SASE solutions.
While vendors and enterprise customers are trending toward single-vendor products, analyst firm Gartner (who defined the cloud-based networking and security framework in 2019) has said that multi-vendor SASE is still a viable approach to the framework. Multi-vendor SASE adoption typically consists of enterprises using one vendor for their SD-WAN, another for SSE capabilities and stitching the two together.
Even so, market trends make it clear that many enterprise customers are striving for vendor consolidation.
SASE products from a single vendor can also be differentiated by whether they are unified, meaning all capabilities are integrated under a single management console, or disaggregated, where separate networking and security products and services are bundled together to create a complete SASE solution.
Dell’Oro found that revenue for disaggregated SASE products is “by far” larger than that of unified, with the ratio split at about 90:10 (disaggregated to unified).
Sanchez attributed this in part to “historical vendor pedigree.” Large vendors started either from a position in security or networking, and “it was only the small pure players (startups) like Cato that tackled it head-on with a unified product play.”
The inclination toward disaggregated SASE is also indicative of purchasing behavior across security and networking teams, he added, which typically have not chosen the same vendor for their respective operations. “Security may like Zscaler while the networking team likes Cisco as an example,” Sanchez said.
Still, unified SASE grew at 140% in the first quarter, eclipsing $200 million.
“Over time I expect the market to continue to mature and lead to an increasing number of vendors providing unified solutions and comfort with going with the same company for networking and security will increase among customers,” Sanchez continued.
Dell’Oro’s report showed revenue for the overall SASE market – including single- and multi-vendor implementations -- rose by over 30 percent for the fifth consecutive quarter in the first quarter of this year, nearly hitting the $2 billion mark.
Zscaler is new top SASE earner
For the first time since Dell’Oro began tracking SASE in the first quarter of 2019 the top revenue position changed, with Zscaler overtaking Cisco. Palo Alto Networks also overtook Broadcom (Symantec) for the number three overall SASE revenue position, and Check Point, HPE/Aruba and Netskope became single-vendor SASE players.
“I see Zscaler doubling down on SSE feature depth and investing heavily to go after the big enterprise deals,” Sanchez said.
“The [SASE] growth is driven by the realization by our customers that they must undertake secure digital transformation to stay competitive and secure in a world where users, things, and workloads are hyper distributed,” Zscaler Field CTO Sanjit Ganguli said.
Ganguli added the company’s cloud security platform is one factor in its SASE success. The Zscaler Zero Trust Exchange can process over 300 billion transactions daily which allows Zscaler to “operate at massive scale,” he told Fierce.
Zscaler has worked to get ahead of the curve in building a cloud-native security platform, and in getting to the market first with products like a cloud-based SWG, cloud-based zero trust connectivity and integrated digital experience monitoring.
The vendor has also made strategic acquisitions to address critical areas in its portfolio. For example, Zscaler recently acquired of Canonic Security to address the growing threats of SaaS supply chain attacks, Ganguli said.
Zscaler is continuing to “innovate at a breakneck pace,” he added, in areas like leveraging generative AI to stay ahead of threat actors.
**The story was corrected to clarify that Zscaler is not a single-vendor SASE provider, but its overall SASE-related revenues did recently surpass Cisco's, according to Dell'Oro.