Our Cloud and WAN Research Service just unveiled a fourth WAN analysis module, and it's all about network security.
To write this analysis, we asked a mixture of carriers and MSPs, SD-WAN vendors, and pure-play security vendors to tell us about their network security offerings.
Here's a look at what these services are and how they are being offered.
Services & Products
Most SASE solutions consist of a few key products that offer flexibility, cost-savings, threat prevention, data protection, and increased performance.
Our survey listed ten of the most common SASE products for respondents to give information on:
- Cloud Access Security Broker (CASB) is placed between enterprise cloud users and the cloud providers and allows organizations to enforce internal security policies and compliance regulations.
- Secure Web Gateway (SWG) is placed between enterprise users and the web to enforce company security and blocking policies and ensure safe web browsing.
- Next-Gen Firewall (NGFW) is a device with the ability to filter packets and inspect data for security threats at the application level.
- Firewall-as-a-service (FWaaS) is a cloud-based firewall that delivers next-gen firewall capabilities with a scalable virtual appliance and allows for centralized control for updates, policy changes, etc.
- Endpoint Detection and Response (EDR) solutions rely on classification-based detection and can identify threats by querying an existing database to compare detected activity to known threats.
- Extended Detection and Response (XDR) is an evolution of EDR and works to consolidate multiple products into a cohesive security incident detection and response platform.
- Managed Detection and Response (MDR) is a managed service that packages the benefits of EDR and/or XDR into a single offering to offload cybersecurity challenges.
- Distributed denial-of-service (DDoS) protection includes a set of techniques to mitigate the impact of attacks that flood networks with traffic seeking to shut them down.
- Malware detection is a process used to identify, block, alert, and respond to malware threats.
- Data Loss Prevention (DLP) is the practice of preventing data breaches, exfiltration, or the unwanted destruction of data.
Many of these services predate the ZTS and SASE frameworks, but have been put together as a stack and integrated with SD-WAN services to address the security challenges of a modern network configuration.
The figure below details the availability of these ten products across our respondents.
SASE Product Prominence (2023)
- All respondents noted that they offer DDoS protection, making it the most common SASE product.
- FWaaS and SWG were the second most commonly offered products, with 14 providers indicating they offered each service.
- Thirteen companies offered CASB and DLP.
- All other SASE products were part of the security offerings of more than half of the total respondents, with the exception of MDR, the least commonly offered security product.
ZTS products identify users and devices to grant access only to approved resources and applications, replacing the “castle and moat” system where once into a network, a user has access to all of it.
For our survey, we listed four potential ZTS products:
- Multi-Factor Authentication (MFA) is a multi-step login process that requires users to enter credentials based on independent categories (i.e. a password and a security token).
- Single Sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of login credentials.
- Privilege Access Management (PAM) solutions limit network access to only the data and applications assigned to particular users or devices.
- User analytics tracks, collects, and assesses user data and activities using various monitoring systems. These systems can create alerts about or lock out users whose behavior is unexpected, i.e. a device or user logging on from an unusual IP address or in multiple simultaneous sessions.
ZTS Product Prominence (2023)
- Fewer providers overall offered ZTS products than SASE products.
- MFA was the most common ZTS product, with 12 companies offering this service.
- The second most common ZTS product was user analytics, which 10 companies listed.
- Nine companies listed PAM and eight offered SSO.
We asked respondents if they offered a “full-stack” or user interface “single pane of glass.”
A “full stack” generally means that the carrier, MSP, or security provider can themselves provide a full suite of SASE/network security services to the customer as a one-stop-shop—even if this is accomplished through several channel partners.
The vaunted “single pane of glass” is a user interface that brings all of these services together for customers in a single portal to monitor and manage threats, create policies, etc.
Only about half of the respondents indicated that they are offering a full suite of services. More companies—11 respondents—indicated that they have a customer portal or user interface.
We expect both of these categories to increase in the coming years, as service stacking and central management are key selling points in a SASE service.
We expect both of these categories to increase in the coming years, as service stacking and central management are key selling points in a SASE service.
This analysis was pulled from the new SASE module of our Cloud and WAN Research Service.
Learn more about this unique research suite over here.
Greg Bryan
Greg is Senior Manager, Enterprise Research at TeleGeography. He's spent the last decade and a half at TeleGeography developing many of our pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts our podcast, TeleGeography Explains the Internet.