Magic Quadrant for SASE Platforms

9 July 2025 - ID G00821985 - 41 min read
By Jonathan Forest, Neil MacDonald,  and 1 more
The SASE platform market is evolving as more vendors enter the market and offerings mature. Still, there is differentiation in vendor capabilities and strategies. I&O leaders responsible for networking and cybersecurity should use this research to help determine the right vendor for their needs.

Strategic Planning Assumption

By 2028, 70% of SD-WAN purchases will be part of a single-vendor SASE Platform offering, up from 25% in 2025.
By 2028, 50% of new SASE deployments will be based on a single-vendor SASE Platform offering, up from 30% in 2025.

Market Definition/Description

This document was republished on 10 July 2025. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
This year, we’ve revised our definition name to better reflect the market’s description.
Secure access service edge (SASE) platforms deliver converged network and security-as-a-service capabilities, such as software-defined WAN (SD-WAN) and secure access to the web, cloud services and private applications regardless of the user’s location, the device used or where that application is hosted. These offerings primarily use a cloud-centric architecture delivered as a platform by one vendor.
SASE securely connects users and devices with applications, services and other users. It supports branch office and remote worker connectivity and on-premises general internet security, private application access and public cloud service provider access use cases.

Mandatory Features

The mandatory features for this market include:
  • Resilient global point-of-presence (POP) infrastructure providing functionality for secure access to the web, cloud services and private applications
  • Centralized management with no more than two consoles covering all the capabilities listed below, accessible via both GUI and API, enabling visibility, troubleshooting, reporting, and granular configuration and policy changes:
    • Secure web access via proxy
    • SaaS visibility and access controls
    • Identity-, context- and policy-based secure remote access to private applications
    • A branch appliance that supports performance-based dynamic traffic steering (such as packet loss, latency and jitter) across multiple physical WAN interfaces, based on applications (not just IPs/ports)
    • Layer 7 firewalling to secure traffic bidirectionally across networks

Common Features

The common features for this market include:
  • Unified management delivered by a single console covering all capabilities of the offering (with GUI and API), enabling visibility, troubleshooting, reporting, and granular configuration and policy changes
  • Ability to securely connect end users to the SASE platform using a variety of techniques, including software agents, agentless portals, browser plug-ins, secure enterprise browsers and remote browser isolation
  • Sensitive data visibility and control
  • Additional security capabilities, including network sandboxing, DNS protection, API-based access to SaaS for data context and configuration information, application layer visibility and protection, and continuous adaptive risk scoring
  • Advanced network functionality, including enhanced internet, private backbone transport, external DNS services, cloud onramps (simplified and automated integration with public cloud networking services) and broader application optimization technologies
  • Ability to replace a branch router (such as support for Border Gateway Protocol [BGP]) and support meshed topologies
  • Integrated digital experience monitoring (DEM) capabilities
  • Ability to support unmanaged operational technology (OT) and unmanaged Internet of Things (IoT) in addition to managed devices

Magic Quadrant

Figure 1: Magic Quadrant for SASE Platforms
The Magic Quadrant for [market name] shows 11 providers positioned in a scatterplot with the x-axis rating their Completeness of Vision and the y-axis rating Ability to Execute. This chart is split into quadrants with the top right labeled as Leaders, top left as Challengers, bottom left as Niche Players and bottom right as Visionaries. As of May 2025, the Leaders are Cato Networks, Fortinet, Netskope and Palo Alto Networks; the Challengers are Cisco and Versa Networks; the Visionaries are Cloudflare and Zscaler; and the Niche Players are Check Point Software Technologies, HPE and SonicWall.
Vendor Strengths and Cautions
Cato Networks
Cato Networks is a Leader in this Magic Quadrant. Its SASE platform offering is the Cato SASE Cloud Platform, and Gartner estimates that the vendor has approximately 2,500 active SASE platform enterprise customers. The offering is delivered in a single integrated management console, which includes all relevant security service edge (SSE) functionality, Cato Socket edge SD-WAN, Cato Client, Global Private Backbone and the Cato Management Application (CMA). Its operations are primarily in North America, Europe and Asia/Pacific, with a focus on cloud-first enterprises across all verticals. Gartner expects Cato Networks to make future investments in providing a selective traffic on ramp to the Cato SASE Cloud Platform, enhance its on-premises firewall and add predictive AI networking capabilities.
Strengths
  • Innovation: Cato’s planned innovations around agentic AI are likely to shape the SASE platform market going forward.
  • Customer experience: Cato was above average in customer experience compared with other vendors in this research, driven primarily by Gartner end-user client interactions.
  • Marketing strategy: Cato’s marketing strategy to reach larger enterprises is consistent with its plan to move upmarket.
Cautions
  • Pricing: Cato Networks’s pricing tends to be higher, less transparent and more complex (with bandwidth-based pricing) than other vendors in this research, based on Gartner end-user interactions, feedback from Gartner Peer Insights and broader Gartner analysis.
  • Inline on-premises security controls: Cato Networks lacks on-premises intrusion prevention systems (IPS) and content filtering capabilities.
  • Geographic strategy: Cato has limited support for turnkey compliance with data sovereignty laws and constraints on log storage locations across various countries.
Check Point Software Technologies
Check Point Software Technologies is a Niche Player in this Magic Quadrant. Its SASE platform offering includes both Harmony SASE and Quantum SD-WAN, and Gartner estimates that the vendor has approximately 500 active SASE platform enterprise customers. The offering requires two management consoles, with Harmony SASE providing the secure service edge (SSE) functionality and Quantum SD-WAN providing the SD-WAN functions. Both are accessed via the Check Point Infinity Portal. Its operations are global with a focus on security-conscious, hybrid cloud organizations of all sizes and verticals. Gartner expects Check Point Software Technologies to make future investments in unifying on-premises and SSE policies and zero trust, as well as launching two points of presence (POPs) in China.
Strengths
  • Overall viability: The vendor is in strong financial health, giving it staying power to make longer-term SASE platform investments.
  • Customer experience: The vendor has above-average customer experience compared with other vendors in this research, based on Gartner end-user interactions, as well as feedback from Gartner Peer Insights reviews.
  • Security: Check Point has strong inline on-premises security controls, stemming from its heritage as a firewall vendor.
Cautions
  • Innovation: The vendor’s planned innovations around unified policy for branch and data center firewalls and Check Point as a service are unlikely to shape the SASE platform market going forward.
  • Market responsiveness: The vendor has been late on its pivot from the firewall market to the SASE platform market, losing opportunities with early adopters.
  • Marketing execution: The vendor has lower SASE platform market visibility than other vendors in this research, based on Gartner end-user client interactions, an analysis of social media end-user vendor mentions and Gartner website searches.
Cisco
Cisco is a Challenger in this Magic Quadrant. Its primary SASE platform offering is Cisco Universal ZTNA, and Gartner estimates that the vendor has approximately 500 active SASE platform enterprise customers using it. Universal ZTNA integrates Cisco’s Catalyst SD-WAN, Cisco Secure Access, Cisco Duo and Identity Intelligence. The offering requires two management consoles to deliver the SSE and SD-WAN functionality. While Cisco leads with Catalyst SD-WAN as part of the Universal ZTNA offering, Meraki SD-WAN is also supported. The vendor also has Cisco Umbrella, with customers migrating to Cisco Secure Access. Its operations are global, focusing on customers of all sizes and verticals and targeting more networking-led use cases. Gartner expects Cisco to make future investments in Universal ZTNA and endpoint data loss prevention (DLP), and expand deployment options to access new go-to-market channels.
Strengths
  • Sales execution: Cisco has strong channels and a loyal customer base that it can leverage in the migration to its SASE platform offering.
  • Networking product experience: Cisco has a long history of providing WAN solutions to enterprise customers, resulting in a strong level of experience.
  • Marketing execution: Cisco has above-average SASE platform market visibility compared with other vendors in this research, based on end-user Gartner interactions, Gartner website searches and an analysis of social media end-user mentions.
Cautions
  • Innovation: Cisco’s planned innovations around its global SASE fabric and sovereign SASE are unlikely to shape the SASE platform market going forward.
  • Customer experience: Cisco’s customer experience is below average compared with other vendors in this research, based primarily on Gartner end-user interactions.
  • Marketing strategy: Cisco’s marketing strategy is below average compared with other vendors in this research, based on a lack of specifics in Cisco’s approach to reaching customers and new buyers.
Cloudflare
Cloudflare is a Visionary in this Magic Quadrant. Its SASE platform offering is Cloudflare One, and Gartner estimates that the vendor has approximately 400 active SASE platform enterprise customers. Cloudflare One is an integrated offering that provides all SSE functionality, with Magic WAN and Magic WAN Connector managed via the Cloudflare dashboard. Its operations are global, focusing on midsize cloud-first enterprises across all verticals. Gartner expects Cloudflare to make future investments in both inline cloud security controls — leveraging its Kivera acquisition and AI to improve DLP detection accuracy — and authoritative internal DNS resolution, expanding to offering DDI (DHCP, DNS and IP address management) for internal networks.
Strengths
  • Marketing/sales strategy: Cloudflare’s marketing and sales strategy to reach new buyers and new customers is consistent with expanding its customer base beyond midsize enterprises.
  • Innovation: The vendor’s recent and planned investments in postquantum cryptography (PQC) and AI have the potential to shape the SASE platform market going forward.
  • Geographic strategy: Cloudflare has a comprehensive and expanding POP infrastructure, which provides reach to deliver service globally.
Cautions
  • Product: Cloudflare’s SD-WAN, inline on-premises security controls and SaaS application control and visibility functionality are more limited than other vendors in this research.
  • Sales execution and pricing: Compared with other vendors in this research, Cloudflare has a more limited enterprise go to market given its traditional focus on smaller customers, and its pricing is more complicated.
  • Market responsiveness: Cloudflare has been late in delivering features such as Universal ZTNA (UZTNA) and private/sovereign SASE compared with other vendors in this research.
Fortinet
Fortinet is a Leader in this Magic Quadrant. Its SASE platform offering is Fortinet Unified SASE, and Gartner estimates that the vendor has over 1,500 active SASE platform enterprise customers. Fortinet’s Unified SASE offering includes FortiSASE (for the SSE functions) and FortiGate Secure SD-WAN integrated in the FortiSASE portal. Its operations are global, targeting all customers and verticals with a focus on organizations that have hybrid cloud networking and security needs. Gartner expects Fortinet to make future investments in agentic AI for security and networking and automating network operations center (NOC)/security operations center (SOC) functions, integration of network access control (NAC) with UZTNA and postquantum cryptography (PQC) delivery.
Strengths
  • Sales execution: Fortinet’s offering is priced competitively, and it has a strong SD-WAN/branch firewall incumbency that will likely help grow its SASE platform market share.
  • Overall viability: Fortinet’s overall viability is above average in the SASE platform market compared with other vendors in this research, based primarily on its corporate financial health.
  • Product strategy: Fortinet’s go-forward product enhancements in UZTNA, agentic AI and PQC are aligned with future end-user SASE platform market needs.
Cautions
  • Customer experience: Fortinet’s customer experience is below average compared with other vendors in this research, based primarily on Gartner end-user client interactions.
  • Securing private applications: Fortinet doesn’t offer a “broker connector” proxy for agent-based ZTNA, which increases security risk by requiring a persistent open inbound connection to an externally exposed FortiOS instance.
  • Geographic strategy: Fortinet has a two-tiered POP model that can introduce end-user buying confusion and increase the risk of a suboptimal purchase, especially for larger global organizations.
HPE
Hewlett Packard Enterprise (HPE) is a Niche Player in this Magic Quadrant. Its SASE platform offering is HPE Aruba Networking SASE, and Gartner estimates that the vendor has approximately 100 active SASE platform enterprise customers. The offering requires two management consoles, with one for HPE Aruba Networking EdgeConnect (SD-WAN or SD-Branch) and the other for HPE Aruba Networking SSE. While the offering includes options for HPE Aruba Networking EdgeConnect SD-WAN, SD-Branch and Microbranch, the vendor leads with the SD-WAN product. Its operations are global, focusing on customers of all sizes and verticals with network-led use cases. Gartner expects HPE to make future investments in SSE connector integration with EdgeConnect appliances, unified SASE GUI and an AI security agent.
Strengths
  • Network incumbency: HPE has a sizable installed base of SD-WAN customers and existing channels that will serve as upgrade targets to its SASE platform offering.
  • SD-WAN: The vendor has a strong SD-WAN offering that integrates inline on-premises security controls.
  • Customer experience: The vendor has above-average customer experience compared with other vendors in this research, driven mainly by end-user Gartner interactions.
Cautions
  • Innovation: HPE’s planned innovations in product integrations and support for “coffee shop” networking architectures will likely not shape the SASE platform market going forward.
  • Market responsiveness: HPE was late to enter the SASE platform market, and its offering, especially its security capabilities, is less mature than other vendors’ offerings in this research.
  • Geographic strategy: HPE’s geographic strategy is more limited, primarily due to its lack of global POP coverage, go-forward plans and support for non-English languages, than other other vendors in this research.
Netskope
Netskope is a Leader in this Magic Quadrant. Its SASE platform offering is Netskope One SASE, and Gartner estimates that the vendor has approximately 1,000 active SASE platform enterprise customers. It is a fully integrated offering that includes Netskope One Security Service Edge, Netskope One SD-WAN, Netskope One Gateway appliance, Netskope One Client and NewEdge POP infrastructure managed via its Netskope One Orchestrator. Its operations are global but focus on North America and Europe, targeting larger organizations across all verticals. Gartner expects Netskope to make future investments in DNS-as-a-service (DNSaaS), integrating SD-WAN and digital experience monitoring (DEM) into the Netskope One Enterprise Browser, as well as operational technology (OT) security and access control.
Strengths
  • Product strategy: The vendor’s current and expected product enhancements are aligned with enterprise end-user networking and security SASE platform client needs.
  • Customer experience: Netskope has strong customer experience compared with other vendors in this research, based on Gartner end-user client interactions and Gartner Peer Insights reviews.
  • Innovation: The vendor’s planned innovations in PQC and its extension of SASE to nonhuman AI agents are likely to shape the SASE platform market going forward.
Cautions
  • Overall viability: Netskope’s financial position is less clear, compared with other vendors in this research, as the vendor offered limited financial information that we could include in our analysis.
  • SD-WAN experience: Netskope’s heritage is delivering SSE functionality, and it has less experience supporting SD-WAN offerings compared with some other vendors in this research.
  • Pricing complexity: The vendor’s SASE platform pricing is more complex than other vendors in this research.
Palo Alto Networks
Palo Alto Networks is a Leader in this Magic Quadrant. Its SASE platform offering is Prisma SASE, and Gartner estimates that the vendor has approximately 5,500 active SASE platform enterprise customers. It is a fully integrated offering, which includes Prisma Access, Prisma SD-WAN with its ION appliances and software, GlobalProtect and Prisma Access Browser managed via Strata Cloud Manager. The vendor operates globally and tends to focus on larger organizations and all verticals for networking and security use cases. Gartner expects Palo Alto Networks to make future investments in security enabled by Prisma Access Browser and Precision AI, AI for networking and security, as well as enhanced infrastructure resiliency with Oracle Cloud Infrastructure (OCI).
Strengths
  • Product: Palo Alto Networks has strong SSE and SD-WAN features that are delivered via a unified platform.
  • Market responsiveness/understanding: The vendor made an early pivot to the SASE platform market and continues to respond to emerging market needs in a timely manner.
  • Overall viability: The vendor has strong financial viability and a demonstrated commitment to invest in this market.
Cautions
  • Pricing: Palo Alto Networks’s offering is more expensive than most of the other vendors in this research, based on Gartner end-user client interactions and Gartner analysis.
  • Prisma Access Browser: Palo Alto Networks’ Prisma Access Browser is unlikely to shape the SASE market as it solves only a subset of emerging end-user requirements.
  • Inline on-premises security controls: The vendor’s on-premises security from ION appliances within its SASE platform is weaker than its stand-alone PAN-OS firewall.
SonicWall
SonicWall is a Niche Player in this Magic Quadrant. Its primary SASE platform offering is SonicWall SASE suite, and Gartner estimates that the vendor has approximately 100 active SASE platform enterprise customers. It has two management consoles, with Cloud Secure Edge (CSE) supporting the SSE functions and Network Security Manager (NSM) supporting the firewall/SD-WAN appliance accessed via the SonicPlatform. The vendor operates globally with a focus on small and midsize businesses (SMB) and midsize enterprise customers with security-driven use cases. Gartner expects SonicWall to make future investments in simplifying the SMB onboarding experience, managed service provider (MSP) enhancements to address management across all tenants, and URL filtering and SaaS application consistency.
Strengths
  • Security features: The vendor is strong with inline on-premises security controls and securing private applications.
  • Pricing: SonicWall’s pricing is generally lower than other vendors in this research, which appeals to cost-conscious and small to midsize enterprises.
  • Go-forward investment: SonicWall plans to expand its sales and marketing resources, which should increase its SASE platform market visibility.
Cautions
  • Marketing execution: The vendor’s SASE platform market visibility is low, based on Gartner end-user client interactions, Gartner website searches and broader social media analysis of end-user vendor mentions.
  • Innovation: SonicWall’s planned innovations in “bringing your own IP” for the controller and delivering a self-healing security architecture are unlikely to change the dynamics of the SASE platform market going forward.
  • Product: The vendor has more limited networking and broader SSE capabilities and experience than other vendors in this research.
Versa Networks
Versa Networks is a Challenger in this Magic Quadrant. Its SASE platform offering is Versa Secure Access Fabric (VSAF), and Gartner estimates that the vendor has approximately 4,000 active SASE platform enterprise customers. It is a fully integrated offering that includes Versa Security Service Edge and Versa SD-WAN on Versa Cloud Gateways managed via Versa Concerto. The vendor also offers Titan for more streamlined SD-WAN use cases. The vendor operates primarily in North America, Europe and Asia/Pacific, focusing on customers of all sizes and verticals. Gartner expects Versa to make future investments in its enterprise browser, AI enhancements for intelligent policy automation and graph analytics-based malware detection on endpoint systems.
Strengths
  • Product: Versa has a comprehensive set of features across networking and most security functions.
  • Market responsiveness: Versa was an early SD-WAN vendor that pivoted to the SASE platform market and has been responsive to market needs.
  • Pricing: Based on the value offered, the vendor’s offering is competitively priced compared with other vendors in this research.
Cautions
  • Innovation: Versa’s planned innovations in sovereign SASE and extended detection and response (XDR) are not expected to shape the SASE platform market dynamics going forward.
  • Customer experience: Versa’s customer experience is below average compared with other vendors in this research, based primarily on Gartner end-user client interactions.
  • Market visibility: Compared with other vendors in this research, Versa’s SASE platform market visibility is below average, based on Gartner end-user client interactions, Gartner website searches and an analysis of end-user social media vendor mentions.
Zscaler
Zscaler is a Visionary in this Magic Quadrant. Its SASE platform offering is Zero Trust SASE, and Gartner estimates that the vendor has approximately 500 active SASE platform enterprise customers. It is a fully integrated offering that provides the Zero Trust Exchange SSE platform functionality and Zero Trust SD-WAN functionality via the Experience Center management console. The vendor operates globally, focusing on larger organizations across all verticals, primarily targeting security-driven use cases. Gartner expects Zscaler to make future investments in new hardware form factors with higher throughput and additional support for 5G, using Quick UDP Internet Connections (QUIC) for tunneling from client and edge appliances and AI-based intelligent segmentation.
Strengths
  • Marketing/sales strategy: Zscaler has strong marketing and sales strategies in the SSE market that should allow it to reach the right customers and grow in this market.
  • Security features: Zscaler has a comprehensive set of security features delivered as part of its SASE platform offering.
  • Innovation: The vendor’s planned innovations around AI Detection and Response (AIDR) are likely to shape the SASE platform market going forward.
Cautions
  • Customer experience: Zscaler’s customer experience is below the average of other vendors in this research, based primarily on Gartner end-user client interactions.
  • SD-WAN features: Zscaler has less SD-WAN functionality and experience than other vendors in this research.
  • Market responsiveness: The vendor was late to enter the SASE platform market and missed selling to the early adopters.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor's appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.

Added

  • Check Point Software Technologies was added, because it met the inclusion criteria for the Magic Quadrant.
  • SonicWall was added, because it met the inclusion criteria for the Magic Quadrant.
  • Zscaler was added, because it met the inclusion criteria for the Magic Quadrant.

Dropped

  • Forcepoint was dropped, because it no longer participates in the SASE platforms market and therefore did not meet the inclusion criteria for this Magic Quadrant research.

Inclusion and Exclusion Criteria

To qualify for inclusion, providers need the following.
General:
  • Provide a generally available (GA) SASE platform offering as of 1 April 2025. All components must be publicly available, shipping and be included on the vendors’ published price list as of this date. Products shipping after this date only may influence the Completeness of Vision axis.
  • Provide commercial support and maintenance for its enterprise SASE platform offering (24/7) to support deployments on multiple continents. This includes hardware/software support, access to software upgrades, security patches, troubleshooting and technical assistance.
  • Participate in the enterprise SASE platform market, including actively selling and publicly marketing its SASE platform to enterprises.
Gartner defines “general availability” as the release of a product to all customers. When a product reaches GA, it becomes available through the company’s general sales channel — as opposed to a limited or controlled release, pre-GA or beta version.
Product
Vendors must have a SASE platform offering that includes all the below functionality, generally available as of 1 April 2025.
All of the following must be available as a service from the cloud to customers:
  • Secure web access via proxy.
  • Enforce SaaS access controls inline. This requires support for inline malware scanning and data security to cover at least two of the following three SaaS enterprise suites: Microsoft 365, Salesforce and Google Workspace.
  • Identity- and context-based secure remote policy-based access to private applications (not just network-level access).
  • Layer 7 firewall capability to secure traffic bidirectionally across networks.
  • A branch appliance that supports performance-based dynamic traffic steering (supporting at least one criterion: latency, packet loss or jitter) across multiple physical WAN interfaces; based on well-known applications (not IPs/ports). This appliance is deployable at a customer’s physical branch location to directly terminate connectivity.
  • The ability for customers to define sensitive data protection policies and apply them via inline network data inspection.
  • An endpoint software agent (supporting Windows and Mac operating systems) for connecting users to the vendor’s SASE platform offering.
  • Centralized management (with both GUI and API) that not only enables provisioning, visibility, troubleshooting and reporting, but also enables granular configuration and policy changes.
  • The vendor must have no more than two management consoles to operate its enterprise SASE platform offering for the foundational SASE use case.
  • The ability for customers to directly manage and administer the full SASE platform offering themselves, including granular configuration and policy of all SASE functions (commonly referred to as do it yourself [DIY]).
  • Single-pass scanning for malware and sensitive data (may be parallelized) for inline security controls.
  • Support single sign-on (SSO) integration with third-party identity providers.
  • Leverage POP infrastructure meeting all the following requirements.
    • Presence in at least 15 distinct geographic metropolitan cities globally, including with at least three distinct metropolitan cities each on three separate continents.
    • POPs are in a highly secure facility; offer the following services locally (intra-POP): web proxy, private access, and in-line SaaS control with high availability; and they are generally available to all enterprise customers.
    • Vendors must provide a publicly available URL with POP metropolitan cities list, POP monitoring/status capability and a documented POP SLA.
  • The vendor must be actively marketing and enhancing its SASE platform offering.
  • The vendor must be able to provide a single-support experience to customers, meaning customers must engage only with the vendor for support.
  • The vendor must natively deliver all of the core SASE functionality (SD-WAN, firewall, ZTNA, cloud access security broker [CASB] and secure web gateway [SWG]) as part of the SASE platform offering.
Global Customer Relevance and Adoption
Vendors must show high relevance to Gartner clients via achieving at least one of the following as of 1 March 2025 with the SSE functionality (ZTNA, CASB and SWG) of SASE delivered as a service from the cloud:
  • Overall adoption: At least 250 unique enterprise customers using SD-WAN and, at a minimum, one of the SSE components (ZTNA, CASB or SWG) with the vendor’s primary SASE platform offering in a production environment, and these customers have an active commercial support license.
  • Recent adoption: At least 75 newly acquired unique enterprise customers in the last 12 months using SD-WAN and, at a minimum, one of the SSE components (ZTNA, CASB or SWG) with the vendor’s primary SASE platform offering in a production environment, and these customers have an active commercial support license.
  • Adoption plus growth: At least 100 unique enterprise customers, with 50% growth in the last 12 months, using SD-WAN and, at a minimum, one of the SSE components (ZTNA, CASB or SWG) with the vendor’s primary SASE platform offering in a production environment. Also, these customers have an active commercial support license.
  • Large-enterprise adoption: At least 75 large unique enterprise customers using SD-WAN and, at a minimum, one of the SSE components (ZTNA, CASB or SWG) with the vendor’s primary SASE platform offering in a production environment. Also, these customers have an active commercial support license.
  • Full suite adoption: At least 50 unique enterprise customers using all components of SASE: SD-WAN, CASB, ZTNA, firewall and SWG with the vendor’s primary SASE platform offering in a production environment, and these customers have an active commercial support license.
Vendors must also show high relevance to Gartner clients by achieving each of the following as of 1 March 2025:
  • The vendor’s primary offering must address at least two of the Critical Capabilities use cases for SASE platforms, with one of them being the foundational SASE use case.
  • At least 25 unique SASE platform enterprise customers headquartered in each of two continents, using SD-WAN and, at a minimum, one of the SSE components (ZTNA, CASB or SWG), all of whom are under active support contracts; for example, 25 customers in Asia and 25 separate customers in North America.
Gartner defines “enterprise” as an organization with at least $50 million in annual revenue and/or 100 to 1,000 employees. Gartner defines “large enterprise” as an organization with at least $1 billion in annual revenue and/or over 1,000 employees. Enterprises can be a private for-profit organization or not-for-profit entities, such as charitable organizations, government and education institutions.
Gartner defines “customer” as a paying end-user organization for the consumption of a service and under active support. This excludes trials, POCs, paid pilots, “try and buys,” lab trials, etc. Customers may include both DIY and those serviced through a managed SASE provider (i.e., any organization using a vendor’s solution fully deployed, regardless how it is delivered).

Honorable Mentions

  • Aryaka has relevant technology and is investing in this market, but it did not meet product inclusion criteria as of the research cutoff date.
  • Barracuda has relevant technology and is investing in this market, but it did not meet product inclusion criteria as of the research cutoff date.
  • Ericsson (Cradlepoint) has relevant technology and is investing in this market, but it did not meet product criteria as of the research cutoff date.
  • Huawei has relevant technology and is investing in this market, but it did not meet product inclusion criteria as of the research cutoff date.
  • iboss has relevant technology and is investing in this market, but it did not meet customer adoption criteria as of the research cutoff date.

Evaluation Criteria

Ability to Execute

Product/Service: We evaluate vendors by looking at their overall SASE offering, including both the networking and security components. The majority of this assessment focuses on the vendor’s primary SASE platform offering, as defined by what they sell into most enterprises. We also consider the breadth and depth of the SASE platform functionality provided by the vendor across all relevant offerings and the use cases they support. We consider the vendor’s architecture, as well as product capabilities and quality. The functionality we primarily assess includes (but isn’t limited to): 
  • Basic networking
  • SD-WAN
  • Inline on-premises security controls
  • Securing private applications 
  • Inline cloud- enforced security controls
  • SaaS app control and visibility
  • Infrastructure delivery
  • Ease of administration
  • Unified platform
  • Data security  
  • Threat protection
Overall Viability: We assess the vendor’s overall financial health, and the likelihood that the organization will continue to invest across multiple areas (such as marketing, sales, product development and support) to expand their SASE platform offering.
Sales Execution/Pricing: We assess the vendor’s pricing and direct/indirect sales structure and effectiveness. Approximately half of this assessment is based on sales effectiveness and go-to-market activities, along with depth and breadth of sales channels. The other half of the assessment evaluates the price versus value offered to customers. We assess the hardware/support/licensing pricing model and simplicity/complexity of pricing.
Market Responsiveness and Track Record: This criterion evaluates the vendor’s history of responsiveness. It assesses the vendor’s track record in delivering the right capabilities at the right time to address customer needs, compared with competitors. This criterion also evaluates the vendor’s history of responsiveness in terms of changing market demands and addressing limitations to remain competitive. This evaluation is not limited to SASE platform products as it also involves adjacent integrated capabilities that strengthen the overall SASE platform offering, pricing, licensing models, go-to-market and overall competitive dynamics.
Marketing Execution: This criterion assesses the efficacy of the vendor’s marketing program. For SASE platforms, we evaluate the clarity, consistency and amplitude of messages, including (but not limited to) its website, social media channels, etc. We focus on whether the vendor’s messaging resonates with enterprises, including key points of differentiation. We assess whether the vendor is making appropriate investments in marketing, and if they’re delivering results. The evaluation focuses on how well the vendor is able to influence and shape perception in the market through marketing activities and thought leadership that drives awareness. An additional indicator for this criterion is how often Gartner clients inquire about a specific vendor in terms of capabilities/reputation or in a shortlist evaluation process.
Customer Experience: Looks at all aspects of the customer experience inclusive of presales and postsales activities. This includes the customer’s experience with the vendor’s SASE platform offering and components used in its production environment. Additionally, we assess customer technical support, sentiment and satisfaction with the vendor and product, and employee engagement.

Ability to Execute Evaluation Criteria

Evaluation CriteriaWeighting
Product or Service
High
Overall Viability
Medium
Sales Execution/Pricing
High
Market Responsiveness/Record
Medium
Marketing Execution
Medium
Customer Experience
High
Operations
NotRated
Source: Gartner (July 2025)

Completeness of Vision

Innovation: Evaluates the future plans to bring differentiated capabilities to the market that will enhance the vendor’s ability to attract customers and drive business. We assess whether the vendor’s most recent and planned innovations will add customer value, whether they’re unique or differentiated, and whether they’re true “game changers.” The majority of the weighting for this category is applied to future innovations, not current in-market capability. Innovation is not simply a list of new features/functionality or product improvements: It can be created across multiple areas, including product, adjacent integrated capabilities, packaging, pricing, licensing, sales, marketing, models and use cases. The most impactful innovations change the dynamics of a market in terms of customers. Hence, we assess whether the vendor’s innovations will disrupt the market via shifting customer expectations and/or will force competitors to react.
Market Understanding: This criterion assesses the vendor’s ability to understand the emerging networking and network security needs of organizations of varying sizes, verticals and within different geographies. We also assess the vendor’s self-awareness of key strengths/weaknesses and the competitive landscape in the market.
Marketing Strategy: This criterion evaluates the ability of the vendor to influence the market into the future, through its messaging and marketing campaigns. This includes the extent to which the vendor articulates a forward-looking marketing message that is clear, consistent, relevant and differentiated, as well as aligned with future end-user needs. We look for new and effective ways vendors reach customers, how they reach evolving customer buyer personas and how they plan to communicate their message to drive market demand.
Sales Strategy: This criterion evaluates the vendor’s proposed use of direct and indirect sales and related investments to add new customers and/or extend sales within existing customers. Further, evaluation includes the extent to which the vendor articulates a clear, consistent, relevant and differentiated sales strategy that resonates with enterprises and reaches new buyer personas. Additional factors include the development of effective go-to-market strategies, alliances and partnerships, leveraging value-added resellers (VARs), systems integrators (SIs), ISP aggregators, master agents, network service providers (NSPs), managed network service providers and OEM resellers, as appropriate. The assessment further includes how the vendor leverages new pricing, consumption and business models that are emerging due to market and technology transitions.
Offering (Product) Strategy: This criterion evaluates the vendor’s SASE platform product around existing and future capabilities. This evaluation includes not just the raw features and services, but also the vendor’s overall architecture across the portfolio, and how this architecture provides value to the end customer. We also assess whether the vendor closes key gaps in its existing offering. We evaluate product strategy in terms of various capabilities, including (but not limited to) network security, networking automation, AI/operational enhancements, simplicity, service delivery and application performance. This evaluation also may include multiple qualifying products that may exist within a vendor’s portfolio.
Geographic Strategy: We assess whether the strategy is clear, consistent and will resonate with customers in order to add and sustain customers on a global basis. We assess aspects, including the vendor’s plans to address specific needs within particular geographies, such as localized languages, sales and regional certifications. We also assess the vendor’s ability to address any unique requirements of particular geographies and to employ the associated messaging, partnerships and product features, as well as sales channels to build a sustainable business advantage.

Completeness of Vision Evaluation Criteria

Evaluation CriteriaWeighting
Market Understanding
Medium
Marketing Strategy
Medium
Sales Strategy
Medium
Offering (Product) Strategy
High
Business Model
NotRated
Vertical/Industry Strategy
NotRated
Innovation
High
Geographic Strategy
Low
Source: Gartner (July 2025)

Quadrant Descriptions

Leaders

A Leader has the ability to address both current and future end-user requirements in the market. Leaders have comprehensive offerings that address multiple use cases, via a unified platform that provides a consolidated easy-to-use administrative interface. Additionally, a Leader’s strategy is well-aligned with emerging user needs and has the potential to shape and transform the market going forward. A Leader has strong demand-side market visibility, solid networking and security features, and a sizable installed base. A Leader also maintains positive relationships with its customers and partners globally. A Leader typically is increasing its investments, demonstrating its commitment to the future of the SASE platform market.

Challengers

A Challenger has broadly proven the ability to address current end-user requirements in the market. A Challenger typically has good demand-side market visibility, a sizable installed base of customers and products that address most enterprises across multiple use cases and geographies. However, a Challenger’s strategy and roadmap are less likely to shape and transform the enterprise SASE platform market going forward.

Visionaries

Visionaries often focus on shaping and transforming the market — from driving new product innovations and new pricing models to solving enterprise challenges in new ways. While Visionaries often have a solid relevant and differentiated strategy going forward, they often lack a consistent, proven ability to address customer challenges at a broader level that actually change market dynamics. For example, a Visionary may have a limited installed base of customers, lack demand-side market visibility, offer only partial geographic coverage, or lack key product capabilities across all enterprise use-case requirements today.

Niche Players

Niche Players are often focused on specific portion(s) of the market, such as a specific use case, geography or product specialty. They have a viable product but have not shown the ability to drive the broader market or sustain execution in the broad enterprise market. Niche Players typically have a near-complete SASE platform offering, with some limitations that manifest outside of their core focus areas. These limitations often include feature depth/breadth, geographic reach, demand-side market visibility, go-to-market and/or installed base. For example, Niche Players may be focused on only certain use cases, geographies, or evolving their existing installed base. This focus can create limitations in the broader market, including reducing their ability to address emerging customer needs.

Context

The adoption of cloud and edge computing and work-from-anywhere initiatives continues to drive a unified approach to enterprise access requirements. At the same time, enterprises are increasingly pursuing zero-trust strategies. More traditional perimeter-based approaches to securing anywhere, anytime access have resulted in siloed collections of vendors, policies and products, leading to complexity for networking and security administrators and users.
SASE can improve and simplify the end-user and operator experience by enabling the same access to applications, regardless of their location or the location of the application accessed. SASE can help organizations adopt a zero-trust security posture by applying consistent identity and context-based policies in near real time, regardless of the type of resource the user is accessing. SASE platforms consolidate this functionality into a unified platform offering.

Market Overview

The overall SASE market is projected to hit $15 billion in 2025 (see Forecast Analysis: Secure Access Service Edge, Worldwide) with a 2023 through 2028 compound annual growth rate (CAGR) of 26%. But only a small portion of this revenue is in the form of a unified SASE platform. In fact, in the last 12 months (ending April 2025), about one out of every four SASE Gartner end-user interactions were about SASE platforms. However, over time, we expect more SASE platform inquiries than about dual-vendor SASE.
The market for well-architected SASE platform offerings is maturing, with new vendors introducing solutions. End-user client interest in single-vendor SASE has nearly doubled year over year, and Gartner estimates approximately 20,000 enterprises are using a SASE platform offering. However, many customers have not yet fully enabled all core features of the vendor’s SASE platform offering. We expect that to take more time as enterprises go through refresh cycles, with a focus on consolidating vendors.
Many SD-WAN and SSE vendors now have a SASE platform offering (11 qualify for this research). However, not all vendors offer the required breadth and depth of functionality, integration across all components, a single management plane, and a unified data model and data lake.

SASE Adoption Patterns

While SASE platforms are the focus of this research, there are two other SASE adoption models:
  1. A dual-vendor offering: This is an explicit pairing of two vendors (typically one for network services and one for security services), with some level integration between the management plane and data plane. This model is the most common one that we observe in the market today.
  2. Managed SASE: We see limited interest in this model to date and far less interest than the widely adopted managed SD-WAN model.

Current Trends

Demand side:
  • Clients typically prioritize the security functionality over networking functionality based on end-user Gartner inquiries and market surveys.
  • Buyers prefer simplicity and unified offerings, including a single management console, agent, policy engine and data lake, as well as easy-to-understand pricing models.
  • Buyers expect worldwide POP coverage with full-service functionality that aligns with where their users and branches are located. Furthermore, buyers are increasingly demanding more options for data and infrastructure sovereignty, including where traffic is routed, where it is inspected and where logs are stored. One way to address these demands is deploying a SASE architecture in a customer’s owned environment. This requirement is driven by geographic locations and specific verticals.
  • Universal ZTNA: Applying ZTNA to branch locations and extending it from being only for remote and mobile users - is increasingly a demand from buyers. The goal is to leverage the consistent identity, context- based policies and risk in near real time of ZTNA and apply it everywhere so a single solution is offered regardless of the user’s location.
  • Coffee shop networking: With hybrid work and the distributed mobile workforce, we see the increasing desire for coffee shop networking use cases where, regardless of location, users can plug in and have the same experience as they would in a traditional office. Even with return-to-office mandates, we see this use case being relevant when applications are served primarily from the cloud (and there is minimal need for on-premises security for local East/West security).
Supply side:
  • New vendors continue entering the SASE platform market from adjacent markets, such as SD-WAN and SSE. Beyond the 11 vendors in this research, we estimate another 10 vendors have plans to offer full-featured offerings. We also expect mergers and acquisitions (M&As) to continue in this market and vendors to cease their participation.
  • Few vendors have a solid breadth of functionality across network and security (both on-premises and cloud). Still, more vendors in the market offer a unified platform, but this platform remains a work in progress for many vendors. In general, SD-WAN and SSE vendors that do not participate in the SASE platform market will have limited growth opportunities going forward.
  • Generative AI (GenAI) assistants are becoming more mainstream, but not all vendors have the capability, especially when it comes to recommendations. Furthermore, some vendors have capabilities to secure GenAI applications and provide prompt inspection to ensure no sensitive data is inadvertently uploaded in a prompt or released in a response.
  • More vendors are offering private/sovereign SASE capabilities, which provides flexibility as to where SASE policies are enforced across on-premises appliances, the vendor’s own POPs and hyperscale-based POPs.
  • Some vendors are converging their SD-Branch with SASE offerings to address broader universal ZTNA (consistent zero-trust experience for remote, mobile and on-campus users) requirements with increasingly disparate location types.
  • Most but not all vendors offer a “broker connector” for securing private applications to ensure a persistent inbound open port is not exposed on the public internet.

Future Trends

In the next two years, we expect the following evolution in the SASE platform market:
  • Increased adoption of SASE platforms and a shift away from dual-vendor SASE will continue as capabilities improve, refresh cycles come up, and security and networking teams collaborate. More vendors in the adjacent SD-WAN and SSE markets will enter the SASE platform market as SD-WAN and SSE become features/use cases of a SASE platform.
  • AI advances will continue in the SASE platform market. GenAI assistants will become standard capabilities for both security and networking use cases. Vendors will improve security of GenAI applications and inspection of end-user prompts, and extend security of GenAI applications to private GenAI-enabled applications and models. AI will be leveraged for capabilities such as real-time threat intelligence and microsegmentation. Agentic AI advances with process automation within the SASE platform so that more of the day-to-day functions are automated.
  • SASE platform revenue opportunities get bigger as vendors expand into adjacent markets, such as endpoint security, endpoint DLP, data security posture management (DSPM), SaaS security posture management (SSPM), microsegmentation, NDR/XDR and network access control use cases, as well as expand into wired and wireless LAN.
  • Support for unmanaged devices will expand into several options, including reverse proxies, dissolvable agents, browser plugins, remote browser isolation and local browser isolation (either through separate secure enterprise browser or tighter integration with browser security capabilities exposed by Google and Microsoft).
  • Vendors will offer postquantum cryptography (PQC) capabilities to enhance data security.

Evidence

  • Gartner analysts have conducted over 300 inquiries discussing SASE platforms with end-user clients from 1 April 2024 through 31 March 2025.
  • Gartner analysts have conducted about 1,200 inquiries discussing SASE with end-user clients from 1 April 2024 through 31 March 2025
  • Gartner analysts have conducted over 1,200 inquiries discussing SD-WAN with end-user clients from 1 April 2024 through 31 March 2025.
  • Gartner analysts have conducted nearly 1,200 inquiries discussing SSE with end-user clients from 1 April 2024 through 31 March 2025.
  • All vendors in this research responded to a prequalification survey to help determine their relevance to enterprise clients.
  • All vendors in this research responded to a request for information (RFI) regarding current and planned capabilities.
  • All vendors submitted a video demonstration following a script to show specific product capabilities.
  • Gartner analysts reviewed relevant reviews from Gartner Peer Insights for the 12 months ending 31 March 2025.
  • Gartner analysts reviewed publicly available information, including blogs, vendor technical documentation, product specification sheets and financial information.
  • Social media analytics: Gartner conducted social media listening analysis leveraging third-party data tools in the 12 months ending 31 March in all geographies (except China).

Evaluation Criteria Definitions

Ability to Execute

Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.