Home » Blog » SSE Magic Quadrant: Key Takeaways of the 2023 Report
The SSE Magic Quadrant describes top cloud security service vendors, conceptualized as a cloud with glowing network nodes and a padlock.

Gartner’s SSE Magic Quadrant for 2023 identifies 10 key vendors currently providing secure service edge capabilities for the enterprise market. In this guide, we’ll summarize the common factors shared among leading SSE vendors, discuss what separates them from niche players, and share advice for connecting your edge network to SSE solutions via an SD-WAN on-ramp.

Table of Contents:
  1. What is Security Service Edge (SSE)?
  2. What is the need for SSE?
  3. What is the SSE Magic Quadrant?
  4. What has changed since the 2022 SSE Magic Quadrant?
  5. Key takeaways from the 2023 SSE Magic Quadrant
  6. SD-WAN: An on-ramp for SSE
  7. What to look for in an ideal SSE on-ramp
  8. Why Nodegrid is the ideal SSE on-ramp

What is Security Service Edge (SSE)?

Security service edge (SSE) is a cloud-centric security methodology for protecting edge network traffic. It rolls up technologies like Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), and Cloud Access Security Brokers (CASB) into a single service. These technologies offer threat protection, security monitoring, access control, and data governance.

What is the need for SSE?

With the frequency and severity of ransomware attacks and other cybercrimes increasing daily, security is a major priority for any organization. To protect your enterprise from cyber threats, you need to be able to extend your security policies and controls to all the remote and geographically distributed systems at your network edge. Historically, that meant backhauling all remote traffic through your primary firewall, which would inevitably cause performance issues for everyone on the network. This is frustrating and can greatly impact the business when much of your remote traffic is destined for cloud and web resources that aren’t even on your enterprise network.

SSE solves this problem by taking advanced enterprise security technologies and making them available as a cloud-based service. You can use SD-WAN with intelligent routing (more on that later) to send remote and branch office traffic through your SSE stack. This allows you to apply consistent policies and controls to your enterprise and edge traffic while reducing bottlenecks and increasing overall network performance.

Learn more about SSE:

Gartner’s 2023 SSE Magic Quadrant Summarized



Cisco (SIG)

Palo Alto Networks (Prisma Access)

Niche Players



Skyhigh Security
Forcepoint (Bitglass)

There are many reasons why an SSE vendor would be considered a niche player, including that the market hasn’t caught on to them yet due to poor marketing or sales strategies. However, one common caution among niche players is a failure to fully integrate SSE components, which means customers must use multiple dashboards to manage a single SSE solution. Another common issue is poor support during sales, implementation, and operation, leading to frustration among enterprises with less experience in edge networking and security.

On the other hand, the leaders of the SSE Magic Quadrant share a few common characteristics as well. For one, they have strong marketing and sales outreach, a clear vision, and a roadmap for the future. This vision is essential because it allows enterprises to ensure their goals and strategies align with where their SSE vendor is headed.

In addition, these solutions’ components are tightly integrated with a single, unified management platform for more accessible and efficient operation. Magic Quadrant leaders invest in and implement new security features frequently, bug-free, and with adequate documentation and support. That means customers can stay ahead of emerging security threats without worrying about breaking their existing setups.

What has changed since the 2022 SSE Magic Quadrant?

There are three major changes to Magic Quadrant this year.

  • Palo Alto Networks moves from Challenger to Leader: In 2022, Palo Alto extended its Prisma Access SSE solution to better integrate with Prisma SD-WAN, enhance its proxy and ZTNA components, and add SaaS Security Posture Management (SSPM).
  • McAfee splits its cloud business into Skyhigh Security: Early in 2022, McAfee enterprise split into two, with its cloud business now known as Skyhigh Security. This split disrupted Skyhigh’s growth and market share and moved this SSE offering from the Leaders quadrant to the Visionaries quadrant.
  • Versa leaves the SSE Magic Quadrant: Versa no longer ranks in the top 20 organizations in Gartner’s market momentum index (MMI), so it isn’t included in the 2023 Magic Quadrant.

Key takeaways from the 2023 SSE Magic Quadrant

  • Most vendors prioritized improving their core capabilities and better integrating their product, rather than focusing on new features and other innovations.
  • Vendors who fail to fully integrate their SSE offering into a unified platform are quickly losing market share.
  • WFH traffic is less of a concern for enterprises than branch/edge sites, so SD-WAN access and integrations are critical.

Overall, the biggest takeaway from the SSE Magic Quadrant is the importance of a seamlessly-integrated platform. A consolidated platform ensures complete visibility and control over your security service edge solution without needing to learn and operate multiple consoles.

On top of this, to use SSE’s cloud-delivered solution, you need a reliable way to send traffic from your branch and edge locations to the SSE stack. That means part of the architecture needs to include an access solution that can tunnel traffic from these locations to the cloud, such as SD-WAN. The access solution serves as an on-ramp to SSE, and requires a physical appliance for on-premises installations. This framework combining SD-WAN access with SSE is how SASE (secure access service edge) is built.

SD-WAN: An on-ramp to SSE

Security service edge provides the technology to protect your edge-based cloud-destined traffic, but you still need a way to get that traffic to your SSE platform. This is known as an SSE on-ramp, and it’s not included in any of the SSE Magic Quadrant solutions. However, one of Gartner’s selection criteria was the ability to integrate with SD-WAN technology.

An SSE on-ramp uses SD-WAN (software-defined wide area network) technology to route remote and branch office traffic to your SSE stack in the cloud. SD-WAN separates the control and management processes from your underlying WAN hardware and virtualizes them as software, making it possible to centrally control and orchestrate even very complex and distributed WANs. With SD-WAN, you can use intelligent and application-aware routing to connect your edge users directly to the SSE platform, cloud, and web resources.

What to look for in an ideal SSE on-ramp

The ideal on-ramp to SSE will support seamless integration with your SSE platform, and vice-versa. In addition, the right solution will provide additional capabilities like the ones listed below.

Features of an ideal SSE on-ramp include:

Versatile tunneling

Physical hardware that’s easy to provision with a versatile tunnel mechanism to SSE, including IPsec and WireGuard, with simple cloud management. Ideally this tunneling mechanism uses application-aware traffic steering to make it an effective part of an SD-WAN on-ramp.

Integrated L3/L4 firewall

Integrated Layer 3/Layer 4 firewall technology to secure incoming traffic to your remote and branch locations, including VPN support. The ideal on-ramp has local segmentation capabilities and zero-trust, since SSE can’t do local segmentation on its own without help from on-premises equipment, agents, or VMs.

Out-of-band (OOB) management

OOB management for a direct, dedicated network connection to the SD-WAN on-ramp that doesn’t rely on cloud-based in-band connectivity. OOB access and provisioning are ideal to gain greater control over remote networking infrastructure on a dedicated connection.

Multiple WAN interfaces

Flexible and redundant WAN interfaces to ensure 24/7 availability. At least one of these should include a 5G/4G LTE modem with 2 SIM slots for high-speed cellular failover and out-of-band access when the primary WAN link is down.

Terminal server

Terminal server/serial console/”jump box” port management for easy remote management of edge infrastructure. This should include the ability to host third-party troubleshooting tools so admins can easily recover from outages without going on-site.

Computing power

Compute capabilities to run third-party apps and Docker containers right at the network edge. With built-in compute it’s easier to extend the functionality of SSE with additional applications that may not be part of the SSE stack or need an edge Docker footprint, like vulnerability scanning or user experience monitoring agents.

Centralized automation

Unified management of automation like Zero Touch Provisioning (ZTP) to automatically spin-up edge devices and connect them to SSE. Automation can significantly speed up branch deployments while reducing the risk of human error.

Why Nodegrid is the ideal SSE on-ramp

The Nodegrid branch and edge networking solution from ZPE Systems combines all the capabilities of the ideal SSE on-ramp in a single platform. For example, the Nodegrid Net Services Router (NSR) is a customizable, all-in-one device with available modules for storage, compute, serial console management, and more. The vendor-neutral NSR can host your preferred SD-WAN solution and supports easy integrations with SSE Magic Quadrant Leaders like Palo Alto Prisma Access, or you can use ZPE Cloud’s integrated SD-WAN app.

Thanks to the open-architecture, Linux-based Nodegrid OS, you can also extend Nodegrid’s capabilities with your choice of custom and third-party applications for security, monitoring, automation, and more. Plus, every device, application, and integration connected to the Nodegrid platform is brought under a single management umbrella for a unified and efficient orchestration experience. 

The Nodegrid platform from ZPE Systems rolls up everything you need in an SSE on-ramp and delivers it in one powerful, unified edge networking solution.

Learn how Nodegrid easily hosts and integrates Gartner’s picks for the 2023 SSE Magic Quadrant!

Contact ZPE Systems today!

Contact Us