Gartner’s SSE Magic Quadrant for 2022 identified 11 key vendors currently providing security service edge capabilities for the enterprise market. In this article, we’ll summarize the common factors shared among leading SSE vendors and what separates them from niche players and share advice for connecting your edge network to SSE solutions via an SD-WAN on-ramp. We’ll also describe the similarities and differences between SSE and SASE.
What is Security Service Edge (SSE)?
Security service edge (SSE) is a cloud-centric security methodology for protecting edge network traffic. It rolls up technologies like firewall as a service (FWaaS), zero trust network access (ZTNA), and cloud access security brokers (CASB) into a single service. These technologies offer threat protection, security monitoring, access control, and data governance.
What is the need for SSE?
To protect your enterprise from cyber threats, you need to be able to extend your security policies and controls to all the remote and geographically distributed systems at your network edge. Historically, that meant backhauling all remote traffic through your primary firewall, which would inevitably cause performance issues for everyone on the network. This is not only frustrating, but can also have a big impact on business when much of your remote traffic is destined for cloud and web resources that aren’t even on your enterprise network.
SSE solves this problem by taking advanced enterprise security technologies and making them available as a cloud-based service. You can use SD-WAN with intelligent routing (more on that later) to send remote and branch office traffic through your SSE stack. This allows you to apply consistent policies and controls to your enterprise and edge traffic while reducing bottlenecks and increasing overall network performance.
What is the SSE Magic Quadrant?
Gartner’s SSE Magic Quadrant organizes the top SSE providers based on the completeness of their SSE vision and their ability to execute that vision. In the top-right quadrant are the leaders, or the companies with the largest SSE market share, and in the bottom-left quadrant are the niche players that haven’t seen widespread enterprise adoption yet. In between are the visionaries, who have innovative visions for the future but haven’t been able to execute them consistently, and the challengers, who are successfully executing SSE now but may not have a clear roadmap for the future.
Challengers |
Leaders |
|
Cisco (SIG) |
Zscaler |
Niche Players |
Visionaries |
|
Forcepoint |
Lookout |
On the other hand, the leaders of the SSE Magic Quadrant share a few common characteristics as well. For one, they have strong marketing and sales outreach along with a clear vision and roadmap for the future. This vision is essential because it allows enterprises to ensure their goals and strategies align with where their SSE vendor is headed.
In addition, these solutions’ components are tightly integrated with a single, unified management platform for more accessible and efficient operation. Magic Quadrant leaders invest in and implement new security features frequently, bug-free, and with adequate documentation and support. That means customers can stay ahead of emerging security threats without worrying about breaking their existing setups.
Overall, the biggest takeaway from the SSE Magic Quadrant is the importance of a seamlessly-integrated platform. A consolidated platform ensures complete visibility and control over your security service edge solution without needing to learn and operate multiple consoles.
On top of this, to use SSE cloud delivered solution we need a reliable way to send traffic from our edge network locations to the SSE stack. So as part of this architecture we need to combine an access solution like that which can tunnel traffic from branch edge to the cloud such as SD-WAN offerings and this needs to be simple. This architectural framework of SD-WAN Access plus SSE is how SASE is built and the relationship between the two terms. We’ll call this Access to SSE the on-ramp to SSE which requires a physical appliance for on premises installations.
SD-WAN: An on-ramp to SSE
Security service edge provides the technology to protect your edge-based cloud-destined traffic, but you still need a way to get that traffic to your SSE platform. This is known as an SSE on-ramp, and it’s not included in any of the SSE Magic Quadrant solutions. However, one of Gartner’s selection criteria was the ability to integrate with SD-WAN technology.
An SSE on-ramp uses SD-WAN (software-defined wide area network) technology to route remote and branch office traffic to your SSE stack in the cloud. SD-WAN separates the control and management processes from your underlying WAN hardware and virtualizes them as software, making it possible to centrally control and orchestrate even very complex and distributed WANs. With SD-WAN, you can use intelligent and application-aware routing to connect your edge users directly to the SSE platform, cloud, and web resources.
What to look for in an ideal SSE on-ramp
The ideal on-ramp to SSE will support seamless integration with your SSE platform, and vice-versa. In addition, the right solution will provide additional capabilities like:
- Physical hardware that’s easy to provision with versatile tunnel mechanism to SSE including IPsec, Wireguard with simple cloud management. Ideally this tunneling mechanism is really part of a SD-WAN on-ramp to SSE with application aware traffic steering
- Integrated L3/4 firewall technology to secure incoming traffic to your remote and branch locations, including VPN support. Ideally a local segmentation capability and zero-trust since SSE can’t do local segmentation on its own without help from on-premises requirements or an agent or VM.
- Out-of-band management access since you can’t reply on in-band connectivity through the cloud to setup the cloud. Therefore OOB access and provisioning is ideal to give you greater control over your remote networking infrastructure on a dedicated connection.
- Multiple WAN interfaces including at least one 4G/5G/LTE Modem with 2 SIM slots give you high-speed out-of-band access to critical remote infrastructure even when the primary WAN link is down.
- Terminal server/serial console/”jump box” port management so you can remotely administer and troubleshoot edge networking devices.
- Vendor-neutral computes with the ability to host 3rd party apps and Docker containers right at the network edge. So you can extend the capability of SSE with additional applications that may not be part of the SSE stack or may need an edge docker footprint like vulnerability scanning or user experience monitoring agent.
- Ability to setup the edge devices centrally with cloud management to automatically connect to SSE with zero touch and zero trust provisioning
The Nodegrid branch and edge networking solution from ZPE Systems delivers all these capabilities in a single platform. The Nodegrid Net Services Router (NSR) is a customizable, all-in-one device with available modules for storage, compute, serial console management, and more. The NSR can host your preferred SD-WAN solution, or you can use ZPE Cloud’s integrated SD-WAN app.
The Nodegrid solution is vendor-neutral and supports easy integrations with SSE Magic Quadrant vendors. Plus, with ZPE Cloud, you can manage and orchestrate your entire edge architecture from behind one pane of glass.
ZPE Systems rolls up everything you need in an SSE on-ramp and delivers it in one powerful, unified edge network solution.