Top 8 Secure Access Service Edge (SASE) Providers in 2023

Enterprise Networking Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Secure Access Service Edge (SASE) is a security architecture that addresses the challenges of cloud computing, remote work, and cyberthreats. It improves security by adopting the zero-trust model, simplifies IT management by eliminating the need for on-premises hardware and complex infrastructure, and saves money by reducing the costs of traditional security solutions.

Here are our recommendations for the best SASE providers for 2023:

Top Secure Access Service Edge (SASE) software comparison

This comparison table displays today’s most trusted SASE vendors, providing an overview of their network speed, ease of management and installation, and their primary use cases.

SASE vendorNetwork speed (Latency)Best for (Primary use case)Ease of use (Management/setup)
Zscaler Zero Trust ExchangeIntermittent LatencyZero trust securityModerate management, challenging setup
Citrix Secure Access Service Edge (SASE)Intermittent LatencyUnified gatewayModerate management, challenging setup
Prisma SASEMinimal LatencyIntegration with Palo Alto NetworksUser-friendly, challenging setup
Skyhigh Security Service EdgeMinimal LatencySecure web and cloud usage and threat detection and mitigationModerate management, complex setup
Cisco SASE ArchitectureOccasional LatencyIntegration with Cisco security productsModerate management, complex setup
FortiSASE SolutionMinimal LatencyComprehensive security integrationUser-friendly, simple setup
Forcepoint ONEMinimal LatencyModular SASE deploymentModerate management, complex setup
Barracuda SecureEdgeOccasional LatencyCloud-native SASE platformsModerate management, challenging setup

Jump to:

Zscaler icon.

Zscaler Zero Trust Exchange

Best for zero-trust security

Overall rating: 3/5

  • Cost: 0/5
  • Features: 5/5
  • Customer support: 3.25/5
  • Ease of Use 2.5/5
  • Integrations 4.5/5
  • Scalability 5/5
  • Network performance 1.25/5

The Zscaler Zero Trust Exchange platform is a versatile and expandable solution that includes a variety of Zscaler products. You can configure these products to meet the unique needs of your organization and choose the most appropriate products and features for your security and business objectives.

The platform typically includes these components for cloud-native application protection and inline security:

  • Zscaler Internet Access (ZIA)
  • Zscaler Private Access (ZPA)
  • Data Protection (CASB/DLP)
  • Digital Experience (ZDX)
  • Posture Control
Zscaler Internet Access ZIA interface.
Zscaler Internet Access ZIA. Source: Zscaler

Pros and cons

ProsCons
Native, multi-tenant cloud architecture that scales dynamically with demand.Unable to intercept custom ports, requiring users to purchase separate additional physical devices.
Proxy-based architecture for full inspection of encrypted traffic at scale.Does not provide granular controls over policy.
Security and policy brought close to users to eliminate unnecessary backhauling.Reports of high latency.
ZTNA restricts access for native application segmentation.Unclear pricing.

Pricing

Zscaler does not display full pricing details on its website. However, it has a list of plans and packages. It offers three bundles called Zscaler for Users Editions:

  • Business
  • Transformation
  • Unlimited

These packages include Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX) so you can enjoy the full capabilities of the  Zscaler Zero Trust Exchange.

For actual pricing information, get in touch with Zscaler’s sales department.

Features

  • Cyberthreat protection.
  • Data protection.
  • Zero trust connectivity.
  • Digital experience management.
  • Cloud-native connectivity.
Citrix icon.

Citrix Secure Access

Best for a unified gateway

Overall rating: 3/5

  • Cost: 2.5/5
  • Features: 4.5/5
  • Customer support: 2.5/5
  • Ease of Use 2.5/5
  • Integrations 2.75/5
  • Scalability 5/5
  • Network performance 1.25/5

Citrix Secure Access Service Edge (SASE) is a one-stop solution that combines SD-WAN, zero trust access, and other security features from the cloud. It makes remote access to applications and the internet easier, which reduces the complexity of IT management. The solution includes different Citrix products, such as:

  • Citrix Secure Internet Access
  • Citrix Secure Private Access
  • Citrix SD-WAN
Citrix Secure Access interface.
Citrix Secure Access. Source: Citrix

Pros and cons

ProsCons
Automatically updates with the latest threat information.Reports of slow performance and high latency.
Offers flexible policies for granular control over access and usage.Slow response times from customer support.
Applies security dynamically based on the role of the entity trying to gain network access.Confusing interface for some users.
Clear pricing.Complex initial setup.

Pricing

Out of all the SASE providers we evaluated, only Citrix has clear pricing. It gives two options, Citrix Secure Private Access Standard and Citrix Secure Private Access Advanced.

Citrix Secure Private Access StandardCitrix Secure Private Access Advanced
$3 per user, per month$7 per user, per month
Includes SSO to SaaS and web applications with multi-factor authentication, helping to reduce the odds of account compromise by 99.9%.Intelligently applies watermarking, clipboard access, download restrictions, and site navigation controls with adaptive access based on user location, device posture, and risk scores. Includes advanced multi-factor authentication natively with Citrix cloud for all non-virtual applications, as well as ZTNA access to TCP and UDP-based apps.

Features

  • Cloud-based security services like secure web gateway, cloud access security broker, and secure remote access.
  • Merges network and security services into one high-performance architecture available for central management.
  • Secure access to applications from any location.
  • Enforces uniform security compliance policies globally for all users, regardless of location.
Palo Alto Networks icon.

Prisma SASE

Best for integration with Palo Alto Networks

Overall rating: 3.5/5

  • Cost: 0.75/5
  • Features: 5/5
  • Customer support: 2.5/5
  • Ease of Use 3.75/5
  • Integrations 4.75/5
  • Scalability 3.75/5
  • Network performance 5/5

Prisma SASE from Palo Alto Networks is an AI-powered solution that integrates network security, SD-WAN, and Autonomous Digital Experience Management (ADEM) into one cloud-based service.

This SASE provider secures all applications your hybrid workforce utilizes, no matter where they are. Zero trust network access (ZTNA) 2.0 offers top-tier protection for all application traffic, guaranteeing access and data security and greatly diminishing the risk of data breaches.

Prisma SASE primarily includes the following products:

  • Prisma Access
  • Prisma SD-WAN
  • Cortex Data Lake

In addition to these, the platform incorporates advanced functionalities in areas like ZTNA, cloud secure web gateway (SWG), cloud access security broker (CASB), and Firewall as a Service (FWaaS) to bring a comprehensive SASE solution.

Palo Alto Networks Prisma SASE dashboard.
Prisma SASE. Source: Palo Alto Networks

Pros and cons

ProsCons
AI and ML capabilities accelerate anomaly detection.Complex setup.
Offers centralized control through a single interface.Excessive updates are difficult for some administrators.
Utilizes advanced and AI-automated SD-WAN.Lack of documentation for integration with certain SD-WAN providers, such as Versa Network.
User-friendly interface.Unclear pricing.

Pricing

Prisma SASE offers three editions for Prisma Access, namely Business, Business Premium, and Enterprise. It offers a free trial only for Prisma SD-WAN.

Like most vendors, Prisma SASE does not disclose exact pricing on its website. Contact their sales team for more pricing information.

Features

  • Enhanced ZTNA security.
  • Branch modernization.
  • Automated IT operations capabilities.
  • Multi-tenant functionalities.
  • Centralized control.
  • Monitored network status.
Skyhigh Security icon.

Skyhigh Security Service Edge (SSE)

Best for data-centric organizations

Overall rating: 3.25/5

  • Cost: 0/5
  • Features: 5/5
  • Customer support: 4/5
  • Ease of Use 1.25/5
  • Integrations 3.75/5
  • Scalability 3.75/5
  • Network performance 5/5

Skyhigh Security Service Edge (SSE), originally a part of McAfee’s cloud security unit, equips your workforce with tools and safeguards your data across the web, cloud, email, and private applications. This solution implements data and threat protection at every control point, aiming to lower the cost of security and simplify your management through a single integrated platform.

Skyhigh SSE delivers real-time data and threat protection against advanced and cloud-enabled threats, ensuring the safety of data across all vectors and users. The platform comprises several Skyhigh products.

  • Skyhigh Secure Web Gateway
  • Skyhigh Cloud Access Security Broker
  • Skyhigh Private Access
  • Endpoint Data Loss Prevention
  • Skyhigh Cloud Firewall
  • Remote Browser Isolation technology
  • Cloud Native Application Protection Platform
Skyhigh Security dashboard.
Skyhigh Security. Source: Skyhigh Security

Pros and cons

ProsCons
Scans up to six billion cells within six hours, which is significantly faster than anything on the market.Dramatically increases network usage, requiring a robust internet provider to support the load.
Minimizes inefficient traffic backhauling with intelligent, secure direct-to-cloud access, delivering 99.999% availability and ultra-low latency.Occasionally generates false positives and blocks legitimate websites or applications. This requires manual intervention to correct.
Protects workloads and cloud security posture management with application and risk context from a single platform.Complex setup and management.
Provides full-scope data protection for the workforce and eliminates data visibility gaps.Unclear pricing.

Pricing

Skyhigh Security doesn’t publish pricing details on its official page. Connect with their advisor for a quote.

Features

  • Access control.
  • Threat protection.
  • Data security.
  • Security monitoring.
  • Acceptable use control.
  • Cloud access security broker (CASB).
  • Secure web gateway (SWG).
  • Zero trust network access (ZTNA).
  • Cloud data loss prevention (DLP).
  • Remote browser isolation (RBI) technology.
  • Cloud firewall.
  • Cloud-native application protection platform (CNAPP).
Cisco icon.

Cisco SASE Architecture

Best for integration with Cisco security products

Overall rating: 3.25/5

  • Cost: 1.25/5
  • Features: 5/5
  • Customer support: 2.75/5
  • Ease of Use 1.25/5
  • Integrations 3.75/5
  • Scalability 5/5
  • Network performance 3.75/5

Cisco’s SASE framework provides network and security services that work seamlessly together. It employs cloud-based security services, such as SWGs, CASBs, FWaaS, and ZTNA along with VPN, DNS-layer security, and SD-WAN features. 

Some of the solutions that Cisco offers under its SASE architecture are:

  • Cisco+ Secure Connect
  • Cisco Secure Access
  • Cisco Umbrella
  • Cisco SD-WAN
Cisco Umbrella dashboard.
Cisco Umbrella. Source: Cisco

Pros and cons

ProsCons
Gives end-to-end visibility and industry-leading threat protection.Integration with third-party tools is cumbersome.
Solid networking expertise from Cisco.SSL decryption feature slows down performance.
Brings detailed insights into network status and user activity through Cisco Umbrella Secure Internet Gateway (SIG).Occasionally fails to sync policies.
Unifies security and operational policy management.Lack of transparent pricing.

Pricing

Cisco doesn’t disclose pricing details on its website. Please reach out to their sales team through chat or call.

It does ofer free trials with varying durations for its SASE products:

  • Cisco Umbrella: 14-day free trial
  • Cisco Secure Endpoint: 30-day free trial
  • Cisco Secure Access by Duo: 30-day free trial

Features

  • Consolidated dashboard for both security and operational policy management.
  • Network status tracking.
  • Analytics and reports bring insights and control over network operations and security.
  • User activity monitoring.
  • Controls access to data and resources based on user, device, and permissions through CASB, ZTNA, and SD-WAN segmentation.
  • Cloud asset security.
Fortinet icon.

FortiSASE Solution

Best for comprehensive security integration

Overall rating: 3.5/5

  • Cost: 0/5
  • Features: 5/5
  • Customer support: 3/5
  • Ease of Use 5/5
  • Integrations 3.25/5
  • Scalability 5/5
  • Network performance 5/5

FortiSASE delivers easy and flexible security for remote workers with different devices and locations. Powered by FortiOS and FortiGuard AI, this SASE solution comes with advanced security features and threat intelligence.

FortiSASE combines cloud-based SD-WAN and SSE to connect and protect users from the network edge to anywhere. It promotes a single-vendor SASE approach that unites networking and security and supports secure access to the web, cloud, and applications. FortiSASE includes the following components that run on one OS and are manageable using a single console:

  • AI-powered secure web gateway (SWG)
  • Zero-trust network access (ZTNA)
  • Cloud access security broker (CASB)
  • Firewall-as-a-Service (FWaaS)
  • Secure SD-WAN
Fortinet FortiSASE dashboard.
FortiSASE. Source: Fortinet

Pros and cons

ProsCons
Complete security suite.High bandwidth consumption.
Enhanced efficiency from integrated AI and ML across the platform.Limited availability of PoPs in some regions, impacting performance.
Detailed control options, promoting precise management.Requires users to have existing Fortinet solutions for complete visibility.
In-depth analytics and auto-generated reports.Unclear pricing.

Pricing

FortiSASE empowers users to choose from various options and mix and match them to meet their specific needs. It offers three package options in its Ordering Guide:

  • User-based: Allows users to connect with multiple devices concurrently (agentless or agent-based). FortiClient-based endpoints include EPP, VPN, and ZTNA components.
  • Thin Edge: Lets customers connect branch offices to FortiSASE.
  • SPA: Enables connectivity to private applications for remote users and branch locations.

Contact Fortinet sales to have a sales expert contact you with clear pricing information.

Features

  • One unified agent for secure access and endpoint protection.
  • Improved efficiency with a single agent for networking and security policy management.
  • Constant protection for on-prem and remote users to reduce gaps and configuration overhead.
  • Real-time threat countering with FortiGuard AI-powered Security Services.
  • Reliable user experience at any scale via seamless integration with Fortinet Secure SD-WAN.
  • Consistent application access control in all locations with Universal ZTNA.
Forcepoint icon.

Forcepoint ONE

Best for modular SASE deployments

Overall rating: 3.5/5

  • Cost: 2/5
  • Features: 4.25/5
  • Customer support: 3.5/5
  • Ease of Use 1.25/5
  • Integrations 3/5
  • Scalability 5/5
  • Network performance 5/5

Forcepoint ONE is an all-in-one cloud platform that makes security simple by getting rid of fragmented products. It promotes quick zero trust and security service edge (SSE) adoption by combining key security services, including SWG, CASB, and ZTNA. This solution enables organizations to gain visibility, control access, and protect data on managed and unmanaged apps and all devices, from one set of security policies.

One of the strengths of Forcepoint ONE is its modular approach to SASE. It provides a single, unified platform that facilitates the management of one set of policies across all apps, from one console through one endpoint agent. It protects access and data by combining:

  • Secure web gateway
  • Cloud access security broker
  • Zero trust network access (ZTNA)
  • RBI with content disarm and reconstruction (CDR)
  • Cloud security posture management (CSPM)
  • Forcepoint Classification for data tagging
Forcepoint ONE dashboard.
Forcepoint ONE. Source: Forcepoint

Pros and cons

ProsCons
Protects against advanced threats and data loss on the web and in the cloud.Third-party integration may result in conflicts affecting performance.
Simplifies deployments by consolidating various modules into a single client/agent.Delayed support for new macOS releases.
Granular capabilities for robust security management aligned with business needs.Policy changes can take over 20 minutes to apply.
Prioritizes data protection regardless of location or access method.Unclear pricing.

Pricing

Forcepoint One has four pricing editions:

  • CASB edition
  • ZTNA edition
  • Web edition
  • All-in-one edition

However, pricing details on these editions are unavailable. Reach out to Forcepoint’s sales department to request more information.

Features

  • Unified gateways for web, cloud, and private app access.
  • Agentless DLP security.
  • Integrated advanced threat protection and data security.
  • Dynamic scalability with global access.
  • Secure SD-WAN connectivity.
  • Pervasive data security and threat protection.
Barracuda Networks icon.

Barracuda SecureEdge

Best for cloud-native SASE platforms

Overall rating: 3.5/5

  • Cost: 2.5/5
  • Features: 5/5
  • Customer support: 4.5/5
  • Ease of Use 2.5/5
  • Integrations 2.25/5
  • Scalability 5/5
  • Network performance 2/5

Businesses can control data access from any device, anytime, anywhere with Barracuda SecureEdge. This SASE solution delivers enterprise-grade security, including ZTNA, FWaaS, web security, and fully integrated office connectivity with secure SD-WAN. It also allows security inspection and policy enforcement in the cloud, at the branch, or on the device.

The platform streamlines deployment by consolidating security management and operations reporting through cloud-hosted control software. Its automated SD-WAN capabilities further boost efficiency by performing self-healing, application-based routing, and adaptive session balancing based on traffic intelligence.

Barracuda Networks SecureEdge dashboard.
Barracuda SecureEdge. Source: Barracuda Networks

Pros and cons

ProsCons
Self-healing traffic intelligence detects the health of uplinks and encrypted tunnels across SD-WAN sites for adaptive optimization.Processing data in the cloud with Barracuda SecureEdge can sometimes take longer than expected.
Improved network performance and uptime from application-based routing and adaptive session balancing.Complex setup.
High level of control and visibility into user-generated traffic at each endpoint.SSL offloading occasionally slows down traffic.
Zero-touch management allows MSPs to deploy and manage Barracuda SecureEdge devices without any onsite visits.Unclear pricing.

Pricing

Barracuda offers a full-featured 30-day free trial of its Barracuda SecureEdge solution.

In addition, this vendor has a Build and Price page on its website showing the factors affecting Barracuda SecureEdge pricing. These factors include the specific capabilities you are looking for, the number of your offices and remote users, your organization’s public cloud offering, as well as the level of support you require. For completed pricing information, contact Barracuda’s sales team.

Features

  • Next-generation security.
  • Secure SD-WAN.
  • Zero trust access.
  • Web security.
  • Management and automation.
  • Content filtering.
  • Secure internet access (SIA).
  • Cloud-delivered security.
  • Barracuda Global Threat Intelligence.

Key features of SASE solutions

A complete SASE solution must encompass vital features to protect against evolving threats while enabling seamless access to network resources for remote and branch users. These key features include a zero-trust security model, cloud-native architecture, integrated networking and security, optimized network performance, and scalability.

Zero-trust security model

SASE solutions need zero trust because threats can come from anywhere, even inside the network. ZTNA verifies and authenticates users and devices constantly, no matter where they are. This lowers the risk of unauthorized access and data breaches.

Cloud-native architecture

Modern networks require a cloud-native architecture for scalability and flexibility. It lets organizations adapt to changing business needs, scale services as needed, and cut infrastructure costs by removing on-premises hardware.

Integrated networking and security

Networking and security services must integrate for efficient traffic routing and real-time threat detection and response. A single SASE solution combines these functions, simplifies network management, and applies consistent security policies across the network.

Optimized network performance

Optimized network performance, with low latency, redundancy, and high uptime, is key for a seamless user experience. Low latency minimizes data transmission delay, redundancy reduces network failures, and high uptime facilitates continuous access to critical resources.

Scalability

Scalability is imperative for SASE solutions because it ensures that as organizations evolve and expand, the network infrastructure can readily accommodate increased user numbers, devices, and data traffic without requiring constant and costly adjustments, thus supporting long-term flexibility and cost-efficiency.

How we evaluated SASE vendors

We actively sought out and ranked the top SASE vendors for 2023. To do this, we split our analysis into seven categories: cost, features, customer support, ease of use, integrations, scalability, and network performance. We then broke down each of these categories into more specific criteria tailored to the specific requirements and preferences of a reliable SASE solution.

We analyzed each software’s ability to meet the criteria in each category and gave them scores. Then, we added up the scores for each solution.

Cost – 20%

We evaluated the cost based on the availability and duration of a free trial, as well as pricing transparency.

Pricing transparency is an indispensable part of our evaluation because it allows customers to make informed decisions about whether the SASE solution fits their budget and needs. Unfortunately, only one provider, Citrix, provides pricing details to the public.

  • Criteria winners: Citrix Secure Access Service Edge and Barracuda SecureEdge

Core features – 25%

We measured the performance of each SASE solution’s core features to get reliable scores. These features include firewalls, intrusion detection and prevention, data encryption, identity and access management, threat intelligence, policy enforcement, compliance support, and auditing and reporting.

  • Criteria winners: Multiple winners

Customer support – 10%

Several factors affect customer support scores, including the availability and quality of different support channels such as live chat, 24/7 phone assistance for all users, and a responsive email support team. 

Additionally, we considered the presence of active user communities and the availability of in-depth documentation in our assessment.

  • Criteria winner: Barracuda SecureEdge

Ease of use – 10%

In order to evaluate the ease of use of the SASE solutions, we analyzed user feedback on multiple independent review platforms. This analysis helped us gauge how easy it is for users with varying levels of technical expertise to set up and manage each solution.

  • Criteria winner: FortiSASE Solution

Integrations – 12%

To measure integration capabilities, we quantified the number of relevant third-party systems each SASE solution connects with. We included third-party systems like cloud security platforms, firewalls, IAM tools, SWGs, SD-WAN solutions, and endpoint security platforms, signifying flexibility.

Moreover, we evaluated each solution’s adaptability for custom integrations, ensuring users have the freedom to add configured connections as required.

  • Criteria winner: Prisma SASE

Scalability – 10%

We determined the scalability of each solution by analyzing its capacity to handle increasing user numbers and network traffic without a decrease in performance. We also gathered real-world data from several users about the SASE solution’s performance in numerous environments to validate vendor scalability claims and benchmark expectations.

  • Criteria winners: Multiple winners

Network performance – 13%

To assess network performance we focused on checking metrics such as speed, reliability, latency, uptime, redundancy, failover, and throughput.

Furthermore, we considered user feedback and real-world data to collect insights into practical network performance.

  • Criteria winners: FortiSASE Solution, Forcepoint ONE, Prisma SASE, and Skyhigh Security Service Edge.

Frequently Asked Questions (FAQs)

Who needs a SASE solution?

SASE solutions are a valuable tool for many different types of organizations. Here’s who might find it especially useful:

  • Businesses operating in the cloud: SASE combines wide area networking (WAN) and zero trust security, offering protection for businesses operating in the cloud.
  • Organizations with remote or hybrid teams: SASE ensures a smooth user experience, improved connectivity, and robust security, catering to the dynamic secure access needs of digital businesses. It allows devices and remote systems to access apps and resources anytime, anywhere.
  • Organizations seeking comprehensive security: Any organization aiming for thorough threat and data protection, speeding up its digital transformation, or supporting a remote or hybrid workforce should consider adopting a SASE framework.

Can SASE replace VPNs?

Yes, SASE can replace virtual private networks (VPNs) for secure network access because it covers a broader range of security features compared to traditional VPNs.

What’s the difference between SASE and SD-WAN?

SASE and software-defined wide area network (SD-WAN) are network technologies serving various primary purposes. Here’s a closer look at the distinctions between them:

SASESD-WAN
UtilityIntegrates networking and extensive security services in a cloud-native architecture.Primarily optimizes networking and bandwidth efficiency.
SecurityAll SASE solutions combine network optimization with cloud-based security services.Some SD-WAN solutions may include security, but not all.
DeploymentExclusively cloud-based deployment.Offered in physical and cloud-native forms.
Traffic managementExamines traffic meticulously, providing an overall solution.Addresses traffic functions one at a time, case by case.

Bottom Line: The right SASE provider elevates your organization’s security and efficiency

In the era of remote work and edge computing, SASE has become more important than ever because it caters to the needs of a dispersed workforce and provides a cloud-native way to secure the WAN.

Selecting the right SASE provider is equally crucial. The vendor’s expertise is of utmost importance as you will entrust them with safeguarding your network and data.

Consider scalability, network stability, and security in choosing the best SASE vendor for your needs. A well-chosen provider can significantly bolster your organization’s security posture and operational efficiency.

SD-WAN, the key component that powers every SASE solution, is essential for managing and controlling network connectivity. Discover the top SD-WAN vendors and identify the best choices for your needs.

Liz Laurente-Ticong
Liz Laurente-Ticong
Liz Laurente-Ticong is a tech specialist and multi-niche writer with a decade of experience covering software and technology topics and news. Her work has appeared in TechnologyAdvice.com as well as ghostwritten for a variety of international clients. When not writing, you can find Liz reading and watching historical and investigative documentaries. She is based in the Philippines.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles

Follow Us On Social Media

Explore More