The Top SASE Provider 2023 Cato Networks
Cato Networks
Secure Access Service Edge, 2023 Frost Radar Secure Access Service Edge, 2023 A Benchmarking System to Spark Companies to Action - Innovation that Fuels New Deal Flow and Growth Pipelines Authored by Vivien Pua © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Table of contents Frost Radar summary 3 Research summary 4 Strategic imperative 5 Growth environment 6 Frost Radar 7 Competitive environment 8 Cato Networks 10 Strategic insights 11 © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Research summary Across industries, organizations find themselves in need of transforming their legacy networking and security infrastructure to better support both a hybrid workforce and increased use of cloud-based services. Added to this need is the challenge of achieving optimal operational efficiency due to the discrete networking and security tools in their IT environment. These infrastructure silos drive a strong need for organizations to consolidate the number of vendors and point solutions they use under a single secure access service edge (SASE) platform model. Many organizations, especially large businesses, still rely heavily on legacy technology stacks, and they often find it hard to replace or fully transition to the single SASE architecture because the project cuts across both networking and security stakeholders, meaning the networking and security teams must work together toward a common goal. As a result, organizations remain cautious about making a single SASE investment, and many of them still take a component-based or best-of-breed approach to SASE. However, Frost & Sullivan still expects demand for single-vendor SASE to grow significantly in the next few years as organizations look to manage networking and security services from one converged platform for better service performance and user experience. The SASE model answers this need and delivers visibility and security effectiveness. Customers can manage all policies centrally and enforce them consistently across different services to ensure service interoperability, performance, and efficiency, which helps reduce management overhead. The SASE industry remains in a nascent stage of development, and only a handful of vendors provide a comprehensive single SASE offering with in-house networking and security capabilities. Frost & Sullivan selected nine companies for this analysis based on their leadership or other distinctions and benchmarked them across 10 Growth and Innovation criteria to reveal their position on the Frost Radar. The publication presents competitive profiles of each company on the Frost Radar considering their strengths and the opportunities that best fit those strengths. © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Strategic imperative Secure access service edge (SASE) is a concept that converges network and security services to provide secure, reliable, and optimized network connectivity for users to access corporate systems, applications, cloud services, and data, regardless of their location. A typical SASE architecture comprises different networking and security services. The top services businesses widely adopt include software-defined wide area network (SD-WAN), next-generation firewall (NGFW)/firewall-as-a-service (FWaaS), cloud access security broker (CASB), secure web gateway (SWG), and zero trust network access (ZTNA). The drastically changing business environment due to the shift to hybrid working and rising cloud adoption is pushing for a new converged networking and security model to help organizations overcome challenges that legacy architecture fails to address. By converging networking and security functions into one platform or architecture, SASE allows businesses to modernize their traditional IT infrastructure and achieve greater operational efficiency through a more agile and scalable approach. Organizations prioritize SASE solutions based on several factors, including the following. ZTNA: a key component of a zero-trust model, providing granular access controls, supporting users based on zero-trust principles, and monitoring continuously to enforce strict security policies Scalable architecture: cloud infrastructure that allows customers to easily scale their network and security capabilities as business requirements evolve Centralized management and orchestration: a unified management tool that provides simplified network and security administration and policy enforcement, easy configuration, zero-touch provisioning, and monitoring across multiple locations Single-pass processing architecture: all networking and security functions consolidated into a single element or packet to perform process requirements only once, allowing improved efficiency and performance, reduced processing overhead, and lower risk of misconfiguration Extensive points of presence (PoPs) coverage: capacity to deliver integrated networking and security and process requests from different edges (physical data centers, remote users’ devices, IoT devices, and public cloud data centers) and remain highly available and elastic to meet customers’ requirements at different levels Organizations expect to achieve the following outcomes through a single SASE implementation: Vendor consolidation Unified protection for remote users and branch offices Centralized networking and security management to balance security needs and network performance Operational efficiency Cost reduction Ease of use and simplicity of deployment Optimized application performance and secure remote access to those applications In general, organizations will continue to prioritize simplified network administration, centralized management and orchestration, and consistent policy enforcement across all locations, including physical data centers, remote users’ devices, IoT devices, and public cloud data centers. Organizations that have embraced the SASE model will increasingly request further © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 convergence in other security areas, such as endpoint protection, extended detection and response (XDR), and IoT security. In response, SASE vendors will need to make sure their SASE platform has comprehensive networking and security capabilities to address organizations' evolving business needs. Furthermore, as organizations continue to move their data, workloads, and applications to the cloud, SASE vendors will need to provide extensive PoPs coverage across regions to deliver a better user experience and security efficiency. The globally interconnected PoP networks with high service availability and low latency can strengthen support for evolving digital initiatives due to the explosion of 5G, providing secure connections to any edge and IoT network. Local PoP is also important to address stricter regulatory compliance around data privacy and localization requirements. Organizations need to understand the pros and cons of different SASE models to differentiate the advantages and disadvantages of each model based on their actual needs. It is important for organizations to evaluate and assess the SASE vendor's vision, strategy, and roadmap to choose the right SASE model that can integrate well with their current IT infrastructure and evolve to meet customers’ fast-changing needs. © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Growth environment Frost & Sullivan’s recent survey on the ICT network services market finds that of the participating 1,624 cybersecurity decision- makers and influencers, including C-level executives, 60% of organizations anticipate the convergence of network and security in their network strategy during the next 2 years. In terms of SASE adoption, Frost & Sullivan’s 2023 Voice of Enterprise Security Customer Survey indicates that 46% of organizations are using SASE whereas 38% plan for SASE adoption by 2024. Only 13% of organizations shared that they were not considering SASE adoption. The majority of organizations want to deploy SASE for ease of security management across network branches or remote workers (49%), for cost savings with integrated network and security (47%), and for threat prevention and detection (43%). Many of them are also looking to achieve application performance optimization (41%), protect branch and remote endpoints (40%), and protect edge applications (40%) through SASE deployment. These survey results align with the strong growth of the SASE market in 2022, which will continue during the next three years at a high double-digit year-over-year (YoY) growth rate. Frost & Sullivan expects the global SASE market will generate total revenue of $1,358.2 million in 2023, representing YoY growth of 60.1% and increasing at a strong compound annual growth rate of 35.3% from 2023 to 2027, reaching $6,162.9 million in 2027. Chief information security officers (CISOs) increasingly face challenges in the growing complexity of their IT infrastructure as organizations embrace digital transformation and incorporate new technology tools into their systems. Their migration to cloud and adoption of a multi-cloud strategy are forcing organizations to modernize their network and security infrastructure so they can reduce or eliminate the complexity of sustaining fragmented and disjointed networking and security products. In addition, the rise of the hybrid workforce has expanded the attack surface, and a perimeter-based security approach is not adequate to protect the applications, workloads, or data that are hosted in multiple locations, whether in on-premises data centers, public cloud platforms, or hybrid and multi-cloud environments. To navigate these challenges, CISOs are seeking solutions that provide comprehensive networking and security capabilities, allowing users to access data, workloads, and applications from any location securely without compromising safety. As a result, the adoption of SASE solutions is strong globally. More organizations will value a unified SASE solution from one single vendor over a best-of-breed SASE solution from multiple vendors, as the single SASE approach allows them to overcome challenges posed by discrete networking and security tools and significantly reduce architectural complexity. Most SASE platforms in today’s market support customers moving in phases to a single SASE solution via a flexible platform architecture. This provides greater flexibility, especially for those who still rely on legacy networking or security hardware appliances. Frost & Sullivan studies related to these independent analyses: Global SASE Growth Opportunities, 2022 Global Secure SD-WAN Solutions Growth Opportunities, 2022 © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Frost Radar Source : Frost & Sullivan © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 Competitive environment The SASE market is still in its nascent stage of development, and vendors from different backgrounds are taking different approaches to offering solutions. Both network and security vendors have been expanding and strengthening their SASE offerings in the last 3 years. Some companies advertise as SASE vendors, yet they lack either the in-house networking or comprehensive security capabilities needed to deliver a converged SASE architecture with extensive PoP coverage across regions. In the next 3 years, Frost & Sullivan expects to see more companies enter the market to provide full-fledged SASE offerings, after either acquiring other companies or developing products in-house. Today, however, only a handful of vendors provide a comprehensive single SASE offering with in-house networking and security capabilities. The vendors included on this Frost Radar are excelling in growth and/or innovation, selected for their performance related to factors such as end-user focus, geographic presence, and solution portfolio. Frost & Sullivan expects companies meet the following criteria to be recognized as SASE vendors: Provide a SASE platform that includes in-house SD-WAN, ZTNA, and FWaaS/SWG. (The partnership model is excluded.) Have a distributed global PoP system (running in public clouds or private data centers) to support the SASE platform. Frost & Sullivan independently plotted nine companies in this Frost Radar analysis that meet its SASE vendor inclusion criteria. The vendors are Barracuda Networks, Cato Networks, Cisco, Forcepoint, Fortinet, Palo Alto Networks, Sangfor, Versa Networks, and VMware. Palo Alto Networks, Cato Networks, and Versa Networks have emerged as the leaders on both the Growth and Innovation Indexes, primarily for their robust and consistent revenue growth during the past 3 years and innovation capabilities in strengthening their SASE offerings. Among them, Palo Alto Networks achieved tremendous double-digit growth in 2022 to solidify its position as the largest player in the global SASE market, supported by its well-established brand name in the security industry and strong go-to-market execution across regions. The company has a robust partner ecosystem, and it continues to expand its partnerships with global managed security service providers (MSSPs) to deliver smooth deployment, integration, and ongoing managed SASE services for customers. Palo Alto Networks has demonstrated its strong commitment to innovation by seamlessly integrating Prisma SD-WAN, Prisma Access, and Autonomous Digital Experience Management (ADEM) to deliver Prisma SASE. While Palo Alto Networks remains a strong player with a comprehensive SD-WAN and security services offering, the company lacks a private backbone for SD-WAN connections, but offers two management consoles, the new Strata Cloud Manager platform (Cloud Managed) and Prisma Access for Networks (Panorama Managed), which may create a more complex setup or configuration. Cato Networks is one of the fastest-growing players and achieved strong double-digit growth in 2022. It stands out on the Growth Index for its strong growth momentum during the past 3 years, surpassing larger competitors such as Cisco, Versa Networks, and VMware. The company has a strong customer base in the small and medium business segments, and it continues to expand its market reach to larger organizations, positioning its SASE offering to experience robust growth. Cato Networks demonstrates innovation leadership through its cloud-first and converged SASE platform, supported by a global private backbone and extensive SASE PoP coverage across regions. Its cloud-native platform sets it apart from other competitors who rely on the rearchitecting or service-chaining approach to SASE. Versa Networks experienced strong double-digit growth in 2022, enabling the company to maintain its leadership position as the second-largest player in the market by revenue. The strong growth of its SASE business across regions is fueled by its channel-first strategy that is supported by an extensive channel partner ecosystem, including value-added resellers (VARs), service providers, telecommunication operators, and systems integrators (SIs). However, the company’s revenue base for the Asia-Pacific (APAC) and Latin America (LATAM) regions, especially LATAM, remains relatively small, mainly due to limited PoP coverage in the region. In terms of innovation, Versa Networks continues to strengthen its SASE platform capabilities by © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Secure Access Service Edge, 2023 leveraging megatrends to introduce AI-driven security and networking capabilities through Versa AI. The company will need to expand its PoP coverage in LATAM to better support its customers. Cisco, Fortinet, and VMware are positioned favorably in the Growth and Innovation Indexes, benefiting from the comprehensiveness of their SASE platforms. Cisco and VMware have strong networking capabilities and a relatively larger networking customer base than their competitors. This allows them to upsell or cross-sell the SASE solution to their existing networking customers. Cisco experienced healthy double-digit growth in 2022. However, the slower growth compared to the market average led to a loss of market share. From an innovation standpoint, the company has a wide range of networking and security solutions, and customers have greater flexibility to integrate different SASE components depending on their needs. However, the component- based approach may create confusion and complexity for configuration and management. VMware also experienced healthy double-digit growth in 2022; however, its SASE business in APAC remains relatively small and will require it to focus on go-to-market execution in the region to boost business. The company demonstrated a strong commitment to expand its channel partner ecosystem and enhance its SASE platform capabilities by investing in advanced technologies, such as edge computing and private 5G connectivity. However, the functionalities of its CASB/SaaS security or data loss prevention (DLP) under VMware Cloud Web Security are relatively basic compared to other leading companies. VMWare will need to improve its low perception as a security company to strengthen its security capabilities. Fortinet’s SASE business recorded tremendous triple-digit revenue growth in 2022 from a relatively smaller revenue base, but it has yet to achieve a strong market presence in APAC and LATAM due to limited PoP coverage in these regions during the evaluation process. Nevertheless, Fortinet has advantages in leveraging its strong, secure SD-WAN customer base and well- established channel ecosystem across regions to boost its SASE business, which it achieves by partnering with global and regional MSSPs. In terms of innovation, Fortinet has a comprehensive set of security capabilities that can be integrated into the SASE solution, and all networking and cloud-delivered security functions run on a single operating system (FortiOS) for unified management. However, the company will need to improve its cloud-delivered security services offering to include other key SASE components, such as DLP and remote browser isolation (RBI), to gain traction and grow its SASE business and industry recognition. Sangfor is positioned favorably on the Innovation Index. The company is the only Chinese vendor that can provide a single SASE solution through a single-pass architecture for improved user experience and efficiency. The SASE solution is powered by its AI-driven Engine Zero malware detection and a strong threat intelligence database. The company will need to establish more complete self-managed PoP coverage to better support global and regional customers. In 2022, Sangfor’s SASE revenue came from the APAC region alone. Its limited business presence in other regions results in a lower score in the Growth Index. Forcepoint is new to the market, having launched its SASE platform, Forcepoint ONE, in 2022. The company witnessed greater traction for its security service edge (SSE) offering than its SASE solution, resulting in its smaller market share compared to other SASE players. Forcepoint needs to enhance the comprehensiveness of its SASE platform and grow its industry recognition when it comes to a single SASE offering. Barracuda Networks is strong in the mid-sized and small business segments, driven by its firewall, email gateways, and web security products. However, its SASE offering is relatively new to the market, and it has low visibility among enterprises across regions. The combination of disparate point solutions under its SASE offering might limit its ability to grow its market share. Note: Barracuda Networks and Forcepoint did not actively participate in the Radar evaluation process. © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Cato Networks Innovation Cato Networks built its SASE platform with a global and cloud-native architecture as its foundation to deliver SASE services through a converged platform, with no local hardware configuration needed. Customers can adopt Cato SASE Cloud as a co- managed, fully managed, or self-managed solution. Regardless of the option taken, Cato always manages the underlying shared infrastructure. It runs in its global network of interconnected PoPs via its global private backbone network for a consistent and low-latency path between sites and users. The company consistently adds 3 to 4 new PoPs every quarter to better support its customers. Cato Single Pass Cloud Engine (SPACE) is the core element of the company’s SASE platform, and it utilizes a single pass architecture to analyze and process customers’ networking and security policy and configurations, allowing the company to deliver high-performance and low-latency services. Cato Networks has expanded its security capabilities by introducing CASB and DLP in 2022 and RBI in 2023. The company is also looking to incorporate XDR and an endpoint protection platform (EPP) into its SASE platform by end of 2023. Growth Based on Frost & Sullivan’s estimates, Cato Networks is one of the fastest-growing companies and achieved tremendous growth in its SASE business in 2022, with a YoY increase of 71.8%. North America, the biggest region for Cato Networks, contributed more than half of the company’s total SASE revenue in 2022, with triple-digit YoY growth, while all other regions grew by strong double-digit YoY growth. In 2022, the company expanded its footprint to LATAM, and the region contributed about 1.0% of its total SASE revenue. Cato Networks is strong in the small and medium business segments, which have = lean IT infrastructure and are more open and flexible to adopting the cloud-native security model. These business segments contributed more than 80.0% of the company’s SASE business in 2022. Cato Networks has also seen strong adoption of its SASE platform from business, financial services, and insurance (BFSI); retail; manufacturing; and tech companies. Customers can opt for a managed service package, including 24*7 multi-tier support services, professional services, and managed services, to outsource the management to the Cato team or partners. Frost perspective Cato Networks is a leader on the Growth and Innovation Indexes of this Frost Radar. The company’s consistent revenue growth in its SASE business during the past 3 years helps to solidify its growth leadership position. Cato Networks showcases its commitment to innovation by building its SASE platform from the ground up, and the cloud-native platform allows it to stand apart from other competitors that rely on the rearchitecting or service-chaining approach to SASE. However, its cloud-native SASE approach may not work well with highly regulated companies due to compliance concerns or the desire to maintain a legacy on-premises architecture. In addition, Cato Networks’ global SASE revenue is mainly contributed by North America and Europe, the Middle East, and Africa (EMEA), whereas business in APAC and LATAM remains relatively minimal. The company should focus on strengthening brand awareness and go-to-market strategies in these fast- growing regions to capture growth opportunities. © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.
Strategic insights CISOs are challenged by increasing operational complexity as disjointed networking and security products lead to multiple points of integration, inconsistent policies, and discrete management interfaces. This drives a strong need for organizations to modernize their networking and security infrastructure by converging multiple solutions under a single SASE platform. SASE vendors should emphasize simplified management, converged networking and security services, and a single-pass architecture to deliver greater business outcomes with optimized network performance, a better user experience, and an improved security posture. The single-vendor SASE approach is gaining popularity, and Frost & Sullivan expects the shift from a best-of-breed SASE approach to a single SASE offering to increase in the next 3 years. Deploying SASE components from multiple vendors often results in complex implementation, configuration, and integration processes. Organizations will continue to consolidate vendors when achieving SASE and emphasize streamlined networking and security management through a converged SASE approach. SASE vendors should continue to reinforce the comprehensiveness of their converged SASE offering by incorporating organically developed networking and security capabilities or that of acquired technology companies to address the evolving networking and security requirements in today’s fast-changing business environment. Organizations that have embarked on the SASE journey will request that more advanced capabilities be integrated with the broader SASE portfolio. As such, vendors need to strengthen and expand their SASE portfolio from time to time to meet customers’ evolving needs and new use cases that leverage the power of AI, 5G, and IoT. It is also important for vendors to enhance their security capabilities against potential threats and vulnerabilities by integrating more proactive security measures, including endpoint protection, XDR, and IoT security to ensure they can offer comprehensive protection to customers. © 2023 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied, or otherwise reproduced without the written approval of Frost & Sullivan.