The SASE managed service market emerged from the need to alleviate the burden on IT Teams of maintaining multiple disparate networking and security tools. SASE managed services are typically offered by network service providers (NSPs) and managed service providers (MSPs) that handle every aspect of the solution, from planning, initial design, implementation and operation.
- Secure Access Service Edge (SASE) is SSE + SD-WAN (Access).
While SASE managed service offerings vary by provider, they generally include the following features:
- Consulting and advisory services to assess customer’s readiness for SASE, understand business requirements and priorities, identify existing technologies, technology deployments, cross-team workflows and cultural barriers
- End-to-end solution delivery and service management, including initial design tailored to customers’ unique needs, deployment and integration with existing technologies and processes, hardware and policy configuration, ongoing management, troubleshooting, monitoring and performance and security incident management
- Partnerships with industry-leading SASE vendors and security technology providers to enable “best-of-breed” single-vendor solutions and multi-vendor SASE stacks
- Complementary security services and solutions, such as threat intelligence, managed detection and response (MDR), endpoint detection and response (EDR), extended detection and response (XDR) and incident response
- Varying service level agreements (SLAs) or SLA tiers for performance and security incident detection and resolution and change implementation
- 24x7x365 Network Operations Centres (NOCs) and Security Operations Centres (SOCs) staffed with networking and security experts that monitor customers’ deployments around the clock
- A unified customer portal offering customer support and case management services, reporting, site and policy management and billing
- Circuit provisioning and fully managed last-mile connections
Table of Contents
Who is leading in SASE?
According to Gartner, the leading SASE vendors in 2022 are Zscaler, Netskope and McAfee Enterprises.
- Gartner SASE Leading Vendors
How do I choose a SASE provider?
IT leaders seeking SASE managed services should consider the following points before selecting a provider and entering into a long-term service contract:
- The breadth of networking security services offered by the NSP or MSP in comparison to the organisation’s baseline requirements
- The breadth of SASE vendor options, including multi-vendor and best-of-breed SASE stacks
- Geographical coverage, local language support and 24x7x365 performance and security monitoring and incident management
- Service licensing models, including the ability to quickly scale out or in based on organisational requirements
- Solution complexity, including integration with existing technology
- The ability to access performance, configuration, reporting and policy settings through a unified customer portal
- SLAs and SLA tiers for network performance, security incident detection and notification and change management
- Cloud Computing with SASE integrations
How do providers offer SASE as a service?
Providers generally deliver SASE services in one of three managed models:
- Managed deployment and operation: the service provider handles the solution design, policy and hardware configuration, deployment, ongoing management, monitoring and security incidents.
- Managed deployment: the service provider handles the solution design, initial policy and hardware configuration and rollout, while the customer is responsible for the solution’s operation, ongoing management, monitoring and security incidents post-deployment.
- Managed operation: the service provider is responsible for managing and operating a SASE solution that was initially designed, configured and deployed by the customer.
Managed SASE Vendor Comparison
Globalgig
Globalgig is a managed network services provider based in Texas, USA, offering fully managed SASE and SD-WAN solutions from industry-leading vendors, including Palo Alto Networks, Cisco Viptela, Peplink, Cisco Meraki, Cradlepoint and Fortinet.
Globalgig’s managed services approach follows a systematic methodology that starts with an in-depth analysis of customers’ environments through discovery sessions, network reviews, performance analysis and requirements identification, ultimately leading to project scoping, design, implementation and ongoing management.
Globalgig’s network designs include security capabilities from Cisco Viptela, Cisco Meraki and Fortinet, including NGFW, SWG and UTM. Furthermore, Globalgig customers can choose from three service tiers based on their requirements and needs, including:
- Essential, covering basic hardware and circuit monitoring, reporting and troubleshooting.
- Plus, including all the features offered in the Essential plan, plus full device management and configuration.
- Premier, covering all services offered in the Plus plan, with additional network and flow intelligence, application visibility and reporting and enhanced troubleshooting.
Masergy
Masergy is a network service provider based in Texas, USA, offering fully managed, best-of-breed SASE solutions covering core security and networking capabilities, including FWaaS, CASB, SWG, SD-WAN and ZTNA. Masergy provides these solutions through a combination of different service models and packages, including:
- As a security-driven SD-WAN solution
- As part of a larger SASE strategy
- As a managed security service
Masergy’s managed SASE solution is based on Fortinet and Forcepoint technology products, with SD-WAN, Cloud firewall and SWG powered by Fortinet and CASB by Forcepoint.
- Masergy Dashboard Overview
Masergy’s fully managed CASB, SWG and FWaaS solutions are turnkey services covering deployment, integration, ongoing policy management, monitoring, incident response, and issue mitigation from three global 24×7 Security Operations Centres (SOC) supported by an extensive security team.
Masergy is on a path to offer ZTNA capabilities that will include Single Sign-On (SSO), user, device and location authentication and authorisation and granular access control policies based on the least principal privilege.
NTT Global
NTT is a global network service provider based in Japan that offers a managed SASE solution from Palo Alto Networks. The solution covers:
- Palo Alto Networks’ Prisma Access solution delivered as a managed service
- NTT’s Enhanced Advanced Threat Detection service, including monitoring, threat detection, advanced analytics, proactive threat hunting, incident validation with actionable mitigations and incident notification and reporting capabilities for customers’ Prisma Access platforms
- NTT’s Security Device Management, covering policy management of customers’ Prisma Access environment, including deployment and ongoing policy changes based on ITIL change management best practices
Additionally, NTT offers managed SD-WAN services from six vendors, including Cisco Viptela, Fortinet, VMware, Cisco Meraki, Versa Networks, and HPE Aruba (Silver Peak). NTT’s managed SASE service is supported by more than 2,000 security professionals across six 24×7 Security Operations Centres (SOCs) that process and analyse 5.9 TB per day from over 1,600 customers.
GTT
GTT Communications is a global network service provider based in Virginia, USA, that offers managed SD-WAN services from VMWare, HPE Aruba (Silver Peak) and Fortinet. The company announced in November 2021 a partnership agreement with Palo Alto Networks to offer Secure Connect, a fully managed, cloud-delivered SASE platform powered by Palo Alto Networks’ Prisma Access and delivered over GTT’s Tier 1 global network. Secure Connect integrates with GTT’s managed SD-WAN offering, providing a comprehensive set of networking and security capabilities that converge Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS) and Zero Trust Network Access (ZTNA) into a single platform.
Furthermore, GTT offers Professional Services to complement and complete its flagship SASE platform. GTT’s Professional Services division provides initial solution design, deployment, ongoing policy management, troubleshooting, support and incident response. GTT also offers its customers a centralised portal, EtherVision, through which they can gain insights and manage different aspects of the solution if needed.
IBM
IBM is a global technology company with headquarters in New York, USA. IBM’s security division, IBM Security, offers an end-to-end managed SASE solution that includes consulting, service design and integration, managed security services, migration, application onboarding with ZTNA, visibility, insight and monitoring.
Through a partnership with Zscaler, IBM delivers IBM Security Services for SASE, managing customers’ Zscaler platform (Zscaler Internet Access and Zscaler Private Access) from solution design to continuous policy management. IBM Security Services for SASE cover a range of services, including:
- Design and implementation per industry best practices
- Implementation of zero trust policies to enable secure application access
- Security policy design, analysis and migration
- Legacy technology replacement and consolidation into a single-vendor solution
- Dedicated security team to support migration and ongoing management services
- Programme reviews and strategic recommendations for continuous improvement
Furthermore, customers can realise enhanced security benefits from IBM and Zscaler’s integration, including:
- Identity and access management via IBM Security Verify
- Unified endpoint management through IBM Security MaaS360
- Threat management and security operations with IBM Security QRadar
Verizon
Verizon is a global network service provider based in New York, USA, that offers multi-vendor SASE solutions. Branded Advanced Security Access Service Edge (SASE), Verizon launched its fully managed SASE service in June 2021, converging Network-as-a-Service (NaaS), security and managed services in a single-provider-managed “best-of-suite” SASE solution. While the company plans to expand its SASE vendor partner ecosystem, it currently offers a solution based on Versa Networks. The solution consists of Versa Networks’ SWG, ZTNA, and SD-WAN, leveraging Verizon’s global network as the backbone and supported by Verizon’s Network Operations Centre (NOC) and Security Operations Centre (SOC).
Among the security options available in Verizon’s Advanced SASE based on Versa Networks are:
- Intrusion Detection and Prevention Services (IDS/IPS)
- Data Loss Prevention (DLP)
- Distributed Denial Of Service (DDOS) protection
- Anti-spam
- Malware protection
- Web content filtering
Furthermore, customers can access the service features through the Verizon Enterprise Centre, enabling advanced reporting, analytics and API integration capabilities.
Lumen
Lumen is a global network service provider based in Louisiana, USA, offering a SASE platform that tightly integrates its managed security services and infrastructure assets with industry-leading SD-WAN and SASE partners. The platform’s core components, underpinned by Lumen’s partner ecosystem, include SD-WAN, integrated security, hybrid cloud diversity and managed orchestration. Through integrations with top-tier security and networking vendors, such as Versa Networks, VMware, Cisco Meraki, Cisco Viptela, Palo Alto Networks and Fortinet, the Lumen SASE platform can deliver combined security capabilities that include:
- SWG
- ZTNA
- URL filtering
- CASB
- Remote browser isolation
- Next-gen
- FWaaS
- Managed firewalls
- Data Loss Protection (DLP)
- DDoS mitigation
Lumen offers its SASE platform via flexible service models, including do-it-yourself (DIY), co-managed, and managed. The managed offering is an end-to-end, fully managed service, with 24×7 monitoring by experienced security professionals and optional incident escalation, that covers:
- Site-by-site design
- Service provisioning and configuration
- Migration
- Management and monitoring
- Routing and security policy management
BT
BT is a global network service provider with headquarters in London, UK. While BT has been offering managed SD-WAN solutions from prominent vendors, such as Cisco Meraki, Cisco Viptela, VMWare, Fortinet, Versa Networks, and Palo Alto Networks, in January 2022, BT and VMWare announced a partnership agreement to offer VMWare Secure Access Service Edge (SASE) as a BT-managed SASE solution. The solution consists of VMware’s SD-WAN gateways, hundreds of globally distributed PoP locations and a cloud-delivered, single-vendor security stack, managed and supported by BT’s Network Operations Centre (NOC) and Security Operation Centre (SOC). VMware’s core SASE features include:
- URL classification and web content filtering
- In-line Cloud Access Security Broker (CASB)
- Malware protection
- Next-Generation Cloud Firewall (NGFW)
- ZTNA delivered via VMware Secure Access
The partnership combines VMware’s market-leading technology with BT’s global network and telecommunications infrastructure, paired with BT’s 100-point checklist and rigorous security testing to ensure a smooth deployment while reducing security risk.
Broadcom (Symantec)
Broadcom is a US-based company with headquarters in San Jose, California, targeting large enterprise clients globally across many industries. Broadcom’s SASE offering incorporates SWG (formerly known as Symantec Web Security Service), CloudSOC CASB and ZTNA, covering a range of security capabilities, including:
- Remote Browser Isolation (RBI)
- Data Loss Prevention (DLP) across all channels
- URL threat prevention and classification
- Advanced malware analysis
- SSL inspection
- FWaaS
While Broadcom does not offer a native SD-WAN solution, it partners with top-tier SD-WAN vendors to provide a complete SASE solution. Furthermore, through partnerships with HPE Aruba (Silver Peak), VMware, Cisco Meraki, Nokia Nuage and 128 Technology, Broadcom’s DX NetOps network monitoring software boosts real-time performance monitoring and machine learning analytics of applications delivered over multi-vendor SD-WAN networks.
Broadcom’s SASE solution is available in Do-It-Yourself (DIY) and managed service models. The latter extends the SASE solution globally through Broadcom’s Global Service Providers (GSPs) network and Secure One partner programme.
AT&T
AT&T is a global provider of mobile and wired telecommunications based in Texas, USA, offering fully managed SASE services from top-tier vendors, including:
- AT&T SASE with Cisco
- AT&T SASE Branch with Fortinet
- AT&T SASE with Palo Alto Networks
- AT&T SD-WAN with Cisco, Aruba (Silver Peak), VMware and Palo Alto Networks
- AT&T Secure Web Gateway (SWG) and Remote Access from Zscaler
The solutions are offered as a managed service, covering the complete solution lifecycle, from deployment to policy design, ongoing maintenance, 24×7 monitoring, security and firmware updates, support and troubleshooting by AT&T’s Security Network Operations Centre (NOC). Furthermore, through its SASE Consulting Services division, AT&T offers SASE advisory services that include consultations, readiness workshops, strategy and roadmap, solution deployment and realisation.
Among the capabilities offered by AT&T’s SASE services are:
- SD-WAN, NFV, and virtualisation
- CASB, SWG, FWaaS, and ZTNA
- SSL inspection and DLP
- Identity management services, including authentication and authorisation
- Security and network operations
Who is the best SASE provider?
Netify nominates Globalgig as the best SASE managed service provider. Globalgig is a global provider of telecommunication services headquartered in San Antonio, Texas, offering technology-agnostic SD-WAN and SASE managed services. A thorough analysis of the customer’s applications, network and overall IT environment underpins Globalgig’s managed service offering, allowing its team of networking experts to design SD-WAN and SASE solutions irrespective of technology. Globalgig employs a five-phase solution lifecycle methodology that starts with understanding the customer’s requirements, use cases, desired user experience, critical applications and growth strategy. Discovery, Design, Align and Achieve phases complete Globalgig’s solution lifecycle methodology, resulting in custom-built SD-WAN and SASE solutions that best suit customers’ needs.
Globalgig offers three managed service tiers, including Essential, Plus, and Premier, and supports many SD-WAN and SASE platforms, including Palo Alto Networks, Cradlepoint, Fortinet, Peplink, Cisco Viptela and Cisco Meraki.
How many SASE providers and vendors are there?
At the time of this research, there were approximately 27 SASE vendors and 19 SASE managed service providers.
SASE vendors:
- Zscaler
- Netskope
- McAfee Enterprises
- Palo Alto Networks
- Cisco Forcepoint (Bitglass)
- Lookout
- Broadcom
- iboss
- Forcepoint
- Versa
- Akamai
- Cato Networks
- Menlo Security
- Microsoft
- Open Systems
- VMware
- Perimeter 81
- Fortinet
- Barracuda Networks
- Checkpoint
- Juniper
- Proofpoint
- Citrix
- Oracle
- Aryaka
- Omniclouds
SASE managed service providers:
- NTT
- Verizon
- BT
- AT&T
- Lumen
- Masergy
- GTT
- Tata Communications
- Orange Business Services
- Colt
- Deutsche Telekom
- Telstra
- PCCW Global
- Sparkle
- Riedel Networks
- Globalgig
- Expereo
- Telefonica
- Ananda Networks
Which SASE providers are featured by Gartner?
Among the SASE service providers featured in Gartner’s Magic Quadrant for Security Service Edge, published on 30 March 2022, are:
- Zscaler
- Netskope
- McAfee Enterprises
- Palo Alto Networks
- Cisco
- Forcepoint (Bitglass)
- Lookout
- Broadcom
- iboss
- Forcepoint
- Versa
- Akamai (honourable mention)
- Cato Networks (honourable mention)
- Cloudflare (honourable mention)
- Menlo Security (honourable mention)
- Microsoft (honourable mention)
- Proofpoint (honourable mention)
Furthermore, Gartner has featured the following network service providers in its Magic Quadrant for Network Services, Global, published on 21 February 2022, who offer managed SASE services from industry-leading vendors:
- NTT
- Verizon
- BT
- AT&T
- Lumen
- Masergy
- GTT
- Tata Communications
- Orange Business Services
- Colt
- Deutsche Telekom
- Telstra
- PCCW Global
- Sparkle
- Riedel Networks
Which SASE acquisitions have occurred in 2022?
At the time of this research, the following acquisitions were announced or completed in 2022:
- Cloudflare acquired Aria 1 Security to incorporate SASE email security
- Cloudflare acquired Vectrix to add CASB to its SASE offering