10 Best SASE Network Security Vendors Tested And Reviewed

1. Cato SASE

How We Tested Cato SASE

We start our list with the first SASE platform developed from scratch, Cato Networks. Cato are well known for offering their own global private backbone which enables customers to use their connectivity across more than 75 Points of Presence (PoPs). Cato's private backbone optimises and secures long distance connections, enabling organisations with sites spread around the world to improve and protect their connections.

To begin testing, we deployed Cato SASE via Cato Management and followed the automated configuration process to create a new site. Through automation, Cato made the deployment process very easy and reduced the manual workload that we experienced significantly.

The integrated features in Cato SASE form its full network security stack offering with Next Generation Firewall (NGFW), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) and Zero Trust Network Access (ZTNA). After deploying, we decided to test out some of the security functions that Cato SASE provided, with the NGFW capabilities first.

Configuring the Next Generation Firewall settings was a straightforward process, all contained inside Cato Management. Once setup, we began testing by attempting to access blocked websites from within the network. We noted that Cato prevented access to the websites, identifying them as being part of the configured blacklist. Through testing, this proved to us that the NGFW capabilities of Cato could adequately prevent access to potentially malicious sites in a real-world scenario.

Following the firewall, we wanted to test the antimalware capabilities in order to determine if the network security could still prevent breaches, should access to a malicious website still occur. By placing a controlled piece of malware onto the network, we were able to monitor how Cato dealt with it. The anti-malware feature quickly identified the threat and placed it in quarantine to prevent further spread of the breach.

Why Consider Cato SASE?

We would recommend Cato’s SASE solution for large enterprises with globally spread branch offices. The offering of Cato’s private backbone also makes this solution ideal for global co-managed service requirements.

Cato SD-WAN & SASE Netify Review

2. Zscaler SASE

How We Tested Zscaler SASE

Similar to Cato, Zscaler offers over 150 global Points of Presence, enabling secure connectivity from a range of sites and locations. However, unlike Cato, Zscaler SASE is well known for its Zero Trust architecture implementation. Zero Trust enforces that there is no implicit trust for users across the network and requires clients to continuously verify their identity. In addition to this, Zscaler implements micro-segmentation to prevent unauthorised access spreading between applications.

When compared to Cato, the deployment process of Zscaler was not quite as straightforward. For setting up the SASE solution, we configured the private access (ZPA) and internet access (ZIA) policies, as well as the security services. These services included Zscaler’s full network security stack, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) and Next Generation Firewall (NGFW).

Our testing began with Zscaler’s sandboxing capabilities. We introduced a variety of malware samples across the network in order to see how effectively Zscaler could deal with threats in a contained environment. Zscaler’s quickly identified all threats, isolating malicious payloads from the rest of the network and ensuring they could not spread to other segments.

Similar to sandboxing, which enables malware to be investigated within an isolated segment, Zscaler also offers browser isolation. Browser isolation protects end-user’s devices web sessions by segmenting traffic from each webpage and applications traffic. This helps to prevent against session hijacking and other malicious exploits that risk web applications may attempt. The combination of these features highlights Zscaler’s ability to protect users from breaches and their effects, reducing the vulnerabilities of Zscaler by reducing the attack plane.

Why Consider Zscaler SASE?

Within the market, Zscaler has experienced some issues related to scalability and performance, particularly with its Zscaler Private Access (ZPA) feature. Although we did not notice any latency within our testing, some users have reported latency issues and this can impact user experience in large-scale deployments. Due to these limitations, we would recommend Zscaler for large multinational enterprises that can manage potential scalability concerns.

ZScaler SASE Review

3. Cisco Umbrella SASE

How We tested Cisco Umbrella SASE

Whilst Zscaler had potential issues with the flexibility and scalability of their SASE solution, Cisco offers one of the more flexible SASE solutions in this list. Falling under the wide range of products that Cisco has to offer, Cisco Umbrella integrates with other Cisco services, such as Cisco Catalyst SD-WAN and SecureX.

To deploy Cisco Umbrella, we started by configuring settings such as the internal networks and public IP ranges, DNS-layer security snd firewall. This process was much more complex than that of Cato and Zscaler, highlighting the complexity of the workload for network administrators.

Given Cisco Umbrella can offer a wide range of security features through its modular Cisco integration architecture, we decided to focus on already integrated security features when testing. The first of these features being Cisco Umbrella’s DNS security capabilities, which should filter out blacklisted websites. On testing we found that Cisco Umbrella was capable of effectively prevent access to all blacklisted sites, which would prevent access to potentially malicious sites in a real-world scenario.

In the event that a networked user does gain access to a malicious site, Cisco Umbrella offers remote browser isolation functionality to help prevent session hijacking or data loss. We noted that the browser isolation provided with Cisco Umbrella was effective at shielding against threats, potentially stopping zero-day exploits and malware threats.

Why Consider Cisco Umbrella SASE?

Whilst Cisco Umbrella offered us with an extensive SASE solution, we did notice even when deploying the step-up in complexity for management when compared to the previous two entries on this list. We’d therefore recommend Cisco Umbrella to organisations to large scale organisations that are already leveraging other Cisco products, with expert network administrators.

Cisco Umbrella SASE Review

4. Palo Alto Prisma SASE

How We Tested Palo Alto Prisma SASE

In recent years there has been an increasing adoption of Internet of Things (IoT) devices for businesses such as for Industry 4.0 manufacturing use cases. With that in mind, no SASE solution is as tailored made for securing IoT environments as Prisma Access by Palo Alto Networks.

The deployment process was of similar difficulty to the previous entry in this list, Cisco Umbrella. Deploying Prisma Access required us to configure the network segmentation, setup IPsec tunnels and route both remote and mobile connections via cloud providers.

The first security feature we tested within Prisma Access was its Secure Web Gateway (SWG) capabilities. SWG is designed to identify and block potentially malicious websites and downloads, Upon testing, Prisma Access quickly blocked us from visiting malicious sites and helped to prevent us from downloading potentially dangerous files.

After testing the SWG, we moved onto the Cloud Access Security Broker (CASB) capabilities. CASB ensures secure connectivity to cloud resources and controls cloud data flows. We found that Prisma Access’ Cloud Access Security Broker capabilities prevented cloud access to unauthorised connections, ensuring cloud resources are protected. To assist with monitoring protection, CASB provided cloud access visibility, which we use to monitor the testing results.

Why Consider Palo Alto Prisma SASE?

Unlike some of the other SASE vendors in this comparison, Prisma Access does not offer its own private backbone. Due to this, Prisma uses a public backbone of Points of Presence (PoPs) utilising cloud services for connectivity. Due to being public, this poses potential scalability limits and restricts businesses from regulatory compliance in some sectors. 

We would therefore recommend Prisma Access for large enterprises which require Industry 4.0 or IoT integrations.

Palo Alto SD-WAN & SASE Netify Review

5. Perimeter 81 Harmony SASE

How We Tested Perimeter 81 Harmony SASE

Whilst Prisma Access doesn’t offer a private backbone, Perimeter 81's SASE solution does. Offering a backbone of over 50 points of presence, Perimeter 81 is seen by many as a stepping-stone solution for small and medium size businesses that are looking to start utilising cloud resources.

We began by deploying Perimeter 81 SASE, utilising the provided setup wizard and utilised available automations within the Check point Infinity portal. The use of automations features helped to reduce our workload and simplified the setup process.

Once deployed, the first security feature we tested within Perimeter 81 SASE was its anti-malware capabilities. Placing a controlled virus onto the network, we noted that Perimeter 81 SASE quickly detected the malware and provided us with real-time alerts and reports on the malware. These insights enable real-world network administrators to make informed and proactive tweaks to security policies.

As we described Perimeter 81 SASE as being ideal for SMBs that are starting to use cloud resources, these businesses are typically worried about the security of their resources, especially when connecting remotely. To test the connectivity that may be utilised by mobile workforces, we tested Perimeter 81 SASE’s Virtual Private Network (VPN) capabilities. When using Perimeter 81 SASE’s VPN capabilities, we noted that the remote connections were stable and able to prevent latency spikes, whilst also keeping traffic private.

Why Consider Perimeter 81 Harmony SASE?

Due to the simplified deployment process and global network of PoPs, we would recommend Perimeter 81 SASE to SMBs that are adopting cloud or remote work environments. Unfortunately, the lack of customisation features available within Perimeter 81 SASE means that we would not recommend it for larger enterprises that require greater control.

Perimeter 81 SASE Cybersecurity Solutions

6. Palo Alto Prisma SD-WAN

How We Tested Fortinet FortiSASE

Fortinet, well known for their security capabilities, offers FortiSASE, a solution that integrates Fortinet’s threat intelligence from FortiGuard Labs. FortiSASE differentiates itself by integrating Artificial Intelligence to provide analysis of analytics and offer proactive security measures across its SASE solution. With over 30 Points of Presence globally, Fortinet doesn’t have the largest backbone in this list, however does show that connectivity is also important to Fortinet, as well as security.

Deployment of FortiSASE was slightly more involved than with other solutions, requiring segments, tunnels and policies all to be setup within the FortiSASE management console.

Once deployed, we began testing of the security features that FortiSASE had to offer. Our testing focused on two key features, endpoint protection and deep SSL inspection.

The first of these tests was focused on FortiSASE’s endpoint protection. Placing a controlled virus onto the network, we noted that FortiSASE quickly identified and mitigated these threats, ensuring breaches could not spread or cause impact. The effectiveness of Forti-SASE’s AI-driven threat intelligence was evident in its ability to adapt and respond to new threats, which included zero-day threats.

Whilst the endpoint protection can protect against breaches from occurring, FortiSASE offers Secure Socket Layer (SSL) inspection capabilities to detect breaches within encrypted traffic on the network. Fortinet’s SSL inspection capabilities were highly effective, revealing and mitigating threats concealed within encrypted communications without significant degradation of connection speeds. This is a common challenge with SSL inspection technologies and we were surprised by its effectiveness.

Why Consider Fortinet FortiSASE?

We would strongly recommend Fortinet FortiSASE for large enterprises with a focus on security or for businesses that have many branch offices all connecting to networked resources.

Fortinet SD-WAN & SASE Netify Review

7. Versa SASE

How We Tested VMware SD-WAN

Similarly to FortiSASE, Versa SASE stands out for its integration of Artificial Intelligence (AI) and machine learning (ML) capabilities.  These technologies have been implemented to provide real-time network insights and automated threat response.

Deployment of Versa SASE was much more long-winded in comparison to the other vendors on this list. Whilst this can be looked upon as a limiting factor, this complexity comes as a result of the abundance of features that Versa SASE has to offer.

The first security feature we tested was the Next Generation Firewall (NGFW) capabilities of Versa SASE. Configuring the Next Generation Firewall settings was a straightforward process, all contained inside Versa Director. Once setup, we began testing by attempting to access blocked websites from within the network. We noted that Versa prevented access to the websites, identifying them as being part of the configured blacklist. Through testing, this proved to us that the NGFW capabilities of Versa could adequately prevent access to potentially malicious sites and noted that Versa Director allowed us to view the nature and source of attacks, which could be crucial in a real-world scenario.

Following the testing of Versa’s NGFW, we began focusing on Versa’s Virtual Private Network (VPN) capabilities. Versa’s VPN creates a tunnel between remote sites and the network to allow data and resource sharing across geographically distant locations. Versa’s VPN created a quick and secure tunnel to networked resources, effectively encrypting traffic and ensuring secure connectivity for remote users under varying network conditions.

Why Consider VMware SD-WAN?

Due to the volume of features, complexity of deployment and management and the availability of in-depth real-time analytics, we would recommend Versa SASE for organisations requiring granular control over their security policies. We would, however, caveat this by suggesting that a dedicated network administration team may be required given the complexity of Versa’s solution.

Versa SD-WAN & SASE Netify Review

8. Open Systems SASE

How We Tested Open Systems SASE

An ideal solution for businesses requiring a managed SASE solution, Open Systems SASE is backed by their mission control support team, which provides business with simplified network management.

When deploying Open Systems SASE, we leaned on the managed services to help us to quickly configure the location, service connections and user authorisation integrations.

Once deployed, our testing began with Open System’s cloud sandboxing capabilities. We introduced malware samples across the network in order to see how effectively Open Systems could deal with threats within its contained environment. Open Systems SASE quickly isolated all threats and ensured they could not spread to other network segments.

Whilst the sandboxing capabilities analyses potential threats, Open Systems also offers URL filtering to prevent initial access to potentially malicious sources. By configuring a list of blacklisted sites, we tested Open System’s URL filtering by attempting to connect to blocked sites. By rejecting each of our connection attempts, Open Systems SASE highlighted the ability of its URL filtering capabilities to protect against malicious sites.

Why Consider Open Systems SASE?

It should be noted that Open Systems' SASE solution does not offer the same level of customisation as the other vendors on this list. We would therefore recommend Open Systems SASE for businesses that require a fully managed SASE solution and 24/7 monitoring, management and support.

Open Systems SD WAN & SASE Cybersecurity Solutions

9. Aryaka SASE

How We Tested Aryaka SASE

Aryaka joins the list of vendors on this comparison to other a global private backbone. With over 40 Points of Presence (PoPs) worldwide and a fully managed SASE solution, businesses with requirements for worldwide connectivity and 24/7 support should consider Aryaka as a contender.

The deployment process for Aryaka SASE was straightforward, with configuration of Aryaka OnePass, Next Generation Firewall (NGFW), Deep Packet Inspection (DPI) and anti-malware contained in the MyAryaka platform.

The first security feature we tested was Aryaka’s Zero Trust Network Access (ZTNA) functionality. Aryaka’s ZTNA capabilities are delivered through Aryaka OnePass, which enforces access policies consistently across the entire network.

ZTNA through Aryaka OnePass policy enforce. We then attempted to access networked resources with a user account that did not have sufficient privileges and noted that the connection was promptly rejected. Switching to an account that had the missing privileges, we noted that Aryaka allowed access and there were no performance drops whilst Aryaka verified authorisation.

We then tested Aryaka’s anti-malware capabilities, placing a controlled virus onto the network. Once placed we noted that Aryaka SASE quickly detected the malware and provided us with real-time alerts and reports. These insights enable real-world network administrators to make informed and proactive tweaks to security policies.

Why Consider Aryaka SASE?

We would recommend Aryaka SASE for businesses requiring a fully managed SASE solution and last-mile circuit management.

Aryaka SD-WAN & SASE Netify Review