Forrester Wave report highlights Zero Trust Edge solutions that centralizes networking, security capabilities

Analyst firm Forrester Research released Wednesday its inaugural Forrester Wave: Zero Trust Edge Solutions, Q3 2023 report covering Zero Trust Edge (ZTE), also known as secure access service edge (SASE) that centralizes multiple networking and security capabilities. These typically cover software-defined WAN (SD-WAN), cloud access security broker (CASB), Zero Trust network access (ZTNA), and secure web gateway (SWG), into a unified solution. 

The Forrester Wave evaluation highlights Leaders, Strong Performers, Contenders, and Challengers. The 32-criterion evaluation identifies the most significant vendors and evaluates their ZTE solutions. 

Zero Trust Edge largely connects internet traffic to remote sites using zero trust access principles, primarily by utilizing cloud-based security and networking services. Adoption of the zero trust security model is crucial in preventing breaches and protecting sensitive data. By reducing the attack surface and enforcing strict authentication and authorization policies, zero trust can help organizations limit the scope for attackers to compromise their systems and data. 

The evaluation criteria were categorized into three high-level categories: current offering, strategy, and market presence. Current offering includes remote workforce security, zero trust principles, network control, management, monitoring, visibility, and integrations. Strategy evaluates vision, innovation, roadmap, partner ecosystem, pricing flexibility, transparency, and supporting services. Market presence scores reflect revenue and installed bases.

Among the leaders, Forrester identified that Fortinet balances security and networking with eye-popping value. Fortinet is one of the six firewall vendors in this report. The company differentiated itself in the market by developing and integrating networking functions such as routing into its remote office firewalls, which eases the rollout of its ZTE solution with a unified management interface. These solutions, alongside strong technology and business partnerships, have helped Fortinet experience rapid growth. One of the most compelling aspects of the Fortinet value proposition is its cost. As with its firewalls, the Fortinet option is priced quite literally an order of magnitude lower than the vendor’s most expensive competitors.

As could be predicted from a vendor with a security pedigree, The Forrester report added that Fortinet’s FortiSASE platform has the basic security features that security pros expect in a ZTE platform: universal ZTNA, SWG, CASB, and firewall as a service. However, the platform is weak in DLP (data loss prevention) and offers fewer advanced security capabilities than its competitors. The workforce gets a unified end-user agent that does both endpoint security and ZTE. 

“Technically, Fortinet’s management is centralized through FortiManager, but the interface shows its age. Fortinet also offers a cloud portal, but it lacks feature parity with FortiManager,” the report added. “The company is taking the DIY approach with its global delivery platform, which customers are finding out the hard way. Fortinet has less network reach than other vendors in this evaluation, and reference customers confirm fewer PoPs as well as lower delivery performance at those PoPs. Fortinet is a strong fit for highly distributed organizations (like retailers) and those seeking value for money.”

“We’re pleased that our zero-trust approach to securing the expanding edges of today’s networks is being recognized by Forrester,” John Maddison, chief marketing officer and executive vice president for product strategy at Fortinet, said in a media statement. “We believe that the critical convergence of networking and security must be everywhere and are proud to be one of the only vendors to lead in firewall, SD-WAN, and Zero Trust Edge reports. For us, this recognition validates our continuing commitment to developing one of the leading single-vendor SASE solutions on the market.”

The Forrester analysis disclosed that Palo Alto Networks differentiates with security, AI, and operations. “The vendor’s outstanding strategy aligns strongly to ZTE and features AI and AIOps to increase detection and decrease the chance of misconfiguration. While its peers have digital experience management on their forward roadmaps, Palo Alto Networks delivers it now. The vendor has a strong partner ecosystem of resellers and managed service providers (MSPs) and the multitenancy to support them. However, the vendor needs to take care of its existing customers and improve its customer support,” it added.

“Palo Alto Networks’ Prisma SASE service rides largely on the Google backbone network (and other hyperscalers’ for redundancy). Reference customers gave only positive reports regarding its performance and latency,” Forrester added. 

Kumar Ramachandran, senior vice president of products, SASE, Palo Alto Networks said in a media statement that the company is “proud to be recognized. To us, this acknowledgement is for our superior cloud-delivered ZTNA 2.0 security, next-generation SD-WAN, and AI-powered IT operations from a single unified platform. We believe this recognition is a testament to our comprehensive approach to SASE and Zero Trust, ensuring our customers are prepared to meet the scale, complexity, and speed of a highly distributed and cloud-first world.”

The Forrester report also recognized that Versa Networks’ unified ZTE solution comes with a rich set of controls and visibility. “Not only has Versa addressed the current struggles of securely transmitting data and connecting remote offices and mobile users, the vendor’s superior vision and innovation are aligned on solving the upcoming challenges brought on by multi-cloud and IoT.” 

The report added that Versa plans to address multi-cloud networks, which have similar needs to the security and connectivity requirements of remote offices. “This will help customers create a consistent, businesswide secure WAN. However, the company lacks specificity in its ZTE roadmap.”

Forrester also recognized that Cato Networks delivers networking and security as a unified service. The report’s comprehensive review of ZTE solutions gave Cato the highest possible scores across subcategories aligning with three recommended areas for considering ZTE unified and centralized cloud management, a resilient backbone with sophisticated controls, and ZTNA for remote access.

“We are honored to be recognized by Forrester as a “Leader” in this Wave. Cato architected a platform that was purpose-built for ZTE and SASE, one that is valued by our thousands of customers and partners for its simplicity, agility, security posture, and optimal performance,” Shlomo Kramer, CEO and co-founder of Cato Networks, said in a media statement. “We are happy to see their excitement reflected by leading industry analysts’ reports.”

Among strong performers, the Forrester Wave report identified VMware that tackles remote worker, remote office, and multi-cloud challenges, and Forcepoint that does data security best for great value but must continue to integrate. 

Among the contenders, the report recognizes Juniper Networks is capitalizing on past investments but needs to unify them. HPE has started its ZTE journey but needs more security controls, and Cisco who has a wide range of discrete ZTE components that need unification. It also listed Barracuda which has strong Azure integration, but security inspection needs improvement. 

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.