Back 
Bellwether industry analyst reports continue to indicate the future direction for security service edge (SSE) solutions. The recently released report, The Forrester Wave™: Security Service Edge Solutions, Q1 2024, includes Netskope as a Leader and ranked it highest for in the Current Offering category. Beyond the short list of leaders, here is Netskope’s take on the report’s findings and key signals that will help you assess the right vendors to fit your strategic outcomes.
Netskope’s top-level review of the report considers the full integration of secure web gateway (SWG) and cloud access security broker (CASB) solutions with data protection as a critical difference-maker for SSE solutions. Having a heritage of protecting data makes a difference as it’s more than a checkbox feature or another acronym to list. In 2019 Netskope integrated its market-leading CASB and data protection solution with SWG capabilities to create a Next Generation SWG solution. While the label of “next generation” often just sounds like marketing, creating a fully integrated single-pass inspection point is what built the foundation for SSE visibility and control with a mind’s eye view on protecting data for web, SaaS, shadow IT, email, and endpoints. Netskope began that integration journey as far back as five years ago.
Threat protection is an important component and expected given the high percentage of hybrid and remote workers requiring SSE protection. Netskope research notes more than 60% of web traffic is now related to SaaS and cloud services, and where now more than 50% of threats are cloud-delivered. SSE vendors should provide inline threat efficacy testing results for real-time protection at T+0 and T+1-hour for various threat types including phishing and fileless attacks and beyond just malicious executable files. You can review Netskope’s recent AV-TEST results for January 2024 for more details, and request the same inline T+0 (real-time) testing from other SSE vendors. Netskope Intelligent SSE also provides firewall-as-a-service, remote browser isolation (RBI), intrusion prevention (IPS), and DNS security options to extend threat protection. Netskope FedRAMP High authorization for its GovCloud platform also supports defense and government initiatives, partners, and executive orders for zero trust principles.
Zero trust network access (ZTNA) is also a key component for SSE solutions. The degree of ZTNA integration varies between leaders with SWG and CASB solutions for a single unified endpoint, including DLP capabilities. Recent virtual private network (VPN) exploits, such as Ivanti, have driven governments to insist on urgent replacements. The combination of ZTNA replacing VPNs and firewall-as-a-service protecting hybrid and remote worker egress traffic signals a changing future for next generation firewalls (NGFWs). Years ago, proxy gateways were divided into SWG for egress traffic and web application firewalls (WAFs) for ingress traffic—a similar consequence is now a reality for NGFWs.
Zero trust principles require rich content and context for least privilege access and continuous monitoring. Web filtering from SWGs and AppID from NGFWs are too coarse grained for SaaS and cloud services in SSE policy controls. The Netskope Zero Trust Engine applies details about identity, device, app, activity, instance, behavior, and data in real-time for each business transaction including the ability to provide real-time coaching to users.
The same rich content and context also enables advanced analytics for continuous monitoring in graphic visualizations, dashboards, and event correlation time lines. Zero trust is more than ZTNA for access, it protects data as a critical difference maker for SSE solutions.
Netskope believes that beyond the chart and dots is recognition in the text that signals an advantage and key future direction for SSE solutions. Having one unified platform, network, policy engine, and client provides advantages for SSE capabilities. For example, the Netskope NewEdge network and private cloud enables the provisioning of dedicated egress IP addresses for secure managed SaaS access reducing compromised access risks, plus removing reputation issues from shared IP address pools. Country and city specific data residency can also be provided compared to zones. NewEdge enables real user monitoring from clients to destinations for digital experience management (DEM) through the Netskope One platform with a high-performance user experience including data centers in China. Most importantly, by owning and managing a fully integrated SSE solution and all its components, Netskope can also work with customers to partner on bespoke functionality.
When you dig into the details, building SSE solutions on public cloud infrastructure has a lot of downside including missing key capabilities customers require like egress IP addresses and specific data residency, and providing a user experience that may require trade-offs between performance and security. One platform for SSE includes the network, unified front-end and backend infrastructure, and client where Netskope is unmatched with NewEdge at its core. This unification and ownership of all the parts enables advantages customers require and desire for SSE deployments. As the Forrester report states, “In general, if you have significant requirements around performance or need these advanced features, you will find that vendors that run their own networks are a better fit.”
Learn more about Netskope One.
Read the blog