SASE Security: Further Convergence Expected Among Leaders in 2026
This report focuses on Secure Access Service Edge (SASE) Security, with data on the following vendors:
Akamai | Aruba Networks (HPE) | Barracuda Networks | Cato Networks | Check Point Software | Cisco | Citrix | Cloudflare | Forcepoint | Fortinet | Netskope | Palo Alto Networks | Symantec (Broadcom) | VMware | Zscaler
Distributed enterprises continue to use digital transformations as vehicles for structural changes to IT models. Amid the continuation of remote work, cloud migrations, and other paradigm shifts, traditional hub-and-spoke security models struggle to provide adequate cover. The legacy model of working remotely through virtual private networks (VPNs), which route their traffic to a central data center for inspection before granting access to web or cloud services, is effective for security but creates long detours and significantly slowed performance. During the COVID-19 pandemic, when almost every information employee became a remote user, the cracks in these systems widened.
In response to this and other industry-wide trends, Software-Defined Wide Area Networks (SD-WAN) emerged as a new way to optimize connectivity. By leveraging software-based management instead of expensive hardware appliances, SD-WAN allowed enterprises to route traffic intelligently and connect users directly to the cloud and corporate applications. This change improved performance and reduced costs but lacked the advanced security controls enterprises needed. To close that gap, Secure Service Edge (SSE) technologies were developed, bundling four essential capabilities: Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS), Zero-Trust Network Access (ZTNA), and Cloud Access Security Broker (CASB). Together, SD-WAN and SSE form Secure Access Service Edge (SASE), a unified cloud-delivered framework that combines networking and security. At its core, SASE applies the principle of Zero Trust, where no connection is assumed safe, even from privileged users, with access granted on a least-privilege basis. This ensures that users, branch offices, and workloads receive only the permissions necessary for their roles and by enforcing this principle, organizations minimize potential damage if an attacker compromises a system. SASE also provides visibility into user behavior, network traffic, and data access across a single policy framework, simplifying what was once a patchwork of tools. To deliver this model effectively, SASE relies on a distributed edge where providers deploy global Points of Presence (PoPs) and peer with hyperscalers to bring enforcement closer to end users, reducing latency while maintaining strong security. This cloud-native design makes it particularly well suited for today’s distributed environments.
The security vendor ecosystem has moved quickly to capitalize on the opportunity. Cybersecurity companies have combined internal development with acquisitions to assemble SASE platforms, often bundling advanced features such as data loss prevention and threat intelligence into broader cloud portfolios. As workloads migrate steadily into SaaS and IaaS environments, the demand for integrated networking and security continues to accelerate. SASE growth is outpacing the broader information security market, which itself tops overall IT spending growth. In the past few years, many organizations have been actively pursuing SASE, though some remain short of the full vision. Legacy vendor footprints and fragmented ecosystems fall short of a unified policy fabric that secures connectivity and access across geographies. In ETR’s Observatory report for Secure Access Service Edge (SASE) vendors, we focus on the data around enterprise-grade security software vendors. This survey ranges from leading vendors like Zscaler and Palo Alto Networks, which are leveraging their impressive presence to continue to scale growth, to newer challengers like Netskope and Cato Networks. It includes data on spending intentions, usage change, relative product strengths, product stickiness, ROI, vendor consolidation, and more.
The Observatory Report
The plotting of vendors and products across the Observatory Scope is wholly constructed using ETR’s exclusive market intelligence and spending intentions data sets (see Figure 1). Notably, this is our second year completing a SASE Observatory study, allowing us to compare results on a relative year-over-year basis. Vendors are distributed across the vectors in alignment with their Presence and Momentum within the Secure Access Service Edge (SASE) space. In the Leading vector, which reflects high Momentum and high Presence, this iteration of the Observatory positions Zscaler, Netskope, Cloudflare, Fortinet, and Palo Alto Networks as the standout SASE contenders. Zscaler and Netskope continue to demonstrate strong alignment with enterprise cloud transformation, while Cloudflare leverages its vast global edge footprint to extend security and performance services. Fortinet and Palo Alto Networks, both platform-driven players, reinforce their leadership by integrating offerings that resonate with large-scale deployments.
Conclusion – Deployments Becoming More Complete
Zero Trust Network Access (ZTNA) has become a central component of SASE adoption, reinforced by other integrated technologies such as machine learning and User and Entity Behavior Analytics (UEBA) that are increasingly embedded into platforms. Recent industry moves highlight other competitive realities, such as Check Point expanding its Harmony SASE platform with a new data residency instance in India, suggesting regional compliance and localization requirements are now table stakes, while Zscaler deepened its partnership with Vectra AI, wiring AI-driven detection into ZPA and ZIA.
Meanwhile, financial results reinforce a high growth trajectory for those winning on implementation. Zscaler reported $678 million in Q3 FY2025 revenue, representing 23% year-over-year growth, alongside its announced acquisition of Red Canary to bolster managed detection and response. Even more topically, Netskope filed to go public in an expected $6.5B offering, with more than $700M in annual recurring revenue (ARR), up 33% year-over-year. These signals point to continued enterprise demand, even as growth moderates from its pandemic-era surge.
This data again reinforces that SASE is recognized as critical architecture for securing distributed workforces. Adoption patterns vary, and many deployments remain partial, but the foundations are firming around Zero Trust, cloud-native delivery, and unified platforms. The market is shifting away from tactical point solutions toward long-term convergence strategies, supported by steady vendor investment and enterprise spending. Vendors that succeed continue to show evidence of landing early wins, aligning identity and networking, and layering data controls, before expanding toward full platform convergence and resilience.