2025 Gartner Magic Quadrant for SASE Platforms

The SASE platform market is evolving as more vendors enter the market and offerings mature. Still, there is differentiation in vendor capabilities and strategies. I&O leaders responsible for networking and cybersecurity should use this research to help determine the right vendor for their needs.

Strategic Planning Assumption

By 2028, 70% of SD-WAN purchases will be part of a single-vendor SASE Platform offering, up from 25% in 2025.

By 2028, 50% of new SASE deployments will be based on a single-vendor SASE Platform offering, up from 30% in 2025.

Market Definition/Description

Gartner defines single-vendor secure access service edge (SASE) offerings as those that deliver multiple converged-network and security-as-a-service capabilities, such as software-defined wide-area network (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling and zero trust network access (ZTNA). These offerings use a cloud-centric architecture and are delivered by one vendor.

SASE securely connects users and devices with applications. It supports branch office, remote worker and on-premises general internet security, private application access and cloud service consumption use cases.

Must-Have Capabilities

The must-have capabilities for this market include the following functionalities, primarily delivered as a cloud service:

• Secure web access via proxy
• In-line SaaS visibility and access controls
• Identity-, context- and policy-based secure remote access to private applications
• A branch appliance that supports dynamic traffic steering out of multiple physical, locally attached WAN interfaces, with steering based on applications (not just IPs/ports)
• Firewalling to secure traffic bidirectionally across networks
• Centralized management that covers all of the above capabilities of the offering (with both GUI and API) enabling visibility, troubleshooting, reporting and enables granular configuration and policy changes

Standard Capabilities

The standard capabilities for this market include:

• Unified management delivered by a single console covering all capabilities of the offering (with GUI and API) enabling visibility, troubleshooting, reporting, and enabling granular configuration and policy changes
• The ability to secure end-user browsing via RBI or a secure enterprise browser
• Sensitive data visibility and control

Optional Capabilities

The optional capabilities for this market include:

Advanced network functionality, including enhanced internet, private backbone transport, content delivery networks, external DNS services, cloud onramps (simplified and automated integration with public cloud networking services), or advanced branch networking features

Security capabilities, such as network sandboxing, DNS protection, SaaS security posture management (SSPM), API-based access to SaaS for data context and configuration information, application layer visibility and protection, and continuous adaptive risk scoring.

Read the report: https://www.gartner.com/doc/reprints?id=1-2LEQDK91&ct=250708&st=sb

Dr. Philip Cao

Dr. Philip Cao (aka #DrPC), EDBA, MSCS, ZTX-I, CCISO, CISM, CMSC, CCSP, CCSK, CASP, GICSP, PCSPI is a Strategist, Advisor, Educator, Contributor and Motivator. He’s also a Cyber | Zero Trust Strategist & Evangelist and Chief Trust Officer. He has 24 years’ experience in IT/Cybersecurity industry in various sectors & positions.

See author's posts