Just three vendors — VMware, Cato, and Versa Networks — offer a truly “unified SASE” platform, according to a recent Dell'Oro Group analysis of networking and security vendors.

Dell’Oro’s Network Security Market report for 2021 doesn’t attempt to rank vendors by their marketshare or even their network or security chops. Instead, it attempts to categorize vendors into two broad categories: those offering a unified secure access service edge (SASE) product and those offering disaggregated SASE services.

Coined by Gartner in 2019, SASE combines elements of SD-WAN, security, and edge compute into a single cloud-delivered service. And in the years since Gartner unveiled the SASE product category, nearly every SD-WAN and cloud security vendor has thrown their hat into the ring. However, few if any of the vendors peddling the technology can actually deliver on Gartner’s full vision of a converged networking and security stack.

Dell’Oro analyst Mauricio Sanchez explained the report attempts to provide some clarity for those companies looking to deploy a single vendor SASE platform.

As you’d expect, unified SASE vendors offer all five core networking and security functions — SD-WAN, secure web gateway, zero-trust network access, Cloud Access Security Broker, and cloud firewalls — and have  managed to integrated them into a single converged product, he said. The report found just three vendors made the cut, though Sanchez expects several more to join the unified SASE ranking in the near future as vendors integrate their existing networking and security products.

“We also have this notion of disaggregated SASE,” Sanchez said. This category represents vendors that are either working toward a unified SASE offering or those that have chosen to offer a multi-vendor SASE architecture in collaboration with partners.

Zscaler is one such example. The company offers a full compliment of SASE security features, what Gartner is now calling security services edge (SSE), but lacks SD-WAN functionality of its own. In fact, the company has made it clear it has no intention of developing an SD-WAN product, instead preferring to partner and integrate with third-party networking vendors.

Disaggregated SASE, represents the lion’s share of SASE vendors today — 28 to be exact. These companies are further broken out as networking and security vendors, with several — Cisco, Fortinet, Citrix, Juniper, and Palo Alto Networks — occupying both sides of the equation.

These vendors in particular, Sanchez notes, have developed and/or acquired the necessary networking and security capabilities to offer a unified SASE platform, but had yet to integrate them into a single product. Sanchez expects the makeup of the report this year to change as these vendors more tightly integrate these capabilities.

One company Sanchez has his eyes on is Palo Alto Networks, which late last year announced it had integrated its Prisma Access and Prisma SD-WAN products into the predictably named Prisma SASE. “If there's any vendor on this disaggregated side … that will show up in the same way as VMware, it's going to be Palo [Alto Networks],” he said.

The report doesn’t, however, judge one approach over the other, Sanchez emphasized. “I think most enterprises do want to plan for the convergence, but in the near term are still quite comfortable driving separate network and security transformations.”

The report simply attempts to classify vendors that have and haven’t unified their respective networking and security stacks, he explained.

While there’s a huge market opportunity for SASE vendors et-al, Sanchez expects unified vendors to outpace disaggregated vendors over the next five years.

The report projects unified SASE to grow at a Compound Annual Growth Rate of 56% compared to a rate of 15% for disaggregated vendors.

Small to midsized business (SMB) is expected drive much of this growth in the near term, but as the market matures, Sanchez expects the balance of trade to shift toward large Enterprise.