Security Service Edge (SSE) are security solutions that aim to protect endpoints, users, and data that lie on the “edge” of a network – essentially any device that operates outside of a centralized data center. These devices, and their associated information and data, are often the most at risk from malware, security breaches, and data loss, making implementing SSE for enterprises a smart solution to prevent risk.
The solutions on this list often compromise of a range of security technologies and features, such as Cloud-Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), Zero-Trust Network Access (ZTNA), and Secure Web Gateway (SWG). DLP is also often included. SSE aims to secure access to applications and servers, provide secure internet access, and secure remote access to private applications.
With the unprecedented rise in employees working from home, and more and more devices being connected to work servers, protecting your data when it rests and travels outside of your company’s centralized data center is crucial. Read on for a list of leading figures in edge security solutions to find a product that suits your business needs.
Cisco Umbrella is a unified, cloud-based security solution from San Jose-based Cisco. It offers threat intelligence solutions, Firewall, Secure Web Gateway, DNS-layer security, and CASB in a single platform. It can be deployed alongside Cisco SD-WAN, offering a fully integratable SASE framework.
Cisco Umbrella Cloud Security Features
- User logs and emerging threats immediate accessible via the dashboard
- Cisco Umbrella Investigate tool which provides insights on relationships and changes of internet domains files, and IPs which helps teams detect anomalies and predict future threats
- DNS layer security
- 80 content categories that covers billions of web pages
- CAn block malicious domain, IP addresses, and cloud applications before a connection can be established
Pricing: Pricing for Cisco Umbrella’s SSE solution is available upon request and is tailored to business needs and size. A 14 day free trial is also available.
Expert Insights Comments: Cisco Umbrella offers admins insights on relationships and changes of internet domains, files, and IPs, allowing for admins to detect anomalies and predict future threats. It provides reliable, effective threat scoring and DNS request views in real-time to particular domains, so if there’s a spike in traffic admins are notified, and back-dated lists of key events and tagged security categories in the form of historical data that can be useful for those new to the network. Cisco Umbrella has four service versions: Guest WiFi, Professional (for small companies), Insights, (for mid-sized companies), and Platform (for enterprises). The range of service versions makes it suitable for a range of organizations.
Forcepoint ONE is a cloud-native consolidated SSE solution. Features include SWG, CASB, ZTNA, RBI, CDR, and Sandbox within a zero trust framework. With granular access controls, users can only have access to the apps that they need for their work rather than the whole network. Strong customization policies also extend to risk assessment, with actionable advice offered. A flexible policy builder adapts and learns from various sources, ensuring policies stay up-to-date on potential threats as much as possible.
Forcepoint ONE Features
- Cloud native SSE solution with SWG, CASB, ZTNA, RBI, CDR, and Sandbox features within a zero trust framework.
- Secure web gateway that monitors and controls all interactions with every website interacted with in the network, with blocking access to websites automatically based on website category and risk score, blocking of malware downloads, blocking of sensitive data uploads to non-authorized accounts and networks, and shadow IT control.
- Granular access controls and provides unified access to business apps managed in one place for SWG, CASB, and ZTNA.
- Strong customization policies which include risk assessment.
- Flexible policy builder that aggregates intel from numerous sources, meaning that policies remain up to date on latest threat development.
Pricing: Pricing is available upon request.
Expert Insights Comments: What sets Forcepoint ONE apart from other SSE solutions on the market is its Seamless Handoff feature, which allows for easy automatic switching between the default proxy enforcement mode and local enforcement mode through Direct Connect. The Unified Endpoint tool enables admins to secure users to a single endpoint for DLP, CASB, and NGFW features. This also includes traffic redirection capabilities when needed. With robust security measures and continuous threat detection, we would recommend this product for enterprise level organizations.
Headquartered in Boston, Massachusetts, iboss is a company specializing in SASE, Zero Trust, and cloud security solutions. They offer a SASE cloud service that consolidates multiple network security products into a single integrated platform. Iboss’ Network Security-as-a-Service provides FWaaS, DNS, Cloud SWG, Network Security, CASB, ZTNA, WAAPaaS, and Remote Browser Isolation. The Network-as-a-Service framework provides SD-WAN, carriers, CDN, WAN optimization, and bandwidth aggregators. The solution works on node-based technology, which iBoss refers to as “containerized gateways” which help to deliver its SaaS network security in the cloud.
iBoss Secure Access Service Edge Features
- Provides a single tenant, multi cloud platform
- Can provide widespread, in depth traffic inspection at scale
- CASB controls cover an extensive range of social websites and popular search engines, with policies that can be applied on a per user or per group basis
- Admins have extensive visibility into all apps through a consolidated dashboard that provides drill down reports that show anomalies and usage in real-time
- Remote browser isolation enables remote browser sessions for those who have requested access to blocked sites that they need for work
Pricing: Pricing is supplied upon request. There are three pricing tiers to the solution available, allowing organizations to tailor their purchase.
Expert Insights Comments: iBoss’s SASE solution is a highly intuitive, investigative, and robust product. Despite this, it’s been noted for its seamless integration and configuration, with dashboards being easy to navigate for admins. The solution offers full and comprehensive coverage with a full stack of powerful SASE tools. Full outbound firewall measures offer complete protection for users regardless of their location. The FWaaS feature includes Intrusion Prevention, connection, tracking, NAT, and IP and Port blocking. Due to its heightened security and complexity, we find it suitable for large enterprises.
Cloud-native, Skyhigh Security Service Edge secures web, cloud (SaaS, PaaS, and IaaS), and private apps to offer air-tight security. UCE is a consolidation of SWG, CASB, ZTNA, DLP, RBI, FWaaS products, implemented alongside SD-WAN to deliver a full SASE network. The product has one management console to deliver a unified admin and user experience.
Skyhigh Security Service Edge Features
- Provides wide and granular coverage of cloud security, with real-time protection on collaboration and strong visibility on events
- Policy enforcement, DLKP delivered incident management across all endpoints, and consolidated data classification
- Advanced threat protection with user and entity behavior analytics (UEBA)
- Data classifications can be set once and applied comprehensively and consistently across all policies, protecting all endpoints, the network, and cloud
- Unified incident management between all control points
- Data loss prevention policies enforced throughout the cloud
Pricing: Pricing is supplied via a quotation request.
Expert Insights Comments: Skyhigh is a globally recognise and respected vendor in the edge security spaces. Their SSE contribution is a cloud-native, for-the-cloud solution that is fully featured with full visibility and control. Their ZTNA feature is data-aware, meaning that it can provide in-depth data inspection by utilizing DLP and classification. Private applications can be protected from potentially risky devices via remote browser isolation web sessions. With complete visibility into all usage, data, devices, users, and services with extensive security coverage, we would recommend Skyhigh Security Service Edge for governmental, financial, and healthcare organizations.
Microsoft’s answer to edge security solutions is Microsoft Defender for Cloud. Defender offers strong security for Windows, macOS, Linux, Android, and iOS. Cloud-native, Defender has built-in AI that oversees, monitors, detects, and defends across the entire network. It safeguards all endpoints and network devices, including routers.
Microsoft Defender For Cloud Features
- Priority based listing of vulnerabilities so admins can prioritize tasks
- Advanced threat intelligence monitoring which also includes comprehensive indicators, implications, and actionable advice about current or emerging threats in real-time
- Community driven solution, with information about notable threats and outliers shared within the Microsoft community
- Offers integrated threat protection with SIEM and XDR
- Can assess the compliance of your cloud apps, preventing data leaks to non-compliant apps and restrict access to regulated data
Pricing:
Pricing is supplied via a quotation request. A free trial is available.
Expert Insights Comments:
Microsoft’s Cloud Defender is a powerful CASB-based tool that supports various deployment modes including log collection, API connectors, and reverse proxy. The program includes extensive attack surface reduction capabilities. Admins can configure attack surface reduction capabilities to operate in audit mode to see how it functions. This allows for admins to enable rules, exploit protection, network protection, and controlled folder access configured to their needs. Attack surface reduction events can be reviewed in the event viewer section, with filters to help search for specific events. We would recommend Microsoft Defender for any organization with other Microsoft security and cloud products already deployed.
Netskope Security Service Edge is an SSE solution from Santa Clara, California-based software company Netskope. It provides admins with in-depth visibility with real-time granular controls across the entire network. Main tools included are a Cloud Firewall, NG SWG, RBI, CASB-API and SSPM, public cloud security, and ZTNA.
Netskope Security Service Edge Features
- Cloud data loss prevention capabilities
- Capable of setting granular policies and automated workflows for investigations, these policies and workflows are based on AI/ML-enabled app discovery, trust scores for apps and users, and categorization
- Data awareness and real-time enforcement capabilities
- Insight into inline traffic analysis and cloud API interaction
- Uses Closed loop analytics to constantly detect for user behavior anomalies, app risks, and unknown or unverified data movement
- Advanced threat protection across all web and SaaS applications, as well as cloud services
Pricing: Pricing is supplied via a quotation request. Demos can be scheduled before purchase.
Expert Insights Comments: What sets Netskope apart from competitors is its enhanced security policies when it comes to data protection. Netskope’s solution can detect when sensitive data may be at risk through screenshot and image identification detection. They also provide granular control of data movement between personal and corporate apps, making sure nothing goes to where it shouldn’t. We would recommend Netskope for governmental, financial, healthcare, and education organizations.
Prisma Access is a comprehensive SSE solution from Palo Alto Networks, headquartered in Santa Clara, CA, USA. Prisma Access is a comprehensive SSE solution that includes Firewall-as-a-Service, DNS security, threat prevention, Secure Web Gateway, Data Loss Prevention, and Cloud Access Security Broker capabilities. In addition to Prisma Access, Palo Alto also offers a compatible SD-WAN framework that can be deployed alongside, offering full SASE protection.
Palo Alto Networks Prisma Access Features
- A cloud-native SWG prevents web-borne threats through static analysis and machine learning
- DeliverspPatch preparation and deployment, whilst protecting all web and non-web-based traffic
- The platform offers comprehensive protection delivered through a single unified dashboard that offers a single pane of glass view into the entire network and solution, allowing for targeted management, consistent policy application, and shared data between users
- Advanced threat protection delivers security against malware exploits, and command-and-control (C2) traffic through the leveraging of threat intelligence. Additional artificial intelligence and machine learning powered scanning can protect against previously unseen threats.
- FWaaS, sandboxing, DNS security, IoT security, and VPN features available
Pricing: Pricing is supplied via a quotation request.
Expert Insights Comments: Prisma SASE offers a zero-trust approach that safeguards your data, whether it’s in rest or being transported through your network. What sets Prisma apart from its competitors is its SASE framework, which includes Autonomous Digital Experience Management (ADEM) to provide end-to-end visibility, with in depth insights for admins. It monitors the entire network, from endpoint to apps, highlighting any problems that may negatively impact user experience, helping admins quickly isolate and remediate any issues. We would recommend this product for mid-sized to large companies.
Based in Sunnyvale, CA, USA, Proofpoint is a market leader in computer and network security. They offer Proofpoint Information and Cloud Security, a cloud-native SSE platform that provides comprehensive, unified administration capabilities and strong responsive security measures. Admins are granted full visibility and control across web, cloud, email, and endpoint servers.
Proofpoint Cloud Security Features
- Inline access controls, pervasive and adaptive data loss prevention (DLP), and advanced threat protection for all cloud apps in your network
- Granular controls with step-up authentication
- Browser isolation capabilities that can provide read-only access to web pages, ensuring your users can still access things they need to safely
- User and entity behavior analytics that constantly search and detect any risky or anomalous activity within the network
- Advanced threat protection and data loss prevention capabilities
Pricing: Pricing is supplied during a quotation request and consultation.
Expert Insights Comments: The platform includes: Enterprise DLP, CASB, Email DLP and encryption, Insider Threat Management (ITM) with Endpoint DLP, and Web Security with Browser Isolation. Despite being a global, cloud-native platform, Proofpoint’s SSE solution can also store data locally – handy for companies that need to meet location-specific data compliance regulations regardless of where their headquarters are based. We would recommend it for financial, healthcare, and legal organizations.
San Jose, CA native Zscaler is a leading figure when it comes to edge security solutions. They offer a scalable SaaS platform that incorporates Cloud SWG, CASB, DLP, Cloud Firewall and IPS, Cloud Sandbox, Cloud Browser Isolation, Digital Experience Monitoring, and ZTNA in the Zscaler SASE solution. Their ZTNA feature does not trust any IP addresses, instead identifying the user and device with an identity provider first. Admins can tailor access policies to a user, which is enforced by the cloud. Admins are also presented with user logs which give detailed accounts of what is being accessed and by who. It also offers DEM capabilities which collects and analyzes end-user experiences.
Zscaler SASE Features
- The cloud sandboxing feature is an AI-driven malware prevention engine that can enable inline quarantine that prevents emerging threats from becoming fully realized; it operates entirely automatically, with continuous scanning, preventing, and quarantining
- Zero trust is applied consistently through the platform; it connects users, workloads, and devices through the cloud native platform without connecting to the network, thereby reducing the attack surface area which in turn prevent lateral threat movement and data loss
- Access and authentication policies are continually enforced, with user and device verification or workload authorized before access, validation of the context of the connection request, and confirms that the destination is known, confirmed, and contextually categorized
- Every connection is inspected regardless of user, endpoint, app, or encryption
- Proxy-based architecture delivers full inspection of encrypted traffic across SWG, CASB and other tools in your security stack, which can be performed at scale
Pricing: Pricing is supplied via a quotation request.
Expert Insights Comments: Zscaler SASE is a powerful solution that delivers high performance and is designed to be deployed at scale. It is a solution that works well for organizations experiencing rapid growth, due to its flexible nature. A cloud native platform, it excels in delivering SSE to all users and devices. It reduces security risks and complex issues that arise from expanded network surface areas and porous networks. We would recommend it for mid-sized to large organizations.
FAQs
What Are Edge Security Solutions?
Secure service edge solutions fall under the category of edge security. Edge security solutions are essentially security tools that protect data that sits on the “edge” of your network–i.e., the furthest away possible from your data center while still being in your network. These devices or edges sit outside of the centralized data center and are transported outside of it also. In reality, these edges can take on various forms, from a remote worker’s laptop that only sees use outside of an office or computers and devices used in flagship offices and stores (such as the smart till for a store that’s part of a wider company).
It’s clear that the edge isn’t strictly definable, and is flexible and porous. While this is great for ease of use and practicality reasons, the edge is often a wealth of attack vectors for threat actors, meaning appropriate use and security must be adhered to to avoid breaches and attacks.
For more on edge security and SSE, check out our blog here:
What Are Edge Security Solutions?