McAfee Enterprise scores the highest in Gartner’s SSE critical capabilities report

Organizations must look for many factors while selecting the right Security Service Edge (SSE) vendor that fits their specific cybersecurity requirements. SSE provides secure access to the web, cloud services, and private applications. Gartner has released its Critical Capabilities report for Security Service Edge covering 11 SSE vendors. As per the report, McAfee Enterprise SSE portfolio is the highest-scoring vendor across all four use cases in the report. The report uses the following use cases to assess products and services offered by vendors:

• Secure Web and Cloud Usage
• Detect and Mitigate Threats
• Connect and Secure Remote Workers
• Identify and Protect Sensitive Information

SSE critical capabilities

1. Secure Admin of Cloud and Web
   Apply policy and governance across web and cloud services. It should provide granular visibility and control over user activities and sensitive data.

2. Advanced Threat Defence
   Able to defend against advanced threats across web, cloud and private applications using both static and dynamic analysis and threat intelligence.

3. Enabling Remote Working
   Enable remote workers and branches to connect to the SSE service via agents, identity integrations and other methods. It should implement zero trust principles for accessing private applications and cloud services from managed and unmanaged devices.

4. Cloud Application Discovery
   Able to discover all cloud services, assign risk and ease the onboarding of new cloud services.

5. Visibility and Control of Activity
   Offer in-line inspection of the web, cloud services and private applications in real-time and API integrations with SaaS applications for data at rest, telemetry, and cloud service policy and configuration.

6. Data Security
   Apply advanced data security controls, such as tokenization, encryption, machine learning, and exact data matching across web, cloud and private applications.

7. Adaptive Access Control
   Use contextual information like device posture, user data and the sensitivity of the resources to change access rights to cloud services and private applications, according to the risk.

8. User Entity Behavior Analytics
   Apply advanced analytics to detect normal usage patterns across SaaS and private applications and notify and make policy changes in reaction to changes in the normal patterns.

9. CSPM
   Integrate with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) to assess and manage the security posture of customer tenants.

10. Enterprise App/Service Integration
    Integrate with technologies and provide broader telemetry data to detect, prevent, investigate, and respond to security events across an increasingly remote workforce.

SSE vendors comparison report

1. Broadcom: Broadcom’s acquisition of Symantec will allow it to acquire all the associated components, primarily CloudSOC CASB and Data Loss Prevention. This is beneficial for organizations that have invested in these solutions as they can reuse complex rules against traffic destined for cloud services or private applications without having another product installed on their system. Broadcom’s catalog of discoverable cloud services is excellent, as well the depth in which attributes are tracked for each service. Additionally, there are a lot more advanced adjustment options available when it comes to risk scores than most competitors; however, this only applies if you’re looking at “cloud” usage versus general internet use cases – not both combined!
2. Cisco: Cisco has a variety of tools available to address the market, but they lack integration. To get started with policies for DLP and malware protection you must first configure them in separate consoles; likewise, cloud security posture management (CSPM) requires an additional solution. The ZTNA also has its own platform that doesn’t integrate any anti-malware features. There’s also no reverse proxy or RBI SAML support which makes using Cisco rather inconvenient.
3. Forcepoint: With Forcepoint’s robust DLP capability, you can use it across endpoints and clouds. Additionally, there are features such as user-centric reporting on risks and behaviors that could identify high-risk users for further action! The cloud service risk rating capability is good and includes seven different categories. It allows users to adjust attribute weightings to easily change risk- and policy-related decisions across all cloud applications. However, it lacks a robust approach to assess user context from a variety of data sources to dynamically adjust permissions if the user context changes. It also lacks a CSPM capability to integrate with infrastructure as a service (IaaS) and other cloud services. There is also no mobile agent for iOS and Android and no capability to provide a cloud-based firewall as a service (FWaaS) to control all ports and protocols.
4. Bitglass: Acquired by Forcepoint, Bitglass has efficient DLP capabilities that offer exact data matching (EDM), and many more predefined patterns than most competitors. It can also learn positive and negative matches and has automatic optical character recognition (OCR) capabilities. This solution, along with the OEM-based malware and threat intelligence integrations, also extends seamlessly to private applications via Forcepoint (Bitglass)’s ZTNA technology. CSPM and SaaS security posture management (SSPM) features are available, but the capabilities remain basic when compared to competitors.
5. Iboss: Iboss has good SWG and acceptable threat defense, with a single console to controls all functions, supports a single unified agent, but has limited SD-WAN integration. It has an RBI solution integrated with SAML redirects instead of a reverse proxy. RBI sessions have DLP and malware rules enforced, and are also used for Iboss’ clientless ZTNA function. Iboss’ DLP is not as strong because it lacks OCR and machine learning capabilities though it has EDM functionality. The ability to inform a user about the risk of applications is limited and the risk score cannot be easily used in rules.
6. Lookout: With the acquisition of CipherCloud, Lookout now has an SSE offering to add to its background in mobile security. Lookout’s policy engine and UI is unified and easy to use across SWG, CASB and ZTNA features. The easy-to-use platform has reporting also included. Malware and threat detection are weaker but has capable OEM solutions and seamless integrations for antivirus and sandboxing which integrate well into the platform and inform user risk scoring. Lookout has a strongly integrated DLP and RBI capability including endpoint coverage and detection of sensitive data transfers from the Common Internet File System (CIFS) to and from private, cloud and web channels. Lookout’s ability to discover and report on all forms of devices is quite good and supports a well-integrated CSPM and SSPM.
7. McAfee Enterprise: McAfee Enterprise offers a comprehensive, unified and flexible SSE solution that controls and monitors all features from a single pane of glass. It supports SecOps views for security analysts. The DLP engine is integrated across McAfee Enterprise’s SSE offering. McAfee offers an effective endpoint protection platform (EPP)/endpoint detection and response (EDR) solution and has strong CSPM and SSPM capabilities. It however lacks deep integration with SD-WAN vendors. The management console exposes an extensive range of features and options to customers that are not ideal for customers looking for a simple and easily usable SSE solution.
8. Netskope: Netskope has advanced data security capabilities well integrated with web, cloud and email channels. It uses machine learning for the detection of sensitive content in motion and at rest. Netskope has a larger catalog of discoverable SaaS applications. Digital experience monitoring (DEM) adds operational value for heavy users of cloud services. Data security and DLP capabilities have an extensive catalog of predefined data types that protect enterprise data that is on the web, stored in cloud services, or on-premises applications. It offers flexible adaptive controls that extend to a wide range of data controls tied to Netskope’s excellent data security capabilities. However, its SD-WAN integrations are more limited.
9. Palo Alto Networks: Palo Alto Networks is a large, high-profile security vendor but its lacks DLP capabilities compared to other leading vendors in the SSE market. Its discovery database is smaller and supports fewer attributes than most vendors. It lacks native RBI functionality and has basic SSPM capability.
10. Versa: Versa’s SSE offering, called Versa SASE, has advanced data security capabilities, such as encryption, fingerprinting, DEM, watermarking and redaction. It provides basic UEBA functionality and general web and cloud usage capabilities. At present, it lacks CSPM or SSPM functionality and does not offer a generally available RBI function as part of its advanced threat defense capabilities, however, the preview version of this capability appears functional.
11. Zscaler: Zscaler provides cloud-delivered security with a background in SWGs, which is the core of its SSE solution. Though its DLP capability has improved it is still more basic than that of other competitors. The ZTNA capability is also less advanced than its competitors. It allows deep integrations with SIEM, security orchestration, automation and response (SOAR), EDR and other third parties which allows telemetry data to be shared and signals to be received. t has a below-average catalog of discoverable SaaS applications and RBI is also not enabled by default.

Vendor comparison summary

Source: Gartner

Read next: 84% of IT leaders optimistic about their cybersecurity readiness: Confluera Cloud Research 2022

Disclaimer: The comparison of SSE vendors enlists the features offered by the mentioned providers as per the information available in the public domain as of February 2022. This write-up should be used for informational purposes only. Vendors may change their product or service pricing and features from time to time. It’s therefore advised in the interest of the website visitor that before taking a decision or making a purchase, updated information should be verified from the respective vendor’s site. Though we make best endeavors to ensure that the information is accurate and up to date, we do not guarantee its 100% accuracy or timeliness. Furthermore, this article contains affiliate links. When you make a purchase using any of the affiliate links – we might gain a small percentage of the sale as commission.