Skip to content Skip to navigation Skip to footer

Secure Access Service Edge (SASE)

What is SASE?

Secure Access Service Edge (SASE) is a cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service.  Conceptually, SASE extends networking and security capabilities beyond where they’re typically available. This lets work-from-anywhere and remote workers, to take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley of threat detection functions.  SASE is composed of Security Service Edge (SSE) and SD-WAN. 

The term SASE (pronounced “sassy”) was first described by Gartner in an August 2019 report called, “The Future of Network Security in the Cloud.” Gartner notes that in the SASE market trend report, "Customer demands for simplicity, scalability, flexibility, low latency, and pervasive security force convergence of the WAN edge and network security markets.”

Why is SASE necessary?

Enterprise networks are increasingly reliant on cloud-based applications to run their businesses and support distributed workflows to support remote and mobile users. This has resulted in the conventional enterprise network to rapidly grow beyond the conventional network edge, challenging infrastructure leaders to secure and manage an ever-expanding attack surface. While networks have advanced rapidly enough to support the workflows of these remote endpoints, most security tools have not kept pace, rendering VPN-only solutions obsolete. For organizations to remain competitive, all endpoints must be secured and managed with the same security and networking policies as their on-premises infrastructure, regardless of where they’re located.

What are the advantages of using SASE?

Benefits of SASE

When properly implemented, a SASE approach allows organizations to apply for secure access no matter where their users, workloads, devices, or applications are located. This becomes a critically important advantage to ensure remote workers' security.  SaaS applications see rapid adoption, and data move rapidly among data centers, branch offices, and hybrid- and multi-cloud environments.  SASE enables safe browsing, secure access to corporate apps and secure access to SaaS applications from anywhere,

SASE Offers:

  • Flexible, consistent security: Deliver a comprehensive range of security services, from threat prevention to NGFW policies, to any edge, ensuring zero-trust network access to know who is on your network, know what is on your network, and protect assets both on and off the network
  • Reduced total cost of ownership: Conquer point product sprawl once and for all by using a single platform approach and reducing or eliminating capex and opex costs
  • Reduced complexity: Simplify your architecture by consolidating key networking and security functions from disparate point products into single solutions, all easily managed from a single-pane-of-glass management system
  • Optimized performance: Leveraging cloud availability, your team members easily and securely connect to the Internet, applications, and corporate resources wherever they are located.

What is Security Service Edge (SSE)?

SSE is a cloud-delivered security service from anywhere that enables safe browsing, authenticated access to private applications, secure access to SaaS applications.  

SSE includes:

  1. Firewall-as-a-Service (FWaaS) - same features as our high-end FortiGate, provided through the Cloud (IPS, anti-malware protection, web security, anti-spam, sandbox)
  2. Secure Web Gateway (SWG) - inspects end-user web activity and applies a consistent set of security policies to enforce safe browsing habits at the endpoint. Includes features such as Data Loss Prevention, deep SSL inspection, URL filtering, DNS filtering.
  3. Zero-Trust Access Network (ZTNA) - provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies. ZTNA differs from virtual private networks (VPNs) in that they grant access only to specific services or applications, where VPNs grant access to an entire network.
  4. Cloud Access Security Broker (CASB) - unified platform where administrators can centrally configure policies for cloud service use. Includes in-line CASB for control over the type of application access (e.g. is the employee allowed to access Facebook?), or API-based CASB that connects to the app and checks the content sent (e.g. files uploaded in Office365 email)
2022 Gartner Market Guide for single-vendor SASE

2022 Gartner® Market Guide for Single-Vendor SASE

Download the report and read why Fortinet is listed as a Representative Vendor in the Gartner Market Guide for Single-Vendor SASE.  

Download the Report

How Fortinet Can Help

FortiSASE offers a comprehensive set of security capabilities including secure web gateway (SWG), universal zero-trust network access (ZTNA), next-generation dual-mode cloud access security broker (CASB), and Firewall-as-a-Service (FWaaS).

Single-Vendor SASE

Fortinet is the first vendor to deliver a comprehensive SASE solution by integrating cloud-delivered SD-WAN connectivity with security service edge (SSE), extending the convergence of networking and security from the edge to remote users.

With our single-vendor SASE solution, you can:

  • Overcome security gaps and minimize the attack surface with consistent security posture
  • Deliver superior user experience with intelligent steering and dynamic routing via SD-WAN
  • Simplify operations with simple cloud-delivered management and enhanced security and networking analytics
  • Shift to an OPEX business model with simple user- and device-based tiered licensing


SD-WAN Explained: Find out more about SD-WAN benefits.