Why CISOs are making the SASE switch: Fewer vendors, smarter security, better AI guardrails

A significant investment of $359 million from venture capitalists signals a strong belief that secure access service edge (SASE) will dominate enterprise security technology in the near future. Recently, Cato Networks concluded an oversubscribed Series G funding round, valuing the company at $4.8 billion, bolstered by an impressive 46% year-over-year growth in annual recurring revenue for 2024. This funding will be used to enhance AI-driven security, foster innovation across SASE, extended detection and response (XDR), zero trust network access (ZTNA), SD-WAN, and IoT/OT, while also expanding its global presence. Gartner anticipates that the SASE market will expand at a remarkable compound annual growth rate (CAGR) of 26%, potentially reaching $28.5 billion by 2028. This growth reflects a broader trend where SASE aims to consolidate numerous point solutions into unified platforms, much like the impact cloud computing had on data centers. According to Gartner's latest analysis, organizations are increasingly favoring a dual-vendor strategy, shifting from a 4:1 vendor ratio to a more streamlined 2:1 by 2028, indicating a clear move towards consolidation. The push for consolidating tech stacks is not a novel concept in cybersecurity or enterprise software. Cloud-native application protection platforms (CNAPP) and XDR platforms have long advocated for this approach. Investors in Cato’s recent funding round are banking on the notion that chief information security officers (CISOs) are striving to minimize the number of applications they manage to enhance visibility and reduce maintenance costs. Complexity is often cited by CISOs as a significant barrier to effective security, which leads to inefficiencies and increases the risk of security breaches. As the cybersecurity landscape evolves, many organizations are grappling with outdated and complex legacy technology stacks. These systems often come with a wide array of tools for managing security and networks, resulting in operational challenges. Esmond Kane, CISO of Steward Health, emphasizes that SASE fundamentally embodies the principles of zero trust, focusing on identity, authentication, access control, and privilege management. A study conducted by IBM and Palo Alto Networks reveals that organizations currently use an average of 83 different security solutions from 29 vendors, with 52% of executives identifying complexity as the primary hindrance to security operations. This complexity can lead to costly misconfigurations and slow response times when addressing security gaps. By consolidating their cybersecurity products, organizations can reduce this complexity, streamline operations, and enhance overall efficiency. The timing of consolidation is critical in the cybersecurity realm. Threat actors are adept at exploiting vulnerabilities in legacy systems and launching attacks using common tools, often unaware of the security gaps created by complex multi-vendor environments. As enterprises increasingly rely on ephemeral identities across various platforms, consolidation becomes essential to closing security gaps. With a projected 65% of new SD-WAN purchases transitioning to single-vendor SASE deployments by 2027, the shift towards unified platforms is becoming more pronounced. This transition is expected to reduce policy fragmentation and improve visibility across users, devices, and applications. Cato Networks, Palo Alto Networks, and Netskope have been recognized as leaders in the SASE market, thanks to their mature, unified platforms that cater to enterprise-wide deployments. As Cato's CEO Shlomo Kramer points out, the current landscape presents a limited window for companies to avoid fragmented architectures, as attackers continuously adapt faster than integration efforts can keep pace. In a cybersecurity environment where every vendor handoff introduces potential vulnerabilities, the demand for unified platforms is rapidly increasing. CISOs are prioritizing solutions that offer a single console, agent, and policy framework, as the complexity of multi-vendor systems increasingly becomes a competitive disadvantage. Ultimately, SASE consolidation promises to deliver stronger security and efficiency with fewer vendors, aligning with the urgent needs of modern enterprises.