43 min read

Investor Guide To SASE (Pt. 1)

Investor Guide To SASE (Pt. 1)


  • In Part 1 of Convequity's Investor Guide to SASE, we discuss the things for private and public investors to consider as the SASE market evolves.
  • We also share the new Convequity Impulse for SASO (that's not a typo), where we have adapted the Gartner's MQ to better serve investors' interests.
  • And we also discuss the consolidation that has been happening in the SASE market and how it will affect the market leadership.
  • Finally, in Part 1, we dive into the technical aspects of the SASE components and discuss in which areas certain vendors have an advantage.
  • In Part 2 (published later this week), we'll provide a detailed overview of each SASE competitor, discussing strengths, shortcomings, and valuation considerations.

SASE Investor Considerations

Gartner forecasts the SASE market will reach c. $15bn by 2025 at an annual CAGR of 36%. SASE is a very intriguing market because it is highly disruptive yet the underlying components of SASE are maturing which is leading to quickly increasing adoption rates.

The market is also consolidating. Therefore, investors from the public and private realms, alike, will benefit by understanding the consolidation trends and which vendors will most likely prevail as long-term SASE winners.

In 2020, we were short-term bullish but long-term avoid/bearish thesis on Zscaler (ZS). We were short-term bullish because ZIA and ZPA - respectively, ZS' cloud-based Secure Web Gateway (SWG) and its Zero Trust Network Access (ZTNA) solutions - were perfectly suited to the changes brought by COVID-19. We also fully appreciated the incredible GTM presence that Jay CHaudhry had cultivated at ZS. As a result of having the ideal solutions and highly effective GTM, ZS became one of the hottest stocks during the pandemic. However, we have been long-term avoid/bearish because we view ZS as having weaker leadership, talent, innovation, and technology than next-gen competitors.

As ZS' bull run lasted longer than we expected, there were moments when we questioned our long-term thesis. We thought that perhaps the GTM can indeed compensate for the weaker technology for many more years to come and discredit the avoid/bearish thesis. However, there are now signs emerging that are validating our long-held views.

Figure 1 – February 2021 Convequity’s SASE Competitor Analysis

For those interested, here are our past reports on ZS in chronological order.

Zscaler Equity Research Report (Oct 2020)

Founders Comparison: CHKP's Shwed Vs PANW's Zuk. What It Means For Zscaler (Apr 2021)

Pre-IPO: Netskope - Better Quality Than ZS (Dec 2021)

Though, ZS’ 2020/21 SASE success was also largely a case of being ‘in the right place at the right time’. When the lockdowns occurred, out of the entire SASE suite (defined by Gartner in 2019), the cloud-based Secure Web Gateway (SWG) became the most important. This was simply because knowledge workers spend most of their time on the Internet (more so than SaaS or internal applications), and hence when they shifted to working remotely, it made sense from many angles to give them direct secure access to the Internet. ZS had the most mature, tested, and well-known cloud-based SWG available, and therefore, en masse, enterprises made a beeline for ZS.

Being the market leader in cloud-based SWG gave ZS a solid footing to sell enterprises other SASE solutions. Jay Chaudhry’s masterful salesmanship was also key. He has been incredibly successful at building relationships with C-level executives and with channel partners, enabling a slick top-down GTM strategy. His influence to closely align ZS to Gartner’s SASE definitions was also hugely important for ZS’ success. However, now the tide is slowly turning. SWG is evolving to a next-gen era involving SaaS, more granular controls, and Remote Browser Isolation (RBI), but ZS is not innovating fast enough. Furthermore, while SWG and ZTNA are still hugely important, the future of SASE success appears to be more tied to CASB, an area of SASE in which ZS is very poor.

With this in mind, ZS looks destined to have its SASE leadership slip away in the future. For over two years we’ve been critical of ZS and very impressed with Netskope, and finally we feel somewhat validated by Gartner’s latest SSE Magic Quadrant (MQ). Data-centric cybersecurity appears to be the future, and Netskope is without doubt the pioneer in applying this philosophy. ZS, on the other hand, is not. To us, it’s clear that ZS has been so focused on adhering to Gartner’s SASE ideology that, in some ways, they’ve forgot to think for themselves. Blindly following Gartner is not recommended because it will lead to a lack differentiation.

Those that have stubbornly refused to perfectly align with Gartner often end up becoming a standard setter. FTNT and PANW serve as a few of examples here. In the mid-to-late 2000s, FTNT diverged from the typical network firewalls Gartner covered in its MQs, and created a differentiated approach called UTM, or Unified Threat Management, which integrated a broader set of features and targeted the more cost-conscious SMB segment (and FTNT has carried on with this highly integrated approach to security ever since, developing its Fabric platform to be arguably the most interoperable cybersecurity platform around). Following FTNT’s success with its UTM, in 2009 Gartner decided to begin a UTM MQ series.

In a similar vein, PANW created the NGFW market to better target the needs of enterprises with the ability of handling larger amounts of traffic. They also incorporated granular user and application controls which, at the time, was very far removed from typical firewalls that could only exert control over ports and protocols (and ever since PANW has continued to pioneer in application-level control, something that has enabled the company to remain highly relevant as a firewall vendor over the years and enabled it to succeed in adjacent emerging submarkets such as ZTNA and CASB). Subsequently to PANW’s launch of its NGFW, lo and behold Gartner created a new MQ named the Enterprise Network Firewall.

It could also be put forth that FTNT was the first to usher in the concept of converged networking and security, many years before Gartner introduced SASE in 2019. There are probably good examples in APM (e.g., DDOG), SIEM, endpoint security (e.g., S), and others, whereby those opinionated vendors with different or opposing visions to Gartner end up being finally validated in a big way.

The point we’re trying to make here is that it could be Netskope’s turn to be the standard setter for SSE and SASE more broadly, by leading the way with its data-centric approach. And this could be happening at the most opportune time because SASE has transitioned from the infancy to early-mature stage, which means the customers that were previously hesitant toward SASE (and there are still lots of those) are now willing to make the transition.

No doubt Netskope will be a high-profile IPO – whenever that may be – but for those investors that understand we’re witnessing the emergence of a new and special network security leader, will be better equipped than others to assess the company’s value. In a previous post we suggested that, if Netskope and ZS were similarly priced, and as an investor you can access Netskope's secondaries, then a long/short would be a very favourable trade. This would have been a good trade back in February, as the EV/S of the two companies were around 11x. However, at the time of writing ZS' has since declined to ~8x, erasing the alpha of this pair trade. For those qualified investors eligible to trade secondaries, if ZS recovers sufficiently from its recent fall, then this pair trade might present another opportunity.

Aside from the ZS and Netskope investor implications, investors should note PANW, NET, and Broadcom (AVGO) from the SSE MQ. PANW has made it into the Leaders quadrant for the first time, validating their incredible transition from being primarily an on-prem network vendor only a few years ago. Gartner’s recognition for PANW is huge because there are still large portions of network security buyers who wrongly assume they are just an appliance vendor. This could be the catalyst to push PANW ahead of ZS in annual revenue for SASE.

NET’s first-time recognition in the SSE MQ is a key milestone. They needed to acquire Vectrix, an out-of-band CASB startup, in order to gain the CASB capabilities, as the company’s home-grown CASB didn’t progress as initially planned. This is common to see when network guys with expertise in inspecting data in transit are then trying their hand at inspecting data at rest via APIs – simply because it requires a whole different skillset and approach to security. Nevertheless, NET now has the full set of SSE and SASE capabilities, and importantly they have recently revamped the leadership of their sales organisation to execute a top-down GTM strategy. The initial execution of NET's revamped GTM has been far below expectations, but presuming it will eventually at least be moderately successful, then NET has a decent runway into the enterprise market to extend its period of high growth and help maximise margins.

AVGO might be the vendor that surprises the market the most, however, especially if the $61bn VMW deal goes through. AVGO is vertically and horizontally integrated, having Broadcom’s ASIC networking chip, Symantec’s SSE, and, if Broadcom can satisfy regulators’ demands, VMware’s SD-WAN (acquisition of VeloCloud) and endpoint security (acquisition of Carbon Black). We would go as far as saying that AVGO has the best SDN (Software-Defined Networking) chip and VMW has the best SDN software - which provides substantial amounts of future innovation thanks to SDN being the foundation for other technologies such as SD-WAN and greatly improves the efficiency of other tech such as NFV (Networking Function Virtualisation). VMW also has the second biggest SD-WAN market share.

This stack could really accelerate the speed of SASE while providing a mature security platform from Symantec that has great data security built in with a very good data classifier. An added bonus is the value coming from Carbon Black’s endpoint security repertoire that can help improve the efficacy of any SASE implementation. And from a GTM perspective, AVGO already has everything in place to execute a successful top-down and channel driven strategy, as it has a great presence among large enterprises.

For PEs and VCs, Skyhigh Security, Forcepoint, and Lookout are also interesting to monitor. Gartner has positioned these in the Visionaries section because they each have a differentiated approach to SSE which may prove to be highly successful. Iboss is another name for PEs/VCs to watch as they execute their long overdue enterprise GTM strategy. In our opinion, CSCO is the only uninteresting name that has few opportunities for SASE-interested investors. CSCO has a history of acquiring BoB startups and then stifling the innovation and there is way too much technical debt to overcome to be a leading SASE vendor. Having said that, CSCO will remain a presence purely by virtue of its colossal customer base that it can sell SASE into. Even if they did emerge as a leader, given the size of CSCO’s revenue base it is not going to be a significant catalyst for the stock price.

In the later sections of the report, we shall diver a little deeper into each SSE and SASE vendor, discussing strengths and weaknesses.

Convequity Impulse for SASO

This post is for paying subscribers only