I'm currently the only security person at my company and I've been tasked with recommending a SASE vendor by this Friday. We have 800 employees spread across 12 offices on three continents, with most of the team working remotely. Right now, we're using MPLS for site connectivity, a split-tunnel VPN for remote users, and a variety of uncoordinated security solutions that have accumulated over the last six years without any documentation.
After spending two months trying to understand our current situation, I've realized that it's more complicated than anyone expected, and our setup is precarious at best. I need to present a plan for consolidating our network and security to a board that doesn't have any knowledge of SD-WAN, while the CTO is primarily concerned about stability during the upcoming World Cup when our traffic will peak.
I've been leaning towards a converged SASE solution that incorporates SD-WAN, ZTNA, a secure web gateway, cloud firewall, and XDR into one platform with a single management interface, and AI for incident triage. This seems practical given I'm a one-person team. However, I keep doubting myself because I've never overseen such a large-scale network transformation before.
What I really need to know is, for those of you who've done similar projects, what unexpected issues arose during your transitions? What questions did you wish you'd asked a vendor before signing on? Also, is the idea of a "single pane of glass" ever a reality, or just vendor talk that fades after deployment?
12 Answers
I recently went down this path too and ended up with Perimeter81/Checkpoint. The platform is user-friendly and the pricing was favorable compared to other options I considered.
Netskope and FortiSASE are both great options. But if you're looking for a really consolidated solution, focus on Cato! They've been building a strong reputation lately.
Consider working with a VAR. I recently went through something similar, and they helped me save on costs while still getting quality solutions.
If you really need something by Friday, I'd say Cato is a reliable option. They're well-regarded in the market.
Hey, just a side note—World Cup traffic spikes don’t actually happen until June. Why the rush?
First of all, crunching everything into a recommendation by Friday sounds tough. You're probably better off seeking a consultant to give you some quotes right away. Getting an independent assessment would be the smart way to go. You're in way over your head with this job, and your recommendation could either make you a hero or throw you under the bus.
Right? It’s frustrating when management expects quick fixes without understanding the complexity involved. It’s definitely not something only the security team should decide.
With 800 employees and only one security person? That raises a bigger concern than just picking a vendor. Your business is relying on very part-time security, which doesn't sound sustainable.
I’ve been in this field over 30 years, and I'm just laughing here because I read "SASE" as "self-addressed stamped envelope". Seriously, things change so fast, it's a wild ride!
You might want to assess Tailscale too. It could be a simpler approach for your current needs.
I was in a similar situation but had a year to navigate it. Cato and Netskope are definitely top picks from what I've seen.
Just a heads up, we evaluated both ZScaler and Netskope, and ultimately chose Netskope after about a year and a half of use. It really improved our remote connectivity and we were able to ditch our old VPN. Deployment has been straightforward and our security team appreciates the visibility it provides, though it doesn't come cheap! But for a global team, I think it was worth the investment.
We have a similar setup with ZScaler where no LAN access is permitted. Everything routes through their platform, and it was super quick to get everyone online.
Yeah, it seems like both Netskope and ZScaler are the main contenders for companies like ours.
If you want an integrated solution with SD-WAN, I'd lean towards Cato. Other vendors claim to offer everything in one package, but they often just piece them together. Cato seems to deliver on the promise of a true single pane of glass for everything you need.
Absolutely! Cato has been solid for us.
Totally agree! It's kind of like when churches upgrade their audio systems thinking it's all equipment-related, but really, they just need someone trained to tweak the setup. Before you dive into a massive new setup, make sure you understand your current landscape well enough. You might be able to fix issues with some simple config changes rather than starting over.