Definition
Secure Access Service Edge - coined by Gartner in 2019 - converges WAN connectivity (SD-WAN) with cloud-delivered security functions (SWG, CASB, ZTNA, FWaaS, DLP) into a single platform delivered as a service. The architectural premise: as applications moved to cloud and users went hybrid, the security perimeter has to move with them rather than backhaul traffic to data centers. SASE is the broader umbrella that includes both connectivity (SD-WAN) and security (SSE). The pure-security subset is called SSE. Symantec's SSE stack - Cloud SWG, CloudSOC CASB, ZTNA - covers the security side of SASE; SD-WAN integration is via third-party partnerships (Cisco, Versa, etc.). For most enterprises in 2026 the practical question is "SSE first, SD-WAN second" since the security side has more immediate value.
Symantec products that implement this
- Symantec Cloud Secure Web Gateway - Cloud-delivered web security with SSL inspection, URL filtering, sandboxing, content disarm, and CASB integration. The cloud successor to the ProxySG appliance.
- Symantec CASB (CloudSOC) - Cloud Access Security Broker for SaaS - visibility into shadow IT, inline enforcement on sanctioned apps, API-based scanning for data at rest, and user behavior analytics.
- Symantec ZTNA (Zero Trust Network Access) - Identity-and-application-aware Zero Trust access to internal apps. Replace VPN with per-app policy enforcement, posture checks, and least-privilege access for hybrid work.
Related terms
- SSE (Security Service Edge) - The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
- SWG (Secure Web Gateway) - Security service that inspects web traffic for malware, enforces URL policy, and applies content controls - historically on-prem, now cloud-delivered.
- CASB (Cloud Access Security Broker) - Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.
- ZTNA (Zero Trust Network Access) - Identity-driven, application-level access to internal apps - the modern replacement for VPN.
Deep-dives on SASE
- ProxySG to Cloud SWG migration: a step-by-step engineer's guide - Migrating from on-prem ProxySG appliances to Symantec Cloud SWG (WSS) is the second-most-common Symantec project of 2026. The playbook: poli…
- How to replace VPN with Symantec ZTNA: a 90-day deployment plan - A pragmatic 90-day plan to start retiring legacy VPN concentrators with Symantec ZTNA. Discovery, identity readiness, pilot app selection, u…
- Microsoft 365 DLP with Symantec CloudSOC: the integration deep-dive - How to extend Symantec DLP into Microsoft 365 through CloudSOC - what API connectors provide, what inline integration adds, and where Symant…