Definition

Security Service Edge is the security half of the SASE framework: cloud-delivered SWG, CASB, ZTNA, and integrated DLP without the SD-WAN connectivity component. SSE became a distinct Gartner category in 2021 because most organizations adopt the security services before (or independently of) the SD-WAN piece. A complete SSE platform provides identity-driven web security (SWG), SaaS visibility and control (CASB), private application access (ZTNA), and data protection (DLP) - all from a single vendor with consistent policy across categories. Symantec's SSE consists of Cloud SWG + CloudSOC CASB + ZTNA + Symantec DLP integration. The advantage of single-vendor SSE is policy consistency: one DLP policy applies whether the user is uploading a file via web (SWG enforces), into a SaaS app (CASB enforces), or to an internal app (ZTNA enforces).

Symantec products that implement this

  • Symantec Cloud Secure Web Gateway - Cloud-delivered web security with SSL inspection, URL filtering, sandboxing, content disarm, and CASB integration. The cloud successor to the ProxySG appliance.
  • Symantec CASB (CloudSOC) - Cloud Access Security Broker for SaaS - visibility into shadow IT, inline enforcement on sanctioned apps, API-based scanning for data at rest, and user behavior analytics.
  • Symantec ZTNA (Zero Trust Network Access) - Identity-and-application-aware Zero Trust access to internal apps. Replace VPN with per-app policy enforcement, posture checks, and least-privilege access for hybrid work.
  • Symantec Data Loss Prevention - Discover, monitor, and protect sensitive data across endpoints, network, storage, cloud, and email - the most comprehensive enterprise DLP platform on the market.

Related terms

  • SASE (Secure Access Service Edge) - Convergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.
  • SWG (Secure Web Gateway) - Security service that inspects web traffic for malware, enforces URL policy, and applies content controls - historically on-prem, now cloud-delivered.
  • CASB (Cloud Access Security Broker) - Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.
  • ZTNA (Zero Trust Network Access) - Identity-driven, application-level access to internal apps - the modern replacement for VPN.
  • DLP (Data Loss Prevention) - Security capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.

Deep-dives on SSE