SASE Consolidation Is Moving Faster Than Analysts Predicted

When Gartner coined the term SASE in 2019, the prevailing skepticism was structural: the network security market was too fragmented, the legacy infrastructure too entrenched, and the enterprise buying cycle too slow for true convergence to happen quickly. The consensus timeline was a decade, minimum.

That consensus was wrong. The convergence is not complete — but the consolidation has already happened in ways that were not predicted three years ago, and the implications for enterprise buying teams evaluating their network security posture in 2026 are significant.

What Consolidation Actually Looks Like

Consolidation in the SASE market has taken three distinct forms, and conflating them leads to buying decisions that look rational on paper but perform poorly in production.

Acquisition-driven consolidation is the most visible. Palo Alto Networks acquired CloudGenix (SD-WAN) and Demisto (SOAR) and Expanse (ASM) and stitched them into a unified platform brand. Cisco acquired Umbrella (then Viptela, then ThousandEyes, then Duo). Fortinet built its own stack across both the WAN and security layers. In each case, the marketing claim is platform convergence. The technical reality is more complicated: acquired products run on separate codebases, separate management planes, and separate data models for years after acquisition. The convergence is real on the product roadmap. It is unevenly real in the deployed product.

Native-build convergence is rarer but more technically robust. Zscaler built its zero-trust exchange natively, without major acquisitions, giving it a genuinely unified data model and enforcement architecture across its SSE capabilities. This is the exception. It is also why Zscaler consistently earns higher enterprise readiness scores in independent evaluations than acquisition-assembled platforms of nominally equivalent capability.

Cloud-provider consolidation is the most underappreciated trend. AWS, Azure, and Google Cloud have each built network security capabilities that overlap significantly with commercial SASE — private connectivity, DNS security, DDoS mitigation, identity-aware proxy, web filtering — and bundled them into cloud contracts that enterprises are already renewing. For organizations with 80%+ of their workloads in a single hyperscaler, the "SASE" decision is increasingly a question of how much to supplement the cloud provider's native capabilities with a dedicated SASE vendor, rather than a binary choice between platforms.

Why the Timeline Compressed

The pandemic accelerated remote-work adoption by three to five years. The shift to cloud-first infrastructure eliminated the on-premise network perimeter faster than any analyst model predicted. Both shifts created an urgent need for security architecture that could follow users and workloads rather than protecting a fixed perimeter — which is precisely the problem SASE was designed to solve.

The result was a forcing function that compressed the typical enterprise buying cycle. Organizations that would have refreshed their network security architecture in 2025 or 2026 on a planned basis were instead doing emergency evaluations in 2020 and 2021. Those evaluations drove consolidation — enterprise buyers, under pressure to move fast, had strong incentives to select platforms that could cover the most use cases with a single contract, a single vendor relationship, and a single management console, even if the technical integration was imperfect.

The Implication for 2026 Buyers

Enterprise teams evaluating SASE in 2026 face a market that looks consolidated from the outside — a small number of large platforms dominate analyst reports, RFP shortlists, and peer reference networks — but remains technically heterogeneous on the inside.

The practical implication is that the due diligence questions for SASE in 2026 are fundamentally different from 2021. In 2021, the question was "does this vendor have the capabilities I need?" In 2026, the relevant questions are:

Are those capabilities running on a unified enforcement architecture, or on acquired codebases that share a management console and little else?
What is the actual data model integration between the SD-WAN layer and the SSE layer? Can policies defined on one layer be enforced by the other in real time?
What is the support model for the acquired products, and how does it differ from the vendor's core platform support?
What does the migration path look like if I am an existing customer of one of the acquired platforms — and what is the realistic timeline for feature parity on the integrated platform?

These are not questions that a vendor briefing will answer accurately. They require reference customer conversations, architecture workshops with the vendor's actual engineering team, and independent assessment of the integration depth against a technical rubric developed before the vendor conversation begins.

This is, in miniature, what the Stackcurve SASE/SSE CURVE™ Report attempts to provide. The headline tier placements are the output. The work is in the scoring rubric that generates them — the category-specific evaluation of data model integration, management plane unification, zero-trust enforcement quality, and deployment operational burden that separates platforms that have achieved convergence from platforms that have achieved the appearance of convergence.

The market has consolidated faster than predicted. The buying decision has not gotten simpler as a result.

More Advisory Briefs

AI Security7 min read

Prompt Injection Is Not a Research Problem — It's Your Problem Now

Prompt injection has moved from academic curiosity to active enterprise risk. Here is what it is, why your current controls miss it, and what to do about it.

AI Enterprise6 min read

The Agent Governance Gap No One Is Talking About

Enterprises are deploying AI agents at speed. Almost none of them have built the authorization, audit, and scope enforcement layer those agents require. The liability is compounding quietly.

View all Advisory Briefs

Want the full research?

Our CURVE(TM) Reports go deeper - free to download, no paywall, always.

Browse All CURVE(TM) Reports →