February 16, 2026

industryvendorsai

SASE Landscape February 2026: $97B Forecast, AI Acquisitions, Earnings Season

Cisco ships AI-aware SASE, Zscaler acquires SquareX, Fortinet posts 40% SASE growth, Cato buys Aim Security, and Dell'Oro forecasts $97B in SASE spending through 2030.

The last two weeks in SASE have been busier than the previous two months combined. Earnings season revealed which vendors are actually growing their SASE business (and which are just talking about it), two acquisitions closed that reshape the AI security landscape, and Dell'Oro dropped a forecast number that should get every network security budget owner's attention. Here is what happened and what it means for your evaluation or renewal.

Dell'Oro: $97B in cumulative SASE spending through 2030

Dell'Oro Group published their five-year SASE forecast on February 3, and the headline number is $97 billion in cumulative spending from 2025 through 2030 — nearly three times the prior five-year period. That is not a typo. The SASE market is growing fast enough that the next five years will generate triple the revenue of the first five.

What makes this forecast credible is the demand-side evidence. Enterprise SASE adoption is no longer driven by early adopters chasing a Gartner vision. It is driven by compliance mandates (NIS2, DORA), VPN decommission projects, MPLS contract expirations, and GenAI governance requirements that legacy architectures cannot address. The buying motion has shifted from "should we do SASE?" to "which vendor and how fast?"

If you are negotiating a SASE contract in 2026, use the Dell'Oro forecast as leverage. Vendors know the market is growing at 20%+ annually. They would rather lock you into a 3-year deal at a discount than lose you to a competitor in a market this hot.

Cisco: AI-aware SASE and a unified console — finally

Cisco made two announcements on February 10 that change their competitive position. First, they shipped AI-aware SASE with what they call "intent-aware inspection" — the ability to inspect and apply policy to agentic AI interactions, not just user-initiated web traffic. This matters because agentic AI (autonomous AI systems that make API calls, access databases, and take actions on behalf of users) is the next wave of shadow IT, and most SASE platforms cannot see or control it.

Second, Cisco unified their SSE (Secure Access) and SD-WAN (Catalyst SD-WAN) management into a single console. This has been the longest-running integration project in SASE — Cisco acquired Viptela for SD-WAN in 2017, and it took nine years to get a single pane of glass. The unified console is live, and early feedback suggests it works but still feels like two products merged rather than one product built from scratch.

Cisco also launched a GenAI assistant for SSE policy management — natural language queries like "show me all users who accessed AI applications in the last 30 days" that return results without requiring knowledge of the query syntax. It is a convenience feature, not a game-changer, but it lowers the operational burden for teams managing large policy sets.

Zscaler acquires SquareX for browser security

Zscaler closed the acquisition of SquareX on February 5, adding zero trust browser security to the Zero Trust Exchange Zero Trust Exchange. SquareX provides browser-native security controls — think of it as a lightweight browser isolation alternative that runs natively rather than proxying pixels from a remote browser.

This is a strategic move. Browser isolation has been available from multiple SASE vendors, but it has an inherent user experience problem: pixel-pushing adds latency and breaks web applications that rely on local browser capabilities. SquareX's approach — embedding security controls directly into the browser — avoids the latency penalty while still preventing data exfiltration, credential theft, and drive-by downloads.

For Zscaler customers, this fills a gap. Zscaler's SSE depth is already best-in-class (10/10 on our scorecard), but their browser isolation offering was adequate rather than exceptional. SquareX changes that. Watch for integration into the ZIA/ZPA stack over the next two quarters.

Separately, Zscaler's ThreatLabz published their 2026 AI security report and the finding that got the most attention: 100% of enterprise AI systems they analyzed had critical security flaws. Sample bias aside (organizations that hire Zscaler to audit their AI are probably already worried), the number underscores why every SASE evaluation now includes GenAI governance as a hard requirement.

Fortinet: SASE billings up 40% year-over-year

Fortinet reported Q4 2025 earnings on February 5 and the SASE numbers jumped off the page. Unified SASE was the fastest-growing segment, with billings up 40% year-over-year. Full-year revenue hit $6.8 billion. For context, Fortinet's SASE growth rate is outpacing the overall market growth rate by roughly 2x, which means they are gaining share.

Where is the growth coming from? Existing FortiGate customers. Fortinet's SASE pitch is license portability — you can extend your on-premises FortiGate policies to the cloud-delivered FortiSASE platform with consistent syntax and a familiar UI. For shops that have 500+ FortiGate devices deployed, this is a compelling migration path that avoids a full vendor rip-and-replace.

The trade-off has not changed: Fortinet's SSE depth still trails the SSE-first vendors. CASB is less mature than Netskope or Palo Alto. DLP lacks the classifier depth of Zscaler. But if your primary requirement is converged networking-plus-security and you are already a Fortinet shop, the growth numbers suggest a lot of organizations are making that bet.

Cato Networks acquires Aim Security

Cato Networks closed its acquisition of Aim Security in early February, adding enterprise AI security to the Cato SASE Cloud platform. Aim Security provides AI application discovery, risk assessment, and policy enforcement — essentially CASB capabilities purpose-built for the GenAI application landscape.

This is Cato's first acquisition, which is significant. Their entire platform story has been "built from scratch, no acquisitions, one codebase." Adding Aim Security breaks that narrative, but the strategic logic is sound. GenAI security is a new enough category that building from scratch would take 12-18 months. Acquiring gets them to market in one quarter.

The integration timeline matters. Cato's competitive advantage is the single-pass architecture and unified console. If Aim Security's capabilities are bolted on as a separate module, it weakens the story. If they are fully integrated into SPACE (Cato's single-pass cloud engine), it strengthens the platform significantly. Cato says full integration is expected in the first half of 2026.

Cloudflare: Q4 earnings beat and Gartner Visionary

Cloudflare reported Q4 2025 earnings on February 10 with 2026 revenue guidance of $2.785–2.795 billion, above analyst consensus. The SASE-specific revenue is not broken out, but Cloudflare One (their SASE platform) is a growing contributor. Separately, Gartner recognized Cloudflare as a Visionary in the 2025 Single-Vendor SASE Magic Quadrant — their first appearance in the quadrant.

Cloudflare's SASE story remains the same: unmatched PoP coverage (330+ cities), aggressive pricing ($7/user/month for the Teams plan), and a developer-first approach that appeals to engineering-heavy organizations. The gap is also the same: SSE depth trails the dedicated SASE vendors, particularly in CASB and DLP. But for globally distributed teams where latency is the primary concern, Cloudflare's anycast architecture is genuinely differentiated.

What this means for buyers

Five takeaways from the last two weeks:

AI security is now table stakes. Every major vendor either shipped GenAI controls or acquired them. If your shortlisted vendor cannot discover, classify, and control AI application usage, they are behind.
The market is growing at 20%+ annually. That means vendor competition is fierce and discounts are available. Do not accept list price.
Cisco's unified console changes their competitive position. If you have been waiting for Cisco to finish the SSE + SD-WAN integration, the wait is over. Run a PoC.
Fortinet's growth validates the existing-customer migration path. If you are a FortiGate shop, FortiSASE deserves a serious evaluation alongside the SSE-first vendors.
Cato's first acquisition is a signal. Watch how the Aim Security integration goes — it will tell you whether Cato can maintain platform coherence as they scale.

Sources

Dell'Oro Group, "Five-Year SASE and SD-WAN Forecast" (February 2026) — delloro.com
Cisco, "Cisco AI-Aware SASE Announcement" (February 10, 2026) — cisco.com
Zscaler, "Zscaler Acquires SquareX" (February 5, 2026) — zscaler.com
Zscaler ThreatLabz, "2026 AI Security Report" (January 27, 2026) — zscaler.com
Fortinet, "Q4 FY2025 Earnings Release" (February 5, 2026) — fortinet.com
Cato Networks, "Cato Networks Acquires Aim Security" (February 2026) — catonetworks.com
Cloudflare, "Q4 2025 Earnings Release" (February 10, 2026) — cloudflare.com

Related on sase.cloud

Vendor Rankings 2026 →Cisco Review →Zscaler Review →Fortinet Review →Cato Networks Review →Q1 2026 Vendor News →

Get the next guide in your inbox

One email per publish. Unsubscribe anytime.

ShareLinkedIn X

Was this helpful?

← Previous

Four New Vendor Reviews: Zscaler, Netskope, Cato Networks, Cloudflare