Analyzing SASE DEM Solutions

Sponsored Post

Analyzing SASE DEM Solutions

Vendors across security sectors are now offering their own digital experience monitoring products, especially when the security products can impact customer networks and performance at various levels. While these monitoring tools can provide valuable information to customers, it raises concerns about whether there is a potential conflict of interest between the vendor and the customer. If the SASE platform or security tools are introducing latency and slowing response times, how can the monitoring tools be trusted to accurately reflect their overhead?

Additionally, the effectiveness of these proprietary monitoring products should be the focus of evaluation. Vendors have a vested interest in ensuring their clients’ networks are functioning optimally, but the information provided may not necessarily be the most relevant for the client’s digital experience needs.

It is important to assess whether this type of monitoring can genuinely be classified as Digital Experience Monitoring (DEM). The term can only be applied if the monitoring is genuinely useful to the client and accurately portrays potential slowdowns. Unfortunately, many of these monitoring solutions are limited to a specific product, and do not encompass a comprehensive DEM solution. Consequently, these limited methods do not provide the in-depth insight and full UX monitoring that many client networks require.

After all, without direct proof that a security product or something in the network path is causing downtime or network disruptions, how can service credits or refunds be recovered and long-term resolutions deployed?

Reviewing DEM & UX

Digital Experience Monitoring (DEM) refers to the practice of monitoring and analyzing the experience of users interacting with digital services, applications, and websites. It involves capturing and measuring various metrics such as response times, availability, and performance to ensure that users have a positive and seamless experience. DEM aims to identify and resolve issues that may negatively impact user experience, ultimately improving overall satisfaction and productivity.

SASE Latency, Overhead With Real DEM
SASE Latency, Overhead With Real DEM
The monitoring process typically involves collecting data from various sources:

  • Real User Monitoring (RUM) which captures data directly from users’ devices and provides insights into their interactions with digital services in real-time.
  • Synthetic monitoring, which simulates user interactions to proactively measure and identify performance issues.
  • Network monitoring, which focuses on the health and performance of the underlying network infrastructure that supports digital services.

DEM plays a crucial role in monitoring the factors that contribute to the overall user experience. By analyzing data related to performance, availability, and responsiveness, DEM identifies areas that need improvement, enabling organizations to make data-driven decisions to enhance the user experience. It allows businesses to understand how users perceive and interact with their digital services, identify pain points, and prioritize efforts to optimize the user journey.

Limited DEM Products

Proprietary products are now being offered by various vendors in the form of hardware, software, SaaS, or a combination — all billed as DEM solutions. They aim to provide clients with information about the performance of the product they are using. Here are the reasons that security vendor provided DEM solutions all fall short:

  • SASE Coverage, Bypass

    Limited coverage

    SASE vendor products like those from Zscaler or Palo Alto only measure the digital experience of services that they are configured to intercept
    Often, proxies or Secure Access Service Edge products are limited to intercepting (proxying or “fronting”) a small subset of SaaS services due to cost, speeds, distribution or even the recommendations from the vendor. Don’t take our word for it, Microsoft emphatically recommends NOT proxying access to Microsoft 365 services and says so right here:
    So when SASE solutions do not support 100% coverage, they can’t report on the digital experience for those services.
  • SASE only supports some protocols

    Protocols matter

    Nearly 100% of security solutions and SASE products don’t do anything for VoIP or UDP-based traffic. They don’t intercept it, they don’t secure it, they might recommend blocking it or worse, but they can’t do anything about measuring the digital experience for it. If they’re telling you they can, then they are fibbing. So when it comes to measuring the Teams digital experience or Zoom, it’s mostly the latent, slow to update Call Quality Dashboard and similar from other vendors. There’s nothing for real-time call diagnostics or hop-by-hop detail.
  • Fingers Crossed when Using DEM from Security Vendors

    Fox guarding the hen house?

    If security vendors are introducing overhead and latency — and ALL SASE vendors are introducing latency, no matter what they say— is it advisable to have them reporting on their own digital experience impact or overhead? Wouldn’t it be better for independent assessment of outages, crashes, latency, and overhead?

There’s more to digital experience than SaaS and networks

To reiterate, DEM/DEX solutions from security vendors often do not offer a comprehensive view of the network that operates with different applications, networking configurations, and security solutions.

For instance, although a security product can be monitored for its specific performance, the product fails to provide any insights regarding the overall network impact. Essentially, such proprietary monitoring solutions are limited to assessing only their own health and performance. When SASE proxies are in the network path, they can do a good job of dissecting their own impact. But when they’re not in the network path, they can’t detect performance or availability problems.

An independent monitoring solution is likely to provide better insights. Independent solutions are not tied to any product that may negatively impact the digital experience and can provide a more holistic view of the overall impact across various applications, networking configurations, and security solutions. By choosing an independent monitoring solution, clients can obtain an accurate and comprehensive understanding of their digital experience, without conflict of interest.

Comprehensive DEM Solutions

Comprehensive Digital Experience Monitoring (DEM) solutions are essential for gaining actionable metrics and ensuring the availability of services and applications on a network. A holistic approach is favored over utilizing multiple vendor products that only offer a limited view of performance. While it may seem efficient to manage various products, this often results in inconsistent outcomes and conflicting information.

To address this issue, an independent source should be employed to establish transparent standards. It is not just the integrity of the monitoring system that is important, but also the assurance that every component of the network is managed according to the same standards, ensuring accurate measurement and analysis. Relying solely on vendor-specific solutions limits root analysis capabilities as it is confined within the vendor’s domain.

A comprehensive DEX solution should go beyond internal monitoring and incorporate information from a community of networks. This means utilizing benchmarks from diverse crowdsourcing efforts to establish baselines and provide IT leaders with best practices.

By harnessing a comprehensive DEM solution that delves deep into the network, monitors individual devices and local services, and incorporates benchmarks from crowdsourcing, organizations can gain a holistic understanding of their digital experience and identify root causes with accuracy.

Zscaler vs Palo Alto Proxy Test
Zscaler vs Palo Alto Proxy Test


The increasing trend of security vendors developing their own monitoring products for customer networks raises some concerns regarding impartiality. The primary consideration should be the actual effectiveness of these proprietary solutions. Assessing whether they truly meet the criteria of a DEM solution is essential, as many of these tools offer limited monitoring capabilities that may not fully address the comprehensive needs of measuring the end-to-end digital experience.

DEM involves monitoring and analyzing the experience of users interacting with digital services to ensure a positive and seamless user experience. It captures and measures various metrics such as response times and availability. However, limited DEM products offered by vendors tend to focus only on their own product’s performance, failing to provide a comprehensive view of the network and its various components.