SASE and SSE have a vulnerable blind spot: The endpoint

Enterprises investing millions in Secure Service Edge (SSE) and Secure Access Service Edge (SASE) architectures face an uncomfortable reality. Although these solutions excel at securing network traffic and application access, they offer little protection against threats that originate directly on endpoint devices.

The statistics are sobering. Microsoft found that up to 90% of ransomware attacks originate from unmanaged devices. And according to Verizon’s 2025 Data Breach Investigations Report, 60% of attacks involve a human element and the majority of those involve credential abuse (32%), social actions (23%), or interactions with malware (7%).  

Traditional endpoints are ideal attack vectors because, as all-purpose tools, they run heavy operating systems with local admin rights, writable partitions, and stored credentials. These characteristics create attack surfaces that sophisticated threat actors readily exploit. And as remote work has become commonplace, the difficulty of managing and securing far-flung endpoints outside the firewall has increased.

Even with stolen credentials obtained through phishing, attackers can compromise systems before SASE controls ever engage. Multifactor authentication helps, but it is not foolproof when the endpoint itself is compromised. The endpoint is the critical battleground that SSE and SASE solutions simply cannot address.

Forward-thinking organizations are closing this gap with preventive endpoint security architectures. Rather than layering additional detection tools onto vulnerable platforms, they are fundamentally reimagining what an endpoint should be.

“In this new endpoint security architecture, there’s no local data written to the device, which has a read-only, immutable OS so bad actors can’t make changes,” says Jason Mafera, field CTO at IGEL Technology. “It has hardware-rooted trust, so it’s utilizing hardware security capabilities, and every aspect of the boot system is cryptographically secured modules.”

Identity management shifts dramatically in these environments. Instead of being in user accounts with stored credentials, identity exists as tokens. When a session ends, nothing remains on the device that can be stolen or exploited. Organizations can enforce policies requiring connection only from secure endpoints, adding a critical enforcement layer to zero trust architectures.

The shift requires rethinking traditional endpoint management. Secure endpoints deploy only what users need. Applications come from attested sources, installed by administrators rather than end users. Supply chain attacks become exponentially harder when endpoints cannot execute arbitrary code.

Explore these challenges at IGEL Now & Next 2026

For security and IT leaders who want to move from theory to practice on endpoint security, IGEL Now & Next 2026 offers an ideal forum. The conference runs March 30 through April 2 at the Fontainebleau Miami Beach, and sessions directly address the SSE and SASE endpoint gap.

For example, “From Pocket to Perimeter: Accelerating DoW Zero Trust Readiness with IGEL, Cisco, and Asc3nd,” on March 31, explores how the U.S. Department of War transformed standard devices into mission-ready endpoints within a comply-to-connect and zero trust framework. Through standards-based automation, policy-driven orchestration, and endpoint immutability, the team delivered a secure enclave that can pass the most rigorous C2C posture checks while simplifying operations and extending hardware life cycles.

The conference also features a keynote from General (Ret.) Paul Nakasone, former Commander of U.S. Cyber Command and Director of the NSA, on national cyber resilience, which is a timely reminder that endpoint strategy has become inseparable from organizational and national security strategy. Only by addressing endpoint security as rigorously as they address network security can enterprises fully realize the value of their SSE and SASE investments. Now & Next 2026 is where those conversations are happening. 

To learn how your organization can secure your endpoints with a preventive security architecture, register for IGEL Now & Next, taking place March 30 – April 2, 2026, at the Fontainebleau Miami Beach.