The Zero Trust Network Security (ZTNS) software is an essential part of almost all security stacks now. However, like all other security technologies, this is also an eternal battle between the red/black and white hats. So, the products need to be updated to be able to successfully face the latest types of threats. But the security landscape is not the only factor changing dynamically.
Zero Trust’s very definition expands every year, from network segmentation (2019–21) to identity-driven access (2022–23), to full-stack “trust orchestration” (2024–25). Vendors also keep updating products to enhance the threat-fighting capabilities. A yearly comparison shows how analysts interpret that evolution, such as which capabilities gain weight (AI-driven context, behavioral analytics, SSE integration) and which fade (agent-based control, VPN replacements)
2024 vs 2025 Shift
In Q3 2024, QKS Group’s SPARK MatrixTM crowned Cisco, VMware (Broadcom), Zscaler, Akamai Technologies, and Versa Networks as the top-tier leaders. However, the 2025 leaders’ block features Palo Alto Networks, Cisco, Zscaler, Cloudflare, Barracuda, Fortra, and Akamai, with VMware (Broadcom) absent.
So what happened?
The answer lies in Zero Trust’s evolution from network segmentation and access control to holistic, AI-driven security ecosystems. The winners of 2025 are the ones building Zero Trust into everything, such as clouds, identities, and APIs.
Who Rose, Who Fell
| Category | 2024 Position | 2025 Position | Commentary |
| Cisco | Leader | Leader | Cisco’s Secure Access and Duo integration strategy is keeping it front and center. |
| Zscaler | Leader | Leader | Its “ZTNA-as-core” architecture is now the benchmark for convergence. |
| Palo Alto Networks | Strong Contender | Leader | Huge leap owing to Cortex XSIAM and Prisma Access investments finally aligned under a unified ZT model. |
| Akamai Technologies | Leader | Leader | Maintained its position by doubling down on edge Zero Trust with its Guardicore-based portfolio. |
| VMware (Broadcom) | Leader | Strong Contender (as Broadcom) | Acquisition fallout? Product clarity and customer messaging appear to have blurred. |
| HPE Aruba | Strong Contender | Missing | Possibly absorbed into broader network-as-a-service narratives, losing standalone traction. |
| Fortinet | Strong Contender | Contender | Solid technology but lagging on AI-driven analytics and cloud-native ZT evolution. |
| Appgate | Leader | Contender | Still relevant but now competing with heavier integration ecosystems. |
| Netskope | Leader | Contender | Retains market credibility but crowded out by Cloudflare and Zscaler’s momentum. |
| Cloudflare | New Entry | Leader | Aggressive push into full-stack Zero Trust has paid off. |
| Microsoft & Google | Not present | Contenders | Late but powerful arrivals. Zero Trust has officially become a cloud-native battleground. |
| Fortra & Barracuda | Not present | Leaders | Riding high on consolidation and end-to-end threat control messaging. |
| JAMF, Unisys, InstaSafe, Twingate, Xage Security, Certes Networks, Zentera | Present in 2024 | Absent in 2025 | Smaller or niche players possibly squeezed out as Zero Trust goes platform-first. |
Beyond Dots and Quadrants
Between 2024 and 2025, the analyst lens has shifted from evaluating individual controls (ZTNA, microsegmentation, policy enforcement) to assessing architectural convergence, i.e., how well vendors unify Zero Trust with SASE, XDR, and IAM.
This explains why platform providers like Microsoft, Google, and Cloudflare entered the mix, while pure-plays like Twingate or InstaSafe faded.
Mohnish Rathore, Analyst at QKS Group, explains, “Zero Trust Network Access (ZTNA) solutions are redefining enterprise security by integrating advanced identity verification, micro-segmentation, and continuous monitoring. Leveraging technologies like AI and real-time analytics, vendors are empowering organizations to secure dynamic, multi-cloud environments with precision and agility.”
Reading Between the Axes
- Customer Impact: Vendors that deliver Zero Trust as-a-service (not as a checklist) climbed higher.
- Technology Excellence: Those embedding AI, identity analytics, and contextual enforcement gained favor.
- Market Narrative: Vendor marketing is no longer about perimeter defense; it’s about trust orchestration.
Missing in Action
It’s not just about who moved — it’s about who’s gone. The 2025 matrix drops several 2024 participants altogether. The likely factors include data coverage limits, shifting evaluation scope, or nonparticipation from vendors. It’s a wake-up call nonetheless.
Final Word
The 2025 SPARK MatrixTM from QKS Group points out that zero trust is now a necessity for online survival. Moving on, as AI and cloud-native architectures mature, the line between Zero Trust and Secure Access Service Edge (SASE) is expected to blur significantly.