Skip to content

Digital Experience Monitoring (DEM) has become an area of focus for Secure Access Service Edge (SASE) vendors. As businesses adopt SASE or security-as-a-service technology for compliance and security, they must consider the overall employee digital experience. SASE architectures add network overhead and impact performance, response times, and latency. In this article, we will delve into:

  • The concept of DEM as it relates to securing network infrastructure
  • Discuss the overhead and monitoring of cloud proxies
  • Evaluate the impact of these new offerings on network performance and productivity
  • Highlight the importance of network testing to assess SASE solutions

Understanding Digital Experience Monitoring (DEM)

Digital Experience Monitoring (DEM) is an approach to monitoring and evaluating the experiences of end users who are accessing applications and services that are provided by Information Technology teams.

Occasionally, DEM platforms will include network analysis as part of measuring digital experience. DEM tools may record application response times and attribute it to the network where possible.

The primary goal of DEM is to measure, optimize, and improve end-user experiences. With the growing dependency on Software-as-a-Service or network collaboration tools like Zoom or Microsoft Teams, an accurate network experience picture is required.

Secure Access Service Edge Diagram
Secure Access Service Edge Diagram

SASE: An Overview

The Security Access Service Edge framework has emerged as a prominent solution for network and data security. It unifies various components including Software-defined WAN (SD-WAN), Cloud Access Security Broker (CASB), Next-Generation Firewall (NGFW), and Zero Trust Network Access (ZTNA). These technologies work together to provide a holistic network and access control solution.

Here’s a quick overview of each SASE component:

  • SD-WAN enables organizations to manage network traffic efficiently and effectively by abstracting the underlying physical infrastructure and allowing for dynamic routing decisions based on network conditions.
  • CASB serves as a centralized security control point for cloud services, providing visibility and control over cloud usage, and securing cloud data and applications.
  • With NGFW, organizations can apply advanced security policies at the network perimeter, detecting and preventing numerous types of attacks.
  • ZTNA ensures secure access to resources and applications based on user context and device posture, regardless of their location.
  • Secure Web Gateways (SWGs) play a key role in SASE architecture, providing secure access to web-based resources and protecting against web-borne threats.

By combining these elements, the SASE framework delivers comprehensive network security. While the SASE elements provide enhanced security, it’s easy to see they greatly impact application delivery and access – ultimately affecting employee digital experience.

Viable DEM Solutions or Not?

Clearly, the various components of a SASE solution impact application access and networking for employees who must traverse SASE platforms. So how are IT leaders measuring the impact of SASE components along the delivery chain? It’s an important question before, during, and after choosing a SASE vendor.

Questioning SASE performance issues has forced vendors, such as Zscaler, Netskope, and Palo Alto Security, to introduce supplementary Digital Experience Monitoring (DEM) services. However, these DEM pieces focus on measuring their security products for network overhead and often come up short when measuring the holistic employee digital experience.

Network, SaaS Assessment Required

It’s imperative to conduct network assessments of these security platforms. While SASE features such as CASBs and next gen firewalls offer benefits, the impact must be evaluated by IT teams.

Organizations should consider latency, response time, bandwidth, and overall network performance when evaluating SASE platforms. Cloud-based proxies introduce upwards of 15-20% overhead for most network access. As a result, responsiveness and performance typically suffer and are noticeably slower.

SASE supplied DEM metrics may offer limited information while indicating their own solutions are operating optimally. Without independent measurements, a regression in network response may occur without useful diagnostic data to pinpoint and resolve issues.

By conducting comprehensive evaluations, organizations can make informed decisions regarding the implementation of SASE solutions.

Analyzing the Impact of New DEM Offerings

While DEM products from SASE vendors supply some data about the various elements along the network path, it is crucial to consider the metrics provided. Many vendors prioritize their proprietary services, resulting in limited visibility beyond their offerings. This means that only select transactions may be monitored, potentially compromising the overall DEM perspective.

Furthermore, the network overhead introduced by these solutions can be minimized. While some protection is provided for specific services, the trade-off in terms of network performance should be thoroughly evaluated.

Current SASE providers usually produce DEM solutions addressing only their products. Compared to more robust UX or proactive monitoring like Exoprise’s CloudReady and Service Watch solutions, the add-ons by SASE providers often fall short — comprehensive overviews are limited.

The Role of Exoprise for Network Testing in SASE Assessment

To accurately assess SASE solutions and their effect on the employee digital experience, comprehensive network testing is essential. This includes the use of synthetic transaction monitoring such as with CloudReady, which emulates user interactions, and Real User Monitoring (RUM) solutions such as Service Watch Browser.

Exoprise products fully support the evaluation of SASE solutions and were designed from the start to be compatible with CASB, cloud proxy, and next-generation firewall products. Proactive synthetics enable true baseline collection. Service Watch RUM assists with evaluating network overhead from an end-user perspective in real-time, especially for remote and hybrid workers.

Results and metrics produced are aggregated and ready for real-time comparison against the anonymous from the Exoprise crowd community. This offers an important perspective for comparing the overhead with and with SASE solutions in place. Organizations can determine any specific changes to UX performance and network overhead, which often isn’t evident from vendor-specific measurements.

Zscaler vs Palo Alto Proxy Test
Zscaler vs Palo Alto Proxy Test


While new DEM products introduced by security vendors aim to enhance network visibility, businesses should evaluate their efficacy, especially when it comes to measuring SASE overhead. The adoption of SASE frameworks and cloud proxies can provide security benefits, but require thorough testing for performance considerations.

Exoprise’s DEM solutions provide organizations with the ability to accurately assess the impact of SASE and other security offerings through synthetic and RUM testing. By utilizing Exoprise’s tools, businesses can optimize their network performance and deliver an exceptional digital experience to their users. It is essential to prioritize thorough testing and evaluation to ensure the effective implementation of SASE solutions in the ever-evolving digital landscape.

Jason Lieblich Photo

Jason Lieblich leads Exoprise and loves helping customers get started proactively monitoring their clouds.

Back To Top