You are on page 1of 21

Magic Quadrant for Enterprise Network Firewalls

4/24/15, 8:30 AM

Magic Quadrant for Enterprise Network
Firewalls
22 April 2015 ID:G00263955
Analyst(s): Adam Hils, Greg Young, Jeremy D'Hoinne

VIEW SUMMARY
"Next-generation" capability has been achieved by the leading products in the network firewall market,
and competitors are working to keep the gap from widening. Buyers must consider their operational
realities, the burden of switching, and the trade-offs between "best-of-breed" function and costs.

Market Definition/Description
The enterprise network firewall market represented by this Magic Quadrant is composed primarily of
purpose-built appliances for securing enterprise corporate networks. Products must be able to support
single-enterprise firewall deployments and large and/or complex deployments, including branch offices,
multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions, often
within the data center. These products are accompanied by highly scalable (and granular) management
and reporting consoles, and there is a range of offerings to support the network edge, the data center,
branch offices and deployments within virtualized servers.
The companies that serve this market are identifiably focused on enterprises — as demonstrated by the
proportion of their sales in the enterprise; as delivered with their support, sales teams and channels;
but also as demonstrated by the features dedicated to solve enterprise requirements and serve
enterprise use cases.
As the firewall market continues to evolve, NGFWs add new features to better enforce policy
(application and user control) or detect new threats (intrusion prevention systems [IPSs], sandboxing
and threat intelligence feeds). The stand-alone Secure Sockets Layer (SSL) VPN market has largely
been absorbed by the firewall market. Eventually, the NGFW will continue to subsume more of the
stand-alone network IPS appliance market at the enterprise edge. This is happening now; however,
some enterprises will continue to choose to have best-of-breed IPSs embodied in next-generation IPSs
(NGIPSs). More recently, enterprises have begun looking to firewall vendors to provide cloud-based
malware-detection instances to aid them in their advanced threat efforts, as a cost-effective alternative
to stand-alone sandboxing solutions (see "Market Guide for Network Sandboxing").
However, next-generation firewalls will not subsume all network security functions. All-in-one or unified
threat management (UTM) approaches are suitable for small or midsize businesses (SMBs), but not for
the enterprise (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products
and Markets").
The needs for branch-office firewalls are becoming specialized, and they are diverging from, rather than
converging with, UTM products. As part of increasing the effectiveness and efficiency of firewalls, they
will need to truly integrate more-granular blocking capability as part of the base product, go beyond
port/protocol identification and move toward an integrated service view of traffic, rather than merely
performing "sheet metal integration" of point products.

Magic Quadrant
Figure 1. Magic Quadrant for Enterprise Network Firewalls

ADDITIONAL PERSPECTIVES
Geography: Asia-Pacific

STRATEGIC PLANNING ASSUMPTIONS
Virtualized versions of enterprise network safeguards
will not exceed 10% of market revenues by year-end
2018, up from less than 5% today.
Less than 40% of enterprise Internet connections
today are secured using next-generation firewalls
(NGFWs). By year-end 2018, this will rise to at least
85% of the installed base, with 90% of new enterpriseedge purchases being NGFWs as more enterprises
realize the benefits of application and user control.
By 2018, 85% of new deals for network sandboxing
functionality will be packaged with network firewall and
content security platforms.
Fewer than 2% of deployed enterprise firewalls will
have Web antivirus actively enabled on them through
2016, although more than 10% of enterprises will have
paid for it.

ACRONYM KEY AND GLOSSARY TERMS
ADC

application delivery controller

AFM

Advanced Firewall Manager

ASA

Adaptive Security Appliance

ATA

advanced targeted attack

ATD

advanced threat detection

AWS

Amazon Web Services

DDoS

distributed denial of service

DMZ

demilitarized zone

FIPS

U.S. Federal Information Processing
Standards

FPM

firewall policy management

GUI

graphical user interface

IP

Internet Protocol

IPS

intrusion prevention system

IPv6

Internet Protocol version 6

MSSP

managed security service provider

NGFW

next-generation firewall

NGIPS

next-generation IPS

P2P

peer-to-peer

SMB

small or midsize business

SSL

Secure Sockets Layer

UTM

unified threat management

http://www.gartner.com/technology/reprints.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f

Page 1 of 21

Magic Quadrant for Enterprise Network Firewalls

4/24/15, 8:30 AM

VE

Virtual Edition

VPN

virtual private network

WAF

Web application firewall

EVIDENCE
This Magic Quadrant was conducted in accordance with
Gartner's well-defined methodology. The analysis in
this research was based primarily on interviews and
interactions during firewall inquiries with Gartner
clients since the 2014 "Magic Quadrant for Enterprise
Network Firewalls." We also considered surveys
completed by vendors, vendor briefings conducted at
the request of vendors throughout the year, interviews
with references provided by vendors, and supporting
Gartner quantitative research on market share.
Guidelines for responding to the full survey were
provided at the time of issue. Responses were,
nevertheless, of variable quality. Responses that were
lower quality (for example, respondents ignored the
question, they used poor grammar, they were unable
to explain key concepts, they were unable to provide
high-quality explanations of use cases, or they were
unable to go beyond technical capabilities and
demonstrate an understanding of the business
environment), or that did not meet the guidelines,
generally tended to score lower. Vendors that declined
to provide a survey response were assessed by
Gartner as to what their likely reply would have been
(usually, this was in relation to specific revenue
breakdowns). Some vendors declined to answer certain
questions due to market restrictions, and, therefore,
did not fare as well under some of the scoring criteria.

Source: Gartner (April 2015)

Vendor Strengths and Cautions
AhnLab
South Korea-based AhnLab is a long-established security vendor. Known mostly for antivirus software,
AhnLab's network security offerings include firewalls, IPSs and advanced threat solutions. AhnLab
began offering a firewall product under the TrusGuard brand in 2007, and now there are 10 models. The
firewall is Common-Criteria-certified EAL4, but does not have other third-party evaluations (such as
ICSA Labs, NSS Labs or FIPS PUB 140-2).
AhnLab is assessed as a Niche Player for enterprises, because most of its wins are within a specific
geography — South Korea — and/or are associated with an expansion of the endpoint security
business, not because the vendor competes on best-of-breed enterprise firewall features.
Strengths
South Korea clients should consider AhnLab for their firewall shortlists, given its significant local
market share and support presence.
The model range is very broad; the engine was designed to minimize distributed denial of service,
including features optimized for handling smaller packet sizes.
AhnLab's endpoint product customers can have the same vendor provide them with their network
firewall solution, reducing vendor management challenges.
Cautions
The TrusGuard firewall is not often seen in enterprise selections in the Gartner client base. AhnLab
was not listed by any vendor we surveyed as a significant enterprise competitive threat.
AhnLab does not offer virtual firewall models, and has not yet integrated its Malware Defense
System (MDS) malware detection appliance with its firewall.
AhnLab does not allow multiple administrators to make rule changes simultaneously, placing it at a
disadvantage in large enterprises.

Barracuda Networks

We asked for a specific number of references from
each vendor (n = 95, total), and each reference
customer was supplied with a structured survey.
References were scored on the basis of their quality
and what they told us. For each vendor, we took into
account the comments from that vendor's references
as well as what other vendors' customers said about
that particular vendor. Vendors could be notably
affected by the inability to have a sufficient number of
reference customers providing input.

NOTE 1
TYPE A, B AND C ENTERPRISES
Enterprises vary in their aggression and risk-taking
characteristics. Type A enterprises seek the newest
security technologies and concepts, tolerate
procurement failure, and are willing to invest for
innovation that might deliver lead time against their
competition; this is the "lean forward" or aggressive
security posture. For Type A enterprises, technology is
crucial to business success.
Type B enterprises are "middle of the road." They are
neither the first nor the last to bring in a new
technology or concept. For Type B enterprises,
technology is important to the business.
Type C enterprises are risk-averse to procurement,
perhaps investment-challenged and willing to cede
innovation to others. They wait, let others work out the
nuances and then leverage the lessons learned; this is
the "lean back" security posture that is more
accustomed to monitoring rather than blocking. For
Type C enterprises, technology is critical to the
business and is clearly a supporting function.

NOTE 2
BUYERS' CONFUSION CONCERNING WAFS
The advent of application control in firewalls has led to
some natural confusion between the NGFW and WAF
markets in the minds of buyers. Today, these markets
remain very distinct. The critical difference is of
direction: Application control in NGFWs is concerned
primarily with applications that are external to the

http://www.gartner.com/technology/reprints.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f

Page 2 of 21

because a single-vendor solution is usually the best choice. Barracuda is assessed as a Niche Player for enterprises because Barracuda does not effectively sell its enterprise-capable product to enterprises other than in Western and Central Europe and in certain public cloud deployments. visualize. cloud security and distributed denial of service (DDoS) solutions. Its portfolio includes next-generation firewalls. be flexible and achieve competitive success as opportunities develop. deployed on VMware. Cautions Barracuda customers are primarily SMBs. products and services/programs that enable clients to be successful with the products evaluated. or delivered as software. programs. and the overall effectiveness of the sales channel. customer needs evolve and market dynamics change. Check Point Software Technologies Check Point Software Technologies is co-headquartered in Tel Aviv. promotional initiatives. Customers can supplement Check Point's firewall with an advanced threat offering (Check Point Threat Cloud). Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. repackaged from ATD vendor Lastline. these are rarely enabled. Its comprehensive product portfolio allows Check Point to be deployed in a variety of enterprise use cases. Although a few firewalls offer optional WAF modules. Check Point firewall capabilities can be expanded by predefined packages of additional software blades. except in some regions. 8:30 AM enterprise (for example. Market Responsiveness/Record: Ability to respond. notably Germany and Austria.gartner. All FPM vendors support multiple firewall products. change direction. and infrastructure appliances and cloud services to midsize businesses and smallenterprise markets at low prices.Magic Quadrant for Enterprise Network Firewalls Campbell. In other cases. This "mind share" can be driven by a combination of publicity.com/technology/reprints. The new chassis solutions further expand Check Point's ability to scale to the largest data centers and to adapt to their future growth requirements. whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria. This includes current product/service capabilities. Most interest has come from incumbent customers that have other Barracuda products. Instead. Amazon Web Services (AWS). The NG Firewall has application control and reputation services. The Barracuda Firewall series targets SMBs.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 3 of 21 . Gartner has observed a considerable increase in NG Firewall sales since the previous edition of the Magic Quadrant. while the Barracuda NG Firewall series targets enterprises. Web security. Although the FPM market is still somewhat small. pricing and negotiation. availability of user groups. such as IPSs. feature sets. In addition. Barracuda's product naming is confusing for enterprise clients. Although we see Barracuda Firewall in SMB deals. an enterprise may be in the midst of a multistage rollout of a new platform. will continue offering the product and will advance the state of the art within the organization's portfolio of products. Gartner assesses Check Point Software as a Leader for enterprise firewalls because a good score during technical evaluation continually drives new client wins and contributes to retaining a large portion of its existing customer base. and the likelihood that the individual business unit will continue investing in the product. creativity and efficacy of programs designed to deliver the organization's message to influence the market. NOTE 3 FPM TOOLS Third-party FPM vendors (such as AlgoSec. An advanced threat option has been added with the Barracuda advanced threat detection (ATD) option. and can add additional threat intelligence feeds from third parties (Check Point Intellistore) and integrate Check Point's firewall with its Mobile Security suite to enforce security policy for mobile users (using Check Point Capsule). we see WAFs deployed as a stand-alone product (such as from Imperva). while the Barracuda NG Firewall Vx is a virtual version. and the customers requiring help with complexity are the very largest. 4/24/15. and establish a positive identification with the product/brand and organization in the minds of buyers. Strengths Check Point has one of the largest existing enterprise client bases and continues to appear frequently on final shortlists for enterprise firewall selection. This criterion also considers the vendor's history of responsiveness. and there is a Microsoft Azure instance. Check Point firewalls consistently get high scores from clients on security and ease of management in complex environments. word of mouth and sales activities. Check Point's enterprise firewall product line includes 17 appliances and two chassis for hardware blades. FPM vendors are expanding into managing other network security devices. The NG Firewall showed a strong correlation for selections in a survey for high availability and clustering. with several features in the R80 version intended to improve the auditability and manageability of the security policy. OpenStack and Microsoft Azure. and reduce firewall rules and policies. Strengths The Barracuda NG Firewall is a good option for customers that already have other Barracuda products or are located in Western or Central Europe. systems and other vehicles that enable the organization to operate effectively and http://www. it's growing fast. quality. P2P and Facebook). Although having differentiated products for enterprises and SMBs is good and reflects their different needs. promote the brand and business. The Barracuda enterprise firewall offering is the NG Firewall. FireMon and Tufin) continue to exploit the absence of firewall consoles to optimize. Gartner believes that Check Point's strategy to support VMware NSX. whereas WAFs are concerned with protecting custom Web applications on servers that are internal to the enterprise. Marketing Execution: The clarity. including skills. whereas the Barracuda Firewall series targets SMBs. experiences. presales support. scaling up to 400 Gbps. skills and so on. Specifically. Israel. endpoint. increase awareness of the products. The NG Firewall tied for the highest score in a survey to references for IPS function. Check Point also shows strong execution on its enterprise-focused roadmap to deliver features targeting the various firewall placement use cases for enterprises. California-based Barracuda Networks has been focused primarily on selling a wide range of security storage. mobile security. This includes deal management. EVALUATION CRITERIA DEFINITIONS Ability to Execute Product/Service: Core goods and services offered by the vendor for the defined market. Customer Experience: Relationships. threat prevention. providing a competitive choice versus competing firewalls. Operations: The ability of the organization to meet its goals and commitments. It can also be delivered as a virtual appliance. service-level agreements and so on. The Barracuda NG Firewall is a strong competitor in situations where price is highly weighted in the selection. Additionally. Barracuda is not visible on the firewall shortlists of Gartner enterprise customers. an off-premises service (such as from Akamai) or within an ADC (such as from F5). whereas no firewall vendor will effectively manage a competing product. and the vendor does not yet have well-established enterprise network security channels or support outside of Western and Central Europe. It is able to support these clients globally with a strong channel presence and a significant internal team devoted to firewall feature development. this includes the ways customers receive technical support or account support. and San Carlos. No vendor we surveyed listed Barracuda as a significant enterprise competitive threat. quality. Factors include the quality of the organizational structure. customer support programs (and the quality thereof). This can also include ancillary tools. and it has finally merged the network and application components in a unified policy. the financial and practical success of the business unit. The Barracuda management console scores well in selections for simple deployments. It continues to invest in its management suite. thought leadership. California. very large enterprises may have firewall products from different vendors — sometimes by accident via acquisition rather than through choice. competitors act. OpenStack and Cisco Application Centric Infrastructure (ACI) is a good signal for clients considering Check Point security solutions when they evaluate software-defined network (SDN) projects. Overall Viability: Viability includes an assessment of the overall organization's financial health.

and on Cisco's Internetwork Operating System (IOS)-based Integrated Services Router. Gartner did not see it displacing Leaders based on vision or features. on Cisco's ASA for virtual data center and cloud environments. Strengths The Enterprise License Agreement (ELA) for security software and hardware adds value for Cisco security customers that are undertaking multiyear deployments and wish to maintain a timetable and product flexibility. rather than when there is a shortlist with competing firewall appliances. the Adaptive Security Device Manager (ASDM) can function as an on-the-device single-instance manager.gartner. First. In the survey sent to vendors. and can shape or enhance those with their added vision. The vendor has strong channels.Magic Quadrant for Enterprise Network Firewalls Cautions Price is the most common factor invoked by Gartner clients to introduce competition for Check Point solutions at renewal time or as a reason to favor competition during shortlists. Gartner expects that Cisco will unite the Cisco management console in the short term. including vertical markets. The firewall offering is primarily via the Adaptive Security Appliance (ASA) brand that includes an IPS released in 2014. Gartner views the Platform Exchange Grid (pxGrid) initiative to allow third-party components onto the ASA as the most promising development in the Cisco firewall roadmap. and caused unnecessary back-and-forth discussion to get the adequate model. channels and subsidiaries as appropriate for that geography and market. Cisco's virtual firewalling lines. methodology and feature sets as they map to current and future requirements. and we rarely saw Cisco release firewall innovations that caused Leaders to react. customer programs and positioning statements. defensive or pre-emptive purposes. and unexpected long resolution time. as well as the fact that Check Point clients are not willing to subscribe to additional software options after the initial sizing. Business Model: The soundness and logic of the vendor's underlying business proposition. expertise. Gartner believes that reasons include insufficient results of marketing operations to support the launch of these options. technologies.com/technology/reprints. Cisco San Jose. The inclusion of Sourcefire IPS within ASA has improved the quality of the ASA IPS and application control. skills. Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation. With the introduction of ASA with FirePOWER services in September 2014. as they benefit from a lower amount of client feedback. Cisco is assessed as a Challenger for enterprises. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs. differentiated set of messages consistently communicated throughout the organization and externalized through the website. service. but firewalls are also available via the Firewall Services Module blade for 6500 and 7600 series switches. Before the introduction of ASA with FirePOWER services. Gartner observed a higher than usual number of clients reporting stability issues with Check Point solutions. 2 in the vendor list of perceived competitive threats. advertising. Surveyed Cisco firewall clients consistently ranked the availability and presence of other products from Cisco within their networks as the most important factor in their selection of the vendor. The integration of reputation features across Cisco security products is a strength. Completeness of Vision Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. 8:30 AM efficiently on an ongoing basis. skills and offerings to meet the specific needs of individual market segments. broad geographic support and wide availability of other security products. California-based Cisco has a broad network security product portfolio across firewall/IPS. In a few reported client situations. expertise or capital for investment. the ASAv and the VSG. The rich context provided by the FirePOWER services integration adds to this advantage. with the situation improving as Check Point simplified the number of supported legacy versions. functionality. For a while. then plateaued at a lower lever during the second half of the year. skills and offerings to meet the specific needs of geographies outside the "home" or native geography. Cisco's security console offerings consistently score low versus competitors in assessments http://www. require the presence of the Nexus 1000v virtual switch. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales. Gartner analysts observed that many of these incidents involved clusters of new hardware platforms running the first versions of the unified GAiA OS. In addition. Cisco offers a wide choice in firewall platforms. Vertical/Industry Strategy: The vendor's strategy to direct resources. Cisco's product was the second most frequently listed as the one vendors claimed to replace the most. This increases the time for these new options to become mature. the combination of FireSIGHT — which manages the IPS function for ASA with FirePOWER services — and Cisco Security Manager — which manages the ASA firewall — is the alternative for ASA with FirePOWER services. marketing. Web security and email security tiers. This peaked in 2Q14. consolidation. complementary and synergistic layouts of resources. Cisco will have two primary console offerings. Marketing Strategy: A clear. however. Check Point customers are often slow to adopt new software options like its threat emulation software blade. Innovation: Direct. and it is the most-oftencited reason for loyalty to Cisco security products. ASA with FirePOWER services is the ASA with the Sourcefire IPS Advanced Malware Protection (AMP) and application visibility and control added in. and communication affiliates that extend the scope and depth of market reach. services and the customer base. related. In 2014. Cautions Gartner clients select Cisco firewall products more often when security offerings are added to a Cisco infrastructure. Geographic Strategy: The vendor's strategy to direct resources.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 4 of 21 . and see it as a tactic to control total costs. Gartner saw Cisco winning firewall procurements mostly through sales/channel execution or aggressive discounting for large Cisco networks customers. either directly or through partners. undersizing was a clear reason for performance issues. The primary offering is the stand-alone firewall ASA. in fear of performance issues. Gartner clients consistently rate the Cisco support network as excellent. it was also listed this year as No. Gartner analysts noticed that hardware platforms submitted in reseller proposals tend to be more tightly sized. Cisco became more able to compete in the NGFW field 4/24/15.

managed security service provider (MSSP) offerings under the SecureWorks brand. based in Seattle. security modules include Application Security Manager (ASM). its Web application firewall. The SuperMassive line has achieved market traction in high-throughput firewall deployments. Dell SecureWorks presents a potential channel conflict for sales to other MSSPs. which is headquartered in Round Rock. E-Class Network Security Appliance (NSA). low latency and price per protected megabits-per-second are foremost. Dell SonicWALL prospects should ask to see roadmaps for evidence of future innovation plans. Dell SonicWALL is assessed as a Niche Player for enterprises. and scored poorly in a survey to users in regard to false positives for IPS in the firewall. and backup/recovery offerings. this is not a "Caution" for other organizations. Dell SonicWALL is not yet widely viewed as an enterprise strategic security player. a network firewall. Cautions As reported by Gartner clients. Cisco ASA has a firewall console integration of a local sandbox-based advanced targeted attack (ATA) cloud instance or appliance through Advanced Malware Protection (AMP). such as in retail or franchise outlets.Magic Quadrant for Enterprise Network Firewalls 4/24/15. in which firewall throughput. in part because it hasn't brought innovative security features to market in a timely manner. in a survey to users. NSA and TZ. Gartner clients choose AMP not for its undifferentiated sandboxing capability. Its firewall product offering relies on the BigIP appliances (14 models. up to 640 Gbps) hardware platforms. sells enterprise network firewalls under the Dell SonicWALL name. customers ranked throughput and speed as the foremost selection criterion supporting this assessment. it is perceived as a midsize brand associated with the greater Dell brand. clean wireless offerings. email security gateways. F5 F5. and its sales channels and marketing programs haven't effectively reached enterprise buyers. running the F5 Traffic Management Operating System (TMOS). Other Dell SonicWALL security products include SSL VPNs. F5 is assessed as a Niche Player for the enterprise firewall market. The product lines TZ and NSA are aging. or with Type C enterprises (see Note 1). mostly sold as an add-on of other features to existing F5 customers. and at competitive price/performance points. Cisco scored lower than most competitors in a Gartner survey of users for overall client satisfaction. data encryption offerings. and the Advanced Firewall Manager (AFM). from 5 Gbps up to 80 Gbps) and Viprion chassis (four models. In addition to the traffic management modules (GTM and LTM) that are the core of F5's Application Delivery Controller (ADC) offering. The majority of Dell SonicWALL's business had been selling UTM to midsize enterprises. Gartner analysts have observed competitors using this argument to gather channel partners from Dell SonicWALL. Dell SonicWALL Dell. with the SuperMassive line aimed at enterprises. Texas. identity management offerings. is a leading data center application delivery vendor. Cisco can improve its ATA-associated sandboxing if it integrates its 2014 acquisition of ThreatGRID. however. It includes http://www. however. 8:30 AM conducted by Gartner clients. For current Dell customers that want to have fewer security vendors. The company's firewall offerings are in four branded lines: SuperMassive. Gartner believes that moving completely to the Sourcefire FireSIGHT will bring improvements. However. Gartner has observed that the Dell SonicWALL channel has migrated the core firewall business into more midsize organizations or into organizations that already had a strong Dell SonicWALL relationship. but for other ATA detection strengths.com/technology/reprints. because its firewall offering is visible only in a limited number of use cases. Dell SonicWALL scored low as a significant enterprise competitive threat by the vendors we surveyed. which can view Dell SonicWALL as part of a competitor. Strengths F5's software is optimized for data center and ISP infrastructure protection use cases. Dell SonicWALL is a good choice because of its wide range of products and available SMB-oriented feature set. Strengths Dell SonicWALL's broad model range is a good option for distributed enterprises with many remote-office deployments requiring many smaller devices. Gartner observes a strong correlation between SonicWALL purchases and incumbent Dell customers. Gartner views F5 as successfully using security as a competitive feature in the ADC market rather than being a pure play in the firewall market. such as carriers and service providers.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 5 of 21 . rather. Gartner rarely sees Dell SonicWALL in most Type A and Type B enterprise firewall selections. F5 also offers virtual appliances (F5 VE) and centralized management (Big-IQ) for its Big-IP solutions.gartner.

where multiple firewalls share the same policy. Cautions Despite some improvements in 2014. retail and franchises). F5 dedicates significant efforts to security features and shows its customers a commitment to consider security as a central topic of its roadmap. management capability compared with the competition remains the reason most often listed by Gartner clients as the reason why Fortinet was shortlisted but not selected by enterprises. The application control feature is limited to what users get from SWG and Web application firewall (WAF) modules. public cloud and SDN. low-latency stateful firewalls are the primary need. California-based Fortinet has long focused on using purpose-built hardware to produce enterprise firewall and UTM appliances with a wide range of features at strong price/performance points. Gartner believes that F5's efforts to cover a broad feature set could hurt its ability to provide sufficient depth for the core features used in enterprise firewall use cases. F5's integration with only one firewall policy management software (FireMon) limits security buyer options. but struggling against Leaders in mainstream enterprise selections based on features and vision. and lacks entry-level appliances required for branches and small headquarters. Gartner believes that Fortinet's Feature Select. However.Magic Quadrant for Enterprise Network Firewalls 4/24/15. F5 lacks an IPS module and only recently introduced secure Web gateway (SWG) services. data centers. competitive pricing and accelerating revenue growth. F5 is not seen yet as a competitive threat by other firewall vendors evaluated in this market. which are often a weak spot of other firewall platforms. especially in branch office or retail deployments. Gartner expects F5 to compete in data-center-only deals when architecture complexity is low. Gartner has already seen F5 compete well in firewall placements for hosting providers. except when customers already own F5 ADC and evaluate F5's upgrade options. and has a promising partnership with VMware NSX. The firewall features in Fortinet's enterprise firewall products can now meet most of the needs of firewall-focused large-enterprise buyers. Gartner also expects F5 to add integration with its firewall and its Silverline DDoS protection offering. F5's customer give good scores to its hardware platform for its ability to scale. Fortinet is a significant threat to competitors in this market because of its hardware expertise. Fortinet is well-suited to deployments in carriers. Fortinet continues to make progress within the Gartner customer base. Cautions F5 does not appear on Gartner client competitive shortlists for enterprise firewall selection. 8:30 AM IPv6 compatibility. the Fortinet console is more competitive. which provides preset initial configuration options http://www. providing extensive pressure on competitors and pleasing the channel.com/technology/reprints. In addition to enterprise NGFW deployments.gartner. mostly because we see it displacing competitors on value and performance. it is very competitive in data center evaluations in which high-performance. Gartner believes that the number of appliances and software versions impacts customer support. As F5's firewall modules are likely to be used as a data center supplement to a perimeter firewall. This is a positive sign for these clients that can add a firewall component to their existing data center deployment at a fraction of the cost required by the acquisition of a dedicated appliance. but also strong SSL optimization capabilities. Fortinet has a well-articulated strategy regarding virtualization. Fortinet Sunnyvale. F5 is missing the critical competitive component of a stand-alone Internet-facing firewall to protect users and servers where an ADC is not required. Fortinet offers a good price/performance ratio and a wide model range. Fortinet still supports more versions and models (with often overlapping specifications) than many of its competitors. but increasingly in more widespread enterprise use cases. service providers and distributed enterprises (for example. Fortinet is assessed as a Challenger. It offers a broad security portfolio and has some presence in network infrastructure. but has yet to be covered by a unified software component. Although it's reduced the number of appliances in its overall Fortigate product line. In addition. This includes hardware acceleration and 40 Gbps network interfaces. robust routing optimization and SDN features. Fortinet does not often release features that cause Leaders to react. Strengths Fortinet has a large hardware R&D team and uses it to go to market quickly with higherperformance chipsets. including bladed appliances for large enterprises and carriers. as well as SMB and branch office solutions.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 6 of 21 . Fortinet continually delivers new functions in the application-specific integrated circuit and operating system. It is a viable shortlist contender for most enterprise firewall use cases.

The first is the new TippingPoint NextGeneration Firewall (NGFW) line. and offers virtual versions in its virtual Elastic Firewall Architecture (vEFA). both continue to be sold. These two lines are on distinct code bases. Hillstone integrates with FireMon and AlgoSec policy management software. California.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 7 of 21 . There are six models of NGFW. HP is adding an advanced threat sandbox solution via a local appliance based on Trend Micro's Deep Discovery Inspector. HP NGFW scored highest for user satisfaction regarding quality of IPS relating to false negatives and positives. Hillstone Networks Based in Beijing and Sunnyvale. Strengths The proven TippingPoint IPS engine brings a very good quality of IPS to the new NGFW line. Hillstone has added network behavior anomaly detection into its firewall. In a Gartner survey. In a survey of firewall users. While Fortinet's marketing mix became much more enterprise-focused in 2014.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Hillstone Networks is a pure-play firewall vendor. which is of interest to incumbent TippingPoint IPS deployments that are looking to replace a firewall. or to those deployments in which IPS needs are more highly ranked than other firewall features. However. HP is assessed as a Niche Player. with firewall throughput ranging from 1 Gbps to 360 Gbps. The TippingPoint NGFW and IPS are managed under the HP TippingPoint SMS console. California-headquartered HP has two lines of firewalls. which is based on custom application-specific integrated circuits (ASICs). formerly of H3C Technologies in China. 8:30 AM or bundles of features. As such. Surveyed customers indicate that performance degradation when enabling intrusion prevention is higher than the leading vendors evaluated in this market. the T-Series (3 models). Hillstone is assessed as a Niche Player because it is visible to Gartner only in one region. Surveyed customers in China give good scores to direct vendor support. Cautions http://www. there is no direct hardware upgrade path from the IPS to the NGFW. HP Palo Alto. Gartner also observes increasing competition for Hillstone in China from local and regional vendors. and offers dedicated firewall models for this market. HP has the potential to be a disruptive influence and a market challenger through continued product advancement and utilization of the HP channel. are under different consoles and are supported by different groups within HP. which will work with HP's NGFW and IPS via the integration with the HP TippingPoint Security Management System console. all bearing the "S" prefix. meaning new adopters are less likely to have to wait for new models to consider deployments. Cautions Hillstone Networks' firewalls are not yet seen in enterprise selections among the Gartner client base outside of Asia/Pacific. which will already be familiar to HP IPS customers. which can facilitate purchase decision for international companies willing to use a local vendor in the Asia/Pacific region. with a majority of its sales in China. Strengths Hillstone has a strong presence in China. previous UTMoriented marketing has created a lingering brand disadvantage with some enterprise security buyers. There is a good range of models in the new firewall line. Although it is aggressively moving to increase sales in more regions by expanding its worldwide partner ecosystem. the most mentioned reason for buying the HP firewall was already having other HP security products. Surveyed customers frequently cite management interface as an area that requires improvement.gartner. Its firewall portfolio is composed of three product lines. doesn't effectively communicate the support of the varying use cases of many enterprises or can convey to customers that the NGFW is just a subset of the full UTM suite rather than a "made-for-enterprise" solution. The new TippingPoint NGFW (x86-compatible) is the redesign of the older TippingPoint IPS.com/technology/reprints. mostly because Gartner has not yet seen the new firewall product on shortlists (see "Vendor Rating: HP" for more information) or as fully featured as most Challengers and Leaders. the second line is composed of F5000 and F1000. Hillstone's recent release of a firewall with behavior-based policy (named Intelligent NextGeneration Firewall) indicates a motivation to bring further innovation to the enterprise firewall market. the E-Series (13 models) and the X-Series (two chassis).

and for customers that already have Huawei products and wish to expand that business to firewalls. Intel Security (McAfee) Intel firewalls are sold under the McAfee brand. Most deployments Gartner observes are higher-throughput deployments. The McAfee NGFW has a good range of models (scaling up to 120 Gbps). in the near future. email security gateways and IPSs. The range of firewall appliances and models is extensive. Huawei has taken considerable steps to address concerns about relying on technology developed in China. HP has been slow to execute on a roadmap and add new features to its firewall to allow it to compete for general enterprise business by being "RFP ready. and consistently asked for better reporting." However. (Intel Security has an advanced threat offering [ATD] that becomes more effective the more Intel McAfee safeguards are in place. and support was not rated highly. which is the IPS product. preventing it from fully fulfilling some enterprise compliance and security needs. Intel Security obtained its network firewall in 2013 from Finland-based Stonesoft. HP NGFW prospects and customers should evaluate HP's NGFW release cadence and feature quality. ISPs and cloud and service providers than from enterprises and SMBs. sells security controls at the endpoint. especially for higher-throughput options.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 8 of 21 . as they are challenged in gaining share in the firewall market. Customers whose networks are based primarily on Huawei infrastructure products can include Huawei firewalls. Intel Security will have a single hardware platform supporting the McAfee NGFW and NSP. Huawei delivered and improved some application control and other NGFW features in 2014. however. McAfee. this concern continues to be a security sales challenge in some markets.com/technology/reprints. which is now part of Intel Security (based in Santa Clara. Strengths Gartner assesses Huawei as having a very good overall network security strategy and a large security research team. China-based Huawei has been shipping firewall products for more than a decade (for more information. whose product is now called the McAfee Next Generation Firewall (NGFW). however.gartner. More Huawei firewall revenue is derived from carriers. its network IPS product line. Intel (McAfee) network security is best-known for Network Security Platform (NSP). and because we did not see it frequently displacing Leaders or Challengers based on vision or feature. server and network layers.Magic Quadrant for Enterprise Network Firewalls 4/24/15. there is some increasing competitive presence and growth in EMEA. The top end of the Huawei firewall line has a very high throughput and is a good shortlist candidate for carriers. Huawei lags the competition in partnering with firewall policy management vendors. Unified Security Gateway (USG) is the primary enterprise line. Strengths The breadth of the Intel Security threat intelligence and reputation feeds is a positive quality element and leverages the Intel Security footprint on endpoints.) Gartner believes that. and off a variety of other network security appliances. including anti-DDoS and IPSs. the surveyed HP users most often cited that the SMS console needs improvement in managing the new firewalling capabilities. see "Vendor Rating: Huawei"). Interviewed users reported that they would like to see better features in the Web graphical user interface (GUI) console. Cautions Huawei has limited competitive visibility outside the Asia/Pacific region. Gartner clients rarely included HP firewalls in the shortlists we observed. Huawei Shenzhen. As is often the case with new products. largely targeted to enterprise customers. Gartner views HP as trending toward re-emphasizing stand-alone IPSs over firewalls. mostly because we see it mostly in a narrow geographic segment. especially North America. California). http://www. 8:30 AM Enterprise firewall buyers are often hesitant to invest in something that doesn't have a proven track record in this market. Huawei is assessed as a Niche Player for enterprises over the evaluation period. Users report to Gartner that Huawei appliances perform as expected under load. and has performed well in third-party testing. Its upcoming roadmap addresses enterprise-oriented features. as well as the timely delivery of roadmap capabilities to determine continued investment and priority. and Eudemon is the line for carriers and service providers. Based on conversations with Gartner clients who are also HP Tipping Point's prospects and customers. incumbent HP customers may still find this to be a shortlist option. secure Web gateways. Intel Security is assessed as a Niche Player for enterprises because it primarily sells alongside other Intel and McAfee security products rather than beating Leaders in shortlists. including a virtualized version.

Juniper has continued losing security market share in the past year.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 9 of 21 . Intel Security is rarely seen on Gartner client network firewall shortlists. Users that Gartner surveyed report hardware failures over the past 12 months. In a Gartner survey of clients.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Juniper has a strong range of branch-office firewalls complementing the enterprise products. primarily because of price and high throughput on its largest appliances. or one that is well-known to non-Juniper customers. because Gartner sees Juniper mostly deployed in large data centers. well behind most of the firewall vendors evaluated in this research. Juniper is assessed as a Niche Player for enterprises. Juniper Networks The firewall offerings of Sunnyvale. Some Gartner clients have cited a need for support and platform stability improvements. The company must address fundamental sales and marketing challenges and demonstrate that it can win back customers and market share with its newer capabilities. Strengths Customers whose networks are already standardized on Juniper's Junos-based infrastructure products can benefit from the Space Security Design console because it is part of the Junos Space network management platform. and it has very reliable clustering and active/active configuration. Gartner considers routing in the firewall as being of interest to a limited segment of customers. In 2014. Juniper has AppSecure for application control and visibility integrated IPS and threat intelligence feeds. The visibility of ePolicy Orchestrator (ePO) host information within the firewall reporting and console tools is of interest to current Intel Security ePO customers. and runs the same Junos operating system as other Juniper infrastructure components. with a http://www.gartner. Good options exist for high-throughput. ISG and the virtualized version of SRX (vSRX). Rationalizing and centrally administering these from one management console will present challenges. Juniper SRX is a good shortlist candidate in deployments for service providers or hosters where stateful firewall throughput is valued foremost and price is weighted highly. Intel Security currently has two different network IPS engines across the McAfee NGFW and NSP (IPS) products. This capability will appeal to enterprises that use multiple third-party threat intelligence feeds. and we see it being replaced in enterprise environments more often than we see it selected. It focused early on anti-evasion technology. Cautions Gartner does not assess Juniper as currently having a compelling or differentiated security vision. Juniper is. These branch-office firewalls include WAN and cellular backup technologies. Gartner believes that most enterprises want an operating system in their security products that differs from the one in infrastructure components. Intel Security was not listed by any vendor we surveyed as a significant enterprise competitive threat. and protected customers well as attacks evolved to include firewall and deep inspection evasiveness. California-based Juniper Networks are in multiple model lines: SRX SSG. and has experienced declining year-over-year revenue in a growing market.com/technology/reprints. the McAfee NGFW scored very high in overall client satisfaction. and Intel is not established as being a strong brand in network security. especially in the higher-end SRX models. shortlisted and/or selected in mobile service provider deployments and large-enterprise data center deployments. Juniper offers a threat intelligence platform supporting third-party feeds and enabling deployment to enforcement points. NS. mostly because we see it selected in concert with other Juniper offerings. Juniper's Junos Space Security Design is the current security management platform. Palo Alto Networks is known mostly for its innovations in application control and for improving integrated IPS in firewalls. Palo Alto Networks Palo Alto Networks is a California-based pure-play network security company that has been shipping enterprise firewalls since 2007. Cautions Gartner believes that having the McAfee network security unit within a primarily host-based security company — which is itself within a large endpoint-focused chip manufacturer — remains a significant challenge. rather than displacing competitors based on its vision or features. purpose-built appliances. Interviewed users often selected the firewalls. with throughput weighted highly in their selection. The Juniper SRX Security Service Gateway offers routing as a basic firewall element. however. 8:30 AM The McAfee NGFW firewall line has long been a leader in high-availability technology. and Gartner estimates that the market share is small at less than 5%. The firewall product line includes 18 models. Juniper released its first NGFW feature set.

frequently beating competition on feature quality. Also. access management and network security solutions. and request references for organizations in the same region. It now features 16 models.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 10 of 21 . Cautions Gartner does not see Sangfor firewalls being shortlisted outside of China. it was most mentioned as the strongest competitor with which these vendors compete. Gartner believes that this approach has eroded customer trust in the Palo Alto Networks brand. as opposed to the unnecessary inspection that can occur in competing products that process traffic in serial order. Sangfor Headquartered in Shenzhen. saw high attach rates for new and existing customers in 2014. Like other vendors with leading products. The roadmap focus on VMware NSX displays strong leadership toward solving clients' future problems. This "single pass" is assessed as a design advantage by Gartner clients.com/technology/reprints. It also does not offer the smaller appliances that competitors position in distributed enterprise deals. including firewall. the client complaints we receive regarding Palo Alto Networks usually relate to management console issues at scale. Palo Alto Networks is assessed as a Leader. The firewall and IPS are closely integrated. and because of its consistent visibility in Gartner shortlists for advanced firewalls use cases. Gartner does not see Palo Alto reproducing its firewall success in its attempt to enter the endpoint market. Palo Alto Networks is challenged to win selections in which price is weighted more than security features. Palo Alto's cloud-based network sandbox service. Gartner considers Palo Alto's entry into the endpoint market as a high risk move that could dilute company attention into a nonadjacent market and could alienate the network security buying center.gartner. as in Type C enterprises (see Note 1). The WildFire advanced threat appliance and cloud service are popular add-ons with new and incumbent Palo Alto Networks firewall customers. reporting on security and high performance. released in 2014. and conflating antivirus with IPS and/or other features. China. which is not credible with customers. The company must develop a better third-party product support ecosystem. Palo Alto's work with VMware NSX has provided customers another option for placing Palo Alto products in virtualized data centers. Strengths Sangfor clients like the ease of installation. Palo Alto shifted focus correctly to east-west segmentation rather than whole data center firewall virtualization. Palo Alto Networks now offers a second endpoint product. giving them an option versus third-party advanced threat appliance solutions. Sangfor is evaluated as a Niche Player for enterprise firewall because it serves a narrowed segment of the market and operates mostly in China. With the acquisition of Cyvera (rebranded as Traps). The endpoint should be addressed through a third-party ecosystem or pushed stronger as an independent effort. 8:30 AM maximum throughput of 120 Gbps for the PA-7050. SSL VPN and Internet access management. or anecdotes of channel partner shortcomings. Palo Alto Networks was consistently on most NGFW competitive shortlists seen by Gartner. and in the survey to vendors.Magic Quadrant for Enterprise Network Firewalls 4/24/15. mostly because of its NGFW focus. The clients we interviewed would like to see better log handling at scale. Web anti-malware). or claiming a 0% performance impact when enabling the antivirus (AV) function. Cautions Gartner clients report Palo Alto Networks' direct sales and resellers being overly optimistic about the performance impact of turning on antivirus (that is. Cloud-based sandboxing and active vulnerability scanning are available on Sangfor's firewall at no additional charge. Sangfor started shipping its enterprise firewall product line (Next-Generation Application Firewall) in 2011. http://www. They also cite competitive price as a reason for selecting the solution. Sangfor does not offer a virtual appliance. with App-ID implemented within the firewall and throughout the inspection stream. Internationalization of the Sangfor firewall product line is still an ongoing process. in addition to the existing GlobalProtect. Sangfor provides WAN optimization. Strengths Gartner clients consistently rate the Palo Alto Networks App-ID and IPS higher than competitors' offerings for ease of use and quality. for a firewall throughput of up to 80 Gbps. Potential customers outside of China should first verify the availability of vendor support and product documentation for their use case. and founded in 2000. WildFire.

increase cross-synergies across their solutions. Strengths Stormshield is a European vendor and benefits from local certifications. and at the AWS Marketplace. Sophos firewalls are also available in virtual appliance format and can run on AWS. in the limited visibility for Sophos firewalls on data center and larger enterprises' shortlists. however. such as the "EU Restricted" or specific assessment from the French government.5 Gbps to 60 Gbps) and the NG product line. ranging from 400 Mbps to 80 Gbps.com/technology/reprints. U. Stormshield has quickly executed on a plan to produce a new product line. In April 2013. and appeals to vastly distributed enterprises and organizations with a large mobile workforce. Sophos leads the market in AWS features and market penetration.K. their target market. The Sophos roadmap shows a good understanding of the needs of midsize and smaller enterprises clients. the SG series (14 models.. and is a good choice for AWSonly placements. Sophos' Niche Player position in this Magic Quadrant reflects its focus on upper-midmarket and smallerenterprise needs. Cautions Sophos' visibility on Gartner enterprise client shortlists remains low. Strengths A growing number of Sophos endpoint customers shortlist Sophos as a potential firewall. and several features are still unproven. The two remote Ethernet device (RED) models allow remote VPN connections for small branches. The Sophos Cloud management offering combines mobile. Stormshield is assessed as a Niche Player for enterprises. too. and have introduced the Stormshield Network Security line. Gartner believes that midmarket and large enterprise have different needs and expectations for centralized management and reporting solutions. and get lower scores in competitive evaluations where complex policy and stringent workflow requirements are highly weighted. and how they plan to address overlaps between their two firewall product lines. and will be delivering its unified next-generation product in mid-2015. that is primarily known for its endpoint security solution. potential product synergies and simplified procurement as the main reasons for selecting the vendor. Sophos Sophos is a security company headquartered in Oxford. headquartered in France. with a quickly growing number of deployments but a limited existence. The two groups have united under the Stormshield brand. Stormshield has a wide range of virtual appliances and AWS-based instances. which is of interest to EU governments and agencies looking for simpler procurement or a local provider. from 1. Sophos also sells secure Web gateways and secure email gateways in addition to its endpoint security and mobile security solutions. which is shown. citing ease of use. Sophos' current management and reporting offerings are oriented toward UTM use and distributed organizations. Its enterprise firewall portfolio mainly consists of two product lines. selling UTM systems and enterprise firewalls with integrated IPSs and vulnerability management. Its ownership (Airbus) adds credibility to French government and defense customers. with a limited number of firewalls for a single customer. endpoint and network management. making it a good candidate to protect hybrid networks. it acquired Arkoon. Sophos still maintains two firewall product lines. resulting from the acquisition of Indiabased Cyberoam (19 models.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 11 of 21 .Magic Quadrant for Enterprise Network Firewalls 4/24/15. and is almost exclusively from existing Sophos customers. In 2012. Customers must ensure their Sophos appliances can receive the firmware upgrade in order to take advantage of the new platform. a subsidiary of EADS Group) acquired Netasq. from 400 Mbps to 160 Gbps). Stormshield Stormshield (formerly Arkoon+Netasq). another French security company with firewalls and endpoint protection platforms. giving a clear choice to prospects and existing clients from the former companies when considering a firewall refresh. Customers cite IPS quality as a main reason they select Stormshield as their network firewall. These products are composed of nine appliances. smaller enterprises and Type C enterprises. Sophos is a good choice for upper-midmarket customers. http://www. mostly because it best serves midsize businesses and government agencies in Western and Central Europe. has been a pure-play network security vendor for more than 15 years. Sangfor's enterprise firewall is new compared with most of its competitors. Airbus Defence and Space — CyberSecurity (formerly Cassidian CyberSecurity. 8:30 AM Surveyed customers showed a majority of upper-midsize/small-enterprise use cases. Virtual versions are also available with the V series. and fill the remaining gaps in their security portfolio.gartner.

do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 12 of 21 . and it has low visibility in Gartner's customer base. has proven to be a good addition to the set of features that is targeting areas where many firewalls will be deployed. Cautions Gartner rarely sees WatchGuard in most Type A and Type B enterprise firewall selections. WatchGuard does not have the option for large enterprises to deploy a WatchGuard resident engineer. especially France. channel support and management capabilities tend to be more oriented toward SMBs. with its executive dashboard and traffic heat maps. As a result of these adjustments. which now appears in the Magic Quadrant. Added Sangfor was added to the Magic Quadrant. For example.gartner. WatchGuard continues to invest in enterprise use cases. the company has solutions that better suit prospective enterprise buyers than the UTM-only approach. Strengths WatchGuard's strong price/performance points have enabled it to win price-sensitive competitions across retail. It may be a reflection of a change in the market and. mostly because it serves SMBs and distributed enterprises. changed evaluation criteria. such as in franchises or retail stores. along with APT Blocker. or via an MSSP. remote office and Type C distributed enterprise deployments. though we have not seen much enterprise traction yet. WatchGuard's cloud-based malware detection offering based on Lastline technology. WatchGuard is assessed as a Niche Player for enterprises. Enterprise-class channels and support will need to be expanded if WatchGuard wishes to compete in a broader segment of enterprises. Users report high satisfaction with the WatchGuard management console. WatchGuard scored low as a significant enterprise competitive threat by the vendors we surveyed. the mix of vendors in any Magic Quadrant or MarketScope may change over time. The interactive heat map view (FireWatch) is useful to quickly identify network issues created by a specific user or application. and in including SDN in its roadmap. WatchGuard's branding. visibility and channel is focused on EMEA. 8:30 AM Cautions The majority of Stormshield's penetration. we do not often see it displacing Leaders for the edge firewall use case based on features. However. Dropped No vendors were dropped. Enterprise models are correctly targeted at NGFWs rather than UTM functionality. The XTM-branded firewall models fall into two categories: The XTM 2 Series and XTM 5 Series are UTM. The burden of maintaining software support for 36 models may stress Stormshield's R&D resources and its ability to execute on its technology roadmaps. Inclusion and Exclusion Criteria http://www. WatchGuard lags behind the Leaders in articulating a comprehensive data center strategy. therefore. however. Its XTM series of products spans performance and feature ranges demanded by large enterprises. Since WatchGuard's introduction of the "NGFW Bundle" option for appliances in 2011 and the 2014 release of APT Blocker. The cloud-based reporting solution WatchGuard Dimension. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. WatchGuard WatchGuard is a Seattle-based network security company that has primarily seen success in selling UTM products to midsize enterprises. or of a change of focus by that vendor. Arkoon+Netasq was renamed Stormshield. while the XTM 8 Series and the XTM 1520 and above are targeted at the enterprise. Stormshield lacks the ability to apply quality of service (QoS) rules based on application detection. it is not present on data center shortlists. Vendors Added and Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. with enhanced IPv6 and better traffic management released in 2014.com/technology/reprints. Moreover.Magic Quadrant for Enterprise Network Firewalls 4/24/15. The vendor has not been part of NGFW selections that Gartner has seen. email and Web security product lines. branch office. WatchGuard also has products that include SSL VPN. a requirement for some enterprise deployments.

and think in terms of value over sheer low cost. although those factors can affect a company's Ability to Execute. maintenance and installation. The company has personal firewalls. We assess the breadth of OEM partners as part of the evaluation of the firewall. The company demonstrates a competitive presence in enterprises and sales. carriers and MSSPs. deal size. and those being considered on competitive shortlists. we consider the use of these firewalls to protect the key business systems of enterprise clients. installed base. Low pricing will not guarantee high execution or client interest. and the ability to support complex deployments and modern DMZs. and includes the cost of all hardware. supported and in users' hands. or it is not actively shipping products. rule optimization and workflow). as well as carriers and ISPs that provide managed services. host-based IPSs and WAFs (see Note 2) — all of which are distinctly separate markets. Execution considers factors related to getting products sold. Strong execution means that a company has demonstrated to Gartner analysts that products are successfully and continually deployed in enterprises. Overall viability: This includes overall financial health. Presales and postsales support is evaluated. range of models. Buyers want good results more than they want bargains. The company's products sell as network firewalls. The company is not the original manufacturer of the firewall product. This includes the strength of the vendor's sales and distribution operations.Magic Quadrant for Enterprise Network Firewalls 4/24/15. winning in competitive environments through innovation and quality of product and service is more important than revenue. Execution is not primarily about company size or market share. The company primarily has a network IPS with a non-enterprise-class firewall. All vendors were required to disclose comparable market data. host-based firewalls. Gartner analysts consider that aspects of the company's product execution and vision merit inclusion. Support is rated on the quality. Rather. This includes hardware OEMs. Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients. The company regularly appears on shortlists for selection and purchases. and that the company wins a large percentage in competition with other vendors. Cost of ownership over a typical firewall life cycle (three to five years) is assessed. Sales are a factor. secondary product capabilities (logging. console quality. The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 13 of 21 . such as firewall revenue. Key features are weighted heavily. such as foundation firewall functions. event management. Exclusion Criteria Network firewall companies may have been excluded from this research for one or more of the following reasons: The company has minimal or negligible apparent market share among Gartner clients. Evaluation Criteria Ability to Execute Product or service: This includes service and customer satisfaction in enterprise firewall deployments. compliance.gartner. and also generate a steady stream of inquiries to Gartner analysts. resellers that repackage products that would qualify from their original manufacturers. and use by enterprises. scalability and ability to directly compete with the larger firewall product/function view.com/technology/reprints. low latency. Products that are suited for SMBs (such as UTM firewalls. and within a customer segment that is visible to Gartner. support. Sales execution/pricing: We evaluate the company's pricing. The number of firewalls shipped or the market share is not the key measure of execution. as is the pricing model for conducting a refresh while staying with the same product and replacing a http://www. however. Pricing is compared in terms of a typical enterprise-class deployment. company history. and we do not rate platform providers separately. The logistical capabilities for managing appliance delivery. prospects for continuing operations. 8:30 AM Inclusion Criteria Network firewall companies that meet the market definition and description were considered for this research under the following conditions: Gartner analysts have assessed that the company has the ability to effectively compete in the enterprise firewall market. installed. or those for small office/home office placements) are not targeted at the market this Magic Quadrant covers (enterprises) and are excluded. and demonstrated commitment in the firewall and security markets. Having a low rate of vulnerabilities in the firewall is important. product service and port density matter. Growth of the customer base and revenue derived from sales are also considered. competitive wins versus key competitors (which are compared with Gartner data on such competitions held by our clients) and devices in deployment. breadth and value of offerings through the specific lens of enterprise needs. but do not have the capabilities.

independent third-party certifications include the Common Criteria for Information Technology Security Evaluation. throughput of the IPS capability and how the firewall fared under attack conditions are also important.gartner. Vendors need to address the network security buying center correctly. and to present solutions that meet customer protection needs rather than packaging up fear. rather than an "us. or by offering innovative pricing or support offerings. The robustness of the enterprise channel and third-party ecosystem is important. and to the range of models to support various deployment architectures. such as by driving the market on innovative features co-packaged within the firewall.Magic Quadrant for Enterprise Network Firewalls 4/24/15. as are enterprise-class capabilities. virtualization and performance. and having a viable and progressive roadmap and continuing delivery of NGFW features is weighted very highly. including zero-day events. Channel and third-party security product ecosystem strategies matter insofar as they are focused on enterprises. it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process. current features. this ranking looks at which vendors consider the others to be direct competitive threats. Succeeding in complex networks with little intervention (for example. value for pricing. 8:30 AM competing product without intolerable costs or interruptions. and they must do so in a technically direct manner. and modify those plans as they forecast how market directions will change. Credible. Offering (product) strategy: This criterion focuses on a vendor's product roadmap. Marketing execution: Competitive visibility is a key factor. Gartner makes this assessment subjectively by several means.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 14 of 21 . An NGFW capability is heavily weighted. as well as http://www. vulnerabilities. rather than selling just fear or next-generation hype. such as multidevice management. Building loyalty through credibility with a full-time enterprise firewall staff demonstrates the ability to assess the next generation of requirements. In addition to buyer and analyst feedback. too" roadmap. uncertainty and doubt.com/technology/reprints. Sales strategy: This includes preproduct and postproduct support. Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product or Service High Overall Viability Medium Sales Execution/Pricing Medium Market Responsiveness/Record High Marketing Execution Medium Customer Experience High Operations Medium Source: Gartner (April 2015) Completeness of Vision Market understanding and marketing strategy: This includes providing a track record of delivering on innovation that precedes customer demand. show that they are following their plans. Understanding and delivering on enterprise firewall realities and needs are important. and against future trends identified in Gartner research. Unacceptable device failure rates. and how enterprises deploy network security. and a product's inability to survive to the end of a typical firewall life span are assessed accordingly. NGFW integration and enhancement. This criterion also considers the provider's history of responsiveness to changes in demand for new features and form factors in the firewall market. Table 1. and providing clear explanations and recommendations for detecting events. one-off patches) is highly considered. as well as the depth of staff experience — specifically in the security marketplace. virtualization. they must put plans in place. The NGFW capabilities are expected to be integrated to achieve correlation improvement and functional improvement. including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps. adaptability of configuration and support for enterprise environments. Customer experience and operations: These include management experience and track record. Market responsiveness/record: This evaluates the vendor's ability to respond to changes in the threat environment. Integration with other security components is also weighted. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor. and which are considered top threats by the others. Low latency. Vendors cannot merely state aggressive future goals. We also evaluate the vendor's overall understanding of and commitment to the security and network security markets. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment. The greatest factor in these categories is customer satisfaction throughout the sales and product life cycles. poor performance.

A solid NGFW capability is an important element as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. Innovation. Reducing the rule base. Common characteristics include handling the highest throughput with minimal performance loss and offering options for hardware acceleration. and. and having a good track record of avoiding vulnerabilities in their security products. Innovation: This includes R&D and quality differentiators. An articulated. such as introducing practical new forms of intelligence to which the firewall can apply policy. the more a product mirrors the workflow of the enterprise operation scenario.com/technology/reprints. Integration with other security products. to win deals. which includes low latency. these vendors can offer economical security product bundles that others cannot. We also evaluate how the vendor understands and serves the enterprise branch office and data center. Business model: This includes the process and success rate for developing new features and innovation. such as complex enterprise multinational deployments. carriers or governments. Challengers The Challengers quadrant contains vendors that have achieved a sound customer base. Many Challengers are slow to work toward a strong NGFW capability — or they have other security products that are successful in the enterprise and are counting on the relationship. Completeness of Vision Evaluation Criteria Evaluation Criteria Weighting Market Understanding High Marketing Strategy Medium Sales Strategy Medium Offering (Product) Strategy High Business Model Medium Vertical/Industry Strategy Medium Innovation High Geographic Strategy Low Source: Gartner (April 2015) Quadrant Descriptions Leaders The Leaders quadrant contains vendors that build products that fulfill enterprise requirements. support for virtualization and virtual LANs. viable strategy for addressing the challenges in SDN deployments is important. Firewall virtualization and securing virtualized environments. such as: Performance.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 15 of 21 . or operations that are difficult to configure or have limited reporting. Firewall market Challengers will often have significant market share. are scored accordingly. Challengers' products are often well-priced. Many Challengers hold themselves back from becoming Leaders because they are obligated to place security or firewall products at a lower priority in their overall product sets. Solving customer problems is a key element of this criterion. offering interproduct support and leading competitors on features are foremost. Visionaries http://www. and achieving high IPS throughput and low appliance latency. 8:30 AM product integration with other IT systems. but trail smaller market share Leaders in the release of features. providing expert capability rather than treating the firewall as a commodity. and a management and reporting capability that is designed for complex and high-volume environments.gartner. Vendors in this quadrant lead the market in offering new safeguarding features. Management interface and clarity of reporting — that is. such as multitier administration and rule/policy minimization. Products that are not intuitive in deployment. but they are not consistently leading with differentiated next-generation capabilities. is highly rated. "Giving back time" to firewall administrators by innovating to make complex tasks easier. it also includes R&D spending. Vertical/industry strategy and geographic strategy: These include the ability and commitment to service geographies and vertical markets. MSSPs. because of their strength in execution. These requirements include a wide range of models.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Table 2. the better the vision. rather than the product. rather than adding more alerts and complexity. new firewall mechanisms.

or face either replacement by innovative market entrants or commoditization by low-cost providers. as demonstrated through third-party testing under realistic threat and network load conditions. although other models from Leaders and Challengers may be more suitable. Next-Generation Firewalls One key area of firewall evolution that has been supported is what Gartner (in 2009) called "NGFW features" — namely. but continue using stand-alone IPSs. Savings and high-touch support can be achieved for organizations that are willing to update products more frequently and switch vendors if required. integrated deep packet inspection intrusion detection.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 16 of 21 . However. ease and speed of the deployment. especially in the relative importance of management capabilities. We have seen some common patterns in the firewall market as enterprises with three. the UTM approach fails to convince Type A and Type B enterprises that require NGFW capabilities and do not consolidate Web http://www. Market Overview As the first line of defense between external threats and enterprise networks. the firewall market is driven by refresh cycles. IT organization support capabilities. 8:30 AM Visionaries have the right designs and features for the enterprise. Organizations' final product selection decisions must be driven by their specific requirements. as well as increased enterprise demand for mobility. The key differentiators in these areas are IPS effectiveness. Context The enterprise firewall market is one of the largest and most mature security markets. Organizations are looking to extend their on-premises firewall vendor into infrastructure as a service (IaaS) cloud providers. It is populated with mature vendors and some more recent entrants. The firewall market is highly penetrated in the larger markets (North America. makers of multifunction firewalls for SMBs.com/technology/reprints. responding to changes in threats as well as changes in enterprise network speed and complexity. UTM vendors targeted SMB clients. to protect their installed base. Gartner expects the next wave of innovation in this market to focus on better identification of malicious protocols at multigigabit-per-second rates. but lack in performance capability and support network. with large signature sets and some custom signatures. or the ability to enforce policy on thousands of applications. virtualization and use of the cloud. incumbents must add improved capabilities and increase performance. and stateful firewall for network segmentation at low cost. but it is restricted to two use cases: distributed Type C enterprises (mostly in the retail industry). and upgrade IPSs to NGIPSs (see "Defining Next-Generation Network Intrusion Prevention"). and integration with the established security and network infrastructure. migrate to NGFWs for the firewall with application control and user context. acquisition costs. then Visionaries are good shortlist candidates. Most Visionaries' products have good NGFW capabilities. Because it is highly penetrated.gartner. have increased demand for new firewall features and capabilities. Identity-based policy enforcement. application identification and granular control. strategy or financial means to compete consistently with Leaders and Challengers. Gartner sees some limited success for Type C enterprises. has been highly touted but used infrequently. Changes in threats. However. then Niche Players can be shortlisted.to five-year-old firewalls and IPSs evaluate replacement: Enterprises not currently using any IPSs migrate to NGFWs with minimal use of advanced features. Enterprises with firewalls and stand-alone IPSs that are employed primarily in detection mode (that is. High-security environments upgrade to NGFWs for the firewall. Many Niche Players are making larger SMB products with the mistaken hope that this will satisfy enterprises. Some enterprises that have the firewall needs of an SMB (for example. firewalls need to continually evolve to maintain effectiveness. Vendors that do not have strong NGFW capabilities are supplementing them in a defensive move. If local geographic support is a critical factor. using minimal signature sets) migrate to NGFWs using the built-in IPS capabilities. UTM Can't Compete With NGFWs in Enterprises Historically. Enterprises with firewalls and stand-alone IPSs that are used for active prevention.Magic Quadrant for Enterprise Network Firewalls 4/24/15. the large UTM vendors have tried to expand beyond their traditional use case. Niche Players Most vendors in the Niche Players quadrant are smaller vendors of enterprise firewalls. but they lack the sales base. while vendors that have strong NGFW offerings are focused on manageability and usability. Western Europe and mature Asia/Pacific). They now try to sell UTM to enterprise clients that score price competitiveness higher than security. Firewall policy management (FPM) products are increasingly being used to manage complexity (see Note 3). some Type C "risk-averse" enterprises) may consider products from Niche Players. and fine-grained policy enforcement in approximately the top 40 business applications. in the past few years. or branch-office-only product makers that are attempting to break into the enterprise market. which means that. If firewalling is a competitive element for an enterprise.

rather than having macrorefresh cycles or "bumps" of refreshes. others are delivered through third-party partnerships. The Firewall Market Slows Down on Acquisitions. For 2015. subject to stringent third-party security evaluations. and now Check Point and Fortinet. "IPS" (32%). has become a rapidly growing market.Magic Quadrant for Enterprise Network Firewalls 4/24/15. pioneered by FireEye. The firewall http://www. we've seen firewall-connected sandboxes appeal mostly to budget-constrained Type B enterprises that would rather maintain single-console control over their firewall than deploy a separate platform. As other virtualization platforms such as Xen and Hyper-V gain traction. and "high availability/clustering" (27%). As advanced threat defense/detection further penetrates the mainstream market. firewall vendors have introduced solutions over the past three years. whereas 53% selected "throughput/speed" as a top three reason. managing heterogeneous virtualized firewalls from existing physical firewall vendors.5 billion. the firewall market grew 9. Have Some Advanced Threat Detection With That Firewall Advanced threat detection using a network sandbox. and approximately 30% of respondents selected "price" (34%).do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 17 of 21 . but has not seen significant adoption. During the evaluation period. demand for virtual appliance support has grown. this is the largest security product market (fast approaching $10 billion). Almost all operating systems within firewall appliances are uniquely hardened. Most of the firewall vendors evaluated here either deliver a network sandbox today. This refresh dynamic results in the market being linear. enterprise firewall vendors would underestimate the work of building an SMB channel). virtualization platform vendors and virtualonly firewalls will present a challenge. as in other markets. though adoption is growing quickly. and will be elevated by the addition of firewall add-ons such as IPSs and advanced threat defenses. We also forecast that this market will reach a compound annual growth rate of 10% through 2017. Performance and the ability to manage firewall policy through a single integrated management console for stand-alone appliances or virtual appliances are key differentiators.gartner. Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. has created some buzz for virtualizing data centers and networks and eastwest segmentation. so even if great new products emerge.5 billion in 2015. and incremental market growth is significant. Virtualized Firewalls: Hype Outruns Demand As data center virtualization has continued. No dynamic shift toward virtual appliances will occur until a fundamental change to the current network security virtualization market is made and demand drives vendor innovation. the number of virtual versions of firewalls sold remained flat at less than 2%. As the desire to defend against the advanced threat more fully permeates the mainstream market. 0% listed "virtual version available" as a top three reason they selected their current vendor. Gartner believes that the firewall market is "at capacity": Although the growth rate is just around 10%.com/technology/reprints. "management console/reporting" (32%). we expect that customers will increasingly turn to their firewall vendors for their network sandboxing needs (see "Market Guide for Network Sandboxing"). "application control" (29%). Gartner estimates the firewall market will grow approximately 10% to reach $10. Early VMware work with Palo Alto Networks. but Remains Dynamic Acquisitions in the firewall space slowed down in 2014 from 2013's breakneck pace. but growth remained robust. Gartner covers virtual-only firewall vendors such as vArmour and Illumio. UTM vendors also face difficulties in building a strong sales and support channel for enterprises (similarly. 8:30 AM antivirus on the Internet-facing firewall (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets"). Most enterprise buyers are also wary of shortlisting a UTM vendor because of its primary focus on SMBs and limited brand awareness. Among the 95 reference customers surveyed for this Magic Quadrant. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall. but few customers have adopted these. Thus far.5% to $9. Firewall refreshes remain constant at a five-year average. WAFs and firewalls on application delivery controllers (ADCs). incumbent firewalls are rarely refreshed before they reach maturity. Some of these are built by the firewall vendors. or have it on their short-term roadmaps. Confusing Use of "Application" and "Firewall" in Three Distinct Products Overlapping terminology and unclear marketing can lead to confusion among the three distinct issues of application control. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. in 2014. Gartner market data indicates that. These firewall-attached sandboxes are delivered mostly as cloud-based sandboxes priced as subscription-based services.

While Gartner does not expect this to change the size of the firewall market. most enterprises have a single brand of network firewall for all placements. a number of vendors deal with this complexity by leveraging a tiered value-added distributor/value-added reseller (VAR) model. In Asia/Pacific. As Gartner advises clients.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 18 of 21 .S. Deep http://www. Dell SonicWALL. virtualized. The effects on network security vendors' sales and market share in light of the U. KakaoTalk. it is likely to change the market share of vendors as non-U. culture and currency requirements. There are two usage profiles in Asia/Pacific concerning firewall acquisition and deployed features: Technologically more advanced Asia/Pacific countries (such as Japan.gartner. Matthew Cheung The Asia/Pacific region will represent just over 11% of the total enterprise network firewall market in 2015. This region has a different competitive landscape to other geographies due to its size and geopolitical alignments. Examples include Tencent (QQ. providers. This is different in makeup compared with the North American and European markets that predominantly operate under similar sets of legislative requirements and a limited number of currencies. With the steady transition to application and identity-based network security delivered by NGFWs. Adam Hils. emerging Asia/Pacific countries (China. documentation (with reporting at a minimum) and for technical support. Pure-play WAF companies (such as Imperva) or data center infrastructure vendors that provide WAF technology within their ADCs are concerned with protecting custom internal Web applications. QQ Browser) Weibo. serve a specialized niche of placements. or 11%. Viber and PPS Entertainment. data center and branch (see "One Brand of Firewall Is a Best Practice for Most Enterprises"). at least for sales and presales support. Singapore and Australia) have a similar feature adoption rate to the U. They can. Most traffic to enterprise Web servers remains encrypted until it reaches the ADC. vendors also need to support social networking and browser applications that are heavily used in Asia/Pacific. The Asia/Pacific market is forecast to make up $926 million of the total $8. Gartner does not see NGFW and WAF technologies converging because they are for different tasks at different placements. The Asia/Pacific region's diversity in terms of geography. meanwhile. WeChat.745 billion by 2017. surveillance revelations starting in 2013 are yet to be fully seen in Asia/Pacific.S. although not prevalent in the in a product's home country of development. These data center firewalls will be challenged to gain any noteworthy share until they can provide competitive firewalling for all enterprise placements. Asia/Pacific organizations expect support for local languages in both the product management interface. Asia/Pacific's diversity means that vendors must support these nuances and the cost of delivery burdens within a large region composed of many large and small countries. 8:30 AM application control approaches used by most NGFW vendors (such as Check Point. industry and economic models means there are varying levels of IT organization maturity and procurement policies. with Asia/Pacific accounting for $1. each with its own legislative. such as in cases where the data center is a separate business with its own firewall operations staff. such as Facebook and peer-to-peer (P2P) file sharing. which involves a termination and re-encryption of these sessions (see "Security Leaders Must Address Threats From Rising SSL Traffic" and "Web Application Firewalls Are Worth the Investment for Enterprises"). and Europe. Market Differentiators Firewall technology continues to be a fundamental element of network security strategy for Asia/Pacific organizations.S. embracing more recent trends such as cloudbased sandboxing. Line. This overall market is expected to grow to $9.S. WAFs are different: They are placed primarily in front of Web servers in the data centers. Fortinet and Palo Alto Networks) are mostly about controlling access to external applications.12 billion. Asia-Pacific Context 22 April 2015 Analyst(s): Craig Lawson. While some ADC vendors (such as F5) are now offering network firewalling within their ADCs as well.Magic Quadrant for Enterprise Network Firewalls 4/24/15. customers move away slightly from U. culture. Its diverse cultures and differences in market maturity create specific expectations and requirements when Asia/Pacific enterprises evaluate firewall vendors. including Internet-facing. Indonesia and others) are still moving through earlier phases of next-generation firewall (NGFW) feature adoption.346 billion spent on enterprise firewalls (11% of the global market) in 2015.com/technology/reprints. however. Considerations for Technology and Service Selection Clients in Asia/Pacific show a preference for providers that have a local presence. meaning the owners of firewalls and IPSs face the difficult decision of whether to engage SSL inspection. This will favor Asia/Pacific-native security providers that will benefit from a "built here" sentiment that is strong in some but not all parts of Asia/Pacific (see "The Snowden Effect: Data Location Matters").

Cisco should be considered for midsize and large enterprises that value a single vendor for networking and security solutions. which we attribute to geopolitical machinations stemming from the 2013 National Security Agency (NSA) disclosures. however. SonicWALL should be considered for Asia/Pacific clients that are already running Dell infrastructure. Vendors that offer this "feature" to advanced Asia/Pacific customers as part of their overall architecture will be more successful than point product vendors (see Predicts 2015: Infrastructure Protection). This enables Cisco to continue to compete for price-sensitive APAC buyers while allowing for upgrades for clients that also require advanced security features. Selections are based on analyst opinion and references that validate IT provider claims. Gartner is also seeing high levels of interest in mature counties in the region for integrated advanced threat detection capabilities leading to increased attach rate in NGFW sales. South Korea and Japan. SonicWALL could benefit from Dell's recent commitment of resources to the region. a large channel and extensive country-level coverage in Asia/Pacific. 8:30 AM understanding of this application ecosystem and subsequent ability to filter is a product differentiator in the Asia/Pacific market. lately Cisco's sales in China have taken a downturn based on recent public financial announcements. price is a strong driver. large-scale throughput is also an important factor in the telco/ISP vertical in the Asia/Pacific's heavily populated countries. email and identity products. New Zealand and Hong Kong). In the emerging Asia/Pacific countries with more mature economies. there is a large potential to move existing and new clients onto its NGFW platform. Cisco's intrusion prevention and advanced threat detection capabilities via the Sourcefire acquisition are included within the ASA with FirePOWER products and complemented by the broader portfolio of Web. Inside mature Asia/Pacific (such as Japan. and will help it appeal to organizations that demand a local-language experience. with regional vendors. and the market is continuing to show that products delivering a majority of "good enough" features at a palatable price will continue to hold and in some cases take share from more prominent brands. Asia/Pacific wide-field coverage and channel support. Check Point should be considered by security-conscious organizations within the Asia/Pacific region for its breadth of security content. this is not an exhaustive list or analysis of vendors in this market. marketleading features.com/technology/reprints. regional channel support and range of appliances. Additionally. however. Dell SonicWALL's range of appliances have localized language support to target organizations in China. but not the lowest. but to date has not developed an effective Asia/Pacific sales channel. Dell SonicWALL Dell SonicWALL lags behind many enterprise firewalls in regional market presence. in addition to feature-driven competitive displacement. which values security features and managing complexity as well as competitive. Australia.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Notable Vendors Vendors included in this Magic Quadrant Perspective have customers that are successfully using their products and services. and as a competitive option for price-conscious midmarket buyers and distributed enterprise use cases due to its large range of appliances. as is competitive pricing. putting it ahead of a number of extraregional competitors in the region. Check Point Software Technologies Check Point has a significant existing client base in Asia/Pacific and has consistently outsold all competitors in the region's firewall market. Use this perspective as a resource for evaluations. Cisco Cisco has a significant share of the security market in the region and has leveraged its networking heritage very successfully over a long period of time in sales of its firewall platform. It continues to be a formidable vendor in this market due primarily to its large channel and cross-selling opportunity for Asia/Pacific partners and clients. In many Asia/Pacific markets. NGFW features such as security efficacy. which is an important buying factor in Asia/Pacific. advanced management and robust support are all valued by customers. However.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 19 of 21 . The vendor has strong brand recognition. particularly China. With NGFW adoption rates in emerging Asia/Pacific lagging those in mature Asia/Pacific and other regions. Fortinet has also invested in Asia/Pacific with http://www. Singapore.gartner. It is pricecompetitive. but explore the market further to gauge the ability of each vendor to address your unique business problems and technical concerns. Fortinet Asia/Pacific and Japan especially represent a healthy percentage of Fortinet's worldwide revenue share. Check Point has also added advanced threat capabilities via sandboxing to the platform. Fortinet is the second-largest network security vendor. pricing. Consider this research as part of your due diligence and in conjunction with discussions with Gartner analysts and other resources.

it has marketed its iNGFW capabilities ("i" for intelligent) and a software-defined network (SDN) strategy in its product portfolio. Hillstone).S. where cost. More than half of Huawei's firewall revenue comes from outside of China. Since 2014. and its high performance and stability are cited by customers. Fortinet) and the relative size of Palo Alto Networks' Asia/Pacific staffing and channel. Advanced features continue to make it a worthy shortlist candidate for "lean-forward" Asia/Pacific organizations with the skills and budget necessary to leverage Palo Alto Networks' "next-generation" features and security content. competitive pricing and relationship with telecom operators.S. a threat research center in Singapore and a support center in Malaysia. This fosters its local presence as well as its product localization efforts. and additionally where price is a primary buying consideration. with an ambition to expand further globally by increasing its presence in the U. Huawei's key differentiators are its integration with its networking business. Huawei Huawei is one of the few Chinese network security companies that has expanded its foothold outside the region. which is due to cost and performance. but the rest of Asia/Pacific is relatively a small market in Huawei's overall revenue split. These features differentiate Hillstone from most of the commodity firewall vendors from China. As Juniper increasingly shifts its security emphasis to higher-end cloud providers and telecommunications areas. range of appliances and performance are key requirements for use cases that converge multiple technologies on a single appliance. high-throughput firewall application-specific integrated circuit (ASIC)based technologies. Although Huawei security is part of its networking and security division. but a majority of revenue comes from firewall. but customer adoption of Palo Alto Networks' technology is not as strong on a relative basis when compared with North America and Europe.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 20 of 21 . Huawei security has its own security sales team and dedicated channel partners. Hillstone has a broad portfolio of network security products. Hillstone Networks Hillstone Networks is a firewall vendor headquartered both in China and the U.com/technology/reprints. Although Hillstone focused originally on delivering common firewall features and functions. prospects within China. Fortinet's focus on lower-cost. Huawei's security products are sold widely to both enterprises and telecom operators. Juniper Networks also sees success with managed security service provider (MSSP) partners that often sell its firewalls (physical or virtual) as the default option. Asia/Pacific enterprises should ask for roadmap commitment to continued enterprise-class product development and support.gartner. Lean-forward organizations within the Asia/Pacific region with a security-over-cost preference should consider Palo Alto Networks for their shortlists. Fortinet should be considered by all midmarket and large clients due to its range of products and support of the Asia/Pacific region. Huawei security solutions should be considered by clients valuing the same network and security vendor. Juniper Networks has a proven networking channel in the region. Juniper Networks Juniper Networks does a greater percentage of its firewall business in Asia/Pacific than most global vendors. and it has leveraged to sell its SRX product line. The company has invested in Asia/Pacific and has established a viable presence. targeting both carriers and enterprises.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Sophos http://www. Gartner expects its integrated advanced threat prevention architecture to be a strong feature differentiator in the Asia/Pacific NGFW market. 8:30 AM R&D in Beijing. Hillstone has set up operations and distributors/resellers networks in most regions globally now. Check Point. including Southeast Asia. in combination with a competitive security feature set and advanced threat capabilities. Hillstone is also perceived as a price-competitive local provider. it has many wins among customers in Asia/Pacific with more mature IT adoption profiles. As a consequence. Palo Alto Networks Palo Alto Networks is seen as an innovator in firewalls due to its early-to-market next-generation firewall features. continuing its longtime legacy of serving regional customers' firewall needs. Hillstone looks to compete with global players with these features. the strength in Asia/Pacific of entrenched global players (Cisco. has given it market appeal in the region. and other regions. This is due to considerable competition from regionally strong players (Huawei. Hillstone's customer base is mostly in China.

This suits smaller. It has a similar go-to-market approach with its technology as vendors like Fortinet. omissions or inadequacies in such information. The information contained in this publication has been obtained from sources believed to be reliable. WatchGuard WatchGuard's regional presence in terms of the number of its Asia/Pacific customer mix is about on par with its extraregional competitors. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact.gartner. Gartner does not provide legal advice or services and its research should not be construed or used as such. Inc. Singapore and other parts of Southeast Asia. Gartner is a public company. Gartner is a registered trademark of Gartner. offering a good range and features of NGFW and unified threat management (UTM) appliances at competitive pricing. Gartner has seen its products mostly in Wins' core nations. midmarket Asia/Pacific clients. and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. WatchGuard should be considered by midmarket and geographically dispersed Asia/Pacific businesses that require a mix of security features at a competitive price. Korean and Japanese customers should consider this vendor for inclusion on firewall shortlists. South Asian organizations looking for a low-cost regional option with advanced identity-based controls should evaluate Sophos as a shortlist candidate.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 21 of 21 . Sophos.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Wins should be considered by clients in Wins' primary area of operation in Southeast Asia that require good local language and vendor support. Gartner’s Board of Directors may include senior managers of these firms or funds. completeness or adequacy of such information and shall have no liability for errors. The opinions expressed herein are subject to change without notice. Cyberoam's product line has excelled at user identity control and has embedded reporting its customers like. Sophos is in the process of integrating differentiated features of the legacy Sophos and Cyberoam product lines. Malaysia. Wins Wins is headquartered in South Korea. funds or their managers. The company competes primarily in South Korea and Japan. If you are authorized to access this publication. Cyberoam has added features to appeal to industrial enterprise use cases.com. All rights reserved. Clients should assess the outcomes of the product lines merging to ensure this process still aligns with tactical and strategic product choices. Inc. see “Guiding Principles on Independence and Objectivity. your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner. Gartner disclaims all warranties as to the accuracy. WatchGuard has also partnered to deliver payload advanced persistent threat (APT) detection functionality. which is increasingly becoming a table stakes component of perimeter architectures in Asia/Pacific. especially South Asia. In addition. WatchGuard has grown its presence in the region with additional staff. Although Gartner research may include a discussion of related legal issues. but the Cyberoam appliances remain available.” About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner http://www. where it already has a domestically successful network intrusion prevention system (IPS) offering. Although Wins is expanding into Indonesia. For further information on the independence and integrity of Gartner research. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. 8:30 AM Not traditionally a large player in the Asia/Pacific enterprise. © 2015 Gartner. Over the past several years. with its February 2014 acquisition of India-based Cyberoam. Gartner research is produced independently by its research organization without input or influence from these firms.com/technology/reprints. and/or its affiliates. has bolstered its presence in the region. Its NGFW includes the same IPS engine. or its affiliates.