You are on page 1of 21

Magic Quadrant for Enterprise Network Firewalls

4/24/15, 8:30 AM

Magic Quadrant for Enterprise Network
Firewalls
22 April 2015 ID:G00263955
Analyst(s): Adam Hils, Greg Young, Jeremy D'Hoinne

VIEW SUMMARY
"Next-generation" capability has been achieved by the leading products in the network firewall market,
and competitors are working to keep the gap from widening. Buyers must consider their operational
realities, the burden of switching, and the trade-offs between "best-of-breed" function and costs.

Market Definition/Description
The enterprise network firewall market represented by this Magic Quadrant is composed primarily of
purpose-built appliances for securing enterprise corporate networks. Products must be able to support
single-enterprise firewall deployments and large and/or complex deployments, including branch offices,
multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions, often
within the data center. These products are accompanied by highly scalable (and granular) management
and reporting consoles, and there is a range of offerings to support the network edge, the data center,
branch offices and deployments within virtualized servers.
The companies that serve this market are identifiably focused on enterprises — as demonstrated by the
proportion of their sales in the enterprise; as delivered with their support, sales teams and channels;
but also as demonstrated by the features dedicated to solve enterprise requirements and serve
enterprise use cases.
As the firewall market continues to evolve, NGFWs add new features to better enforce policy
(application and user control) or detect new threats (intrusion prevention systems [IPSs], sandboxing
and threat intelligence feeds). The stand-alone Secure Sockets Layer (SSL) VPN market has largely
been absorbed by the firewall market. Eventually, the NGFW will continue to subsume more of the
stand-alone network IPS appliance market at the enterprise edge. This is happening now; however,
some enterprises will continue to choose to have best-of-breed IPSs embodied in next-generation IPSs
(NGIPSs). More recently, enterprises have begun looking to firewall vendors to provide cloud-based
malware-detection instances to aid them in their advanced threat efforts, as a cost-effective alternative
to stand-alone sandboxing solutions (see "Market Guide for Network Sandboxing").
However, next-generation firewalls will not subsume all network security functions. All-in-one or unified
threat management (UTM) approaches are suitable for small or midsize businesses (SMBs), but not for
the enterprise (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products
and Markets").
The needs for branch-office firewalls are becoming specialized, and they are diverging from, rather than
converging with, UTM products. As part of increasing the effectiveness and efficiency of firewalls, they
will need to truly integrate more-granular blocking capability as part of the base product, go beyond
port/protocol identification and move toward an integrated service view of traffic, rather than merely
performing "sheet metal integration" of point products.

Magic Quadrant
Figure 1. Magic Quadrant for Enterprise Network Firewalls

ADDITIONAL PERSPECTIVES
Geography: Asia-Pacific

STRATEGIC PLANNING ASSUMPTIONS
Virtualized versions of enterprise network safeguards
will not exceed 10% of market revenues by year-end
2018, up from less than 5% today.
Less than 40% of enterprise Internet connections
today are secured using next-generation firewalls
(NGFWs). By year-end 2018, this will rise to at least
85% of the installed base, with 90% of new enterpriseedge purchases being NGFWs as more enterprises
realize the benefits of application and user control.
By 2018, 85% of new deals for network sandboxing
functionality will be packaged with network firewall and
content security platforms.
Fewer than 2% of deployed enterprise firewalls will
have Web antivirus actively enabled on them through
2016, although more than 10% of enterprises will have
paid for it.

ACRONYM KEY AND GLOSSARY TERMS
ADC

application delivery controller

AFM

Advanced Firewall Manager

ASA

Adaptive Security Appliance

ATA

advanced targeted attack

ATD

advanced threat detection

AWS

Amazon Web Services

DDoS

distributed denial of service

DMZ

demilitarized zone

FIPS

U.S. Federal Information Processing
Standards

FPM

firewall policy management

GUI

graphical user interface

IP

Internet Protocol

IPS

intrusion prevention system

IPv6

Internet Protocol version 6

MSSP

managed security service provider

NGFW

next-generation firewall

NGIPS

next-generation IPS

P2P

peer-to-peer

SMB

small or midsize business

SSL

Secure Sockets Layer

UTM

unified threat management

http://www.gartner.com/technology/reprints.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f

Page 1 of 21

Magic Quadrant for Enterprise Network Firewalls

4/24/15, 8:30 AM

VE

Virtual Edition

VPN

virtual private network

WAF

Web application firewall

EVIDENCE
This Magic Quadrant was conducted in accordance with
Gartner's well-defined methodology. The analysis in
this research was based primarily on interviews and
interactions during firewall inquiries with Gartner
clients since the 2014 "Magic Quadrant for Enterprise
Network Firewalls." We also considered surveys
completed by vendors, vendor briefings conducted at
the request of vendors throughout the year, interviews
with references provided by vendors, and supporting
Gartner quantitative research on market share.
Guidelines for responding to the full survey were
provided at the time of issue. Responses were,
nevertheless, of variable quality. Responses that were
lower quality (for example, respondents ignored the
question, they used poor grammar, they were unable
to explain key concepts, they were unable to provide
high-quality explanations of use cases, or they were
unable to go beyond technical capabilities and
demonstrate an understanding of the business
environment), or that did not meet the guidelines,
generally tended to score lower. Vendors that declined
to provide a survey response were assessed by
Gartner as to what their likely reply would have been
(usually, this was in relation to specific revenue
breakdowns). Some vendors declined to answer certain
questions due to market restrictions, and, therefore,
did not fare as well under some of the scoring criteria.

Source: Gartner (April 2015)

Vendor Strengths and Cautions
AhnLab
South Korea-based AhnLab is a long-established security vendor. Known mostly for antivirus software,
AhnLab's network security offerings include firewalls, IPSs and advanced threat solutions. AhnLab
began offering a firewall product under the TrusGuard brand in 2007, and now there are 10 models. The
firewall is Common-Criteria-certified EAL4, but does not have other third-party evaluations (such as
ICSA Labs, NSS Labs or FIPS PUB 140-2).
AhnLab is assessed as a Niche Player for enterprises, because most of its wins are within a specific
geography — South Korea — and/or are associated with an expansion of the endpoint security
business, not because the vendor competes on best-of-breed enterprise firewall features.
Strengths
South Korea clients should consider AhnLab for their firewall shortlists, given its significant local
market share and support presence.
The model range is very broad; the engine was designed to minimize distributed denial of service,
including features optimized for handling smaller packet sizes.
AhnLab's endpoint product customers can have the same vendor provide them with their network
firewall solution, reducing vendor management challenges.
Cautions
The TrusGuard firewall is not often seen in enterprise selections in the Gartner client base. AhnLab
was not listed by any vendor we surveyed as a significant enterprise competitive threat.
AhnLab does not offer virtual firewall models, and has not yet integrated its Malware Defense
System (MDS) malware detection appliance with its firewall.
AhnLab does not allow multiple administrators to make rule changes simultaneously, placing it at a
disadvantage in large enterprises.

Barracuda Networks

We asked for a specific number of references from
each vendor (n = 95, total), and each reference
customer was supplied with a structured survey.
References were scored on the basis of their quality
and what they told us. For each vendor, we took into
account the comments from that vendor's references
as well as what other vendors' customers said about
that particular vendor. Vendors could be notably
affected by the inability to have a sufficient number of
reference customers providing input.

NOTE 1
TYPE A, B AND C ENTERPRISES
Enterprises vary in their aggression and risk-taking
characteristics. Type A enterprises seek the newest
security technologies and concepts, tolerate
procurement failure, and are willing to invest for
innovation that might deliver lead time against their
competition; this is the "lean forward" or aggressive
security posture. For Type A enterprises, technology is
crucial to business success.
Type B enterprises are "middle of the road." They are
neither the first nor the last to bring in a new
technology or concept. For Type B enterprises,
technology is important to the business.
Type C enterprises are risk-averse to procurement,
perhaps investment-challenged and willing to cede
innovation to others. They wait, let others work out the
nuances and then leverage the lessons learned; this is
the "lean back" security posture that is more
accustomed to monitoring rather than blocking. For
Type C enterprises, technology is critical to the
business and is clearly a supporting function.

NOTE 2
BUYERS' CONFUSION CONCERNING WAFS
The advent of application control in firewalls has led to
some natural confusion between the NGFW and WAF
markets in the minds of buyers. Today, these markets
remain very distinct. The critical difference is of
direction: Application control in NGFWs is concerned
primarily with applications that are external to the

http://www.gartner.com/technology/reprints.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f

Page 2 of 21

Although we see Barracuda Firewall in SMB deals. with several features in the R80 version intended to improve the auditability and manageability of the security policy. NOTE 3 FPM TOOLS Third-party FPM vendors (such as AlgoSec. cloud security and distributed denial of service (DDoS) solutions. whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria. the financial and practical success of the business unit. while the Barracuda NG Firewall Vx is a virtual version. Although the FPM market is still somewhat small.gartner. change direction. Marketing Execution: The clarity. An advanced threat option has been added with the Barracuda advanced threat detection (ATD) option. increase awareness of the products. No vendor we surveyed listed Barracuda as a significant enterprise competitive threat. Israel. Check Point's enterprise firewall product line includes 17 appliances and two chassis for hardware blades. or delivered as software. service-level agreements and so on. promotional initiatives. repackaged from ATD vendor Lastline. Operations: The ability of the organization to meet its goals and commitments. Its comprehensive product portfolio allows Check Point to be deployed in a variety of enterprise use cases. It is able to support these clients globally with a strong channel presence and a significant internal team devoted to firewall feature development. Strengths The Barracuda NG Firewall is a good option for customers that already have other Barracuda products or are located in Western or Central Europe. notably Germany and Austria. an enterprise may be in the midst of a multistage rollout of a new platform. This includes current product/service capabilities. Check Point firewalls consistently get high scores from clients on security and ease of management in complex environments. Check Point Software Technologies Check Point Software Technologies is co-headquartered in Tel Aviv. programs. and San Carlos. products and services/programs that enable clients to be successful with the products evaluated. availability of user groups. and the vendor does not yet have well-established enterprise network security channels or support outside of Western and Central Europe. customer support programs (and the quality thereof). The NG Firewall showed a strong correlation for selections in a survey for high availability and clustering. will continue offering the product and will advance the state of the art within the organization's portfolio of products. it's growing fast. Although a few firewalls offer optional WAF modules. OpenStack and Microsoft Azure. deployed on VMware. It continues to invest in its management suite. Most interest has come from incumbent customers that have other Barracuda products. The new chassis solutions further expand Check Point's ability to scale to the largest data centers and to adapt to their future growth requirements. 4/24/15. This can also include ancillary tools. while the Barracuda NG Firewall series targets enterprises.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 3 of 21 . Overall Viability: Viability includes an assessment of the overall organization's financial health. The Barracuda Firewall series targets SMBs. systems and other vehicles that enable the organization to operate effectively and http://www. quality. Strengths Check Point has one of the largest existing enterprise client bases and continues to appear frequently on final shortlists for enterprise firewall selection. promote the brand and business. Check Point also shows strong execution on its enterprise-focused roadmap to deliver features targeting the various firewall placement use cases for enterprises. All FPM vendors support multiple firewall products. Amazon Web Services (AWS). mobile security. FireMon and Tufin) continue to exploit the absence of firewall consoles to optimize. In other cases. The NG Firewall tied for the highest score in a survey to references for IPS function. The NG Firewall has application control and reputation services. OpenStack and Cisco Application Centric Infrastructure (ACI) is a good signal for clients considering Check Point security solutions when they evaluate software-defined network (SDN) projects. and reduce firewall rules and policies.Magic Quadrant for Enterprise Network Firewalls Campbell. threat prevention. The Barracuda management console scores well in selections for simple deployments. competitors act. Market Responsiveness/Record: Ability to respond. and the likelihood that the individual business unit will continue investing in the product. Gartner assesses Check Point Software as a Leader for enterprise firewalls because a good score during technical evaluation continually drives new client wins and contributes to retaining a large portion of its existing customer base. whereas WAFs are concerned with protecting custom Web applications on servers that are internal to the enterprise. EVALUATION CRITERIA DEFINITIONS Ability to Execute Product/Service: Core goods and services offered by the vendor for the defined market. In addition. This criterion also considers the vendor's history of responsiveness. Customers can supplement Check Point's firewall with an advanced threat offering (Check Point Threat Cloud). skills and so on. Factors include the quality of the organizational structure. visualize. creativity and efficacy of programs designed to deliver the organization's message to influence the market. and can add additional threat intelligence feeds from third parties (Check Point Intellistore) and integrate Check Point's firewall with its Mobile Security suite to enforce security policy for mobile users (using Check Point Capsule). California-based Barracuda Networks has been focused primarily on selling a wide range of security storage. P2P and Facebook). this includes the ways customers receive technical support or account support. experiences.com/technology/reprints. California. 8:30 AM enterprise (for example. and there is a Microsoft Azure instance. Barracuda is assessed as a Niche Player for enterprises because Barracuda does not effectively sell its enterprise-capable product to enterprises other than in Western and Central Europe and in certain public cloud deployments. these are rarely enabled. Additionally. scaling up to 400 Gbps. such as IPSs. we see WAFs deployed as a stand-alone product (such as from Imperva). Gartner has observed a considerable increase in NG Firewall sales since the previous edition of the Magic Quadrant. including skills. Check Point firewall capabilities can be expanded by predefined packages of additional software blades. word of mouth and sales activities. Although having differentiated products for enterprises and SMBs is good and reflects their different needs. very large enterprises may have firewall products from different vendors — sometimes by accident via acquisition rather than through choice. whereas no firewall vendor will effectively manage a competing product. and the overall effectiveness of the sales channel. Customer Experience: Relationships. This "mind share" can be driven by a combination of publicity. presales support. whereas the Barracuda Firewall series targets SMBs. feature sets. and it has finally merged the network and application components in a unified policy. pricing and negotiation. Gartner believes that Check Point's strategy to support VMware NSX. Barracuda is not visible on the firewall shortlists of Gartner enterprise customers. because a single-vendor solution is usually the best choice. Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. and the customers requiring help with complexity are the very largest. an off-premises service (such as from Akamai) or within an ADC (such as from F5). and infrastructure appliances and cloud services to midsize businesses and smallenterprise markets at low prices. except in some regions. Barracuda's product naming is confusing for enterprise clients. FPM vendors are expanding into managing other network security devices. It can also be delivered as a virtual appliance. customer needs evolve and market dynamics change. Its portfolio includes next-generation firewalls. providing a competitive choice versus competing firewalls. The Barracuda enterprise firewall offering is the NG Firewall. Cautions Barracuda customers are primarily SMBs. endpoint. and establish a positive identification with the product/brand and organization in the minds of buyers. thought leadership. This includes deal management. Web security. The Barracuda NG Firewall is a strong competitor in situations where price is highly weighted in the selection. Instead. quality. be flexible and achieve competitive success as opportunities develop. Specifically.

skills and offerings to meet the specific needs of geographies outside the "home" or native geography. For a while. then plateaued at a lower lever during the second half of the year. Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation. 8:30 AM efficiently on an ongoing basis. Gartner observed a higher than usual number of clients reporting stability issues with Check Point solutions. as well as the fact that Check Point clients are not willing to subscribe to additional software options after the initial sizing. Gartner analysts observed that many of these incidents involved clusters of new hardware platforms running the first versions of the unified GAiA OS. and unexpected long resolution time. The firewall offering is primarily via the Adaptive Security Appliance (ASA) brand that includes an IPS released in 2014. including vertical markets. and can shape or enhance those with their added vision. service. Geographic Strategy: The vendor's strategy to direct resources. Cisco became more able to compete in the NGFW field 4/24/15. Completeness of Vision Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. technologies. the combination of FireSIGHT — which manages the IPS function for ASA with FirePOWER services — and Cisco Security Manager — which manages the ASA firewall — is the alternative for ASA with FirePOWER services. broad geographic support and wide availability of other security products. the Adaptive Security Device Manager (ASDM) can function as an on-the-device single-instance manager. Gartner views the Platform Exchange Grid (pxGrid) initiative to allow third-party components onto the ASA as the most promising development in the Cisco firewall roadmap. customer programs and positioning statements. services and the customer base. ASA with FirePOWER services is the ASA with the Sourcefire IPS Advanced Malware Protection (AMP) and application visibility and control added in. Gartner clients consistently rate the Cisco support network as excellent. In the survey sent to vendors. but firewalls are also available via the Firewall Services Module blade for 6500 and 7600 series switches. The rich context provided by the FirePOWER services integration adds to this advantage. in fear of performance issues.gartner. Gartner expects that Cisco will unite the Cisco management console in the short term. functionality. Web security and email security tiers. and it is the most-oftencited reason for loyalty to Cisco security products. advertising. Cisco's product was the second most frequently listed as the one vendors claimed to replace the most. and communication affiliates that extend the scope and depth of market reach. undersizing was a clear reason for performance issues. however. differentiated set of messages consistently communicated throughout the organization and externalized through the website.Magic Quadrant for Enterprise Network Firewalls Cautions Price is the most common factor invoked by Gartner clients to introduce competition for Check Point solutions at renewal time or as a reason to favor competition during shortlists. expertise. related. With the introduction of ASA with FirePOWER services in September 2014. Cisco San Jose. Surveyed Cisco firewall clients consistently ranked the availability and presence of other products from Cisco within their networks as the most important factor in their selection of the vendor. Cisco offers a wide choice in firewall platforms. Cautions Gartner clients select Cisco firewall products more often when security offerings are added to a Cisco infrastructure. expertise or capital for investment. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales. channels and subsidiaries as appropriate for that geography and market. Marketing Strategy: A clear. either directly or through partners. In a few reported client situations. Cisco's virtual firewalling lines. and see it as a tactic to control total costs. California-based Cisco has a broad network security product portfolio across firewall/IPS. Gartner analysts noticed that hardware platforms submitted in reseller proposals tend to be more tightly sized. This peaked in 2Q14. with the situation improving as Check Point simplified the number of supported legacy versions. the ASAv and the VSG.com/technology/reprints. The primary offering is the stand-alone firewall ASA. and caused unnecessary back-and-forth discussion to get the adequate model. rather than when there is a shortlist with competing firewall appliances. Cisco's security console offerings consistently score low versus competitors in assessments http://www. The inclusion of Sourcefire IPS within ASA has improved the quality of the ASA IPS and application control. complementary and synergistic layouts of resources. Cisco is assessed as a Challenger for enterprises.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 4 of 21 . 2 in the vendor list of perceived competitive threats. Gartner believes that reasons include insufficient results of marketing operations to support the launch of these options. skills and offerings to meet the specific needs of individual market segments. and on Cisco's Internetwork Operating System (IOS)-based Integrated Services Router. defensive or pre-emptive purposes. Gartner saw Cisco winning firewall procurements mostly through sales/channel execution or aggressive discounting for large Cisco networks customers. Check Point customers are often slow to adopt new software options like its threat emulation software blade. Cisco will have two primary console offerings. First. Gartner did not see it displacing Leaders based on vision or features. require the presence of the Nexus 1000v virtual switch. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs. The integration of reputation features across Cisco security products is a strength. Business Model: The soundness and logic of the vendor's underlying business proposition. In 2014. as they benefit from a lower amount of client feedback. The vendor has strong channels. on Cisco's ASA for virtual data center and cloud environments. Vertical/Industry Strategy: The vendor's strategy to direct resources. This increases the time for these new options to become mature. consolidation. and we rarely saw Cisco release firewall innovations that caused Leaders to react. Strengths The Enterprise License Agreement (ELA) for security software and hardware adds value for Cisco security customers that are undertaking multiyear deployments and wish to maintain a timetable and product flexibility. methodology and feature sets as they map to current and future requirements. In addition. it was also listed this year as No. skills. Before the introduction of ASA with FirePOWER services. Innovation: Direct. marketing.

with the SuperMassive line aimed at enterprises. It includes http://www. however. sells enterprise network firewalls under the Dell SonicWALL name. rather. in a survey to users. Dell SonicWALL is a good choice because of its wide range of products and available SMB-oriented feature set. NSA and TZ. Gartner rarely sees Dell SonicWALL in most Type A and Type B enterprise firewall selections. Gartner believes that moving completely to the Sourcefire FireSIGHT will bring improvements. low latency and price per protected megabits-per-second are foremost. identity management offerings. Texas. Dell SecureWorks presents a potential channel conflict for sales to other MSSPs. it is perceived as a midsize brand associated with the greater Dell brand. a network firewall. email security gateways. managed security service provider (MSSP) offerings under the SecureWorks brand. mostly sold as an add-on of other features to existing F5 customers. Other Dell SonicWALL security products include SSL VPNs.com/technology/reprints. customers ranked throughput and speed as the foremost selection criterion supporting this assessment. Dell SonicWALL scored low as a significant enterprise competitive threat by the vendors we surveyed. which can view Dell SonicWALL as part of a competitor.gartner. F5 F5. Gartner analysts have observed competitors using this argument to gather channel partners from Dell SonicWALL. F5 is assessed as a Niche Player for the enterprise firewall market. Gartner views F5 as successfully using security as a competitive feature in the ADC market rather than being a pure play in the firewall market.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 5 of 21 . up to 640 Gbps) hardware platforms. which is headquartered in Round Rock. security modules include Application Security Manager (ASM). Its firewall product offering relies on the BigIP appliances (14 models. or with Type C enterprises (see Note 1). The company's firewall offerings are in four branded lines: SuperMassive. and its sales channels and marketing programs haven't effectively reached enterprise buyers. and at competitive price/performance points. Dell SonicWALL is not yet widely viewed as an enterprise strategic security player. in which firewall throughput. Gartner clients choose AMP not for its undifferentiated sandboxing capability. The SuperMassive line has achieved market traction in high-throughput firewall deployments. such as carriers and service providers. 8:30 AM conducted by Gartner clients. because its firewall offering is visible only in a limited number of use cases. and backup/recovery offerings. such as in retail or franchise outlets. Cisco ASA has a firewall console integration of a local sandbox-based advanced targeted attack (ATA) cloud instance or appliance through Advanced Malware Protection (AMP). is a leading data center application delivery vendor. Dell SonicWALL is assessed as a Niche Player for enterprises. The product lines TZ and NSA are aging. Cautions As reported by Gartner clients. For current Dell customers that want to have fewer security vendors. Cisco can improve its ATA-associated sandboxing if it integrates its 2014 acquisition of ThreatGRID. in part because it hasn't brought innovative security features to market in a timely manner. Strengths Dell SonicWALL's broad model range is a good option for distributed enterprises with many remote-office deployments requiring many smaller devices. Dell SonicWALL prospects should ask to see roadmaps for evidence of future innovation plans. Gartner observes a strong correlation between SonicWALL purchases and incumbent Dell customers. Cisco scored lower than most competitors in a Gartner survey of users for overall client satisfaction. this is not a "Caution" for other organizations. Dell SonicWALL Dell. from 5 Gbps up to 80 Gbps) and Viprion chassis (four models. In addition to the traffic management modules (GTM and LTM) that are the core of F5's Application Delivery Controller (ADC) offering. however. its Web application firewall. The majority of Dell SonicWALL's business had been selling UTM to midsize enterprises. E-Class Network Security Appliance (NSA). clean wireless offerings. However. F5 also offers virtual appliances (F5 VE) and centralized management (Big-IQ) for its Big-IP solutions. based in Seattle.Magic Quadrant for Enterprise Network Firewalls 4/24/15. and scored poorly in a survey to users in regard to false positives for IPS in the firewall. data encryption offerings. running the F5 Traffic Management Operating System (TMOS). Gartner has observed that the Dell SonicWALL channel has migrated the core firewall business into more midsize organizations or into organizations that already had a strong Dell SonicWALL relationship. and the Advanced Firewall Manager (AFM). but for other ATA detection strengths. Strengths F5's software is optimized for data center and ISP infrastructure protection use cases.

In addition. F5 lacks an IPS module and only recently introduced secure Web gateway (SWG) services. Gartner believes that Fortinet's Feature Select. However. Fortinet has a well-articulated strategy regarding virtualization. competitive pricing and accelerating revenue growth. the Fortinet console is more competitive. Cautions Despite some improvements in 2014. It offers a broad security portfolio and has some presence in network infrastructure. data centers. but has yet to be covered by a unified software component. and lacks entry-level appliances required for branches and small headquarters. robust routing optimization and SDN features. it is very competitive in data center evaluations in which high-performance. Fortinet does not often release features that cause Leaders to react. Gartner believes that the number of appliances and software versions impacts customer support. management capability compared with the competition remains the reason most often listed by Gartner clients as the reason why Fortinet was shortlisted but not selected by enterprises. mostly because we see it displacing competitors on value and performance. 8:30 AM IPv6 compatibility. except when customers already own F5 ADC and evaluate F5's upgrade options. This is a positive sign for these clients that can add a firewall component to their existing data center deployment at a fraction of the cost required by the acquisition of a dedicated appliance. which are often a weak spot of other firewall platforms. Fortinet still supports more versions and models (with often overlapping specifications) than many of its competitors. Strengths Fortinet has a large hardware R&D team and uses it to go to market quickly with higherperformance chipsets. This includes hardware acceleration and 40 Gbps network interfaces. which provides preset initial configuration options http://www. F5 is not seen yet as a competitive threat by other firewall vendors evaluated in this market. but increasingly in more widespread enterprise use cases. F5's customer give good scores to its hardware platform for its ability to scale. service providers and distributed enterprises (for example. including bladed appliances for large enterprises and carriers. retail and franchises). as well as SMB and branch office solutions.gartner. Although it's reduced the number of appliances in its overall Fortigate product line. The application control feature is limited to what users get from SWG and Web application firewall (WAF) modules.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 6 of 21 . public cloud and SDN. Fortinet continues to make progress within the Gartner customer base. In addition to enterprise NGFW deployments. but also strong SSL optimization capabilities. It is a viable shortlist contender for most enterprise firewall use cases. Gartner has already seen F5 compete well in firewall placements for hosting providers. and has a promising partnership with VMware NSX. Gartner also expects F5 to add integration with its firewall and its Silverline DDoS protection offering. especially in branch office or retail deployments. As F5's firewall modules are likely to be used as a data center supplement to a perimeter firewall. F5 is missing the critical competitive component of a stand-alone Internet-facing firewall to protect users and servers where an ADC is not required. providing extensive pressure on competitors and pleasing the channel. Gartner believes that F5's efforts to cover a broad feature set could hurt its ability to provide sufficient depth for the core features used in enterprise firewall use cases. Fortinet offers a good price/performance ratio and a wide model range. California-based Fortinet has long focused on using purpose-built hardware to produce enterprise firewall and UTM appliances with a wide range of features at strong price/performance points. low-latency stateful firewalls are the primary need. Fortinet is well-suited to deployments in carriers. Fortinet is assessed as a Challenger. Fortinet continually delivers new functions in the application-specific integrated circuit and operating system.com/technology/reprints.Magic Quadrant for Enterprise Network Firewalls 4/24/15. F5 dedicates significant efforts to security features and shows its customers a commitment to consider security as a central topic of its roadmap. Fortinet Sunnyvale. Gartner expects F5 to compete in data-center-only deals when architecture complexity is low. where multiple firewalls share the same policy. The firewall features in Fortinet's enterprise firewall products can now meet most of the needs of firewall-focused large-enterprise buyers. Fortinet is a significant threat to competitors in this market because of its hardware expertise. F5's integration with only one firewall policy management software (FireMon) limits security buyer options. Cautions F5 does not appear on Gartner client competitive shortlists for enterprise firewall selection. but struggling against Leaders in mainstream enterprise selections based on features and vision.

Surveyed customers frequently cite management interface as an area that requires improvement.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 7 of 21 . formerly of H3C Technologies in China. there is no direct hardware upgrade path from the IPS to the NGFW. all bearing the "S" prefix. doesn't effectively communicate the support of the varying use cases of many enterprises or can convey to customers that the NGFW is just a subset of the full UTM suite rather than a "made-for-enterprise" solution. and offers dedicated firewall models for this market. HP is assessed as a Niche Player. both continue to be sold. the second line is composed of F5000 and F1000. California-headquartered HP has two lines of firewalls. While Fortinet's marketing mix became much more enterprise-focused in 2014. Its firewall portfolio is composed of three product lines. the most mentioned reason for buying the HP firewall was already having other HP security products. or to those deployments in which IPS needs are more highly ranked than other firewall features. These two lines are on distinct code bases. 8:30 AM or bundles of features. the T-Series (3 models). The new TippingPoint NGFW (x86-compatible) is the redesign of the older TippingPoint IPS. HP NGFW scored highest for user satisfaction regarding quality of IPS relating to false negatives and positives. the E-Series (13 models) and the X-Series (two chassis). The TippingPoint NGFW and IPS are managed under the HP TippingPoint SMS console. and offers virtual versions in its virtual Elastic Firewall Architecture (vEFA). HP has the potential to be a disruptive influence and a market challenger through continued product advancement and utilization of the HP channel. HP Palo Alto. There are six models of NGFW. which will work with HP's NGFW and IPS via the integration with the HP TippingPoint Security Management System console. Hillstone has added network behavior anomaly detection into its firewall. Hillstone Networks Based in Beijing and Sunnyvale. Hillstone's recent release of a firewall with behavior-based policy (named Intelligent NextGeneration Firewall) indicates a motivation to bring further innovation to the enterprise firewall market. Cautions http://www. Strengths Hillstone has a strong presence in China. Hillstone is assessed as a Niche Player because it is visible to Gartner only in one region. are under different consoles and are supported by different groups within HP. Strengths The proven TippingPoint IPS engine brings a very good quality of IPS to the new NGFW line. Hillstone Networks is a pure-play firewall vendor. previous UTMoriented marketing has created a lingering brand disadvantage with some enterprise security buyers.Magic Quadrant for Enterprise Network Firewalls 4/24/15. However. mostly because Gartner has not yet seen the new firewall product on shortlists (see "Vendor Rating: HP" for more information) or as fully featured as most Challengers and Leaders. California.com/technology/reprints. meaning new adopters are less likely to have to wait for new models to consider deployments.gartner. which can facilitate purchase decision for international companies willing to use a local vendor in the Asia/Pacific region. which is based on custom application-specific integrated circuits (ASICs). In a survey of firewall users. Hillstone integrates with FireMon and AlgoSec policy management software. which is of interest to incumbent TippingPoint IPS deployments that are looking to replace a firewall. There is a good range of models in the new firewall line. As such. The first is the new TippingPoint NextGeneration Firewall (NGFW) line. Gartner also observes increasing competition for Hillstone in China from local and regional vendors. with a majority of its sales in China. with firewall throughput ranging from 1 Gbps to 360 Gbps. Surveyed customers in China give good scores to direct vendor support. Cautions Hillstone Networks' firewalls are not yet seen in enterprise selections among the Gartner client base outside of Asia/Pacific. In a Gartner survey. Although it is aggressively moving to increase sales in more regions by expanding its worldwide partner ecosystem. which will already be familiar to HP IPS customers. Surveyed customers indicate that performance degradation when enabling intrusion prevention is higher than the leading vendors evaluated in this market. HP is adding an advanced threat sandbox solution via a local appliance based on Trend Micro's Deep Discovery Inspector.

HP NGFW prospects and customers should evaluate HP's NGFW release cadence and feature quality. incumbent HP customers may still find this to be a shortlist option.) Gartner believes that. however. Strengths The breadth of the Intel Security threat intelligence and reputation feeds is a positive quality element and leverages the Intel Security footprint on endpoints. especially North America. The range of firewall appliances and models is extensive. Gartner clients rarely included HP firewalls in the shortlists we observed. sells security controls at the endpoint. HP has been slow to execute on a roadmap and add new features to its firewall to allow it to compete for general enterprise business by being "RFP ready. there is some increasing competitive presence and growth in EMEA. preventing it from fully fulfilling some enterprise compliance and security needs. especially for higher-throughput options. China-based Huawei has been shipping firewall products for more than a decade (for more information. Unified Security Gateway (USG) is the primary enterprise line. and for customers that already have Huawei products and wish to expand that business to firewalls. and off a variety of other network security appliances. Intel Security (McAfee) Intel firewalls are sold under the McAfee brand. Its upcoming roadmap addresses enterprise-oriented features. the surveyed HP users most often cited that the SMS console needs improvement in managing the new firewalling capabilities. secure Web gateways. More Huawei firewall revenue is derived from carriers. largely targeted to enterprise customers. including a virtualized version. and has performed well in third-party testing. Intel Security will have a single hardware platform supporting the McAfee NGFW and NSP. as they are challenged in gaining share in the firewall market. whose product is now called the McAfee Next Generation Firewall (NGFW). Huawei delivered and improved some application control and other NGFW features in 2014. which is the IPS product.com/technology/reprints. Intel (McAfee) network security is best-known for Network Security Platform (NSP). McAfee.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 8 of 21 . Intel Security is assessed as a Niche Player for enterprises because it primarily sells alongside other Intel and McAfee security products rather than beating Leaders in shortlists." However. Cautions Huawei has limited competitive visibility outside the Asia/Pacific region. Huawei lags the competition in partnering with firewall policy management vendors. as well as the timely delivery of roadmap capabilities to determine continued investment and priority. in the near future. Gartner views HP as trending toward re-emphasizing stand-alone IPSs over firewalls. and consistently asked for better reporting. California). Based on conversations with Gartner clients who are also HP Tipping Point's prospects and customers. (Intel Security has an advanced threat offering [ATD] that becomes more effective the more Intel McAfee safeguards are in place. and Eudemon is the line for carriers and service providers. mostly because we see it mostly in a narrow geographic segment. this concern continues to be a security sales challenge in some markets. server and network layers. 8:30 AM Enterprise firewall buyers are often hesitant to invest in something that doesn't have a proven track record in this market. Customers whose networks are based primarily on Huawei infrastructure products can include Huawei firewalls. which is now part of Intel Security (based in Santa Clara. The top end of the Huawei firewall line has a very high throughput and is a good shortlist candidate for carriers. The McAfee NGFW has a good range of models (scaling up to 120 Gbps). ISPs and cloud and service providers than from enterprises and SMBs. Huawei Shenzhen. Huawei is assessed as a Niche Player for enterprises over the evaluation period. and because we did not see it frequently displacing Leaders or Challengers based on vision or feature. including anti-DDoS and IPSs. and support was not rated highly. its network IPS product line. email security gateways and IPSs. Intel Security obtained its network firewall in 2013 from Finland-based Stonesoft. Interviewed users reported that they would like to see better features in the Web graphical user interface (GUI) console. Users report to Gartner that Huawei appliances perform as expected under load. Huawei has taken considerable steps to address concerns about relying on technology developed in China.gartner. see "Vendor Rating: Huawei"). however. http://www. As is often the case with new products. Most deployments Gartner observes are higher-throughput deployments.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Strengths Gartner assesses Huawei as having a very good overall network security strategy and a large security research team.

The firewall product line includes 18 models.do?id=1-2DVI0YW&ct=…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 9 of 21 . and Gartner estimates that the market share is small at less than 5%. In a Gartner survey of clients. Cautions Gartner does not assess Juniper as currently having a compelling or differentiated security vision. This capability will appeal to enterprises that use multiple third-party threat intelligence feeds. Users that Gartner surveyed report hardware failures over the past 12 months. and has experienced declining year-over-year revenue in a growing market. and runs the same Junos operating system as other Juniper infrastructure components. and we see it being replaced in enterprise environments more often than we see it selected. Juniper's Junos Space Security Design is the current security management platform. In 2014. Juniper SRX is a good shortlist candidate in deployments for service providers or hosters where stateful firewall throughput is valued foremost and price is weighted highly.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Intel Security is rarely seen on Gartner client network firewall shortlists. Juniper is. Palo Alto Networks is known mostly for its innovations in application control and for improving integrated IPS in firewalls. Good options exist for high-throughput.gartner. ISG and the virtualized version of SRX (vSRX). The visibility of ePolicy Orchestrator (ePO) host information within the firewall reporting and console tools is of interest to current Intel Security ePO customers. Juniper offers a threat intelligence platform supporting third-party feeds and enabling deployment to enforcement points. Juniper released its first NGFW feature set. well behind most of the firewall vendors evaluated in this research. Intel Security currently has two different network IPS engines across the McAfee NGFW and NSP (IPS) products. Juniper has continued losing security market share in the past year. Strengths Customers whose networks are already standardized on Juniper's Junos-based infrastructure products can benefit from the Space Security Design console because it is part of the Junos Space network management platform.com/technology/reprints. shortlisted and/or selected in mobile service provider deployments and large-enterprise data center deployments. rather than displacing competitors based on its vision or features. Juniper has a strong range of branch-office firewalls complementing the enterprise products. Cautions Gartner believes that having the McAfee network security unit within a primarily host-based security company — which is itself within a large endpoint-focused chip manufacturer — remains a significant challenge. California-based Juniper Networks are in multiple model lines: SRX SSG. Juniper Networks The firewall offerings of Sunnyvale. however. Rationalizing and centrally administering these from one management console will present challenges. The Juniper SRX Security Service Gateway offers routing as a basic firewall element. Some Gartner clients have cited a need for support and platform stability improvements. Interviewed users often selected the firewalls. especially in the higher-end SRX models. Gartner believes that most enterprises want an operating system in their security products that differs from the one in infrastructure components. primarily because of price and high throughput on its largest appliances. Juniper has AppSecure for application control and visibility integrated IPS and threat intelligence feeds. with a http://www. Palo Alto Networks Palo Alto Networks is a California-based pure-play network security company that has been shipping enterprise firewalls since 2007. Intel Security was not listed by any vendor we surveyed as a significant enterprise competitive threat. the McAfee NGFW scored very high in overall client satisfaction. These branch-office firewalls include WAN and cellular backup technologies. purpose-built appliances. The company must address fundamental sales and marketing challenges and demonstrate that it can win back customers and market share with its newer capabilities. Juniper is assessed as a Niche Player for enterprises. NS. mostly because we see it selected in concert with other Juniper offerings. with throughput weighted highly in their selection. and protected customers well as attacks evolved to include firewall and deep inspection evasiveness. and Intel is not established as being a strong brand in network security. because Gartner sees Juniper mostly deployed in large data centers. Gartner considers routing in the firewall as being of interest to a limited segment of customers. or one that is well-known to non-Juniper customers. 8:30 AM The McAfee NGFW firewall line has long been a leader in high-availability technology. It focused early on anti-evasion technology. and it has very reliable clustering and active/active configuration.

Like other vendors with leading products. Palo Alto Networks is challenged to win selections in which price is weighted more than security features. or claiming a 0% performance impact when enabling the antivirus (AV) function. With the acquisition of Cyvera (rebranded as Traps). Gartner does not see Palo Alto reproducing its firewall success in its attempt to enter the endpoint market. Palo Alto Networks was consistently on most NGFW competitive shortlists seen by Gartner. and founded in 2000. The endpoint should be addressed through a third-party ecosystem or pushed stronger as an independent effort. giving them an option versus third-party advanced threat appliance solutions. or anecdotes of channel partner shortcomings. Cautions Gartner clients report Palo Alto Networks' direct sales and resellers being overly optimistic about the performance impact of turning on antivirus (that is. Palo Alto's work with VMware NSX has provided customers another option for placing Palo Alto products in virtualized data centers. it was most mentioned as the strongest competitor with which these vendors compete. Also. and conflating antivirus with IPS and/or other features. Strengths Gartner clients consistently rate the Palo Alto Networks App-ID and IPS higher than competitors' offerings for ease of use and quality. The clients we interviewed would like to see better log handling at scale. access management and network security solutions. for a firewall throughput of up to 80 Gbps. which is not credible with customers. and in the survey to vendors. saw high attach rates for new and existing customers in 2014. http://www. SSL VPN and Internet access management. Palo Alto shifted focus correctly to east-west segmentation rather than whole data center firewall virtualization. with App-ID implemented within the firewall and throughout the inspection stream. Internationalization of the Sangfor firewall product line is still an ongoing process. 8:30 AM maximum throughput of 120 Gbps for the PA-7050. The company must develop a better third-party product support ecosystem. The firewall and IPS are closely integrated. Palo Alto Networks is assessed as a Leader. Cautions Gartner does not see Sangfor firewalls being shortlisted outside of China. China. Web anti-malware). released in 2014.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 10 of 21 . as in Type C enterprises (see Note 1). Gartner considers Palo Alto's entry into the endpoint market as a high risk move that could dilute company attention into a nonadjacent market and could alienate the network security buying center. the client complaints we receive regarding Palo Alto Networks usually relate to management console issues at scale. The WildFire advanced threat appliance and cloud service are popular add-ons with new and incumbent Palo Alto Networks firewall customers. and request references for organizations in the same region. They also cite competitive price as a reason for selecting the solution. Cloud-based sandboxing and active vulnerability scanning are available on Sangfor's firewall at no additional charge. WildFire. reporting on security and high performance. Strengths Sangfor clients like the ease of installation. It also does not offer the smaller appliances that competitors position in distributed enterprise deals. The roadmap focus on VMware NSX displays strong leadership toward solving clients' future problems. as opposed to the unnecessary inspection that can occur in competing products that process traffic in serial order. including firewall. in addition to the existing GlobalProtect. Gartner believes that this approach has eroded customer trust in the Palo Alto Networks brand. Sangfor is evaluated as a Niche Player for enterprise firewall because it serves a narrowed segment of the market and operates mostly in China. and because of its consistent visibility in Gartner shortlists for advanced firewalls use cases.com/technology/reprints.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Palo Alto's cloud-based network sandbox service. Sangfor provides WAN optimization. Palo Alto Networks now offers a second endpoint product. Sangfor started shipping its enterprise firewall product line (Next-Generation Application Firewall) in 2011. Sangfor Headquartered in Shenzhen. Potential customers outside of China should first verify the availability of vendor support and product documentation for their use case. mostly because of its NGFW focus. frequently beating competition on feature quality.gartner. This "single pass" is assessed as a design advantage by Gartner clients. It now features 16 models. Sangfor does not offer a virtual appliance.

potential product synergies and simplified procurement as the main reasons for selecting the vendor.Magic Quadrant for Enterprise Network Firewalls 4/24/15.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 11 of 21 . citing ease of use. Sangfor's enterprise firewall is new compared with most of its competitors. mostly because it best serves midsize businesses and government agencies in Western and Central Europe. from 400 Mbps to 160 Gbps). Cautions Sophos' visibility on Gartner enterprise client shortlists remains low. giving a clear choice to prospects and existing clients from the former companies when considering a firewall refresh. headquartered in France. a subsidiary of EADS Group) acquired Netasq. U. which is of interest to EU governments and agencies looking for simpler procurement or a local provider. making it a good candidate to protect hybrid networks. Airbus Defence and Space — CyberSecurity (formerly Cassidian CyberSecurity. selling UTM systems and enterprise firewalls with integrated IPSs and vulnerability management. Sophos also sells secure Web gateways and secure email gateways in addition to its endpoint security and mobile security solutions. resulting from the acquisition of Indiabased Cyberoam (19 models.5 Gbps to 60 Gbps) and the NG product line. too. Customers cite IPS quality as a main reason they select Stormshield as their network firewall. endpoint and network management. another French security company with firewalls and endpoint protection platforms. Virtual versions are also available with the V series. Sophos is a good choice for upper-midmarket customers. from 1. In April 2013. The Sophos roadmap shows a good understanding of the needs of midsize and smaller enterprises clients. and how they plan to address overlaps between their two firewall product lines. and at the AWS Marketplace. The two groups have united under the Stormshield brand. increase cross-synergies across their solutions. their target market. Its enterprise firewall portfolio mainly consists of two product lines. Sophos firewalls are also available in virtual appliance format and can run on AWS. Sophos' current management and reporting offerings are oriented toward UTM use and distributed organizations. with a quickly growing number of deployments but a limited existence.. The two remote Ethernet device (RED) models allow remote VPN connections for small branches. These products are composed of nine appliances. that is primarily known for its endpoint security solution. Sophos Sophos is a security company headquartered in Oxford. however. Its ownership (Airbus) adds credibility to French government and defense customers. and is almost exclusively from existing Sophos customers.com/technology/reprints. in the limited visibility for Sophos firewalls on data center and larger enterprises' shortlists. 8:30 AM Surveyed customers showed a majority of upper-midsize/small-enterprise use cases. Stormshield is assessed as a Niche Player for enterprises. Sophos leads the market in AWS features and market penetration. Sophos' Niche Player position in this Magic Quadrant reflects its focus on upper-midmarket and smallerenterprise needs. it acquired Arkoon. Gartner believes that midmarket and large enterprise have different needs and expectations for centralized management and reporting solutions. In 2012. and fill the remaining gaps in their security portfolio. http://www.K. Stormshield has quickly executed on a plan to produce a new product line. and several features are still unproven. Stormshield Stormshield (formerly Arkoon+Netasq). which is shown. smaller enterprises and Type C enterprises. Customers must ensure their Sophos appliances can receive the firmware upgrade in order to take advantage of the new platform. has been a pure-play network security vendor for more than 15 years. and appeals to vastly distributed enterprises and organizations with a large mobile workforce. and will be delivering its unified next-generation product in mid-2015. ranging from 400 Mbps to 80 Gbps. and have introduced the Stormshield Network Security line. and is a good choice for AWSonly placements. Strengths Stormshield is a European vendor and benefits from local certifications. with a limited number of firewalls for a single customer. Strengths A growing number of Sophos endpoint customers shortlist Sophos as a potential firewall. The Sophos Cloud management offering combines mobile. the SG series (14 models. Stormshield has a wide range of virtual appliances and AWS-based instances. and get lower scores in competitive evaluations where complex policy and stringent workflow requirements are highly weighted. Sophos still maintains two firewall product lines. such as the "EU Restricted" or specific assessment from the French government.gartner.

branch office. WatchGuard's branding. mostly because it serves SMBs and distributed enterprises. email and Web security product lines. However. Users report high satisfaction with the WatchGuard management console. or of a change of focus by that vendor. WatchGuard WatchGuard is a Seattle-based network security company that has primarily seen success in selling UTM products to midsize enterprises. a requirement for some enterprise deployments. the company has solutions that better suit prospective enterprise buyers than the UTM-only approach. Strengths WatchGuard's strong price/performance points have enabled it to win price-sensitive competitions across retail. with enhanced IPv6 and better traffic management released in 2014. has proven to be a good addition to the set of features that is targeting areas where many firewalls will be deployed. WatchGuard also has products that include SSL VPN. WatchGuard lags behind the Leaders in articulating a comprehensive data center strategy. The cloud-based reporting solution WatchGuard Dimension. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. especially France. The XTM-branded firewall models fall into two categories: The XTM 2 Series and XTM 5 Series are UTM. Vendors Added and Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. remote office and Type C distributed enterprise deployments. It may be a reflection of a change in the market and. Since WatchGuard's introduction of the "NGFW Bundle" option for appliances in 2011 and the 2014 release of APT Blocker.gartner. though we have not seen much enterprise traction yet. and in including SDN in its roadmap. Enterprise models are correctly targeted at NGFWs rather than UTM functionality.Magic Quadrant for Enterprise Network Firewalls 4/24/15. such as in franchises or retail stores. while the XTM 8 Series and the XTM 1520 and above are targeted at the enterprise. WatchGuard scored low as a significant enterprise competitive threat by the vendors we surveyed. we do not often see it displacing Leaders for the edge firewall use case based on features.com/technology/reprints.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 12 of 21 . WatchGuard does not have the option for large enterprises to deploy a WatchGuard resident engineer. 8:30 AM Cautions The majority of Stormshield's penetration. The interactive heat map view (FireWatch) is useful to quickly identify network issues created by a specific user or application. Added Sangfor was added to the Magic Quadrant. WatchGuard continues to invest in enterprise use cases. As a result of these adjustments. Arkoon+Netasq was renamed Stormshield. which now appears in the Magic Quadrant. Enterprise-class channels and support will need to be expanded if WatchGuard wishes to compete in a broader segment of enterprises. Moreover. it is not present on data center shortlists. the mix of vendors in any Magic Quadrant or MarketScope may change over time. For example. Dropped No vendors were dropped. Cautions Gartner rarely sees WatchGuard in most Type A and Type B enterprise firewall selections. Stormshield lacks the ability to apply quality of service (QoS) rules based on application detection. and it has low visibility in Gartner's customer base. WatchGuard's cloud-based malware detection offering based on Lastline technology. channel support and management capabilities tend to be more oriented toward SMBs. or via an MSSP. along with APT Blocker. with its executive dashboard and traffic heat maps. Inclusion and Exclusion Criteria http://www. visibility and channel is focused on EMEA. The vendor has not been part of NGFW selections that Gartner has seen. Its XTM series of products spans performance and feature ranges demanded by large enterprises. WatchGuard is assessed as a Niche Player for enterprises. however. The burden of maintaining software support for 36 models may stress Stormshield's R&D resources and its ability to execute on its technology roadmaps. changed evaluation criteria. therefore.

company history. rule optimization and workflow). carriers and MSSPs. installed. competitive wins versus key competitors (which are compared with Gartner data on such competitions held by our clients) and devices in deployment. Sales execution/pricing: We evaluate the company's pricing. The company regularly appears on shortlists for selection and purchases. Gartner analysts consider that aspects of the company's product execution and vision merit inclusion. The company is not the original manufacturer of the firewall product. Execution considers factors related to getting products sold. event management. The number of firewalls shipped or the market share is not the key measure of execution. host-based IPSs and WAFs (see Note 2) — all of which are distinctly separate markets. we consider the use of these firewalls to protect the key business systems of enterprise clients. or it is not actively shipping products. The logistical capabilities for managing appliance delivery. Low pricing will not guarantee high execution or client interest. Rather. secondary product capabilities (logging. The company has personal firewalls. Exclusion Criteria Network firewall companies may have been excluded from this research for one or more of the following reasons: The company has minimal or negligible apparent market share among Gartner clients. maintenance and installation. Having a low rate of vulnerabilities in the firewall is important. and includes the cost of all hardware. and within a customer segment that is visible to Gartner. All vendors were required to disclose comparable market data. although those factors can affect a company's Ability to Execute. and that the company wins a large percentage in competition with other vendors. and use by enterprises. This includes the strength of the vendor's sales and distribution operations. 8:30 AM Inclusion Criteria Network firewall companies that meet the market definition and description were considered for this research under the following conditions: Gartner analysts have assessed that the company has the ability to effectively compete in the enterprise firewall market. The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 13 of 21 . and demonstrated commitment in the firewall and security markets. such as firewall revenue. This includes hardware OEMs. installed base. winning in competitive environments through innovation and quality of product and service is more important than revenue. Buyers want good results more than they want bargains. as well as carriers and ISPs that provide managed services. and think in terms of value over sheer low cost. Evaluation Criteria Ability to Execute Product or service: This includes service and customer satisfaction in enterprise firewall deployments.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Execution is not primarily about company size or market share. deal size. or those for small office/home office placements) are not targeted at the market this Magic Quadrant covers (enterprises) and are excluded. The company's products sell as network firewalls. prospects for continuing operations. host-based firewalls. resellers that repackage products that would qualify from their original manufacturers. product service and port density matter. The company demonstrates a competitive presence in enterprises and sales. Cost of ownership over a typical firewall life cycle (three to five years) is assessed. compliance. and the ability to support complex deployments and modern DMZs. Strong execution means that a company has demonstrated to Gartner analysts that products are successfully and continually deployed in enterprises. Sales are a factor. low latency. Key features are weighted heavily. We assess the breadth of OEM partners as part of the evaluation of the firewall. supported and in users' hands. scalability and ability to directly compete with the larger firewall product/function view. Growth of the customer base and revenue derived from sales are also considered. The company primarily has a network IPS with a non-enterprise-class firewall.gartner. Pricing is compared in terms of a typical enterprise-class deployment. Support is rated on the quality. range of models.com/technology/reprints. as is the pricing model for conducting a refresh while staying with the same product and replacing a http://www. Presales and postsales support is evaluated. breadth and value of offerings through the specific lens of enterprise needs. console quality. but do not have the capabilities. and also generate a steady stream of inquiries to Gartner analysts. support. however. and those being considered on competitive shortlists. Overall viability: This includes overall financial health. and we do not rate platform providers separately. Products that are suited for SMBs (such as UTM firewalls. such as foundation firewall functions. Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients.

throughput of the IPS capability and how the firewall fared under attack conditions are also important. The greatest factor in these categories is customer satisfaction throughout the sales and product life cycles. Vendors cannot merely state aggressive future goals. 8:30 AM competing product without intolerable costs or interruptions. independent third-party certifications include the Common Criteria for Information Technology Security Evaluation. rather than an "us. Credible. and to present solutions that meet customer protection needs rather than packaging up fear. Customer experience and operations: These include management experience and track record. Market responsiveness/record: This evaluates the vendor's ability to respond to changes in the threat environment. too" roadmap. vulnerabilities. they must put plans in place. including zero-day events. and to the range of models to support various deployment architectures. and providing clear explanations and recommendations for detecting events. This criterion also considers the provider's history of responsiveness to changes in demand for new features and form factors in the firewall market. Understanding and delivering on enterprise firewall realities and needs are important. and against future trends identified in Gartner research. In addition to buyer and analyst feedback. Marketing execution: Competitive visibility is a key factor.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 14 of 21 . rather than selling just fear or next-generation hype. NGFW integration and enhancement. and a product's inability to survive to the end of a typical firewall life span are assessed accordingly. including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor. adaptability of configuration and support for enterprise environments. The NGFW capabilities are expected to be integrated to achieve correlation improvement and functional improvement.com/technology/reprints. and which are considered top threats by the others.gartner. Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product or Service High Overall Viability Medium Sales Execution/Pricing Medium Market Responsiveness/Record High Marketing Execution Medium Customer Experience High Operations Medium Source: Gartner (April 2015) Completeness of Vision Market understanding and marketing strategy: This includes providing a track record of delivering on innovation that precedes customer demand. this ranking looks at which vendors consider the others to be direct competitive threats. The robustness of the enterprise channel and third-party ecosystem is important. Gartner makes this assessment subjectively by several means. and having a viable and progressive roadmap and continuing delivery of NGFW features is weighted very highly. Channel and third-party security product ecosystem strategies matter insofar as they are focused on enterprises. Sales strategy: This includes preproduct and postproduct support. as well as http://www. and they must do so in a technically direct manner. Low latency. virtualization. it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process. Unacceptable device failure rates. such as multidevice management. Building loyalty through credibility with a full-time enterprise firewall staff demonstrates the ability to assess the next generation of requirements.Magic Quadrant for Enterprise Network Firewalls 4/24/15. show that they are following their plans. as well as the depth of staff experience — specifically in the security marketplace. virtualization and performance. one-off patches) is highly considered. Integration with other security components is also weighted. and modify those plans as they forecast how market directions will change. An NGFW capability is heavily weighted. Vendors need to address the network security buying center correctly. poor performance. or by offering innovative pricing or support offerings. Table 1. as are enterprise-class capabilities. We also evaluate the vendor's overall understanding of and commitment to the security and network security markets. current features. Succeeding in complex networks with little intervention (for example. uncertainty and doubt. value for pricing. such as by driving the market on innovative features co-packaged within the firewall. Offering (product) strategy: This criterion focuses on a vendor's product roadmap. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment. and how enterprises deploy network security.

Innovation: This includes R&D and quality differentiators. Completeness of Vision Evaluation Criteria Evaluation Criteria Weighting Market Understanding High Marketing Strategy Medium Sales Strategy Medium Offering (Product) Strategy High Business Model Medium Vertical/Industry Strategy Medium Innovation High Geographic Strategy Low Source: Gartner (April 2015) Quadrant Descriptions Leaders The Leaders quadrant contains vendors that build products that fulfill enterprise requirements. MSSPs. A solid NGFW capability is an important element as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. "Giving back time" to firewall administrators by innovating to make complex tasks easier. or operations that are difficult to configure or have limited reporting. to win deals. 8:30 AM product integration with other IT systems. Business model: This includes the process and success rate for developing new features and innovation. Many Challengers are slow to work toward a strong NGFW capability — or they have other security products that are successful in the enterprise and are counting on the relationship. Firewall virtualization and securing virtualized environments. We also evaluate how the vendor understands and serves the enterprise branch office and data center. Innovation.gartner. new firewall mechanisms. Challengers The Challengers quadrant contains vendors that have achieved a sound customer base. Many Challengers hold themselves back from becoming Leaders because they are obligated to place security or firewall products at a lower priority in their overall product sets. Solving customer problems is a key element of this criterion.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 15 of 21 . the better the vision. An articulated. and achieving high IPS throughput and low appliance latency.Magic Quadrant for Enterprise Network Firewalls 4/24/15. it also includes R&D spending. Vendors in this quadrant lead the market in offering new safeguarding features. Visionaries http://www. offering interproduct support and leading competitors on features are foremost. viable strategy for addressing the challenges in SDN deployments is important. are scored accordingly. Integration with other security products. and having a good track record of avoiding vulnerabilities in their security products. such as multitier administration and rule/policy minimization. Management interface and clarity of reporting — that is. support for virtualization and virtual LANs. these vendors can offer economical security product bundles that others cannot. but they are not consistently leading with differentiated next-generation capabilities. carriers or governments. such as introducing practical new forms of intelligence to which the firewall can apply policy.com/technology/reprints. Challengers' products are often well-priced. such as: Performance. Reducing the rule base. These requirements include a wide range of models. and a management and reporting capability that is designed for complex and high-volume environments. is highly rated. and. rather than the product. the more a product mirrors the workflow of the enterprise operation scenario. Firewall market Challengers will often have significant market share. such as complex enterprise multinational deployments. which includes low latency. Vertical/industry strategy and geographic strategy: These include the ability and commitment to service geographies and vertical markets. providing expert capability rather than treating the firewall as a commodity. but trail smaller market share Leaders in the release of features. rather than adding more alerts and complexity. Table 2. Products that are not intuitive in deployment. Common characteristics include handling the highest throughput with minimal performance loss and offering options for hardware acceleration. because of their strength in execution.

while vendors that have strong NGFW offerings are focused on manageability and usability. Identity-based policy enforcement. ease and speed of the deployment. High-security environments upgrade to NGFWs for the firewall. application identification and granular control. although other models from Leaders and Challengers may be more suitable. but they lack the sales base. However.gartner. using minimal signature sets) migrate to NGFWs using the built-in IPS capabilities. to protect their installed base. but continue using stand-alone IPSs. Enterprises with firewalls and stand-alone IPSs that are employed primarily in detection mode (that is. as demonstrated through third-party testing under realistic threat and network load conditions. Some enterprises that have the firewall needs of an SMB (for example. and stateful firewall for network segmentation at low cost. responding to changes in threats as well as changes in enterprise network speed and complexity. Because it is highly penetrated. and fine-grained policy enforcement in approximately the top 40 business applications. migrate to NGFWs for the firewall with application control and user context. or branch-office-only product makers that are attempting to break into the enterprise market. or the ability to enforce policy on thousands of applications. but lack in performance capability and support network. but it is restricted to two use cases: distributed Type C enterprises (mostly in the retail industry). Western Europe and mature Asia/Pacific). Context The enterprise firewall market is one of the largest and most mature security markets. If firewalling is a competitive element for an enterprise. Savings and high-touch support can be achieved for organizations that are willing to update products more frequently and switch vendors if required. 8:30 AM Visionaries have the right designs and features for the enterprise. Most Visionaries' products have good NGFW capabilities. incumbents must add improved capabilities and increase performance. strategy or financial means to compete consistently with Leaders and Challengers. We have seen some common patterns in the firewall market as enterprises with three. IT organization support capabilities. Niche Players Most vendors in the Niche Players quadrant are smaller vendors of enterprise firewalls. makers of multifunction firewalls for SMBs. virtualization and use of the cloud.com/technology/reprints. and upgrade IPSs to NGIPSs (see "Defining Next-Generation Network Intrusion Prevention"). and integration with the established security and network infrastructure. However. in the past few years. firewalls need to continually evolve to maintain effectiveness. They now try to sell UTM to enterprise clients that score price competitiveness higher than security. have increased demand for new firewall features and capabilities. Gartner expects the next wave of innovation in this market to focus on better identification of malicious protocols at multigigabit-per-second rates. Next-Generation Firewalls One key area of firewall evolution that has been supported is what Gartner (in 2009) called "NGFW features" — namely. Gartner sees some limited success for Type C enterprises. then Niche Players can be shortlisted. has been highly touted but used infrequently. the UTM approach fails to convince Type A and Type B enterprises that require NGFW capabilities and do not consolidate Web http://www.Magic Quadrant for Enterprise Network Firewalls 4/24/15. or face either replacement by innovative market entrants or commoditization by low-cost providers. If local geographic support is a critical factor. Vendors that do not have strong NGFW capabilities are supplementing them in a defensive move. with large signature sets and some custom signatures. The firewall market is highly penetrated in the larger markets (North America. Organizations' final product selection decisions must be driven by their specific requirements. Many Niche Players are making larger SMB products with the mistaken hope that this will satisfy enterprises. Firewall policy management (FPM) products are increasingly being used to manage complexity (see Note 3). UTM Can't Compete With NGFWs in Enterprises Historically.to five-year-old firewalls and IPSs evaluate replacement: Enterprises not currently using any IPSs migrate to NGFWs with minimal use of advanced features.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 16 of 21 . as well as increased enterprise demand for mobility. which means that. Market Overview As the first line of defense between external threats and enterprise networks. the large UTM vendors have tried to expand beyond their traditional use case. integrated deep packet inspection intrusion detection. It is populated with mature vendors and some more recent entrants. some Type C "risk-averse" enterprises) may consider products from Niche Players. Organizations are looking to extend their on-premises firewall vendor into infrastructure as a service (IaaS) cloud providers. acquisition costs. Changes in threats. especially in the relative importance of management capabilities. Enterprises with firewalls and stand-alone IPSs that are used for active prevention. then Visionaries are good shortlist candidates. The key differentiators in these areas are IPS effectiveness. the firewall market is driven by refresh cycles. UTM vendors targeted SMB clients.

Most enterprise buyers are also wary of shortlisting a UTM vendor because of its primary focus on SMBs and limited brand awareness. as in other markets. whereas 53% selected "throughput/speed" as a top three reason. Among the 95 reference customers surveyed for this Magic Quadrant. These firewall-attached sandboxes are delivered mostly as cloud-based sandboxes priced as subscription-based services. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. but Remains Dynamic Acquisitions in the firewall space slowed down in 2014 from 2013's breakneck pace. but growth remained robust. No dynamic shift toward virtual appliances will occur until a fundamental change to the current network security virtualization market is made and demand drives vendor innovation. firewall vendors have introduced solutions over the past three years. and incremental market growth is significant. This refresh dynamic results in the market being linear. rather than having macrorefresh cycles or "bumps" of refreshes. During the evaluation period. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall. UTM vendors also face difficulties in building a strong sales and support channel for enterprises (similarly. or have it on their short-term roadmaps. 0% listed "virtual version available" as a top three reason they selected their current vendor. others are delivered through third-party partnerships.Magic Quadrant for Enterprise Network Firewalls 4/24/15. As advanced threat defense/detection further penetrates the mainstream market. has created some buzz for virtualizing data centers and networks and eastwest segmentation. the number of virtual versions of firewalls sold remained flat at less than 2%. Gartner estimates the firewall market will grow approximately 10% to reach $10.com/technology/reprints. demand for virtual appliance support has grown. Firewall refreshes remain constant at a five-year average. The Firewall Market Slows Down on Acquisitions. Have Some Advanced Threat Detection With That Firewall Advanced threat detection using a network sandbox. pioneered by FireEye. Early VMware work with Palo Alto Networks. Almost all operating systems within firewall appliances are uniquely hardened.5 billion. but few customers have adopted these. Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. though adoption is growing quickly. 8:30 AM antivirus on the Internet-facing firewall (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets"). We also forecast that this market will reach a compound annual growth rate of 10% through 2017. and will be elevated by the addition of firewall add-ons such as IPSs and advanced threat defenses.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 17 of 21 . Confusing Use of "Application" and "Firewall" in Three Distinct Products Overlapping terminology and unclear marketing can lead to confusion among the three distinct issues of application control. Thus far. but has not seen significant adoption.5% to $9. Performance and the ability to manage firewall policy through a single integrated management console for stand-alone appliances or virtual appliances are key differentiators. "IPS" (32%). As the desire to defend against the advanced threat more fully permeates the mainstream market. has become a rapidly growing market.gartner. Virtualized Firewalls: Hype Outruns Demand As data center virtualization has continued. Some of these are built by the firewall vendors. we've seen firewall-connected sandboxes appeal mostly to budget-constrained Type B enterprises that would rather maintain single-console control over their firewall than deploy a separate platform. this is the largest security product market (fast approaching $10 billion). managing heterogeneous virtualized firewalls from existing physical firewall vendors. "management console/reporting" (32%). The firewall http://www. "application control" (29%). For 2015. Gartner covers virtual-only firewall vendors such as vArmour and Illumio. incumbent firewalls are rarely refreshed before they reach maturity. WAFs and firewalls on application delivery controllers (ADCs). Most of the firewall vendors evaluated here either deliver a network sandbox today. As other virtualization platforms such as Xen and Hyper-V gain traction. virtualization platform vendors and virtualonly firewalls will present a challenge. so even if great new products emerge. and now Check Point and Fortinet. Gartner market data indicates that. and "high availability/clustering" (27%). in 2014. Gartner believes that the firewall market is "at capacity": Although the growth rate is just around 10%. the firewall market grew 9. we expect that customers will increasingly turn to their firewall vendors for their network sandboxing needs (see "Market Guide for Network Sandboxing"). subject to stringent third-party security evaluations. and approximately 30% of respondents selected "price" (34%).5 billion in 2015. enterprise firewall vendors would underestimate the work of building an SMB channel).

surveillance revelations starting in 2013 are yet to be fully seen in Asia/Pacific. however. While some ADC vendors (such as F5) are now offering network firewalling within their ADCs as well. Viber and PPS Entertainment. such as in cases where the data center is a separate business with its own firewall operations staff. Asia/Pacific's diversity means that vendors must support these nuances and the cost of delivery burdens within a large region composed of many large and small countries. WeChat. virtualized. With the steady transition to application and identity-based network security delivered by NGFWs. meaning the owners of firewalls and IPSs face the difficult decision of whether to engage SSL inspection. As Gartner advises clients. Its diverse cultures and differences in market maturity create specific expectations and requirements when Asia/Pacific enterprises evaluate firewall vendors. or 11%. each with its own legislative. serve a specialized niche of placements. with Asia/Pacific accounting for $1. vendors also need to support social networking and browser applications that are heavily used in Asia/Pacific. There are two usage profiles in Asia/Pacific concerning firewall acquisition and deployed features: Technologically more advanced Asia/Pacific countries (such as Japan. Indonesia and others) are still moving through earlier phases of next-generation firewall (NGFW) feature adoption. it is likely to change the market share of vendors as non-U.com/technology/reprints. providers. This will favor Asia/Pacific-native security providers that will benefit from a "built here" sentiment that is strong in some but not all parts of Asia/Pacific (see "The Snowden Effect: Data Location Matters"). most enterprises have a single brand of network firewall for all placements. This is different in makeup compared with the North American and European markets that predominantly operate under similar sets of legislative requirements and a limited number of currencies. This region has a different competitive landscape to other geographies due to its size and geopolitical alignments. Examples include Tencent (QQ. although not prevalent in the in a product's home country of development. QQ Browser) Weibo. Market Differentiators Firewall technology continues to be a fundamental element of network security strategy for Asia/Pacific organizations.12 billion. Line.745 billion by 2017. Matthew Cheung The Asia/Pacific region will represent just over 11% of the total enterprise network firewall market in 2015. The effects on network security vendors' sales and market share in light of the U. which involves a termination and re-encryption of these sessions (see "Security Leaders Must Address Threats From Rising SSL Traffic" and "Web Application Firewalls Are Worth the Investment for Enterprises").gartner. embracing more recent trends such as cloudbased sandboxing. at least for sales and presales support. This overall market is expected to grow to $9. In Asia/Pacific.S. Most traffic to enterprise Web servers remains encrypted until it reaches the ADC.S. Pure-play WAF companies (such as Imperva) or data center infrastructure vendors that provide WAF technology within their ADCs are concerned with protecting custom internal Web applications. meanwhile. data center and branch (see "One Brand of Firewall Is a Best Practice for Most Enterprises"). emerging Asia/Pacific countries (China. The Asia/Pacific region's diversity in terms of geography. customers move away slightly from U.S. Deep http://www. They can. including Internet-facing. Dell SonicWALL. WAFs are different: They are placed primarily in front of Web servers in the data centers.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 18 of 21 . The Asia/Pacific market is forecast to make up $926 million of the total $8. Gartner does not see NGFW and WAF technologies converging because they are for different tasks at different placements.Magic Quadrant for Enterprise Network Firewalls 4/24/15. KakaoTalk. such as Facebook and peer-to-peer (P2P) file sharing. culture and currency requirements.S. Fortinet and Palo Alto Networks) are mostly about controlling access to external applications. culture. Singapore and Australia) have a similar feature adoption rate to the U. These data center firewalls will be challenged to gain any noteworthy share until they can provide competitive firewalling for all enterprise placements. 8:30 AM application control approaches used by most NGFW vendors (such as Check Point. documentation (with reporting at a minimum) and for technical support. industry and economic models means there are varying levels of IT organization maturity and procurement policies. a number of vendors deal with this complexity by leveraging a tiered value-added distributor/value-added reseller (VAR) model. and Europe. Asia/Pacific organizations expect support for local languages in both the product management interface. While Gartner does not expect this to change the size of the firewall market. Considerations for Technology and Service Selection Clients in Asia/Pacific show a preference for providers that have a local presence. Adam Hils. Asia-Pacific Context 22 April 2015 Analyst(s): Craig Lawson.346 billion spent on enterprise firewalls (11% of the global market) in 2015.

email and identity products. Check Point should be considered by security-conscious organizations within the Asia/Pacific region for its breadth of security content. which is an important buying factor in Asia/Pacific. in addition to feature-driven competitive displacement. 8:30 AM understanding of this application ecosystem and subsequent ability to filter is a product differentiator in the Asia/Pacific market. South Korea and Japan. but explore the market further to gauge the ability of each vendor to address your unique business problems and technical concerns. advanced management and robust support are all valued by customers. marketleading features. This enables Cisco to continue to compete for price-sensitive APAC buyers while allowing for upgrades for clients that also require advanced security features.Magic Quadrant for Enterprise Network Firewalls 4/24/15. lately Cisco's sales in China have taken a downturn based on recent public financial announcements.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 19 of 21 . pricing. Use this perspective as a resource for evaluations. The vendor has strong brand recognition. which we attribute to geopolitical machinations stemming from the 2013 National Security Agency (NSA) disclosures. It is pricecompetitive. Dell SonicWALL's range of appliances have localized language support to target organizations in China. SonicWALL could benefit from Dell's recent commitment of resources to the region. Fortinet is the second-largest network security vendor. particularly China. Inside mature Asia/Pacific (such as Japan. but to date has not developed an effective Asia/Pacific sales channel.gartner. Cisco Cisco has a significant share of the security market in the region and has leveraged its networking heritage very successfully over a long period of time in sales of its firewall platform. With NGFW adoption rates in emerging Asia/Pacific lagging those in mature Asia/Pacific and other regions. Gartner is also seeing high levels of interest in mature counties in the region for integrated advanced threat detection capabilities leading to increased attach rate in NGFW sales. Australia. putting it ahead of a number of extraregional competitors in the region. Additionally. Check Point has also added advanced threat capabilities via sandboxing to the platform. regional channel support and range of appliances. however. Cisco should be considered for midsize and large enterprises that value a single vendor for networking and security solutions. It continues to be a formidable vendor in this market due primarily to its large channel and cross-selling opportunity for Asia/Pacific partners and clients. there is a large potential to move existing and new clients onto its NGFW platform. with regional vendors. and will help it appeal to organizations that demand a local-language experience. Selections are based on analyst opinion and references that validate IT provider claims. Fortinet has also invested in Asia/Pacific with http://www. However. New Zealand and Hong Kong). and as a competitive option for price-conscious midmarket buyers and distributed enterprise use cases due to its large range of appliances. Dell SonicWALL Dell SonicWALL lags behind many enterprise firewalls in regional market presence.com/technology/reprints. Consider this research as part of your due diligence and in conjunction with discussions with Gartner analysts and other resources. however. Fortinet Asia/Pacific and Japan especially represent a healthy percentage of Fortinet's worldwide revenue share. which values security features and managing complexity as well as competitive. Check Point Software Technologies Check Point has a significant existing client base in Asia/Pacific and has consistently outsold all competitors in the region's firewall market. this is not an exhaustive list or analysis of vendors in this market. In the emerging Asia/Pacific countries with more mature economies. Vendors that offer this "feature" to advanced Asia/Pacific customers as part of their overall architecture will be more successful than point product vendors (see Predicts 2015: Infrastructure Protection). a large channel and extensive country-level coverage in Asia/Pacific. Singapore. but not the lowest. Asia/Pacific wide-field coverage and channel support. large-scale throughput is also an important factor in the telco/ISP vertical in the Asia/Pacific's heavily populated countries. SonicWALL should be considered for Asia/Pacific clients that are already running Dell infrastructure. In many Asia/Pacific markets. as is competitive pricing. Cisco's intrusion prevention and advanced threat detection capabilities via the Sourcefire acquisition are included within the ASA with FirePOWER products and complemented by the broader portfolio of Web. price is a strong driver. and the market is continuing to show that products delivering a majority of "good enough" features at a palatable price will continue to hold and in some cases take share from more prominent brands. Notable Vendors Vendors included in this Magic Quadrant Perspective have customers that are successfully using their products and services. NGFW features such as security efficacy.

has given it market appeal in the region. with an ambition to expand further globally by increasing its presence in the U. Hillstone's customer base is mostly in China. and other regions. Check Point. high-throughput firewall application-specific integrated circuit (ASIC)based technologies. Hillstone has a broad portfolio of network security products. Although Hillstone focused originally on delivering common firewall features and functions. 8:30 AM R&D in Beijing. Palo Alto Networks Palo Alto Networks is seen as an innovator in firewalls due to its early-to-market next-generation firewall features. As a consequence. and its high performance and stability are cited by customers. where cost. Huawei security solutions should be considered by clients valuing the same network and security vendor. but customer adoption of Palo Alto Networks' technology is not as strong on a relative basis when compared with North America and Europe. Although Huawei security is part of its networking and security division. Since 2014.S. prospects within China. Advanced features continue to make it a worthy shortlist candidate for "lean-forward" Asia/Pacific organizations with the skills and budget necessary to leverage Palo Alto Networks' "next-generation" features and security content.Magic Quadrant for Enterprise Network Firewalls 4/24/15. The company has invested in Asia/Pacific and has established a viable presence. As Juniper increasingly shifts its security emphasis to higher-end cloud providers and telecommunications areas. competitive pricing and relationship with telecom operators. This fosters its local presence as well as its product localization efforts. Juniper Networks has a proven networking channel in the region. the strength in Asia/Pacific of entrenched global players (Cisco. and additionally where price is a primary buying consideration. Huawei Huawei is one of the few Chinese network security companies that has expanded its foothold outside the region. Fortinet should be considered by all midmarket and large clients due to its range of products and support of the Asia/Pacific region. range of appliances and performance are key requirements for use cases that converge multiple technologies on a single appliance. Hillstone looks to compete with global players with these features. it has many wins among customers in Asia/Pacific with more mature IT adoption profiles. a threat research center in Singapore and a support center in Malaysia. More than half of Huawei's firewall revenue comes from outside of China. Lean-forward organizations within the Asia/Pacific region with a security-over-cost preference should consider Palo Alto Networks for their shortlists. Fortinet) and the relative size of Palo Alto Networks' Asia/Pacific staffing and channel.gartner. Huawei's key differentiators are its integration with its networking business. Hillstone has set up operations and distributors/resellers networks in most regions globally now.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 20 of 21 . Juniper Networks Juniper Networks does a greater percentage of its firewall business in Asia/Pacific than most global vendors. but a majority of revenue comes from firewall. targeting both carriers and enterprises. including Southeast Asia. Sophos http://www. Hillstone is also perceived as a price-competitive local provider. in combination with a competitive security feature set and advanced threat capabilities. but the rest of Asia/Pacific is relatively a small market in Huawei's overall revenue split.S. Hillstone Networks Hillstone Networks is a firewall vendor headquartered both in China and the U. continuing its longtime legacy of serving regional customers' firewall needs. These features differentiate Hillstone from most of the commodity firewall vendors from China.com/technology/reprints. and it has leveraged to sell its SRX product line. This is due to considerable competition from regionally strong players (Huawei. Huawei security has its own security sales team and dedicated channel partners. Fortinet's focus on lower-cost. Huawei's security products are sold widely to both enterprises and telecom operators. it has marketed its iNGFW capabilities ("i" for intelligent) and a software-defined network (SDN) strategy in its product portfolio. which is due to cost and performance. Hillstone). Juniper Networks also sees success with managed security service provider (MSSP) partners that often sell its firewalls (physical or virtual) as the default option. Asia/Pacific enterprises should ask for roadmap commitment to continued enterprise-class product development and support. Gartner expects its integrated advanced threat prevention architecture to be a strong feature differentiator in the Asia/Pacific NGFW market.

with its February 2014 acquisition of India-based Cyberoam. © 2015 Gartner. especially South Asia. completeness or adequacy of such information and shall have no liability for errors. The information contained in this publication has been obtained from sources believed to be reliable. Singapore and other parts of Southeast Asia. where it already has a domestically successful network intrusion prevention system (IPS) offering. Its NGFW includes the same IPS engine.com/technology/reprints. Sophos. Gartner’s Board of Directors may include senior managers of these firms or funds. WatchGuard has also partnered to deliver payload advanced persistent threat (APT) detection functionality. The opinions expressed herein are subject to change without notice.com. see “Guiding Principles on Independence and Objectivity. offering a good range and features of NGFW and unified threat management (UTM) appliances at competitive pricing. midmarket Asia/Pacific clients. If you are authorized to access this publication. Although Gartner research may include a discussion of related legal issues. WatchGuard has grown its presence in the region with additional staff. Gartner has seen its products mostly in Wins' core nations.” About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner http://www. Over the past several years. Sophos is in the process of integrating differentiated features of the legacy Sophos and Cyberoam product lines. WatchGuard WatchGuard's regional presence in terms of the number of its Asia/Pacific customer mix is about on par with its extraregional competitors. funds or their managers. Inc. Although Wins is expanding into Indonesia. Cyberoam has added features to appeal to industrial enterprise use cases.do?id=1-2DVI0YW&ct…qaid=1245&elqat=2&elqTrackId=3fde15b81c9b40618641ac7bb3b9641f Page 21 of 21 . your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner. Gartner does not provide legal advice or services and its research should not be construed or used as such. Korean and Japanese customers should consider this vendor for inclusion on firewall shortlists. but the Cyberoam appliances remain available.Magic Quadrant for Enterprise Network Firewalls 4/24/15. Gartner research is produced independently by its research organization without input or influence from these firms. Inc. omissions or inadequacies in such information. Gartner is a registered trademark of Gartner. Malaysia. This suits smaller. Gartner disclaims all warranties as to the accuracy. or its affiliates. All rights reserved. Cyberoam's product line has excelled at user identity control and has embedded reporting its customers like. For further information on the independence and integrity of Gartner research. which is increasingly becoming a table stakes component of perimeter architectures in Asia/Pacific. 8:30 AM Not traditionally a large player in the Asia/Pacific enterprise. South Asian organizations looking for a low-cost regional option with advanced identity-based controls should evaluate Sophos as a shortlist candidate. WatchGuard should be considered by midmarket and geographically dispersed Asia/Pacific businesses that require a mix of security features at a competitive price. The company competes primarily in South Korea and Japan. Wins should be considered by clients in Wins' primary area of operation in Southeast Asia that require good local language and vendor support. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner is a public company. and/or its affiliates. Wins Wins is headquartered in South Korea.gartner. has bolstered its presence in the region. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. Clients should assess the outcomes of the product lines merging to ensure this process still aligns with tactical and strategic product choices. In addition. It has a similar go-to-market approach with its technology as vendors like Fortinet. and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research.