You are on page 1of 70

Gartner Reprint 15/12/17 14(05

(https://www.gartner.com/home) LICENSED FOR DISTRIBUTION

Magic Quadrant for
Enterprise Network
Firewalls
Published: 10 July 2017 ID: G00310171
Analyst(s): Adam Hils, Jeremy D'Hoinne, Rajpreet Kaur (https://www.gartner.com/technology
a-client.jsp?cm_sp=bac-_-reprint-_-ban
Summary
"Next generation" capabilities have been achieved by
all products in the enterprise network firewall market,
and vendors differentiate on feature strengths.
Security and risk management leaders must consider
the trade-offs between best-of-breed enterprise
network firewall functions and cost.

Strategic Planning Assumptions
Virtualized versions of enterprise network firewalls will
reach 10% of market revenue by year-end 2020, up
from less than 5% today.

By year-end 2020, 25% of new firewalls sold will
include integration with a cloud-based cloud access
security broker (CASB), primarily connected through
APIs.

By 2020, 50% of new enterprise firewalls deployed will
be used for outbound TLS inspection, up from less
than 10% today.

Market Definition/Description

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 1 de 70

Gartner Reprint 15/12/17 14(05

This document was revised on 12 July 2017. The
document you are viewing is the corrected version. For
more information, see the Corrections page on
gartner.com.

The enterprise network firewall market represented by
this Magic Quadrant is still composed primarily of
purpose-built appliances for securing enterprise
corporate networks. Products must be able to support
single-enterprise firewall deployments and large
and/or complex deployments, including branch offices,
multitiered demilitarized zones (DMZs), traditional "big
firewall" data center placements and, increasingly, the
option to include virtual versions for the data center.
Customers should also have the option to deploy
versions within Amazon Web Services (AWS) and
Microsoft Azure public cloud environments, and they
should see the ability to support Google Cloud on the
vendor roadmap within the next 12 months. These
products are accompanied by highly scalable (and
granular) management and reporting consoles, and
there is a range of offerings to support the network
edge, the data center, branch offices, and deployments
within virtualized servers and the public cloud. All
vendors in this market should support fine-grained
application and user control. In effect, all vendors in
the enterprise firewall market have what Gartner has
called "next-generation firewalls (NGFWs)"; in essence,
there is no longer a "next generation" in the firewall
market.

The vendors that serve this market are identifiably
focused on enterprises, as demonstrated by the
proportion of their sales in the enterprise; and as
delivered with their support, sales teams and channels.
These vendors provide features dedicated to solve
enterprise requirements and serve enterprise use
cases.

What Has Changed
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 2 de 70

Gartner Reprint 15/12/17 14(05

All enterprise firewall vendors offer NGFW features to
better enforce policy (application and user control) or
detect new threats (intrusion prevention systems
[IPSs], sandboxing and threat intelligence feeds).
Enterprise firewall is now synonymous with NGFW.
Enterprise firewalls continue to gradually replace
stand-alone network IPS appliances at the enterprise
edge. Although this is happening now, some
enterprises will continue to choose to have best-of-
breed next-generation IPSs (NGIPSs). Many
enterprises are looking to firewall vendors to provide
cloud-based malware-detection instances to aid them
in their advanced threat detection efforts, as a cost-
effective alternative to stand-alone sandboxing
solutions (see "Network Sandboxing for Malware
Detection" ).
However, enterprise firewalls will not subsume all
network security functions. All-in-one or unified threat
management (UTM) approaches are suitable for small
or midsize businesses (SMBs), but not for the
remainder of the enterprise market (see "Next-
Generation Firewalls and Unified Threat Management
Are Distinct Products and Markets" ).

The needs for enterprise branch-office firewalls have
become specialized, and they have diverged from UTM
products. As part of increasing the effectiveness and
efficiency of firewalls, branch-office firewalls need to
truly integrate a more granular blocking capability as
part of the base product, go beyond port/protocol
identification and move toward an integrated service
view of traffic, rather than merely performing "sheet
metal integration" of point products. In short, they need
to offer the same levels of security efficacy as the
primary gateway does. Having a subpar configuration
and protection capability for branches is not
acceptable today.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 3 de 70

Leading-edge customers are planning. Some don't offer the same level of inspection that on-premises firewalls do. such as downloading of malicious binaries and botnet command and control. firewalls are becoming important vehicles for TLS termination. The primary use case is to inspect outbound traffic for threats. Today. customers that enable this capability are still frustrated by the substantial performance burden that in-firewall TLS decryption imposes. Key to these roadmaps will be more automated firewall policy orchestration that will enable organizations to realize the agility and business benefits that SDN promises. Magic Quadrant Figure 1. However. vendor offerings to AWS and Microsoft Azure are uneven.Gartner Reprint 15/12/17 14(05 In addition. As more organizations are moving strategic workloads to the public cloud. principles of software-defined networking (SDN) and east-west microsegmentation. These customers seek vendors with some SDN support and forward-looking SDN roadmaps. an increasing number of them wish to protect those workloads with their incumbent enterprise firewall vendor. and sometimes implementing. Magic Quadrant for Enterprise Network Firewalls file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. TLS capabilities also allow them to act as a lightweight data loss prevention (DLP) tool as they decrypt and inspect outbound traffic to ensure that sensitive data is not wrongly sent out. and they all lack sufficient policy automation. Enterprise firewall vendors must improve in these areas to remain relevant in the hybrid cloud era.webarchive Página 4 de 70 .

advanced threat defense. but does not have other third-party evaluations (such as ICSA Labs. The AhnLab product portfolio includes firewalls. especially in the government and financial verticals. four of which were introduced in 2016. AhnLab enjoys sizable in-country market share.webarchive Página 5 de 70 . The firewall is Common Criteria-certified EAL4 and TTA IPv6-verified. threat intelligence and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It has sold firewalls since 2007 under the TrusGuard product line.Gartner Reprint 15/12/17 14(05 Source: Gartner (July 2017) Vendor Strengths and Cautions AhnLab Headquartered in South Korea. It offers 12 UTM and firewall models for SMBs and enterprises. NSS Labs or FIPS PUB 140-2). which is a South Korean certification. distributed denial of service (DDoS) attack mitigation. but has only a limited presence in other East Asian nations.

Capabilities: AhnLab includes URL filtering and file reputation checks for free with its TrusGuard firewalls. Its firewalls lack some important features (SDN support. AhnLab is one of a few East Asian vendors with a local certification. AhnLab has a limited regional presence. which number well over a billion.Gartner Reprint 15/12/17 14(05 endpoint security solutions. Microsoft Azure or local file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It also offers managed security services and forensic and incident response services. CAUTIONS Product Offering: AhnLab still does not offer a virtual firewall. AhnLab is not at parity with global or most regional competitors in advanced features. STRENGTHS Sales Execution: AhnLab is an established endpoint and network security player in South Korea. This is powered by the vendor's proprietary cloud-maintained malicious URL database and reputation files. which is significant in South Korea. multiple virtual firewall model support and public cloud deployment support) that are provided in most other vendors' firewalls and are significant for enterprise customers. Product Offering: AhnLab's network security solutions provide existing endpoint security customers with a single vendor option to maintain the existing vendor relationship and to reduce multivendor management challenges. AhnLab is a good shortlist candidate for South Korean enterprises. Outside of South Korea. and therefore has no offering for SDN frameworks or for infrastructure as a service (IaaS) platforms such as AWS.webarchive Página 6 de 70 . with a significant local sales and support presence. especially those using or considering its endpoint solutions.

Barracuda Networks Barracuda Networks is headquartered in Campbell. Virtual firewalls and public cloud/SDN support are offered by almost all competitors.webarchive Página 7 de 70 . During the evaluation period for this Magic Quadrant. Product Strategy: The Malware Defense System (MDS) is offered only as an appliance. It has a legacy of selling products to the SMB market with an easy-to-use interface and affordable pricing. backup and load balancing controls. The lack of a cloud version makes deploying and supporting MDS more difficult and expensive for customers than it is with leading competitors. It has a broad product portfolio including security. In addition. Geographic Strategy: TrusGuard firewalls are not present on Gartner client shortlists outside South Korea. Gartner sees Barracuda Networks mostly in public clouds and distributed office use cases. iOS and Android. it released the CudaLaunch App for macOS. The vendor has a limited global presence concentrated in Western and Central Europe and North America. the vendor released separate hardware appliance models SC1/F15/F82/F18 3/F800 Revision C Series/F900 Revision B Series and multiple virtual appliance models. In 2016. data archiving. including most regional ones. the vendor also released Zero Touch Deployment service for the F- Series firewalls to eliminate deployment complexity.Gartner Reprint 15/12/17 14(05 public clouds. It lacks a file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. providing HTTPS- based access to the network and zero configuration rollout of transparent VPN to end users. Windows. California. AhnLab was not listed by any vendor we surveyed as a significant enterprise competitive threat.

Offering: Barracuda has a strong presence in the public cloud. It is also a good candidate for distributed enterprises that want site-to-site VPN connectivity through multiple tunnels. it has extended its managed VPN feature to iOS and Android mobile devices. Barracuda also offers a VPN client for Windows. With the release of the CudaLaunch app in 2016. STRENGTHS Technical Support: Barracuda technical support is always rated high and mentioned as a key strength by end users and VARs. it extended this support to Google Cloud Platform. As a result. Features: Barracuda offers strong VPN connectivity with enhanced monitoring and deployment features. Enterprises should check local value-added reseller (VAR) availability and direct services in the region before adopting it. such as IBM ISS for its URL filtering database and Trend Micro for IPS signatures.Gartner Reprint 15/12/17 14(05 strong global channel presence and innovation for large enterprises outside the distributed enterprise use case. which provides centrally managed network access along with a host-based firewall. with support for all the major public cloud platforms such as Microsoft Azure. Barracuda should be considered by enterprises that have a cloud infrastructure and want to secure it. Gartner has observed that its main presence is in distributed enterprise use cases with multiple site-to-site VPN tunnels. it also acquired the Sookasa file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. In 2016.webarchive Página 8 de 70 . Surveyed end users cite the ease of contacting Barracuda technical support to get their issues resolved in a friendly and thorough manner. AWS and VMware vCloud Air. Technology Partner Ecosystem: Barracuda has multiple OEM partnerships. In 2016.

along with firewalls.webarchive Página 9 de 70 . AWS. it still lacks a centralized management platform to monitor and operate all the products from a single console. and virtualization platform providers including Microsoft Hyper-V. KVM. This does not give file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. VMware NSX. Web Security Gateway and Email Security Gateway. they are not aware of the vendor's product vision. It is less visible in large data centers and large enterprise use cases. Technical Architecture: Despite Barracuda selling multiple products such as Web Application Firewall. VMware vCloud Air and Google Cloud Platform. Product Execution: Barracuda offers quality of service (QoS) policy selection at the rule level.Gartner Reprint 15/12/17 14(05 CASB solution. This creates problems with the VARs that have sold those EOL products to end users. CAUTIONS Sales Execution: Gartner has observed Barracuda's NextGen Firewalls typically being adopted for public cloud and distributed branch-office enterprise use cases. These partnerships have enabled Barracuda to offer better features and services to its clients. Citrix XenServer and Open Xen. Barracuda also has partnerships with major public cloud platforms including Microsoft Azure. such as to prioritize Office 365 and Salesforce. Marketing Execution: Surveyed customers have cited that the vendor does not communicate its roadmap and future enhancements clearly to end users. Channel Execution: Surveyed VARs have reported that Barracuda does not provide sufficient notice before announcing a product's end of life (EOL). It also offers the capability to dynamically change QoS for live open sessions. hence. This provides easy allocation of QoS features to its traffic dynamically.

The vendor is providing a variety of solutions.300 employees in R&D. Certification: Barracuda firewalls lack Common Criteria EAL4 certification. performance and SandBlast Anti- Ransomware.Gartner Reprint 15/12/17 14(05 an ease of management advantage to those Barracuda clients that use multiple Barracuda product lines. 15000. the release of vSEC for the Google Cloud platform. 23000. Check Point is a large pure-play security vendor. Gartner has observed many enterprises in Asia mentioning EAL4 certification as a selection criterion. Co-headquartered in Tel Aviv. Check Point Software Technologies Check Point Software Technologies is a leading network firewall vendor. while the majority of firewall vendors have attained such certification. including 15400 and 15600 for large enterprises.webarchive Página 10 de 70 . 44000 and 64000 series of appliances. In 2016. cloud and mobile security solutions.10 with improvements to the management console. providing protection against file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. other than to maintain a single vendor relationship. California. Cloud security is provided through vSEC for private and public cloud. and the availability of R80. with more than 1. and 23500 and 23800 for data centers. Recent news include the introduction of new 44000 and 64000 high-end platforms. including next-generation security gateway appliances and endpoint. Endpoint security products include SandBlast Agent and mobile security products include Check Point Capsule and SandBlast Mobile. Check Point made available a number of models. as well SandBlast Cloud for SaaS applications. Enterprise firewalls include the 5000. Israel and San Carlos. Also released was SandBlast Cloud to scan Microsoft Office 365 email traffic.

Its firewall product meets all the enterprise deployment use cases with the breadth of models and features. Check Point is one of the largest security vendors. virtual data centers and cloud. Software Blade) to augment its firewall gateway. and continues to lead in market share for firewall equipment. both for endpoint and browser protection. Check Point continues as a Leader in the enterprise firewall space.g. It continues to lead in multiple features such as simplified centralized management and granular role-based administration.webarchive Página 11 de 70 .. Check Point offers its firewall over AWS and Microsoft Azure for public cloud support. a consolidated security across networks. In 2016. Check Point offers numerous subscriptions (e. Check Point's firewalls should be shortlisted by enterprises for which price sensitivity is not as important as granular security features such as high- quality central management for complex networks. the SandBlast Agent was made available. cloud and mobile. It is a good candidate for enterprises running hybrid networks with a mix of on-premises.Gartner Reprint 15/12/17 14(05 ransomware. The vendor has also recently expanded its cloud security offering with a cloud-based malware detection service that can be integrated in front of SaaS email offerings. STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. including advanced malware protection (Threat Emulation and Threat Extraction) and multiple threat intelligence feeds (ThreatCloud IntelliStore and Anti- Bot). along with the R80 release. and integrates with VMware NSX and Cisco Application Centric Infrastructure (ACI) for SDN use cases. Check Point recently introduced Check Point Infinity security architecture.

which consists of a software container called Capsule (Workspace. KVM. Check Point also has a strong and well-established channel globally. AWS. mobile and endpoint. It offers mature URL filtering capabilities with multiple end- user block and information pages. 15000. URL filtering and DLP. Product Execution: Check Point offers a large number of firewall models to meet the requirements of all enterprise network types. This makes it a strong enterprise firewall vendor capable of meeting different enterprise deployment use cases. Features: Check Point's enterprise firewalls offer strong web filtering capabilities with a combination of application control. Partners: Check Point has built a strong ecosystem of technology partners including software. Docs and Cloud) for both iOS and Android. and networking and managed services. 13000. 41000 and 61000 series of appliances. Google Cloud and Azure to support public cloud and highly virtualized infrastructure.Gartner Reprint 15/12/17 14(05 Offerings: Check Point offers a large breadth of security products covering network. server. Hyper-V. Enterprise firewalls include the 12000. Gartner strongly believes that security vendors should be able to identify and build product support and integration capabilities with the right technology providers to enhance their product offerings. Mobile Threat Prevention. It allows end file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. OpenStack. the vendor extended the integration capabilities for its vSEC virtual appliance line for VMware. and Capsule Connect/VPN. 23000. In 2016. 21000. This makes the vendor a shortlist candidate for enterprises looking for an integrated and consolidated approach to their perimeter.webarchive Página 12 de 70 . endpoint and mobile security based on the maturity on their enterprise security. It also offers a mobile security solution. through its partner program. Cisco ACI.

This makes these firewalls a desirable candidate for enterprises that are considering consolidating their web proxy and require granular web filtering capabilities in their firewall. robust centralized management offering. especially in high-compliance environments. which makes it a desirable vendor for complex firewall policy environments. Even the surveyed VARs and customers have rated this to be the vendor's strongest feature. CAUTIONS Delivery: Existing Check Point clients have often reported that their major firmware releases require jumbo hot fixes and take considerable time to become stable. Clients frequently comment that the Check Point roadmap aligns very well to their enterprise needs of tomorrow. including FireLayers.Gartner Reprint 15/12/17 14(05 users to explain their reason to bypass policy. such as deployments by very large enterprises and organizations that need formal approval workflow. Avanan and Microsoft (Adallom). Surveyed Check Point clients have also highlighted this and stated that the vendor needs to improve its delivery capabilities on new releases for a smoother customer experience. Both application control and URL filtering operations can be performed within the same rule. and competitors acknowledge Check Point's leadership in this domain. have complex topologies. while educating them on internet risk and corporate usage policies. it still file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. are subject to compliance that requires reliable reporting or have large operations teams. Features: Although Check Point has partnered with multiple CASB solution providers. It also offers a user check feature to alert users in real time about their application access limitations.webarchive Página 13 de 70 . Central Management: Check Point continues to lead the market with its strong. imbuing strong client retention.

webarchive Página 14 de 70 . is the largest networking infrastructure vendor with a broad security portfolio. Even the surveyed VARs have reported that the vendor lacks prompt technical support for higher-level support issues. despite innovating in the threat detection and mobile security spaces. Check Point is working toward opening more technical assistance centers (TACs) across the globe for direct availability in different regions. California. Cisco Cisco. Its main product line that includes all new releases is Cisco Firepower NGFW. Gartner clients often consider Check Point as a "traditional" firewall vendor. clients that need best-in-class security get what they pay for. Surveyed VARs have also scored the vendor lower on marketing and stated that it requires better product marketing to compete with its competitors. which exists file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Sales Execution/Pricing: Check Point's firewalls are perceived as high-priced solutions. however. as a feature leader. Technical Support: Gartner still receives anecdotal feedback from existing Check Point clients that it lacks prompt support.Gartner Reprint 15/12/17 14(05 lacks a built-in CASB feature for granular control and monitoring of growing SaaS applications. Gartner has gradually observed more enterprises considering CASB as a firewall-attached cloud service. based in San Jose. especially if the issue is escalated to a higher level of support and is not communicated well to clients. Marketing Execution: Check Point lacks proper marketing execution. or a notable absence especially when releasing interesting new features. which leads to confusion in its messaging in the market. and some customers have expressed surprise at perceived higher-than-expected renewal costs.

Cisco has a broad portfolio of additional products that includes advanced endpoint security. but Gartner does not often see Cisco enterprise firewalls selected on the basis of features or vision. Cisco has two virtual firewalls — the ASAv and NGFWv. email security. Cisco Defense Orchestrator (CDO) enables cloud-based.webarchive Página 15 de 70 . and the release of Firepower Device Manager (FDM). For Cisco deployments with a mix of newer and older firewalls. Cisco also completed the acquisition of Cloudlock. network access control and CASB. In addition. low-touch management visibility and orchestration across distributed environments. so some clients should expect to have to maintain CSM as part of one firewall replacement life cycle. particularly when enterprises want to deploy a broad set of security services that interact file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. cloud-based sandboxing and the Advanced Malware Protection (AMP) network. Some in-service ASA appliances do not support FMC for complete management. which claims to process traffic more efficiently. URL filtering. Cisco is executing well in sales and meeting its roadmap execution goals. a web-based. network traffic analysis (Stealthwatch). its CASB product. Cisco is a good shortlist candidate for most enterprise use cases. In addition. including NGIPS.Gartner Reprint 15/12/17 14(05 alongside the older Adaptive Security Appliance (ASA) product line and the Meraki range for smaller organizations. on-box device manager for Cisco Firepower NGFWs and replacement for Adaptive Security Device Manager (ASDM) in managing ASA 5500-X series devices. Firepower Management Center (FMC) and Cisco Security Manager (CSM) are available. Cisco offers a range of services on its firewall line. Cisco's recent enterprise firewall news includes the release of its 2100 series. In addition. secure web gateway.

Gartner sees AMP for Endpoints included in more new deals than it sees endpoint advanced threat detection attached for competitors. Portfolio: Gartner clients and surveyed Cisco partners value the integration of the Firepower NGFW enterprise firewall with existing and emerging elements of Cisco's enterprise security portfolio. and sees continued momentum for the Cisco Security Enterprise License Agreement (ELA). which is a simplified approach to policy management across NGFW. and it is an oft-cited reason for loyalty to Cisco security products. broad geographic support and wide availability of other security products. Distributed enterprises use it to gain policy visibility and control across enterprise and mobile/cloud edge security safeguards. STRENGTHS Sales Execution: Gartner sees Cisco firewalls on an increasing number of shortlists. customers can move resources around and even add security services as their needs change and grow. The vendor has strong channels. Customer Experience: Gartner clients consistently rate the Cisco support network as excellent. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. ASA and Umbrella. a level of integration that some competitors lack. Capabilities: Cisco stakeholders like Cisco Defense Orchestrator. Under the terms of the Cisco Security ELA. Advanced Threat Protection: Surveyed customers and partners value the integration between AMP for Networks and AMP for Endpoints.Gartner Reprint 15/12/17 14(05 with the firewall. which is good for organizations that want a single vendor multiproduct solution that provides for staged deployment and product flexibility.webarchive Página 16 de 70 .

Cisco firewalls did not yet integrate with VMware NSX. launched in 2001.Gartner Reprint 15/12/17 14(05 Management: Gartner clients and surveyed customers dislike having to continue to use CSM to manage some models and FMC to manage others. and caused some Cisco firewall customers to switch to other vendors. citing increased complexity of central management. Cisco's product was the most frequently listed as the one that vendors claimed to replace the most. This was a competitive disadvantage. Sales Execution: In the survey sent to enterprise firewall vendors. Product Strategy: For the evaluation period. Texas. alter or renew their Cisco firewall and associated portfolio licenses. Product Execution: Cisco customers and partners complain about configuration and management difficulties caused by the Java ASDM on-device management graphical user interface (GUI) that persists on in-support ASA models. an insider threat solution (Forcepoint Insider Threat) and a cloud access security broker offering (Forcepoint CASB. web and email security gateways (Forcepoint Web Security and Forcepoint Email Security). A signed agreement between Cisco and VMware is now in place. It offers a firewall (Forcepoint NGFW). Forcepoint (formerly Raytheon|Websense) is a pure-play security vendor. Customer Experience: Surveyed customers and partners cite complex and confusing licensing as a significant negative when they attempt to deploy. so Cisco could not participate in NSX-led SDN projects. Cisco's current messaging around its network security platform confuses Gartner clients that see instead a list of many products. a data loss prevention offering (Forcepoint DLP).webarchive Página 17 de 70 . file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Forcepoint Based in Austin.

Gartner Reprint 15/12/17 14(05

recently acquired from Imperva). The vendor has more
than 2,000 employees. The Forcepoint NGFW product
line was acquired from Intel Security in January 2016,
along with the McAfee Firewall Enterprise (Sidewinder
was part of the Secure Computing acquisition by
McAfee in 2008).

Forcepoint recent news includes the availability of the
NGFW offering on AWS, the addition of the Sidewinder
proxies on the Forcepoint NGFW and the possibility of
tunneling web traffic to the Forcepoint cloud-based
secure web gateway (Forcepoint Web Security Cloud).

Forcepoint has demonstrated consistently good
feature quality and an expanded capacity to execute
on its roadmap. The vendor is a valid shortlist
candidate on enterprise firewall shortlists for
distributed organizations.
STRENGTHS
Product Vision: Forcepoint offers multiple solutions
that have the ability to augment firewall capabilities.
The vendor has started with the integration of the
ThreatSeeker threat intelligence feed, and the ability
to tunnel web traffic to the Forcepoint Web Security
Cloud solution.

Customer Experience: Customers give excellent
scores to the centralized management console
(Forcepoint Management Center [SMC]) and high
availability. Forcepoint scores comparatively high for
the quality of its hardware.

Capabilities: Independent tests grant Forcepoint
NGFW better results for attack detection than some
of the Leaders evaluated in this research. The vendor
has an historical focus on building detection engines
resistant to evasion techniques.

Ease of Use: A zero-touch deployment is available
for Forcepoint NGFW. The filtering policy commit
process integrates an optional approval workflow.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 18 de 70

Gartner Reprint 15/12/17 14(05

SMC includes easy-to-use filters and visualizations
to ease the analysis of incidents.

Geographic Strategy: Forcepoint is visible on
distributed organizations' shortlists in Europe,
especially for local government agencies. Two of its
three R&D centers for firewall development are
located there.
CAUTIONS
Geographic Strategy: Forcepoint NGFW continues to
have much lower visibility among enterprise firewall
buyers in North America and the Asia/Pacific region
than in Europe. Its channel is relatively small
compared to many of its competitors.

Market Responsiveness: Forcepoint has just
released cloud-based sandboxing, six years after the
first vendor evaluated in this market. It has only
recently added Geo-IP and IP reputation in the
filtering policy. Integration of Sidewinder proxies into
the NGFW is also very recent.

Market Segmentation: Forcepoint offers a smaller
number of firewall appliances than its leading
competitor. It lacks the entry-level devices that suit
the needs of the smallest branches. Embedded web
management for one device is not feature-complete,
forcing clients with a single location to learn the
more comprehensive SMC.
Capabilities: Forcepoint's firewall offering does not
yet fully integrate with the recently acquired
Forcepoint CASB.

Product: Forcepoint NGFW's high availability is less
appealing for SDN and IaaS use cases, where part of
the resiliency requirements are handled by the
infrastructure. Forcepoint NGFW is not yet available
on Microsoft Azure. Forcepoint lags behind the
competition on integration with AWS services and
SDN vendors.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 19 de 70

Gartner Reprint 15/12/17 14(05

Fortinet
Fortinet is a large network and security vendor, with
more than 4,600 employees, based in Sunnyvale,
California. Its main product line is the FortiGate
firewall, which represented roughly 75% of its total
revenue in 2016. The vendor offers other products,
such as a wireless LAN (FortiAP) and web application
firewall (FortiWeb). Its more recent marketing
message highlights the Security Fabric concept,
focused on cross-device integration to improve overall
visibility and provide additional control options.

Fortinet recent news includes more models of its E
Series, which benefits from the latest generation of
Fortinet Security Processors (SPU). Fortinet also
acquired AccelOps and rebranded it FortiSIEM. Latest
releases include several features related to the
Security Fabric, with traffic forwarding between
Fortinet appliances, unified visibility and tighter
integration with FortiClient endpoints. Fortinet also
recently announced availability of FortiCASB, its
firewall-attached offering for SaaS security.

Fortinet has introduced important new product
functionalities and has made product and marketing
strategy improvements. The vendor is a good shortlist
candidate for all enterprise firewall appliance use
cases, especially when price/performance is rated high
in the evaluation.
STRENGTHS
Marketing Execution: Fortinet has improved its
visibility in final two vendor shortlists for enterprise
firewalls, being frequently the finalist against one of
the other two leaders. Surveyed channel partners
acclaim Fortinet's assistance during RFP and
implementation.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 20 de 70

Several of its resellers also offer products from one of the other Leaders in this Magic Quadrant and select Fortinet for its primary "fast firewall" use case. relying on the combined use of an extensive appliance portfolio. Capabilities: Except for performance. Capabilities: Customers not using centralized management tools liked the improved visibility they get from the FortiView reports. Despite a good security score in independent testing. The vendor's investment lags behind the competition in IaaS/SaaS and advanced threat endpoint security.webarchive Página 21 de 70 . Fortinet customers also mentioned ease of deployment as a strong point. good total cost of ownership for bundles and a flexible discount strategy. Customer Experience: Fortinet's clients gives excellent scores to its firewall performance and hardware quality. some prospective customers with high-risk exposure still express doubts regarding Fortinet's ability to meet their security requirements. and the feature has received few improvements since its first release. Marketing Execution: Fortinet fails to move its brand out of the "good enough vendor" zone. Fortinet often file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 Sales Strategy: Fortinet excels in providing the best price/performance offers. The vendor grows much faster than the market average. at the expense of other areas. Its attach rate for cloud-based sandboxing is low. CAUTIONS Product Strategy: Fortinet focuses most of its development resources on integrating its existing solutions together (Security Fabric). Market Segmentation: Fortinet's latest chassis models (7000 Series) reinforce its ability to serve the performance required in large data centers.

webarchive Página 22 de 70 . sandboxing) are heavily weighted. Customers also report that firmware upgrades and new features might be unequal in quality.Gartner Reprint 15/12/17 14(05 comes in second in technical evaluations to one of its direct competitors when core features (IPS. the Middle East and Africa. California. it introduced a few major features such as cloud sandboxing. application control. management. It continues to focus on expanding in different regions along with the Chinese market. VPN. URL filtering for HTTPS traffic. Hillstone firewalls are a good candidate for enterprises with hybrid networks. Hillstone is one of the few Chinese network security vendors that is gradually expanding in other regions outside China. such as on-premises. Client feedback on support is directly impacted by the quality of the channel partner: It gets an average score. and Latin America. The vendor is an established network security player offering perimeter. Customer Experience: Fortinet does not offer the direct vendor support and premium subscriptions that large enterprise clients might require. Management: Centralized and cloud-based management have made insufficient progress to positively influence Fortinet's score during technical evaluation. with regional headquarters in Sunnyvale. cloud and server security solutions. such as South East Asia. and TLS/SSL offloading and enhancement of its existing features. China. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. In 2016. Hillstone Hillstone is headquartered in Beijing. cloud and virtualized environments in the abovementioned regions.

zones. as they can have a single vendor relationship. Surveyed partners have rated Hillstone's abnormal behavior detection network traffic analysis feature as one of the product's strengths. interfaces and VLAN. Surveyed VARs have reported this as one of the strongest product features. ECMP. schedule-based QoS feature with controls that can be applied to IP. China Telecom and China Mobile). Features: Hillstone has enhanced its link load balancing feature to make it more intelligent and granular. protocols. for dynamic link selection. This makes Hillstone a desirable shortlist candidate for enterprises with hybrid networks. etc. including carrier cloud (China Unicom. Jindong Cloud.. AliCloud and other global public file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The vendor offers a granular. Feature enhancements such as link load balancing and granular QoS are more useful for carrier use cases. DNS domain redirection. Huawei Cloud. It can perform functions like link aggregation.Gartner Reprint 15/12/17 14(05 STRENGTHS Product Strategy: Hillstone product offerings and feature enhancements meet all the enterprise use cases more focused toward carrier and cloud infrastructure networks with virtualized environments. Public Clouds: Hillstone's virtual CloudEdge firewalls support all the major regional local cloud platforms in China.webarchive Página 23 de 70 . The vendor introduced SSL offloading and cloud-based network sandboxing features in 2016 to support typical enterprise network perimeter use cases. intelligent DNS. ISP routing. and offerings such as CloudHive and CloudEdge (with support for multivendor public clouds) are best for cloud infrastructure and hybrid enterprise network use cases. users. This offers enterprises the ability to implement tight QoS controls over their traffic.

CAUTIONS Marketing Execution: Surveyed partners have indicated that Hillstone lacks marketing and brand recognition outside China. which is offered by most international vendors against which Hillstone competes in the international market.Gartner Reprint 15/12/17 14(05 clouds like AWS and Azure. whereas with the increase in adoption of SaaS applications. where there are multiple strong firewall vendors with strong marketing. It does not offer any specific reports for SaaS applications. Gartner has observed many enterprises with large data centers that want to build a private cloud for scanning their traffic against advanced malware seek an on-premises network file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This makes it a good shortlist candidate for organizations with hybrid networks.webarchive Página 24 de 70 . Product Execution: Hillstone only offers cloud-based network sandboxing and does not offer it as a separate appliance. This offering makes Hillstone a strong vendor for cloud security use cases. Product Strategy: Hillstone does not offer anti-spam for emails and SD-WAN capabilities. Segmentation: Hillstone CloudHive offers a microsegmentation solution for virtual VMware networks along with CloudEdge virtual firewalls for the networks over the cloud. enterprises are gradually more often looking for a vendor that offers such a feature. Features: Hillstone lacks any integration with CASBs and does not offer advanced SaaS monitoring and control functionality. Gartner believes the vendor needs to focus more on strong marketing to build a strong brand in the regions it wants to expand in.

and for customers that already have Huawei products and wish to expand their business to firewalls. eSight and Agile Controller are the central management platforms that support the USG line. STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This will lead such enterprises to select a different vendor. and Eudemon is the model line for carriers and service providers. at the Evaluation Assurance Level (EAL) 4+ under Common Criteria and by NSS Labs. especially for higher- throughput options. Firewall and related security services can be used via the USG6000V virtual gateway to implement virtual multitenant separation. China-based Huawei has been shipping firewall products for more than a decade. Recent features include Cloud Application Security Awareness (CASA) and TLS/SSL decryption enhancements. particularly in EMEA. especially enterprises with high- performance needs. Unified Security Gateway (USG) is the primary enterprise line. and offers a variety of other network security appliances. we still do not see it frequently displacing Leaders or other Challengers based on vision or features. Huawei Shenzhen.webarchive Página 25 de 70 . The range of firewall appliances and models is extensive.Gartner Reprint 15/12/17 14(05 sandboxing appliance. including anti-DDoS and IPS. as opposed to a cloud service. however. as Hillstone does not offer this. Huawei is a relevant shortlist candidate for value- conscious enterprises located in the Asia/Pacific region or EMEA. Huawei USG firewalls have been certified by ICSA. Huawei released four new models during the Magic Quadrant evaluation period. Huawei has executed a fast ramp-up in market presence.

it does not release new capabilities as fast as its leading competitors. CAUTIONS Product Strategy: Although Huawei has broadened its support in public and private cloud. Geographic Strategy: Huawei has developed a strong channel in EMEA. Marketing Execution: Huawei has limited file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Product Execution: Huawei still does not offer a virtual firewall compatible with Microsoft Azure. While these features did not lead the market. demonstrating new perceived value. Gartner clients that want first-to-market security capabilities do not often consider Huawei USG as a shortlist candidate. Thus.webarchive Página 26 de 70 . the vendor has seen significant growth in the region. Huawei users comment that they would like enhanced reporting and a better GUI. they helped Huawei gain feature parity or near parity with some competitors. Huawei customers like that firewalls are well-integrated with their infrastructure components. and has worked hard to meet regulatory and customer requirements there. support for AWS and Xen public clouds. Portfolio Strategy: Customers with networks based primarily on Huawei infrastructure products can include Huawei firewalls on their shortlists. and SDN capabilities.Gartner Reprint 15/12/17 14(05 Marketing and Sales Execution: Huawei's firewall sales greatly outgrew the overall enterprise firewall market during the evaluation period. which accounts for a significant portion of its firewall revenue. Product Execution: Huawei released several important new features during the evaluation period. one of Huawei's targeted growth regions. which is a requirement for a growing number of customers in EMEA. including cloud-based advanced threat detection.

Its Junos Space Security Director is the central management platform.webarchive Página 27 de 70 . California. In addition. this concern continues to be a security sales challenge in some markets. Juniper offers AppSecure for application control and visibility. access and endpoint security solutions. Juniper has an initiative called Software-Defined Secure Networks (SDSN). Juniper serves incumbent Juniper infrastructure customers well with a product with good security features. the SRX Series. which aims to integrate security into all elements of the network infrastructure. Juniper has two virtual firewalls — vSRX and cSRX. The vendor has taken considerable steps to address concerns about relying on technology developed in China. especially North America. comprises 11 models. Its physical enterprise firewall line. whether it is Juniper or another vendor. Juniper also recently introduced the SRX 4100 and 4200. two midrange enterprise firewalls. And finally. Juniper's recent enterprise firewall news includes an expansion of its SDSN partner infrastructure to build out SDSN with CASB.Gartner Reprint 15/12/17 14(05 competitive visibility outside the Asia/Pacific region and EMEA. integrated IPS. and Gartner sees it being displaced more often than it is selected in competitive situations. The cSRX is a firewall that can protect containerized environments. and a new cloud-based anti-malware service (Sky Advanced Threat Protection [ATP]). Juniper is a sizable networking infrastructure vendor with a long history of providing network security capabilities. in order to minimize the impact of any compromised device. however. Juniper just announced that its SDSN Policy Enforcer can now detect threats and enforce policy to non-Juniper switches. but it has had difficulty executing in sales. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. integrated threat intelligence feeds. Juniper Networks Based in Sunnyvale.

often citing these as primary reasons for selection and continued usage. STRENGTHS Product Execution: Surveyed customers and partners often note satisfaction with the SRX's ease of configuration and rich interface.webarchive Página 28 de 70 . The vSRX offering is highly rated for performance relative to other virtual firewalls. Gartner began to see awareness of Sky ATP and other advanced security functions and roadmap items among the Juniper ecosystem. cSRX and the Juniper Contrail SDN framework. Product Strategy: Juniper has a strong SDN security story around vSRX. if this marketing execution is consistent and sustained. and is cited for strong clustering and advanced routing capabilities. These branch-office firewalls include WAN and cellular backup technologies. supporting it with its developing SDSN schema. Continued emphasis on these items will encourage more existing customers to stick with Juniper and. It is also suitable for enterprises buying security and networking in the same buying center. could inspire potential prospects to evaluate the SRX line. purpose-built appliances. because Gartner sees Juniper often deployed in large data centers. Marketing Execution: During this Magic Quadrant evaluation period. The vendor is unique among its competitors in offering a container-focused firewall. especially in the higher-end SRX models. Product Performance: Good options exist for high- throughput. Juniper has a strong range of branch-office firewalls complementing its enterprise products.Gartner Reprint 15/12/17 14(05 Juniper is a good shortlist candidate for enterprises that desire high throughput at a low price and the ability for the firewall to support advanced routing scenarios. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

the new roadmap direction for Juniper security solutions is very encouraging to Gartner. Sales Execution: Juniper has continued losing security market share in the past year. Until 2016. Product Strategy: Gartner believes that most enterprises want an operating system in their security products that differs from the one in network infrastructure components. As a result. cloud computing products. and demonstrate that it can win back customers and market share with its newer capabilities. it lacks the market understanding and strong product file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. although Azure and VMware NSX integration were announced during the evaluation period. however. The vendor must more effectively address fundamental sales challenges. it operated as a subsidiary of Hewlett Packard Enterprise (HPE) and now is a part of UniGroup. switches. China. WLAN products and management products. and has experienced declining year-over-year revenue in a growing market. Gartner clients lack confidence in Juniper's security strategy. While New H3C Group is focusing more on introducing new product offerings for different growing markets. including security products that also cover firewalls. Product Execution: Juniper has been late to market compared to competitors in areas such as public cloud support and VMware NSX integration. routers.Gartner Reprint 15/12/17 14(05 Innovation: Gartner clients and surveyed customers and partners perceive that Juniper lags behind its major competitors in releasing new security features.webarchive Página 29 de 70 . New H3C Group New H3C Group was established in November 2003 and is headquartered in Hangzhou. It is a strong infrastructure vendor in China with a large portfolio.

S9500E or S12500) and routers (SR6600 and SR8800). with a presence only in China. It includes the function modules IPS Manager. Offering: New H3C Group also offers H3C SecBlade FW modules. S7500E. Product offerings include servers. storage products. cloud infrastructure and big data. This gives an advantage to end users that want to maintain a single vendor relationship for their broad range of infrastructure products. The vendor's firewalls should be considered by clients based in China that are already using its products and looking for a high-performance. which can be used on H3C switches (S5800. networking and software. Security Architecture: The vendor offers H3C SecCenter Management Center for centrally managing the security devices on a network. STRENGTHS Portfolio: New H3C Group has a large portfolio of products and offerings. Customer Experience: Surveyed clients have highly rated the Intelligent Flow Forwarding (IFF) and Security One Platform (SOP) features of the M9000 file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 30 de 70 . providing centralized management of a variety of devices. These FW modules help customers extend network security capabilities within their existing H3C switches and routers. Firewall Manager and intelligent Traffic Analysis System (iTAS). strong firewall with basic security features.Gartner Reprint 15/12/17 14(05 strategy for meeting all enterprise firewall use cases and lacks multiple built-in security features. UTM Manager. This gives an advantage to existing customers. It offers a range of solutions for data centers. security products. The vendor is a regional Chinese player. SD-WAN capabilities and SaaS application monitoring. such as network sandboxing. which the majority of competitors in the region offer.

webarchive Página 31 de 70 . especially perimeter security for enterprises. it has invested a large amount to develop a high-end testing center and lab with enhanced testing capabilities. which is offered by a majority of firewall vendors. Product Strategy: New H3C Group's firewall offerings and feature enhancements are more focused on carrier and large data center use cases that operate in highly virtualized environments. Surveyed VARs have also reported that the vendor lacks brand recognition and needs better product marketing compared to other local Chinese vendors. Features: The vendor's firewalls lack an advanced malware network sandboxing feature. This has led to a lack of focus on meeting all enterprise firewall use cases. along with support for SDN. This shows commitment from the vendor to deliver reliable products and services to the market.Gartner Reprint 15/12/17 14(05 Series Multi Service Security Gateways. CAUTIONS Marketing Execution: The vendor's firewalls lacks recognition and brand value in its local market. As per the vendor. Clients have reported these features to be effective in a highly virtualized live environment. Capabilities: Since New H3C Group is a large infrastructure vendor. including those in China. the IFF feature is designed to implement distributed traffic flow and the SOP feature offers a virtual firewall function using container-based virtualization technology. New H3C Group does not offer any CASB integration and lacks SaaS monitoring and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This leaves customers to go with a separate vendor for advanced malware capabilities. as opposed to being an add-on feature of their existing firewalls.

Palo Alto Networks enjoys continued success in enterprise firewall selections. Presales support is file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. with improvements for WildFire and Panorama. It has also released a new entry-level hardware model (PA-220). threat Intelligence (AutoFocus). with more than 4. The vendor is visible on shortlists across all industries. available since 2011. with the 5220. Its offerings include enterprise firewall physical and virtual appliances.4 billion. especially when evaluations give more weight to feature and management quality than to price. and its 2016 revenue exceeded $1. California.webarchive Página 32 de 70 . Palo Alto Networks has recently released version 8 of its operating system (PAN-OS).000 employees. and has high customer satisfaction for its application visibility capabilities. The vendor has been shipping enterprise firewalls since 2007. and SaaS security (Aperture).Gartner Reprint 15/12/17 14(05 management features. STRENGTHS Marketing Execution: Palo Alto Networks is the pure- play security vendor with the highest visibility on enterprise firewall shortlists. two new intermediate appliances (PA-800 Series) and has refreshed its 5000 Series. 5250 and 5260 models. and new SaaS security and user credential protection features. Palo Alto Networks Palo Alto Networks is a large pure-play security vendor. The vendor has recently started to highlight integrations between its solutions as a security platform. which increasingly are sought by enterprises with growing adoption of SaaS applications. Palo Alto Networks is a solid contender for all enterprises. based in Santa Clara. endpoint software (Traps and GlobalProtect).

CAUTIONS Marketing Strategy: Gartner observes that Palo Alto Networks' security platform strategy may impact the vendor's development capabilities across a growing set of products that also require development for better integrating together. Capabilities: The Application Command Center (ACC) includes visibility of sanctioned and unsanctioned SaaS applications. the vendor's sandboxing option. With a list price of $1. Several clients give good scores to vendor support in North America. WildFire regional cloud options are available in Europe and Asia. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. PA-5200 Series and PA-220). Sales Execution: Palo Alto Networks maintains a very high growth rate.webarchive Página 33 de 70 . Improvements: The vendor has initiated a refresh of its firewall appliances (PA-800 Series. and to the vendor's ability to meet expected performance in production environments. Customer Experience: Palo Alto Networks has a faithful customer base and scores very highly for overall customer satisfaction. the new PA-220 allows the vendor to target smaller branches.000. with upgraded performance and a higher number of decrypted concurrent TLS connections. and the vendor very frequently comes out from shortlists with the highest overall evaluation score.Gartner Reprint 15/12/17 14(05 efficient. Combined with its automated event aggregation and filtering and drill- down options. it makes it easy to understand application flows and related risks. Many clients report that they will renew without performing a competitive assessment and that they recommend the product to their peers. has the highest attach rate and the largest customer base of all vendors evaluated in this research. WildFire.

Gartner Reprint 15/12/17 14(05 Innovations: Gartner has noticed in recent years that the ability of the vendor to lead the market with in- house innovations ahead of what other vendors offer has shifted to continuous improvements combined with acquisitions of small companies filling a gap in the vendor's portfolio. Sangfor Sangfor was founded in 2000 and is headquartered in Shenzhen. especially in regions where the vendor does not provide direct vendor support. Organizations from these regions should evaluate local resellers more stringently and request local references. resellers continue to hope for better tools when migrating from another firewall brand. The vendor has a smaller market share than its direct competitors in some of the European countries and Asia. They would like to see smaller batches of features instead of the very large updates that require more time to stabilize. Market Responsiveness: Some clients have expressed concern about the pace of firmware releases. The release notes of the recently published PAN-OS 8. with its EMEA regional headquarters in Dubai. forcing more conservative organizations to stick with an older version for a long time. can become slow when managing a large number of appliances.webarchive Página 34 de 70 . Panorama.0 include mentions of performance improvement for Panorama. Sangfor provides network security and cloud computing solutions such as Next Generation file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Sales Execution: Price is frequently cited by Gartner clients. Customer Experience: Some clients cite that the vendor's centralized solution. as a reason not to select Palo Alto Networks. China. especially distributed organizations. Despite recent improvements.

such as behavioral botnet detection and risk reporting. Sangfor SC. Internet Access Management (IAM). Recent feature releases include geoawareness and stability improvements. STRENGTHS Product Execution: Sangfor clients enjoy NGAF's ease of deployment and use. SSL VPN and Hyper-Converged Infrastructure (HCI). Sangfor started shipping its enterprise firewall product line (NGAF) in 2011. WAN Optimization (WANO). along with a reporting platform.Gartner Reprint 15/12/17 14(05 Application Firewall (NGAF). Sangfor serves a narrow segment of the market.webarchive Página 35 de 70 . 2016 also saw the first release of virtual firewalls. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and it has some SDN capabilities. NGAF integrates web application firewall (WAF) functionality in the NGAF platform. for a firewall throughput of up to 80 Gbps. and its good price/performance ratio. which enables customers to locate threats. with sales and operations mostly in China. The vendor is a good shortlist contender for Chinese customers that want WAF merged with a firewall. the vendor has four virtual firewall models and a central management system. In addition. Sangfor DC. and those that want access to advanced security features faster than some other regional vendors have provided them. a unique feature among the vendors evaluated. Product Strategy: Surveyed customers cite the presence of WAF as a primary motivation for selecting NGAF. It now features 17 models for China and 10 models for international customers. Sangfor offers support for AWS public cloud. Customers and partners indicate satisfaction with other advanced features.

Sangfor does decryption acting as a proxy. which is a growing feature request among Gartner clients. going private and becoming a stand-alone company. California. It has no on-box TLS decryption. and the SuperMassive Series for larger enterprises and data center deployments. SonicWall has no virtual file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 Customer Experience: Sangfor stakeholders give the vendor's presales and postsales customer support high marks. Internationalization and an expanded geographic presence of the Sangfor firewall product line are ongoing efforts. End users believe that they can't do advanced configurations without involving the vendor.webarchive Página 36 de 70 . SonicWall's enterprise firewall portfolio comprises a total of five physical appliances across the NSA Series. CAUTIONS Customer Experience: Some customers perceive and don't like that only Sangfor support can perform debugging and software and firmware upgrades. and request references for organizations in the same region. Product Execution: Potential customers outside of China should first verify the availability of vendor support and product documentation for their use case. Geographic Strategy: Gartner does not see Sangfor firewalls often being shortlisted outside of China. SonicWall was spun out of Dell in 4Q16. SonicWall Now based in Santa Clara. aimed at midsize enterprises. Partnerships: The vendor does not have any integration with network security policy management tools. making it more difficult for enterprises to manage policy in a multivendor situation.

Recent company news includes announced training and marketing enhancements to its channel programs.Gartner Reprint 15/12/17 14(05 firewall products. STRENGTHS Product Execution: Surveyed customers frequently mention the ability of the SonicWall product to meet budget and performance requirements. SonicWall also offers GMS Analyzer and GMS Flow Server for additional reporting views. The Global Management System (GMS) is a central management platform. In addition to the main GMS consoles. All SonicWall firewalls now have integration with Dell Networking X-Series switches. They also give good scores for ease of management.webarchive Página 37 de 70 . The vendor is a good shortlist candidate for value-conscious enterprises that desire more throughput at a reasonable price and a solid firewall appliance that is easy to manage. and its continued investment in channel programs may raise visibility among Gartner clients. SonicPoints and WAN Acceleration Appliances (WXA). Product Performance: SonicWall customers and partners note that the vendor does a very good job handling SSL/TLS decryption on-box without massive performance degradation. SonicWall is not typically visible on a large number of enterprise shortlists. Product Strategy: The cloud-based Capture Advanced Threat Protection service takes a multiengine approach to advanced threat detection. Marketing Strategy: SonicWall has worked hard to rebuild its channels in order to reach more customers. and it does not address some enterprise data center use cases. This approach shows promise and early feedback is positive. SonicWall recently launched its Cloud GMS management solution. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Intercept X).Gartner Reprint 15/12/17 14(05 CAUTIONS Product Strategy: SonicWall's continued lack of a virtual firewall makes it increasingly less relevant to modern data center use cases as enterprises adopt public cloud IaaS and conduct private cloud projects.K. The vendor has recently experienced a decline in revenue. and enterprise mobility management (Sophos Mobile). Historically an endpoint security vendor (Sophos Endpoint Protection. including automated host quarantine and the release of a cloud-based sandbox (Sophos Sandstorm). The file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and Sophos Central is the cloud-based centralized management portal for all Sophos security products. especially in its ability to inspect JavaScript to provide visibility on SaaS usage. Sophos Firewall Manager is the name of the centralized management software. Gartner attributes some of this to the succession of ownership changes and subsequent disruptions to the company.000 employees. Product Execution: SonicWall cloud security is less mature than its leading competitors. Sophos Sophos is a network and endpoint security vendor headquartered in Abington. Marketing Execution: Gartner less frequently sees SonicWall being shortlisted by enterprise clients.. with more than 3. wireless access point (Sophos AP).webarchive Página 38 de 70 . Market Responsiveness: The vendor has been slow in providing differentiating new features and enhancing its existing capabilities. Sophos' portfolio now includes firewalls (XG Series and the older SG Series). U. Sophos' releases in recent months comprise evolutions of its firewall and endpoint integration.

The vendor scores relatively higher than its competition for the value of the integration between endpoint and firewall (synchronized security). especially for the upper. The vendor has demonstrated its commitment to align the roadmap of all its product lines to its product vision of a fully integrated solution. with easy-to-use filtering.webarchive Página 39 de 70 . shortlists is growing.and lower-midsize enterprise organizations. Sophos regularly adds to its intellectual property with tactical acquisitions of technology-driven companies.S. Geographic Strategy: Sophos firewalls are visible on European client shortlists for enterprise firewalls. Embedded and centralized reports are comprehensive and easy to navigate. helped by its existing presence in the endpoint protection market. Sophos management console is available in many European and Asian languages. Sophos is worth including on enterprise firewall shortlists. Sophos has demonstrated continued market focus and feature improvements. including a dedicated offering. and for existing Sophos endpoint customers. Customer Experience: Clients like the short learning curve to understand the new XG management interface. Remote Ethernet Device (RED). especially when purchasing a firewall cluster. for the smallest branches. STRENGTHS Marketing Execution: The vendor's revenue growth and customer retention rate are higher than the market average. Sophos' clients cite good price for value as a key factor in selecting the vendor.Gartner Reprint 15/12/17 14(05 vendor also made two acquisitions of security vendors leveraging machine learning techniques (Invincea and Barricade). Its visibility on U. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Capabilities: The Sophos XG product line includes a comprehensive set of appliances.

especially in providing enterprise-class responsiveness for first direct contact with the vendor. and heavily distributed organizations.000 employees or less. Platform: Surveyed clients would like to see Sophos providing integration with leading endpoint protection platforms. Sophos executes on a very ambitious roadmap to integrate the XG firewall with Sophos' endpoint and cloud-based management. It provides enterprise firewalls and multifunction firewalls for SMBs to EMEA organizations with its Stormshield Network Security appliances. Sophos XG lacks the ability to create virtual instances within a single physical appliance. in addition to the vendor's own solutions. For enterprises. Stormshield Stormshield resulted from the merger of two French security providers (Arkoon and Netasq) in 2014. Some clients in regulated environments or with compliance requirements cite the limited reports and logs. Stormshield offers 15 physical appliances and six virtual models. CASB solutions for increased SaaS security. nor does it integrate with. It does not offer.Gartner Reprint 15/12/17 14(05 Platform: Under the name Synchronized Security. Its product strategy is not a good fit for very large enterprise and data center use cases. visibility and control features. Customer Experience: Several clients and surveyed channel partners would like to see substantial improvements in vendor support. and lacks dedicated SaaS discovery. Capabilities: The XG firewall is not yet available on AWS. CAUTIONS Market Segmentation: Sophos' strategy focuses on enterprises with 5.webarchive Página 40 de 70 . Its portfolio also includes host file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

The vendor is a suitable shortlist contender for European organizations that value a dependable enterprise firewall that can integrate with same-vendor endpoint protection. and it is often selected in that region because it's from a trusted European vendor. Stormshield introduced a new ruggedized firewall for industrial environments during the Magic Quadrant evaluation period. For example. In addition to the new management appliances. Stormshield had early support for the European General Data Protection Regulation (GDPR) by introducing integration between its encryption solution and the firewall. For management and reporting. which makes it a good choice for European government agencies and private organizations working with the public sector.webarchive Página 41 de 70 . Stormshield remains primarily a solution serving clients in Western Europe. STRENGTHS Compliance: Stormshield owns several regional and nationwide European certifications.Gartner Reprint 15/12/17 14(05 IPS (Stormshield Endpoint Security) and data-at-rest encryption software (Stormshield Data Security). Company news includes an agreement with Ingram Micro to distribute Stormshield products throughout EMEA. The vendor provides virtual firewall appliances for AWS and Microsoft Azure IaaS platforms. Stormshield has introduced Stormshield Management Center and Stormshield Visibility Center. Product Execution: Surveyed customers and partners tout a strong behavioral IPS that impacts firewall performance minimally (compared to competitive offerings) as a reason to buy. Certified support centers are available in nine European file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Support: Stormshield's customers cite the value of having in-country customer support.

In 2016. Washington. visibility and channel remain focused on EMEA. headquartered in Seattle. the majority of its penetration. as well as in the United Arab Emirates (UAE) and Singapore. making it unsuitable to address certain high-availability use cases. and has yet to build an offering for SDN use cases. Geographic Strategy: Although Stormshield gets support from the large Airbus Defence and Space CyberSecurity group. especially France. WatchGuard WatchGuard. It lacks threat intelligence feeds. Product Strategy: Stormshield provides vulnerability management that leverages an integrated passive scanner. It allows security analysts to dynamically apply dedicated rules to vulnerable hosts by adding them to a group of vulnerable hosts. CAUTIONS Product Execution: Stormshield continues to lag behind market leaders in some functional areas — how it integrates application control in the security policy and support of only a limited number of virtual domains within a single hardware appliance. Stormshield does not support active/active use cases.Gartner Reprint 15/12/17 14(05 nations.webarchive Página 42 de 70 . Threat Research: Stormshield's internal threat research team collaborates with parent company Airbus Defence and Space CyberSecurity's Security Research Team to gain access to an expanded set of findings. is a recognized brand name for SMBs and distributed enterprises. Sales Execution: The vendor has fewer customers using its firewalls in IaaS environments than most of its competitors. it released two new M models for file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Technology Partner Ecosystem: Watchguard has partnered with multiple technology providers to provide better features and integration capabilities. STRENGTHS Product Execution: WatchGuard has enhanced its threat detection capabilities as two separate threat intelligence subscriptions. WatchGuard also made a few significant feature enhancements around mobile security and VPN. Reputation Enabled Defense.Gartner Reprint 15/12/17 14(05 firewalls. Firebox M4600 and M5600 for SMBs.webarchive Página 43 de 70 . With recent enhancements around threat detection capabilities and multiple technology partnerships. TDR offers better correlation with network and endpoint security events. WatchGuard offers a good product with better price versus performance relative to other vendors in the space. Dimension. However. under the Basic Security suite. includes feeds from OEM partners like Kaspersky. AVG as its antivirus engine and Trend Micro as a provider of file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. WatchGuard should be considered by distributed enterprises that want good price/performance value. Deutsche Telekom and other threat intelligence sources. Surveyed stakeholders have cited it as one of the key strengths of the portfolio. This will equip WatchGuard customers with better correlation and threat detection capabilities. along with third-party threat intelligence feeds that the vendor has partnered with. Also offered is Threat Detection and Response (TDR) as a part of the Total Security suite. its product strategy is more focused toward midsize and distributed enterprise use cases than toward a majority of enterprise use cases. Host Ransomware Prevention is also a component in TDR. WatchGuard offers good analytics and reporting capabilities with its cloud-based reporting solution. It uses Forcepoint as a URL filtering provider.

Sales Execution: The vendor offers good price versus performance value. In addition. Product Strategy: WatchGuard lacks support for SDN vendors in supporting SDN deployment use cases. a dedicated CASB provider. However. and it needs improvement there. This helps in identifying overlapping rules. Surveyed VARs have also indicated they sell WatchGuard Firebox appliances to only midsize and distributed enterprise customers. WatchGuard can help distributed enterprises manage and secure a mixed WAN environment. Surveyed end users have cited this as one of the vendor's strengths. WatchGuard also offers integration with ManagedMethods.webarchive Página 44 de 70 . with cost-effective products and subscriptions. and does not effectively address several enterprise use cases.Gartner Reprint 15/12/17 14(05 an IPS signatures database. WatchGuard has lagged behind most of its competitors in releasing virtual firewall services to support customer deployments in the public cloud. Gartner does not see WatchGuard being frequently shortlisted by the enterprise clients as a possible firewall candidate. Features: WatchGuard offers a policy mapping feature for identifying the firewall rule usage. Policy Map provides a visual flow map showing which policies are hit by traffic moving through the firewall. CAUTIONS Technical Support: Some surveyed end users have reported that the vendor lacks quick resolution through the technical support ticket process. which is raised as an email. Marketing Execution: WatchGuard has its major presence in midsize and distributed enterprises. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It also has OEM partnerships with multiple threat intelligence feeds.

or of a change of focus by that vendor. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. therefore. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and. Added New H3C Group was added to the Magic Quadrant. As a result of these adjustments. The vendor regularly appears on shortlists for selection and purchases. Gartner analysts consider that aspects of the vendor's product execution and vision merit inclusion. Dropped No vendors were dropped from the Magic Quadrant. changed evaluation criteria. The vendor demonstrates a competitive presence in enterprises and sales.Gartner Reprint 15/12/17 14(05 Vendors Added and Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change.webarchive Página 45 de 70 . Inclusion and Exclusion Criteria Inclusion Criteria Network firewall vendors that meet the market definition and description were considered for this research under the following conditions: Gartner analysts have assessed that the vendor has the ability to effectively compete in the enterprise firewall market. the mix of vendors in any Magic Quadrant or MarketScope may change over time.

The vendor has personal firewalls. This includes hardware OEMs. but do not have the capabilities. Exclusion Criteria Network firewall vendors may have been excluded from this research for one or more of the following reasons: The vendor has minimal or negligible apparent market share among Gartner clients. and within a customer segment that is visible to Gartner. The vendor is not the original manufacturer of the firewall product. resellers that repackage products that would qualify from their original manufacturers. The vendor primarily has a network IPS with a non- enterprise-class firewall. Products that are suited for SMBs (such as UTM firewalls. host-based firewalls. or it is not actively shipping products. as well as carriers and ISPs that provide managed services. host-based IPSs and WAFs (see Note 1) — all of which are distinctly separate markets. or those for small office/home office placements) are not targeted at the market this Magic Quadrant covers (enterprises) and are excluded.webarchive Página 46 de 70 . scalability and ability to directly compete with the larger firewall product/function view. We assess the breadth of OEM partners as part of the evaluation of the firewall. The vendor's products sell as network firewalls. and we do not rate platform providers separately. Evaluation Criteria file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million.

competitive wins versus key competitors (which are compared with Gartner file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. supported and in users' hands. Sales are a factor. however. Overall Viability: This includes overall financial health. console quality. All vendors were required to disclose comparable market data. secondary product capabilities (logging. such as firewall revenue. compliance. and demonstrated commitment in the firewall and security markets. Execution considers factors related to getting products sold. and the ability to support complex deployments and modern DMZs. winning in competitive environments through innovation and quality of product and service is more important than revenue. although those factors can affect a vendor's Ability to Execute. and that the company wins a large percentage in competition with other vendors. Support is rated on the quality. Strong execution means that a company has demonstrated to Gartner analysts that products are successfully and continually deployed in enterprises. rule optimization and workflow). The logistical capabilities for managing appliance delivery. installed.webarchive Página 47 de 70 . such as foundation firewall functions. Key features are weighted heavily. prospects for continuing operations. range of models. low latency. product service and port density matter. Execution is not primarily about company size or market share. company history.Gartner Reprint 15/12/17 14(05 Ability to Execute Product or Service: This includes service and customer satisfaction in enterprise firewall deployments. Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients. and also generate a steady stream of inquiries to Gartner analysts. breadth and value of offerings through the specific lens of enterprise needs. Growth of the customer base and revenue derived from sales are also considered. event management. Having a low rate of vulnerabilities in the firewall is important.

support. This criterion also considers the provider's history of responsiveness to changes in demand for new features and form factors in the firewall market. and use by enterprises. Market Responsiveness/Record: This evaluates the vendor's ability to respond to changes in the threat environment. installed base. Cost of ownership over a typical firewall life cycle (three to five years) is assessed. Buyers want good results more than they want bargains.Gartner Reprint 15/12/17 14(05 data on such competitions held by our clients) and devices in deployment. and to present solutions that meet customer protection needs rather than packaging up fear. and includes the cost of all hardware.webarchive Página 48 de 70 . Pricing is compared in terms of a typical enterprise-class deployment. uncertainty and doubt. Low pricing will not guarantee high execution or client interest. deal size. and think in terms of value over sheer low cost. Presales and postsales support is evaluated. Rather. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. we consider the use of these firewalls to protect the key business systems of enterprise clients and those being considered on competitive shortlists. This includes the strength of the vendor's sales and distribution operations. carriers and managed security service providers (MSSPs). The number of firewalls shipped or the market share is not the key measure of execution. Sales Execution/Pricing: We evaluate the company's pricing. maintenance and installation. The robustness of the enterprise channel and third-party ecosystem is important. and how enterprises deploy network security. as is the pricing model for conducting a refresh while staying with the same product and replacing a competing product without intolerable costs or interruptions.

such as multidevice management. In addition to buyer and analyst feedback. and which are considered top threats by the others. Table 1. Low latency. Succeeding in complex networks with little intervention (for example. poor performance and a product's inability to survive to the end of a typical firewall life span are assessed accordingly.webarchive Página 49 de 70 . The greatest factor in these categories is customer satisfaction throughout the sales and product life cycles. such as by driving the market on innovative features co-packaged within the firewall. Unacceptable device failure rates. one-off patches) is highly considered. throughput of the IPS capability and how the firewall fared under attack conditions are also important. as are enterprise- class capabilities. An NGFW capability is heavily weighted. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment. Customer Experience and Operations: These include management experience and track record. or by offering innovative pricing or support offerings. vulnerabilities. as well as the depth of staff experience — specifically in the security marketplace. Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product or Service High Overall Viability Medium file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and to the range of models to support various deployment architectures. it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process.Gartner Reprint 15/12/17 14(05 Marketing Execution: Competitive visibility is a key factor. adaptability of configuration and support for enterprise environments. this ranking looks at which vendors consider the others to be direct competitive threats. virtualization.

show that they are following their plans and modify those plans as they forecast how market directions will change. Gartner makes this assessment subjectively by several means. Understanding and delivering on enterprise firewall realities and needs are important. too" roadmap. they must put plans in place. rather than an "us. We also evaluate the vendor's overall understanding of and commitment to the security and network security markets. including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps.Gartner Reprint 15/12/17 14(05 Sales Execution/Pricing Medium Market Responsiveness/Record High Marketing Execution Medium Customer Experience High Operations Medium Source: Gartner (July 2017) Completeness of Vision Market Understanding and Marketing Strategy: This includes providing a track record of delivering on innovation that precedes customer demand. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and against future trends identified in Gartner research.webarchive Página 50 de 70 . and having a viable and progressive roadmap and continuing delivery of NGFW features are weighted very highly. Vendors cannot merely state aggressive future goals.

We also evaluate how the vendor understands and serves the enterprise branch office and data center. virtualization and performance. independent third-party certifications include the Common Criteria for Information Technology Security Evaluation. Integration with other security components is also weighted. An articulated.webarchive Página 51 de 70 . Offering (Product) Strategy: This criterion focuses on a vendor's product roadmap. viable strategy for addressing the challenges in SDN deployments is important. Credible. is highly rated. rather than selling just fear or next-generation hype. Innovation. Channel and third-party security product ecosystem strategies matter insofar as they are focused on enterprises. such as complex file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Building loyalty through credibility with a full-time enterprise firewall staff demonstrates the ability to assess the next generation of requirements. as is evidence of execution within cloud and virtualized environments. such as introducing practical new forms of intelligence to which the firewall can apply policy. Sales Strategy: This includes preproduct and postproduct support. NGFW integration and enhancement. including zero-day events. and they must do so in a technically direct manner. Vertical/Industry Strategy and Geographic Strategy: These include the ability and commitment to service geographies and vertical markets. as well as product integration with other IT systems. value for pricing. Vendors need to address the network security buying center correctly. current features. Business Model: This includes the process and success rate for developing new features and innovation.Gartner Reprint 15/12/17 14(05 The NGFW capabilities are expected to be integrated to achieve correlation improvement and functional improvement. It also includes R&D spending. and clear explanations and recommendations for detecting events.

Management interface and clarity of reporting — that is. Products that are not intuitive in deployment.Gartner Reprint 15/12/17 14(05 enterprise multinational deployments. Solving customer problems is a key element of this criterion. rather than adding more alerts and complexity. the better the vision. "Giving back time" to firewall administrators by innovating to make complex tasks easier. Integration with other security products. Innovation: This includes R&D and quality differentiators. are scored accordingly. or operations that are difficult to configure or have limited reporting. Completeness of Vision Evaluation Criteria Evaluation Criteria Weighting Market Understanding High Marketing Strategy Medium Sales Strategy Medium Offering (Product) Strategy High file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 52 de 70 . and achieving high IPS throughput and low appliance latency. Firewall virtualization and securing virtualized environments. MSSPs. such as: Performance. new firewall mechanisms. carriers or governments. the more a product mirrors the workflow of the enterprise operation scenario. which includes low latency. Reducing the rule base. Table 2. offering interproduct support and leading competitors on features are foremost.

Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats. such as multitier administration and rule/policy minimization. provide expert capability rather than treat the firewall as a commodity and have a good track record of avoiding vulnerabilities in their security products. These requirements include a wide range of models.webarchive Página 53 de 70 . A solid NGFW capability is an important element. offering options for hardware acceleration and offering form factors that protect enterprises as they move to new infrastructure form factors. Challengers file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and a management and reporting capability that is designed for complex and high-volume environments.Gartner Reprint 15/12/17 14(05 Business Model Medium Vertical/Industry Strategy No Rating Innovation High Geographic Strategy Medium Source: Gartner (July 2017) Quadrant Descriptions Leaders The Leaders quadrant contains vendors that build products that fulfill enterprise requirements. Common characteristics include handling the highest throughput with minimal performance loss. as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. support for virtualization and virtual LANs.

more automated east/west microsegmentation in public cloud and SDN environments. but they are not consistently leading with differentiated next-generation capabilities. while vendors that have strong NGFW offerings are focused on manageability and usability. If firewalling is a competitive element for an enterprise. but trail smaller market share Leaders in the release of features. but lack in performance capabilities and support networks. but they lack the sales base. Gartner expects the next wave of innovation in this market to focus on better. strategy or financial means to compete consistently with Leaders and Challengers. Many Challengers have not fully matured their NGFW capability — or they have other security products that are successful in the enterprise and are counting on the relationship. then Visionaries are good shortlist candidates. these vendors can offer economical security product bundles that others cannot. to win deals. Vendors that do not have strong NGFW capabilities are supplementing them in a defensive move. rather than the product. Savings and high- touch support can be achieved for organizations that are willing to update products more frequently and to switch vendors if required. Most Visionaries' products have good NGFW capabilities. Firewall market Challengers will often have significant market share. and.webarchive Página 54 de 70 . Challengers' products are often well-priced. because of their strength in execution.Gartner Reprint 15/12/17 14(05 The Challengers quadrant contains vendors that have achieved a sound customer base. Visionaries Visionaries have the right designs and features for the enterprise. Niche Players file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Many Challengers hold themselves back from becoming Leaders because they choose to place security or firewall products at a lower priority in their overall product sets.

and integration with the established security and network infrastructure and teams. Some enterprises that have the firewall needs of an SMB (for example. Changes in threats. although other models from Leaders and Challengers may be more suitable. ease and speed of the deployment. some Type C risk-averse enterprises and some distributed enterprises) may consider products from Niche Players. as well as increased enterprise demand for mobility. SDN and use of the cloud. Many Niche Players are making larger versions of SMB products with the mistaken hope that this will satisfy enterprises. makers of multifunction firewalls for SMBs or branch-office-only product makers that are attempting to break into the enterprise market. then Niche Players can be shortlisted. responding to the continuing evolution in threats as well as to changes in enterprise network speed and complexity. IT organization support capabilities. have increased demand for new firewall features and capabilities.webarchive Página 55 de 70 . If local geographic support is a critical factor. acquisition costs.Gartner Reprint 15/12/17 14(05 Most vendors in the Niche Players quadrant are smaller vendors of enterprise firewalls. Market Overview As the first line of defense between external threats and enterprise networks. Organizations' final product selection decisions must be driven by their specific requirements. virtualization. It is populated with mature vendors and some more recent entrants. Firewalls have high adoption and penetration rates in all file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. especially in the relative importance of management capabilities. Context The enterprise firewall market is the largest security product market. firewalls need to continually evolve to maintain effectiveness.

All enterprise firewall vendors today offer NGFWs. as demonstrated through third-party testing under realistic threat and network load conditions. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. remains a defining feature. especially in multivendor situations (see Note 2). Because it is saturated. there is no distinction between an enterprise firewall and an NGFW. Gartner estimates that the transition to NGFW from traditional firewalls will complete within the next two years. The key differentiators in these areas are IPS effectiveness. For new firewalls. This means that. the firewall market is driven by refresh cycles of four to five years. Enterprise Firewalls Are Next-Generation Firewalls One key area of firewall evolution that has been widely supported is what Gartner (in 2009) called "NGFW features" — namely.webarchive Página 56 de 70 . application identification and granular user control. to protect their installed base. and to require enforcement options in their next refresh. Identity-based policy enforcement. We have seen some common patterns in the firewall market as enterprises with 3. Network security policy management (NSPM) products are increasingly used to manage complexity.to 5-year-old firewalls and IPSs evaluate replacement: Enterprises with traditional firewalls seek to have firewalls that have application and user visibility. user-based policy enforcement in the top business and social media applications. incumbents must add improved capabilities and increase performance.Gartner Reprint 15/12/17 14(05 markets. integrated deep packet inspection intrusion prevention. and fine-grained. or face either replacement by innovative market entrants or commoditization by low- cost providers. or the ability to enforce policy on thousands of applications.

Gartner Reprint 15/12/17 14(05 Enterprises not currently using any IPSs migrate to NGFWs with minimal use of advanced features. Gartner sees some limited success for Type C enterprises (see Note 3). However. High-security environments upgrade to NGFWs for the firewall. but continue using stand-alone IPSs. using minimal signature sets) migrate to NGFWs using the built-in IPS capabilities. the large UTM vendors have tried to expand beyond their traditional use case by stretching into the large enterprise market. but it is mostly restricted to two use cases: distributed Type C enterprises (mostly in the retail industry). migrate to NGFWs for the firewall with application control and user context. However. the UTM approach fails to convince Type A and Type B enterprises that require mature application and user control capabilities. UTM vendors have and continue to target SMB clients. in the past few years. Enterprises with firewalls and stand-alone IPSs that are employed primarily in detection mode (that is. UTM Still Can't Compete With Enterprise Firewalls Historically. They now try to sell high-throughput UTM to enterprise clients that score price competitiveness higher than security. and upgrade IPSs to NGIPSs.webarchive Página 57 de 70 . Enterprises with firewalls and stand-alone IPSs that are used for active prevention. and firewall-only for network segmentation at low cost. Enterprises seek NGFW functionality as they transition from physical data center to virtualized environments and SDN. with large signature sets and some custom signatures. Organizations look to extend their on-premises firewall vendor into IaaS cloud providers. and do not consolidate web antivirus on the internet-facing file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

despite the self-evaluation bias that generally results in inflated numbers. more than 60% of organizations will fail to decrypt HTTPS efficiently. a growing number of malware attacks. enterprise firewall vendors underestimate the work of building an SMB channel). By 2020. and firewall vendors do a poor job at providing an up-to-date list of exceptions. through 2019. including ransomware. more than 80% of enterprises' web traffic will be encrypted." Gartner anticipates that. End-user experience is likely to be affected too. In the client reference survey. Decrypting SSL/TLS on a firewall creates organizational issues. will move to use HTTPS to covert initial infection and command and control communications.webarchive Página 58 de 70 . Most enterprise buyers are also wary of shortlisting a UTM vendor because of its primary focus on SMBs and limited brand awareness. such as ensuring employees' right to privacy. missing most targeted web malware. and the fact that references provided file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Consequently. and technical challenges. In "Predicts 2017: Network and Gateway Security. such as performance issues and product sizing difficulties for the firewall channel. Some application traffic cannot be decrypted. principally to enforce web-filtering policy and to prevent malware infections. Decrypt This Enterprises face a growing need for SSL decryption. leading to traffic being blocked.Gartner Reprint 15/12/17 14(05 firewall (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets" ). UTM vendors also face difficulties in building a strong sales and support channel for enterprises (similarly.

but has not seen significant adoption. Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware or AWS) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. Adoption is growing quickly (from small numbers). Fortinet and other firewall vendors has created buzz for virtualizing and securing data centers. and as IaaS deployments become more common.webarchive Página 59 de 70 . As other virtualization platforms. such as Citrix Xen and Microsoft Hyper-V. Performance and the ability to manage firewall policy through a single integrated management console for stand-alone appliances or virtual appliances are key differentiators. managing heterogeneous virtualized firewalls from existing physical firewall vendors. SDN projects get more numerous.Gartner Reprint 15/12/17 14(05 by vendors tend to use more features than the market average. and some lean-forward customers have adopted these. VMware's NSX work with Palo Alto Networks. virtualization platform vendors and virtual-only firewalls will present a challenge. Check Point Software Technologies. Almost all operating systems within firewall appliances are uniquely hardened. Gartner covers virtual/cloud firewall vendors such as vArmour and Illumio. demand for virtualized environment support has grown. only 29% of the respondents answered that they were decrypting HTTPS traffic. Virtualized Firewalls: Hype Accelerates. gain traction. networks and east-west segmentation. and Demand Starts to Follow As data center virtualization has continued. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. subject to stringent third-party file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Firewall refreshes remain constant at a five-year average. with growth decelerating for the remainder of that period.webarchive Página 60 de 70 . client market inquiries show an increased interest in virtual firewalls.Gartner Reprint 15/12/17 14(05 security evaluations. Agility is one of the key business benefits of SDN and IaaS. rather than having macrorefresh cycles or "bumps" of refreshes. and the need for human interaction with firewall policy subtracts from the business benefits these agile architectures bring with them. and vendors are scrambling to meet that demand by attempting to increase virtual firewall performance and by automating firewall policy orchestration in dynamic environments. incumbent firewalls are rarely refreshed before they reach maturity. Gartner believes that the firewall market is "at capacity": This is the largest security product market (fast approaching $10 billion). and incremental market growth is significant.8%. This refresh dynamic results in the market being linear. Another big issue in deploying virtual firewalls in SDN or IaaS projects is the inability of enterprise virtual firewalls to spin up appropriate policy as servers are spun up. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall.4% from 2014 through 2021.9% to $9. The Firewall Market Is Still Growing. the firewall market grew 8. Gartner estimates that the firewall market will grow approximately 7. Gartner market data continues to show that virtual firewall revenue accounts for far less than 5% of enterprise firewall market revenue. but at a Slowing Pace During the evaluation period. so even if great new products emerge. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. We also forecast that this market will reach a compound annual growth rate of 7. However. For 2017.27 billion. as in other markets.

Leaders will allow the lower price offerings of Challengers to win more often when a hands-on evaluation is not extensive. the gap has closed — not through the innovation of Challengers. the enterprise firewall market has been bifurcated into shortlists of "security first" Leaders and "price really matters. and we can't yet consume the newest features" Challengers. Gartner believes extremes of marketing strategies by Leaders are behind this. Gartner has seen these bifurcated shortlists start to change slightly as Challengers creep in.Gartner Reprint 15/12/17 14(05 The Absence of Significant Innovation Brings Challengers Closer to Leaders In most technology markets. however.webarchive Página 61 de 70 . but with the slower pace of true innovation by Leaders and the absence of Visionaries. Since the emergence of the NGFW. over the past year. and overmarketing producing "hype" roadmaps and announcements that don't resonate with the buying center. but for a lower price. almost all enterprise firewall vendors have introduced solutions over the past five years. especially for management and reporting. however. These file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and Leaders are unable to demonstrate a clear delta in capability that justifies premium prices. with undermarketing making true innovations a well-kept secret. Leaders will innovate and Challengers will later adopt those features for their clients who are fine with getting features later. Advanced threat defense/detection is penetrating the mainstream market. Have Some Advanced Threat Detection With That Firewall Advanced threat detection using a network sandbox — offered by stand-alone vendors such as FireEye — has become a rapidly growing market. Client "bake-offs" and hands-on comparative evaluations will show today's Leaders as having more capability. if this trend continues. This gap widened at first.

rather than as a customer-based. and a considerably lower price. on- premises sandbox where files are sent for inspection. The firewall application control approaches used by enterprise vendors are mostly about controlling access to external applications.Gartner Reprint 15/12/17 14(05 firewall-attached sandboxes are delivered mostly as cloud-based sandboxes priced as subscription-based services. or have it on their short-term roadmaps. Firewall-connected sandboxes have appealed mostly to budget-constrained Type B enterprises that would rather maintain single-console control over their firewall than deploy a separate platform. WAFs are different: They are placed primarily in front of web servers in the data centers. making them "good enough" for most enterprises. Confusing Use of "Application" and "Firewall" in Three Distinct Products Overlapping terminology and unclear marketing can lead to confusion among the three distinct issues of application control.webarchive Página 62 de 70 . WAFs and firewalls on application delivery controllers (ADCs). customers are increasingly turning to their firewall vendors for their network sandboxing needs (see "Market Guide for Network Sandboxing" ). while others are delivered through third-party partnerships. such as Facebook and peer-to-peer (P2P) file sharing. The cloud advantage is a fixed-fee subscription that does not have to be scaled up nor consume rack space. As the desire to defend against the advanced threat is permeating the mainstream market. Pure-play WAF companies (such as Imperva) or data center file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. All of the firewall vendors evaluated here either deliver a network sandbox today. Some of these are built by the firewall vendors. Firewall-attached sandboxes have almost reached parity with stand-alone solutions.

While some ADC vendors (such as F5) are now offering network firewalling within their ADCs as well. They can. if budget allows. including internet-facing. meaning the owners of firewalls and IPSs face the decision of whether to engage SSL inspection. serve a specialized niche of placements.webarchive Página 63 de 70 . Many still use discrete WAF (because of its better understanding of custom web applications) and ADC (better application performance to users) as the optimal way to answer that question. Most traffic to enterprise web servers remains encrypted until it reaches the ADC (or the server itself. however. WAF and ADC technologies converging because they are for different tasks at different placements in the network. and are often managed by entirely different teams.Gartner Reprint 15/12/17 14(05 infrastructure vendors that provide WAF technology within their ADCs are concerned with protecting custom internal web applications. data center and branch (see "One Brand of Firewall Is a Best Practice for Most Enterprises" ). Gartner does not see NGFW. most enterprises have a single brand of network firewall for all placements. As Gartner advises clients. which involves a termination and re-encryption of these sessions (see "Security Leaders Must Address Threats From Rising SSL Traffic" and "Web Application Firewalls Are Worth the Investment for Enterprises" ). virtualized. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. if no ADC/WAF is present). and an underestimation of its impact affects everything the firewall is processing. These data center firewalls will be challenged to gain any noteworthy enterprise market share until they can provide competitive firewalling for all enterprise use cases in a range of physical and virtual form factors. and Gartner recommends this practice. This performance impact is often hard to measure clinically. such as in cases where the data center is a separate business with its own firewall operations staff.

The analysis in this research was based primarily on interviews and interactions during firewall inquiries with Gartner clients since the 2014 "Magic Quadrant for Enterprise Network Firewalls. interviews with references provided by vendors and supporting Gartner quantitative research on market share. or that did not meet the guidelines." We also considered surveys completed by vendors.webarchive Página 64 de 70 . For each vendor. as well as what other vendors' customers said about that file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Guidelines for responding to the full survey were provided at the time of issue. we took into account the comments from that vendor's references. respondents ignored the question. and. this was in relation to specific revenue breakdowns). generally tended to score lower. vendor briefings conducted at the request of vendors throughout the year. References were scored on the basis of their quality and what they told us. nevertheless. were unable to explain key concepts. and each reference customer was supplied with a structured survey. did not fare as well under some of the scoring criteria. used poor grammar. Vendors that declined to provide a survey response were assessed by Gartner as to what their likely reply would have been (usually. Responses were. Responses that were lower quality (for example.Gartner Reprint 15/12/17 14(05 Evidence This Magic Quadrant was conducted in accordance with Gartner's well-defined methodology. of variable quality. We asked for a specific number of references from each vendor (n = 95). were unable to provide high-quality explanations of use cases. Some vendors declined to answer certain questions due to market restrictions. or were unable to go beyond technical capabilities and demonstrate an understanding of the business environment). therefore.

visualize and reduce firewall rules and policies. very large enterprises may have firewall products from different vendors — sometimes by accident via acquisition rather than through choice. an enterprise may be in the file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. because a single-vendor solution is usually the best choice. Vendors could be notably affected by the inability to have a sufficient number of reference customers providing input. it's growing fast.Gartner Reprint 15/12/17 14(05 particular vendor.webarchive Página 65 de 70 . and the customers requiring help with complexity are the very largest. Note 1 Buyer Confusion Concerning WAFs The advent of application control in firewalls has led to some natural confusion between the NGFW and WAF markets in the minds of buyers. these markets remain very distinct. Instead. FireMon and Tufin) continue to exploit the absence of firewall consoles to optimize. whereas WAFs are concerned with protecting custom web applications on servers that are internal to the enterprise. P2P and Facebook). Although the NSPM market is still somewhat small. The critical difference is one of direction: Application control in NGFWs is concerned primarily with applications that are external to the enterprise (for example. these are rarely enabled. an off-premises service (such as from Akamai) or within an ADC (such as from F5). Additionally. In other cases. Although a few firewalls offer optional WAF modules. Today. Note 2 Network Security Policy Management Tools Third-party network security policy management (NSPM) tool vendors (such as AlgoSec. we see WAFs deployed as a stand-alone product (such as from Imperva).

Evaluation Criteria Definitions file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 midst of a multistage rollout of a new platform. perhaps investment-challenged and willing to cede innovation to others. such as IPSs.webarchive Página 66 de 70 . this is the "lean forward" or aggressive security posture. technology is crucial to business success. technology is important to the business. They wait. For Type A enterprises. Type B enterprises are "middle of the road. tolerate procurement failure. NSPM vendors are expanding into managing other network security devices." They are neither the first nor the last to bring in a new technology or concept. this is the "lean back" security posture that is more accustomed to monitoring rather than blocking. let others work out the nuances and then leverage the lessons learned. B and C Enterprises Enterprises vary in their aggression and risk-taking characteristics. Type C enterprises are risk-averse to procurement. in some cases. All NSPM vendors support multiple firewall products (including. Enterprises that deploy some their infrastructure to the public cloud may choose to use native cloud firewalls there. technology is not critical to the business and is clearly a supporting function. whereas no firewall vendor will effectively manage a competing product. For Type B enterprises. and are willing to invest for innovation that might deliver lead time against their competition. Type A enterprises seek the newest security technologies and concepts. For Type C enterprises. in addition to maintaining the incumbent firewalls in the physical infrastructure. cloud-resident firewalls). Note 3 Types A. In addition.

quality. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. promote the brand and business. This "mind share" can be driven by a combination of publicity. skills and so on. Market Responsiveness/Record: Ability to respond. increase awareness of the products. This includes current product/service capabilities. Overall Viability: Viability includes an assessment of the overall organization's financial health.Gartner Reprint 15/12/17 14(05 Ability to Execute Product/Service: Core goods and services offered by the vendor for the defined market. be flexible and achieve competitive success as opportunities develop. This criterion also considers the vendor's history of responsiveness. presales support. whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria. will continue offering the product and will advance the state of the art within the organization's portfolio of products. word of mouth and sales activities. and establish a positive identification with the product/brand and organization in the minds of buyers. creativity and efficacy of programs designed to deliver the organization's message to influence the market. pricing and negotiation. promotional initiatives. customer needs evolve and market dynamics change. competitors act. feature sets. and the overall effectiveness of the sales channel. change direction. and the likelihood that the individual business unit will continue investing in the product. the financial and practical success of the business unit. quality.webarchive Página 67 de 70 . thought leadership. This includes deal management. Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. Marketing Execution: The clarity.

customer support programs (and the quality thereof). Specifically. experiences. methodology and feature file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Operations: The ability of the organization to meet its goals and commitments. services and the customer base. service-level agreements and so on. This can also include ancillary tools. and can shape or enhance those with their added vision. this includes the ways customers receive technical support or account support. skills. products and services/programs that enable clients to be successful with the products evaluated.webarchive Página 68 de 70 . marketing. Completeness of Vision Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. functionality.Gartner Reprint 15/12/17 14(05 Customer Experience: Relationships. availability of user groups. service. Factors include the quality of the organizational structure. including skills. differentiated set of messages consistently communicated throughout the organization and externalized through the website. programs. advertising. and communication affiliates that extend the scope and depth of market reach. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs. systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis. Marketing Strategy: A clear. technologies. expertise. Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales. customer programs and positioning statements.

com. Geographic Strategy: The vendor's strategy to direct resources. This publication may not be reproduced or distributed in any form without Gartner's prior written permission.webarchive Página 69 de 70 . omissions or inadequacies in such information. and/or its affiliates. Business Model: The soundness and logic of the vendor's underlying business proposition. channels and subsidiaries as appropriate for that geography and market. Inc. either directly or through partners. Inc. All rights reserved. and derive revenues from.Gartner Reprint 15/12/17 14(05 sets as they map to current and future requirements. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Innovation: Direct. The information contained in this publication has been obtained from sources believed to be reliable. and may have client relationships with. skills and offerings to meet the specific needs of individual market segments. or its affiliates. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact.jsp) posted on gartner. Vertical/Industry Strategy: The vendor's strategy to direct resources. Gartner provides information technology research and advisory services to a wide range of technology consumers. Gartner does not provide legal advice or services and its research should not be construed or used as such. Although Gartner research may include a discussion of related legal issues. Gartner is a public company. completeness or adequacy of such information and shall have no liability for errors. Gartner research is produced independently by its research organization without input or influence from these firms. The opinions expressed herein are subject to change without notice. complementary and synergistic layouts of resources. related. Gartner disclaims all warranties as to the accuracy. your use of it is subject to the Usage Guidelines for Gartner Services (/technology/about/policies/usage_guidelines. defensive or pre-emptive purposes. expertise or capital for investment. If you are authorized to access this publication. © 2017 Gartner. and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. including vertical markets. consolidation. companies discussed herein. Gartner's Board of Directors may include senior managers of these firms or funds. skills and offerings to meet the specific needs of geographies outside the "home" or native geography. manufacturers and sellers. Gartner is a registered trademark of Gartner.

com/technology/careers/) | Newsroom (http://www.jsp) | Privacy (https://www.com/newsroom/) | Policies (http://www. see "Guiding Principles on Independence and Objectivity.webarchive Página 70 de 70 .gartner.gartner.jsp) file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.gartner.gartner.jsp) | Careers (http://www. (/technology/about/ombudsman/omb_guide2.gartner.jsp)" About (http://www.gartner.com/technology/contact/contact_gartner.com/technology/about/policies/guidelines_ov.gartner. For further information on the independence and integrity of Gartner research.com/technology/site-index.com/technology/about.com/privacy) | Site Index (http://www.gartner.com/it-glossary/) | Contact Gartner (http://www.Gartner Reprint 15/12/17 14(05 funds or their managers.jsp) | IT Glossary (http://www.