You are on page 1of 70

Gartner Reprint 15/12/17 14(05

(https://www.gartner.com/home) LICENSED FOR DISTRIBUTION

Magic Quadrant for
Enterprise Network
Firewalls
Published: 10 July 2017 ID: G00310171
Analyst(s): Adam Hils, Jeremy D'Hoinne, Rajpreet Kaur (https://www.gartner.com/technology
a-client.jsp?cm_sp=bac-_-reprint-_-ban
Summary
"Next generation" capabilities have been achieved by
all products in the enterprise network firewall market,
and vendors differentiate on feature strengths.
Security and risk management leaders must consider
the trade-offs between best-of-breed enterprise
network firewall functions and cost.

Strategic Planning Assumptions
Virtualized versions of enterprise network firewalls will
reach 10% of market revenue by year-end 2020, up
from less than 5% today.

By year-end 2020, 25% of new firewalls sold will
include integration with a cloud-based cloud access
security broker (CASB), primarily connected through
APIs.

By 2020, 50% of new enterprise firewalls deployed will
be used for outbound TLS inspection, up from less
than 10% today.

Market Definition/Description

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 1 de 70

Gartner Reprint 15/12/17 14(05

This document was revised on 12 July 2017. The
document you are viewing is the corrected version. For
more information, see the Corrections page on
gartner.com.

The enterprise network firewall market represented by
this Magic Quadrant is still composed primarily of
purpose-built appliances for securing enterprise
corporate networks. Products must be able to support
single-enterprise firewall deployments and large
and/or complex deployments, including branch offices,
multitiered demilitarized zones (DMZs), traditional "big
firewall" data center placements and, increasingly, the
option to include virtual versions for the data center.
Customers should also have the option to deploy
versions within Amazon Web Services (AWS) and
Microsoft Azure public cloud environments, and they
should see the ability to support Google Cloud on the
vendor roadmap within the next 12 months. These
products are accompanied by highly scalable (and
granular) management and reporting consoles, and
there is a range of offerings to support the network
edge, the data center, branch offices, and deployments
within virtualized servers and the public cloud. All
vendors in this market should support fine-grained
application and user control. In effect, all vendors in
the enterprise firewall market have what Gartner has
called "next-generation firewalls (NGFWs)"; in essence,
there is no longer a "next generation" in the firewall
market.

The vendors that serve this market are identifiably
focused on enterprises, as demonstrated by the
proportion of their sales in the enterprise; and as
delivered with their support, sales teams and channels.
These vendors provide features dedicated to solve
enterprise requirements and serve enterprise use
cases.

What Has Changed
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 2 de 70

Gartner Reprint 15/12/17 14(05

All enterprise firewall vendors offer NGFW features to
better enforce policy (application and user control) or
detect new threats (intrusion prevention systems
[IPSs], sandboxing and threat intelligence feeds).
Enterprise firewall is now synonymous with NGFW.
Enterprise firewalls continue to gradually replace
stand-alone network IPS appliances at the enterprise
edge. Although this is happening now, some
enterprises will continue to choose to have best-of-
breed next-generation IPSs (NGIPSs). Many
enterprises are looking to firewall vendors to provide
cloud-based malware-detection instances to aid them
in their advanced threat detection efforts, as a cost-
effective alternative to stand-alone sandboxing
solutions (see "Network Sandboxing for Malware
Detection" ).
However, enterprise firewalls will not subsume all
network security functions. All-in-one or unified threat
management (UTM) approaches are suitable for small
or midsize businesses (SMBs), but not for the
remainder of the enterprise market (see "Next-
Generation Firewalls and Unified Threat Management
Are Distinct Products and Markets" ).

The needs for enterprise branch-office firewalls have
become specialized, and they have diverged from UTM
products. As part of increasing the effectiveness and
efficiency of firewalls, branch-office firewalls need to
truly integrate a more granular blocking capability as
part of the base product, go beyond port/protocol
identification and move toward an integrated service
view of traffic, rather than merely performing "sheet
metal integration" of point products. In short, they need
to offer the same levels of security efficacy as the
primary gateway does. Having a subpar configuration
and protection capability for branches is not
acceptable today.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 3 de 70

and they all lack sufficient policy automation. Today. vendor offerings to AWS and Microsoft Azure are uneven.webarchive Página 4 de 70 . such as downloading of malicious binaries and botnet command and control.Gartner Reprint 15/12/17 14(05 In addition. and sometimes implementing. Some don't offer the same level of inspection that on-premises firewalls do. However. Magic Quadrant for Enterprise Network Firewalls file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Enterprise firewall vendors must improve in these areas to remain relevant in the hybrid cloud era. As more organizations are moving strategic workloads to the public cloud. principles of software-defined networking (SDN) and east-west microsegmentation. Leading-edge customers are planning. Magic Quadrant Figure 1. customers that enable this capability are still frustrated by the substantial performance burden that in-firewall TLS decryption imposes. firewalls are becoming important vehicles for TLS termination. These customers seek vendors with some SDN support and forward-looking SDN roadmaps. The primary use case is to inspect outbound traffic for threats. an increasing number of them wish to protect those workloads with their incumbent enterprise firewall vendor. TLS capabilities also allow them to act as a lightweight data loss prevention (DLP) tool as they decrypt and inspect outbound traffic to ensure that sensitive data is not wrongly sent out. Key to these roadmaps will be more automated firewall policy orchestration that will enable organizations to realize the agility and business benefits that SDN promises.

especially in the government and financial verticals. but has only a limited presence in other East Asian nations. AhnLab enjoys sizable in-country market share. threat intelligence and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It has sold firewalls since 2007 under the TrusGuard product line. advanced threat defense. The firewall is Common Criteria-certified EAL4 and TTA IPv6-verified. The AhnLab product portfolio includes firewalls. NSS Labs or FIPS PUB 140-2).Gartner Reprint 15/12/17 14(05 Source: Gartner (July 2017) Vendor Strengths and Cautions AhnLab Headquartered in South Korea. four of which were introduced in 2016.webarchive Página 5 de 70 . It offers 12 UTM and firewall models for SMBs and enterprises. which is a South Korean certification. distributed denial of service (DDoS) attack mitigation. but does not have other third-party evaluations (such as ICSA Labs.

multiple virtual firewall model support and public cloud deployment support) that are provided in most other vendors' firewalls and are significant for enterprise customers. especially those using or considering its endpoint solutions. AhnLab is not at parity with global or most regional competitors in advanced features. with a significant local sales and support presence. and therefore has no offering for SDN frameworks or for infrastructure as a service (IaaS) platforms such as AWS. which number well over a billion. AhnLab is one of a few East Asian vendors with a local certification. Its firewalls lack some important features (SDN support. AhnLab has a limited regional presence. which is significant in South Korea. AhnLab is a good shortlist candidate for South Korean enterprises. Microsoft Azure or local file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This is powered by the vendor's proprietary cloud-maintained malicious URL database and reputation files. CAUTIONS Product Offering: AhnLab still does not offer a virtual firewall. Capabilities: AhnLab includes URL filtering and file reputation checks for free with its TrusGuard firewalls. STRENGTHS Sales Execution: AhnLab is an established endpoint and network security player in South Korea.Gartner Reprint 15/12/17 14(05 endpoint security solutions. Product Offering: AhnLab's network security solutions provide existing endpoint security customers with a single vendor option to maintain the existing vendor relationship and to reduce multivendor management challenges. Outside of South Korea.webarchive Página 6 de 70 . It also offers managed security services and forensic and incident response services.

Windows. data archiving. Virtual firewalls and public cloud/SDN support are offered by almost all competitors. The vendor has a limited global presence concentrated in Western and Central Europe and North America. it released the CudaLaunch App for macOS. During the evaluation period for this Magic Quadrant. It has a legacy of selling products to the SMB market with an easy-to-use interface and affordable pricing. It lacks a file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Gartner sees Barracuda Networks mostly in public clouds and distributed office use cases. In addition. the vendor released separate hardware appliance models SC1/F15/F82/F18 3/F800 Revision C Series/F900 Revision B Series and multiple virtual appliance models. the vendor also released Zero Touch Deployment service for the F- Series firewalls to eliminate deployment complexity. iOS and Android. The lack of a cloud version makes deploying and supporting MDS more difficult and expensive for customers than it is with leading competitors. including most regional ones.webarchive Página 7 de 70 . Barracuda Networks Barracuda Networks is headquartered in Campbell. Geographic Strategy: TrusGuard firewalls are not present on Gartner client shortlists outside South Korea. backup and load balancing controls. Product Strategy: The Malware Defense System (MDS) is offered only as an appliance. It has a broad product portfolio including security. California. providing HTTPS- based access to the network and zero configuration rollout of transparent VPN to end users.Gartner Reprint 15/12/17 14(05 public clouds. AhnLab was not listed by any vendor we surveyed as a significant enterprise competitive threat. In 2016.

which provides centrally managed network access along with a host-based firewall.Gartner Reprint 15/12/17 14(05 strong global channel presence and innovation for large enterprises outside the distributed enterprise use case. Features: Barracuda offers strong VPN connectivity with enhanced monitoring and deployment features. In 2016. Technology Partner Ecosystem: Barracuda has multiple OEM partnerships. AWS and VMware vCloud Air. Enterprises should check local value-added reseller (VAR) availability and direct services in the region before adopting it. As a result. with support for all the major public cloud platforms such as Microsoft Azure. With the release of the CudaLaunch app in 2016. Offering: Barracuda has a strong presence in the public cloud. Surveyed end users cite the ease of contacting Barracuda technical support to get their issues resolved in a friendly and thorough manner. In 2016.webarchive Página 8 de 70 . Barracuda also offers a VPN client for Windows. it extended this support to Google Cloud Platform. Barracuda should be considered by enterprises that have a cloud infrastructure and want to secure it. Gartner has observed that its main presence is in distributed enterprise use cases with multiple site-to-site VPN tunnels. such as IBM ISS for its URL filtering database and Trend Micro for IPS signatures. It is also a good candidate for distributed enterprises that want site-to-site VPN connectivity through multiple tunnels. it also acquired the Sookasa file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. it has extended its managed VPN feature to iOS and Android mobile devices. STRENGTHS Technical Support: Barracuda technical support is always rated high and mentioned as a key strength by end users and VARs.

hence. such as to prioritize Office 365 and Salesforce. along with firewalls. These partnerships have enabled Barracuda to offer better features and services to its clients. This provides easy allocation of QoS features to its traffic dynamically. VMware vCloud Air and Google Cloud Platform. Web Security Gateway and Email Security Gateway. KVM.webarchive Página 9 de 70 . they are not aware of the vendor's product vision. This creates problems with the VARs that have sold those EOL products to end users. It also offers the capability to dynamically change QoS for live open sessions. Product Execution: Barracuda offers quality of service (QoS) policy selection at the rule level. CAUTIONS Sales Execution: Gartner has observed Barracuda's NextGen Firewalls typically being adopted for public cloud and distributed branch-office enterprise use cases. Citrix XenServer and Open Xen. AWS. and virtualization platform providers including Microsoft Hyper-V. Barracuda also has partnerships with major public cloud platforms including Microsoft Azure. Marketing Execution: Surveyed customers have cited that the vendor does not communicate its roadmap and future enhancements clearly to end users. This does not give file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Technical Architecture: Despite Barracuda selling multiple products such as Web Application Firewall. Channel Execution: Surveyed VARs have reported that Barracuda does not provide sufficient notice before announcing a product's end of life (EOL). it still lacks a centralized management platform to monitor and operate all the products from a single console. It is less visible in large data centers and large enterprise use cases. VMware NSX.Gartner Reprint 15/12/17 14(05 CASB solution.

Check Point made available a number of models. the release of vSEC for the Google Cloud platform. Check Point Software Technologies Check Point Software Technologies is a leading network firewall vendor. Certification: Barracuda firewalls lack Common Criteria EAL4 certification. as well SandBlast Cloud for SaaS applications. providing protection against file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. while the majority of firewall vendors have attained such certification. Israel and San Carlos. other than to maintain a single vendor relationship.Gartner Reprint 15/12/17 14(05 an ease of management advantage to those Barracuda clients that use multiple Barracuda product lines. Recent news include the introduction of new 44000 and 64000 high-end platforms. In 2016. and 23500 and 23800 for data centers.10 with improvements to the management console.webarchive Página 10 de 70 . Also released was SandBlast Cloud to scan Microsoft Office 365 email traffic. cloud and mobile security solutions. Gartner has observed many enterprises in Asia mentioning EAL4 certification as a selection criterion.300 employees in R&D. including next-generation security gateway appliances and endpoint. Endpoint security products include SandBlast Agent and mobile security products include Check Point Capsule and SandBlast Mobile. The vendor is providing a variety of solutions. with more than 1. Check Point is a large pure-play security vendor. Co-headquartered in Tel Aviv. Enterprise firewalls include the 5000. Cloud security is provided through vSEC for private and public cloud. 23000. 15000. and the availability of R80. California. 44000 and 64000 series of appliances. including 15400 and 15600 for large enterprises. performance and SandBlast Anti- Ransomware.

In 2016. and continues to lead in market share for firewall equipment. Check Point's firewalls should be shortlisted by enterprises for which price sensitivity is not as important as granular security features such as high- quality central management for complex networks. virtual data centers and cloud.webarchive Página 11 de 70 . both for endpoint and browser protection. Check Point continues as a Leader in the enterprise firewall space. Check Point offers numerous subscriptions (e.Gartner Reprint 15/12/17 14(05 ransomware. including advanced malware protection (Threat Emulation and Threat Extraction) and multiple threat intelligence feeds (ThreatCloud IntelliStore and Anti- Bot). the SandBlast Agent was made available. It is a good candidate for enterprises running hybrid networks with a mix of on-premises. Check Point recently introduced Check Point Infinity security architecture. STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Check Point offers its firewall over AWS and Microsoft Azure for public cloud support. along with the R80 release. cloud and mobile. Its firewall product meets all the enterprise deployment use cases with the breadth of models and features. Check Point is one of the largest security vendors.. Software Blade) to augment its firewall gateway.g. It continues to lead in multiple features such as simplified centralized management and granular role-based administration. and integrates with VMware NSX and Cisco Application Centric Infrastructure (ACI) for SDN use cases. The vendor has also recently expanded its cloud security offering with a cloud-based malware detection service that can be integrated in front of SaaS email offerings. a consolidated security across networks.

the vendor extended the integration capabilities for its vSEC virtual appliance line for VMware. OpenStack. This makes it a strong enterprise firewall vendor capable of meeting different enterprise deployment use cases. Features: Check Point's enterprise firewalls offer strong web filtering capabilities with a combination of application control. It offers mature URL filtering capabilities with multiple end- user block and information pages. 15000. This makes the vendor a shortlist candidate for enterprises looking for an integrated and consolidated approach to their perimeter. which consists of a software container called Capsule (Workspace. Hyper-V. In 2016. server. It allows end file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. 21000. mobile and endpoint. Enterprise firewalls include the 12000. Mobile Threat Prevention. endpoint and mobile security based on the maturity on their enterprise security. and networking and managed services. 41000 and 61000 series of appliances. Partners: Check Point has built a strong ecosystem of technology partners including software. Product Execution: Check Point offers a large number of firewall models to meet the requirements of all enterprise network types. Docs and Cloud) for both iOS and Android. Cisco ACI. Google Cloud and Azure to support public cloud and highly virtualized infrastructure. 13000. It also offers a mobile security solution. KVM. Check Point also has a strong and well-established channel globally. through its partner program. Gartner strongly believes that security vendors should be able to identify and build product support and integration capabilities with the right technology providers to enhance their product offerings. URL filtering and DLP. 23000.Gartner Reprint 15/12/17 14(05 Offerings: Check Point offers a large breadth of security products covering network.webarchive Página 12 de 70 . AWS. and Capsule Connect/VPN.

It also offers a user check feature to alert users in real time about their application access limitations. which makes it a desirable vendor for complex firewall policy environments. and competitors acknowledge Check Point's leadership in this domain. Features: Although Check Point has partnered with multiple CASB solution providers. have complex topologies. This makes these firewalls a desirable candidate for enterprises that are considering consolidating their web proxy and require granular web filtering capabilities in their firewall.webarchive Página 13 de 70 . CAUTIONS Delivery: Existing Check Point clients have often reported that their major firmware releases require jumbo hot fixes and take considerable time to become stable. imbuing strong client retention. Both application control and URL filtering operations can be performed within the same rule. are subject to compliance that requires reliable reporting or have large operations teams. Avanan and Microsoft (Adallom). including FireLayers. robust centralized management offering. Even the surveyed VARs and customers have rated this to be the vendor's strongest feature. while educating them on internet risk and corporate usage policies. such as deployments by very large enterprises and organizations that need formal approval workflow. it still file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Central Management: Check Point continues to lead the market with its strong.Gartner Reprint 15/12/17 14(05 users to explain their reason to bypass policy. Surveyed Check Point clients have also highlighted this and stated that the vendor needs to improve its delivery capabilities on new releases for a smoother customer experience. Clients frequently comment that the Check Point roadmap aligns very well to their enterprise needs of tomorrow. especially in high-compliance environments.

Cisco Cisco. is the largest networking infrastructure vendor with a broad security portfolio. Sales Execution/Pricing: Check Point's firewalls are perceived as high-priced solutions. Gartner clients often consider Check Point as a "traditional" firewall vendor. based in San Jose. as a feature leader. Its main product line that includes all new releases is Cisco Firepower NGFW. Surveyed VARs have also scored the vendor lower on marketing and stated that it requires better product marketing to compete with its competitors. Check Point is working toward opening more technical assistance centers (TACs) across the globe for direct availability in different regions. California. which leads to confusion in its messaging in the market. Even the surveyed VARs have reported that the vendor lacks prompt technical support for higher-level support issues.Gartner Reprint 15/12/17 14(05 lacks a built-in CASB feature for granular control and monitoring of growing SaaS applications. clients that need best-in-class security get what they pay for. and some customers have expressed surprise at perceived higher-than-expected renewal costs. however.webarchive Página 14 de 70 . especially if the issue is escalated to a higher level of support and is not communicated well to clients. which exists file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. or a notable absence especially when releasing interesting new features. Marketing Execution: Check Point lacks proper marketing execution. despite innovating in the threat detection and mobile security spaces. Technical Support: Gartner still receives anecdotal feedback from existing Check Point clients that it lacks prompt support. Gartner has gradually observed more enterprises considering CASB as a firewall-attached cloud service.

particularly when enterprises want to deploy a broad set of security services that interact file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Cisco has a broad portfolio of additional products that includes advanced endpoint security. URL filtering. In addition. Some in-service ASA appliances do not support FMC for complete management. so some clients should expect to have to maintain CSM as part of one firewall replacement life cycle. Cisco also completed the acquisition of Cloudlock. Cisco's recent enterprise firewall news includes the release of its 2100 series. Cisco offers a range of services on its firewall line. For Cisco deployments with a mix of newer and older firewalls.Gartner Reprint 15/12/17 14(05 alongside the older Adaptive Security Appliance (ASA) product line and the Meraki range for smaller organizations.webarchive Página 15 de 70 . a web-based. which claims to process traffic more efficiently. low-touch management visibility and orchestration across distributed environments. In addition. secure web gateway. but Gartner does not often see Cisco enterprise firewalls selected on the basis of features or vision. including NGIPS. cloud-based sandboxing and the Advanced Malware Protection (AMP) network. email security. its CASB product. network traffic analysis (Stealthwatch). Cisco is executing well in sales and meeting its roadmap execution goals. network access control and CASB. and the release of Firepower Device Manager (FDM). Cisco is a good shortlist candidate for most enterprise use cases. on-box device manager for Cisco Firepower NGFWs and replacement for Adaptive Security Device Manager (ASDM) in managing ASA 5500-X series devices. Cisco Defense Orchestrator (CDO) enables cloud-based. In addition. Firepower Management Center (FMC) and Cisco Security Manager (CSM) are available. Cisco has two virtual firewalls — the ASAv and NGFWv.

The vendor has strong channels. Capabilities: Cisco stakeholders like Cisco Defense Orchestrator. ASA and Umbrella. Distributed enterprises use it to gain policy visibility and control across enterprise and mobile/cloud edge security safeguards. a level of integration that some competitors lack.webarchive Página 16 de 70 . Under the terms of the Cisco Security ELA. Advanced Threat Protection: Surveyed customers and partners value the integration between AMP for Networks and AMP for Endpoints. which is good for organizations that want a single vendor multiproduct solution that provides for staged deployment and product flexibility. Portfolio: Gartner clients and surveyed Cisco partners value the integration of the Firepower NGFW enterprise firewall with existing and emerging elements of Cisco's enterprise security portfolio. customers can move resources around and even add security services as their needs change and grow. and it is an oft-cited reason for loyalty to Cisco security products. broad geographic support and wide availability of other security products. Customer Experience: Gartner clients consistently rate the Cisco support network as excellent. Gartner sees AMP for Endpoints included in more new deals than it sees endpoint advanced threat detection attached for competitors. which is a simplified approach to policy management across NGFW.Gartner Reprint 15/12/17 14(05 with the firewall. STRENGTHS Sales Execution: Gartner sees Cisco firewalls on an increasing number of shortlists. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and sees continued momentum for the Cisco Security Enterprise License Agreement (ELA).

A signed agreement between Cisco and VMware is now in place. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Product Execution: Cisco customers and partners complain about configuration and management difficulties caused by the Java ASDM on-device management graphical user interface (GUI) that persists on in-support ASA models. web and email security gateways (Forcepoint Web Security and Forcepoint Email Security). Texas. citing increased complexity of central management. an insider threat solution (Forcepoint Insider Threat) and a cloud access security broker offering (Forcepoint CASB. and caused some Cisco firewall customers to switch to other vendors. a data loss prevention offering (Forcepoint DLP). Product Strategy: For the evaluation period. Cisco's current messaging around its network security platform confuses Gartner clients that see instead a list of many products. alter or renew their Cisco firewall and associated portfolio licenses.Gartner Reprint 15/12/17 14(05 Management: Gartner clients and surveyed customers dislike having to continue to use CSM to manage some models and FMC to manage others. Cisco firewalls did not yet integrate with VMware NSX. Sales Execution: In the survey sent to enterprise firewall vendors. This was a competitive disadvantage. It offers a firewall (Forcepoint NGFW). Forcepoint (formerly Raytheon|Websense) is a pure-play security vendor. Forcepoint Based in Austin. Customer Experience: Surveyed customers and partners cite complex and confusing licensing as a significant negative when they attempt to deploy. so Cisco could not participate in NSX-led SDN projects. Cisco's product was the most frequently listed as the one that vendors claimed to replace the most. launched in 2001.webarchive Página 17 de 70 .

Gartner Reprint 15/12/17 14(05

recently acquired from Imperva). The vendor has more
than 2,000 employees. The Forcepoint NGFW product
line was acquired from Intel Security in January 2016,
along with the McAfee Firewall Enterprise (Sidewinder
was part of the Secure Computing acquisition by
McAfee in 2008).

Forcepoint recent news includes the availability of the
NGFW offering on AWS, the addition of the Sidewinder
proxies on the Forcepoint NGFW and the possibility of
tunneling web traffic to the Forcepoint cloud-based
secure web gateway (Forcepoint Web Security Cloud).

Forcepoint has demonstrated consistently good
feature quality and an expanded capacity to execute
on its roadmap. The vendor is a valid shortlist
candidate on enterprise firewall shortlists for
distributed organizations.
STRENGTHS
Product Vision: Forcepoint offers multiple solutions
that have the ability to augment firewall capabilities.
The vendor has started with the integration of the
ThreatSeeker threat intelligence feed, and the ability
to tunnel web traffic to the Forcepoint Web Security
Cloud solution.

Customer Experience: Customers give excellent
scores to the centralized management console
(Forcepoint Management Center [SMC]) and high
availability. Forcepoint scores comparatively high for
the quality of its hardware.

Capabilities: Independent tests grant Forcepoint
NGFW better results for attack detection than some
of the Leaders evaluated in this research. The vendor
has an historical focus on building detection engines
resistant to evasion techniques.

Ease of Use: A zero-touch deployment is available
for Forcepoint NGFW. The filtering policy commit
process integrates an optional approval workflow.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 18 de 70

Gartner Reprint 15/12/17 14(05

SMC includes easy-to-use filters and visualizations
to ease the analysis of incidents.

Geographic Strategy: Forcepoint is visible on
distributed organizations' shortlists in Europe,
especially for local government agencies. Two of its
three R&D centers for firewall development are
located there.
CAUTIONS
Geographic Strategy: Forcepoint NGFW continues to
have much lower visibility among enterprise firewall
buyers in North America and the Asia/Pacific region
than in Europe. Its channel is relatively small
compared to many of its competitors.

Market Responsiveness: Forcepoint has just
released cloud-based sandboxing, six years after the
first vendor evaluated in this market. It has only
recently added Geo-IP and IP reputation in the
filtering policy. Integration of Sidewinder proxies into
the NGFW is also very recent.

Market Segmentation: Forcepoint offers a smaller
number of firewall appliances than its leading
competitor. It lacks the entry-level devices that suit
the needs of the smallest branches. Embedded web
management for one device is not feature-complete,
forcing clients with a single location to learn the
more comprehensive SMC.
Capabilities: Forcepoint's firewall offering does not
yet fully integrate with the recently acquired
Forcepoint CASB.

Product: Forcepoint NGFW's high availability is less
appealing for SDN and IaaS use cases, where part of
the resiliency requirements are handled by the
infrastructure. Forcepoint NGFW is not yet available
on Microsoft Azure. Forcepoint lags behind the
competition on integration with AWS services and
SDN vendors.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 19 de 70

Gartner Reprint 15/12/17 14(05

Fortinet
Fortinet is a large network and security vendor, with
more than 4,600 employees, based in Sunnyvale,
California. Its main product line is the FortiGate
firewall, which represented roughly 75% of its total
revenue in 2016. The vendor offers other products,
such as a wireless LAN (FortiAP) and web application
firewall (FortiWeb). Its more recent marketing
message highlights the Security Fabric concept,
focused on cross-device integration to improve overall
visibility and provide additional control options.

Fortinet recent news includes more models of its E
Series, which benefits from the latest generation of
Fortinet Security Processors (SPU). Fortinet also
acquired AccelOps and rebranded it FortiSIEM. Latest
releases include several features related to the
Security Fabric, with traffic forwarding between
Fortinet appliances, unified visibility and tighter
integration with FortiClient endpoints. Fortinet also
recently announced availability of FortiCASB, its
firewall-attached offering for SaaS security.

Fortinet has introduced important new product
functionalities and has made product and marketing
strategy improvements. The vendor is a good shortlist
candidate for all enterprise firewall appliance use
cases, especially when price/performance is rated high
in the evaluation.
STRENGTHS
Marketing Execution: Fortinet has improved its
visibility in final two vendor shortlists for enterprise
firewalls, being frequently the finalist against one of
the other two leaders. Surveyed channel partners
acclaim Fortinet's assistance during RFP and
implementation.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 20 de 70

Gartner Reprint 15/12/17 14(05 Sales Strategy: Fortinet excels in providing the best price/performance offers. relying on the combined use of an extensive appliance portfolio. Fortinet customers also mentioned ease of deployment as a strong point. Several of its resellers also offer products from one of the other Leaders in this Magic Quadrant and select Fortinet for its primary "fast firewall" use case. and the feature has received few improvements since its first release. Capabilities: Except for performance. The vendor's investment lags behind the competition in IaaS/SaaS and advanced threat endpoint security. Market Segmentation: Fortinet's latest chassis models (7000 Series) reinforce its ability to serve the performance required in large data centers. Fortinet often file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The vendor grows much faster than the market average. CAUTIONS Product Strategy: Fortinet focuses most of its development resources on integrating its existing solutions together (Security Fabric). Its attach rate for cloud-based sandboxing is low. at the expense of other areas. Despite a good security score in independent testing.webarchive Página 21 de 70 . Customer Experience: Fortinet's clients gives excellent scores to its firewall performance and hardware quality. Capabilities: Customers not using centralized management tools liked the improved visibility they get from the FortiView reports. some prospective customers with high-risk exposure still express doubts regarding Fortinet's ability to meet their security requirements. good total cost of ownership for bundles and a flexible discount strategy. Marketing Execution: Fortinet fails to move its brand out of the "good enough vendor" zone.

and TLS/SSL offloading and enhancement of its existing features. with regional headquarters in Sunnyvale. sandboxing) are heavily weighted. Customers also report that firmware upgrades and new features might be unequal in quality. application control. In 2016.Gartner Reprint 15/12/17 14(05 comes in second in technical evaluations to one of its direct competitors when core features (IPS. California. China. Management: Centralized and cloud-based management have made insufficient progress to positively influence Fortinet's score during technical evaluation. management. and Latin America.webarchive Página 22 de 70 . Hillstone is one of the few Chinese network security vendors that is gradually expanding in other regions outside China. cloud and server security solutions. URL filtering for HTTPS traffic. It continues to focus on expanding in different regions along with the Chinese market. Hillstone firewalls are a good candidate for enterprises with hybrid networks. VPN. Hillstone Hillstone is headquartered in Beijing. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. such as South East Asia. such as on-premises. the Middle East and Africa. it introduced a few major features such as cloud sandboxing. The vendor is an established network security player offering perimeter. Client feedback on support is directly impacted by the quality of the channel partner: It gets an average score. cloud and virtualized environments in the abovementioned regions. Customer Experience: Fortinet does not offer the direct vendor support and premium subscriptions that large enterprise clients might require.

It can perform functions like link aggregation.. Feature enhancements such as link load balancing and granular QoS are more useful for carrier use cases. including carrier cloud (China Unicom. The vendor offers a granular. for dynamic link selection. This makes Hillstone a desirable shortlist candidate for enterprises with hybrid networks. AliCloud and other global public file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. DNS domain redirection. Features: Hillstone has enhanced its link load balancing feature to make it more intelligent and granular. etc. as they can have a single vendor relationship. Jindong Cloud. The vendor introduced SSL offloading and cloud-based network sandboxing features in 2016 to support typical enterprise network perimeter use cases. Public Clouds: Hillstone's virtual CloudEdge firewalls support all the major regional local cloud platforms in China. China Telecom and China Mobile). Surveyed VARs have reported this as one of the strongest product features.webarchive Página 23 de 70 . zones. intelligent DNS. users. interfaces and VLAN. ECMP. This offers enterprises the ability to implement tight QoS controls over their traffic. protocols. Surveyed partners have rated Hillstone's abnormal behavior detection network traffic analysis feature as one of the product's strengths. Huawei Cloud.Gartner Reprint 15/12/17 14(05 STRENGTHS Product Strategy: Hillstone product offerings and feature enhancements meet all the enterprise use cases more focused toward carrier and cloud infrastructure networks with virtualized environments. ISP routing. and offerings such as CloudHive and CloudEdge (with support for multivendor public clouds) are best for cloud infrastructure and hybrid enterprise network use cases. schedule-based QoS feature with controls that can be applied to IP.

It does not offer any specific reports for SaaS applications. Product Strategy: Hillstone does not offer anti-spam for emails and SD-WAN capabilities.webarchive Página 24 de 70 . Gartner believes the vendor needs to focus more on strong marketing to build a strong brand in the regions it wants to expand in. Segmentation: Hillstone CloudHive offers a microsegmentation solution for virtual VMware networks along with CloudEdge virtual firewalls for the networks over the cloud.Gartner Reprint 15/12/17 14(05 clouds like AWS and Azure. where there are multiple strong firewall vendors with strong marketing. Product Execution: Hillstone only offers cloud-based network sandboxing and does not offer it as a separate appliance. This offering makes Hillstone a strong vendor for cloud security use cases. enterprises are gradually more often looking for a vendor that offers such a feature. CAUTIONS Marketing Execution: Surveyed partners have indicated that Hillstone lacks marketing and brand recognition outside China. which is offered by most international vendors against which Hillstone competes in the international market. This makes it a good shortlist candidate for organizations with hybrid networks. whereas with the increase in adoption of SaaS applications. Features: Hillstone lacks any integration with CASBs and does not offer advanced SaaS monitoring and control functionality. Gartner has observed many enterprises with large data centers that want to build a private cloud for scanning their traffic against advanced malware seek an on-premises network file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Huawei released four new models during the Magic Quadrant evaluation period. The range of firewall appliances and models is extensive. Huawei Shenzhen. at the Evaluation Assurance Level (EAL) 4+ under Common Criteria and by NSS Labs. This will lead such enterprises to select a different vendor. Firewall and related security services can be used via the USG6000V virtual gateway to implement virtual multitenant separation. STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. as Hillstone does not offer this. and offers a variety of other network security appliances. especially for higher- throughput options. however. Huawei has executed a fast ramp-up in market presence. we still do not see it frequently displacing Leaders or other Challengers based on vision or features. and for customers that already have Huawei products and wish to expand their business to firewalls. particularly in EMEA. Recent features include Cloud Application Security Awareness (CASA) and TLS/SSL decryption enhancements. as opposed to a cloud service. and Eudemon is the model line for carriers and service providers. Huawei USG firewalls have been certified by ICSA. especially enterprises with high- performance needs.webarchive Página 25 de 70 . Huawei is a relevant shortlist candidate for value- conscious enterprises located in the Asia/Pacific region or EMEA. eSight and Agile Controller are the central management platforms that support the USG line. Unified Security Gateway (USG) is the primary enterprise line.Gartner Reprint 15/12/17 14(05 sandboxing appliance. including anti-DDoS and IPS. China-based Huawei has been shipping firewall products for more than a decade.

Huawei customers like that firewalls are well-integrated with their infrastructure components.Gartner Reprint 15/12/17 14(05 Marketing and Sales Execution: Huawei's firewall sales greatly outgrew the overall enterprise firewall market during the evaluation period. Product Execution: Huawei still does not offer a virtual firewall compatible with Microsoft Azure. Huawei users comment that they would like enhanced reporting and a better GUI. which accounts for a significant portion of its firewall revenue. including cloud-based advanced threat detection. While these features did not lead the market. support for AWS and Xen public clouds. which is a requirement for a growing number of customers in EMEA. and has worked hard to meet regulatory and customer requirements there.webarchive Página 26 de 70 . Gartner clients that want first-to-market security capabilities do not often consider Huawei USG as a shortlist candidate. Marketing Execution: Huawei has limited file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. the vendor has seen significant growth in the region. one of Huawei's targeted growth regions. Portfolio Strategy: Customers with networks based primarily on Huawei infrastructure products can include Huawei firewalls on their shortlists. CAUTIONS Product Strategy: Although Huawei has broadened its support in public and private cloud. it does not release new capabilities as fast as its leading competitors. Thus. and SDN capabilities. Product Execution: Huawei released several important new features during the evaluation period. demonstrating new perceived value. they helped Huawei gain feature parity or near parity with some competitors. Geographic Strategy: Huawei has developed a strong channel in EMEA.

integrated IPS. the SRX Series. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Juniper also recently introduced the SRX 4100 and 4200. but it has had difficulty executing in sales. however. integrated threat intelligence feeds. Its Junos Space Security Director is the central management platform. Juniper just announced that its SDSN Policy Enforcer can now detect threats and enforce policy to non-Juniper switches. which aims to integrate security into all elements of the network infrastructure.webarchive Página 27 de 70 . Juniper is a sizable networking infrastructure vendor with a long history of providing network security capabilities. access and endpoint security solutions.Gartner Reprint 15/12/17 14(05 competitive visibility outside the Asia/Pacific region and EMEA. this concern continues to be a security sales challenge in some markets. Juniper's recent enterprise firewall news includes an expansion of its SDSN partner infrastructure to build out SDSN with CASB. Juniper Networks Based in Sunnyvale. two midrange enterprise firewalls. and Gartner sees it being displaced more often than it is selected in competitive situations. In addition. Its physical enterprise firewall line. in order to minimize the impact of any compromised device. comprises 11 models. The vendor has taken considerable steps to address concerns about relying on technology developed in China. Juniper has two virtual firewalls — vSRX and cSRX. Juniper serves incumbent Juniper infrastructure customers well with a product with good security features. The cSRX is a firewall that can protect containerized environments. Juniper has an initiative called Software-Defined Secure Networks (SDSN). whether it is Juniper or another vendor. Juniper offers AppSecure for application control and visibility. California. And finally. especially North America. and a new cloud-based anti-malware service (Sky Advanced Threat Protection [ATP]).

STRENGTHS Product Execution: Surveyed customers and partners often note satisfaction with the SRX's ease of configuration and rich interface. supporting it with its developing SDSN schema. Gartner began to see awareness of Sky ATP and other advanced security functions and roadmap items among the Juniper ecosystem. These branch-office firewalls include WAN and cellular backup technologies. and is cited for strong clustering and advanced routing capabilities. could inspire potential prospects to evaluate the SRX line. especially in the higher-end SRX models. The vSRX offering is highly rated for performance relative to other virtual firewalls. often citing these as primary reasons for selection and continued usage. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Product Performance: Good options exist for high- throughput. Marketing Execution: During this Magic Quadrant evaluation period. The vendor is unique among its competitors in offering a container-focused firewall. because Gartner sees Juniper often deployed in large data centers.webarchive Página 28 de 70 . purpose-built appliances.Gartner Reprint 15/12/17 14(05 Juniper is a good shortlist candidate for enterprises that desire high throughput at a low price and the ability for the firewall to support advanced routing scenarios. cSRX and the Juniper Contrail SDN framework. Product Strategy: Juniper has a strong SDN security story around vSRX. if this marketing execution is consistent and sustained. Juniper has a strong range of branch-office firewalls complementing its enterprise products. It is also suitable for enterprises buying security and networking in the same buying center. Continued emphasis on these items will encourage more existing customers to stick with Juniper and.

It is a strong infrastructure vendor in China with a large portfolio. including security products that also cover firewalls. Product Execution: Juniper has been late to market compared to competitors in areas such as public cloud support and VMware NSX integration. As a result. routers. Sales Execution: Juniper has continued losing security market share in the past year. and has experienced declining year-over-year revenue in a growing market. WLAN products and management products. switches. although Azure and VMware NSX integration were announced during the evaluation period. cloud computing products. New H3C Group New H3C Group was established in November 2003 and is headquartered in Hangzhou. it lacks the market understanding and strong product file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Gartner clients lack confidence in Juniper's security strategy. Product Strategy: Gartner believes that most enterprises want an operating system in their security products that differs from the one in network infrastructure components. and demonstrate that it can win back customers and market share with its newer capabilities. The vendor must more effectively address fundamental sales challenges. Until 2016. While New H3C Group is focusing more on introducing new product offerings for different growing markets.Gartner Reprint 15/12/17 14(05 Innovation: Gartner clients and surveyed customers and partners perceive that Juniper lags behind its major competitors in releasing new security features. China.webarchive Página 29 de 70 . however. it operated as a subsidiary of Hewlett Packard Enterprise (HPE) and now is a part of UniGroup. the new roadmap direction for Juniper security solutions is very encouraging to Gartner.

S7500E. providing centralized management of a variety of devices. SD-WAN capabilities and SaaS application monitoring. strong firewall with basic security features.Gartner Reprint 15/12/17 14(05 strategy for meeting all enterprise firewall use cases and lacks multiple built-in security features. Customer Experience: Surveyed clients have highly rated the Intelligent Flow Forwarding (IFF) and Security One Platform (SOP) features of the M9000 file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. which can be used on H3C switches (S5800. Product offerings include servers. Offering: New H3C Group also offers H3C SecBlade FW modules. networking and software. Firewall Manager and intelligent Traffic Analysis System (iTAS). with a presence only in China. The vendor is a regional Chinese player. It includes the function modules IPS Manager. cloud infrastructure and big data. The vendor's firewalls should be considered by clients based in China that are already using its products and looking for a high-performance. STRENGTHS Portfolio: New H3C Group has a large portfolio of products and offerings. These FW modules help customers extend network security capabilities within their existing H3C switches and routers. such as network sandboxing. This gives an advantage to end users that want to maintain a single vendor relationship for their broad range of infrastructure products. This gives an advantage to existing customers. security products. storage products. S9500E or S12500) and routers (SR6600 and SR8800). which the majority of competitors in the region offer. UTM Manager. It offers a range of solutions for data centers.webarchive Página 30 de 70 . Security Architecture: The vendor offers H3C SecCenter Management Center for centrally managing the security devices on a network.

the IFF feature is designed to implement distributed traffic flow and the SOP feature offers a virtual firewall function using container-based virtualization technology. as opposed to being an add-on feature of their existing firewalls. including those in China. especially perimeter security for enterprises. it has invested a large amount to develop a high-end testing center and lab with enhanced testing capabilities.webarchive Página 31 de 70 . As per the vendor. Clients have reported these features to be effective in a highly virtualized live environment. Capabilities: Since New H3C Group is a large infrastructure vendor. along with support for SDN. Features: The vendor's firewalls lack an advanced malware network sandboxing feature. This shows commitment from the vendor to deliver reliable products and services to the market. New H3C Group does not offer any CASB integration and lacks SaaS monitoring and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. CAUTIONS Marketing Execution: The vendor's firewalls lacks recognition and brand value in its local market. Surveyed VARs have also reported that the vendor lacks brand recognition and needs better product marketing compared to other local Chinese vendors. This has led to a lack of focus on meeting all enterprise firewall use cases. This leaves customers to go with a separate vendor for advanced malware capabilities. which is offered by a majority of firewall vendors.Gartner Reprint 15/12/17 14(05 Series Multi Service Security Gateways. Product Strategy: New H3C Group's firewall offerings and feature enhancements are more focused on carrier and large data center use cases that operate in highly virtualized environments.

with the 5220. available since 2011. based in Santa Clara.Gartner Reprint 15/12/17 14(05 management features. Presales support is file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Its offerings include enterprise firewall physical and virtual appliances. endpoint software (Traps and GlobalProtect).000 employees. The vendor is visible on shortlists across all industries. The vendor has been shipping enterprise firewalls since 2007. and has high customer satisfaction for its application visibility capabilities. with more than 4. 5250 and 5260 models. two new intermediate appliances (PA-800 Series) and has refreshed its 5000 Series. and SaaS security (Aperture). with improvements for WildFire and Panorama. STRENGTHS Marketing Execution: Palo Alto Networks is the pure- play security vendor with the highest visibility on enterprise firewall shortlists. especially when evaluations give more weight to feature and management quality than to price. which increasingly are sought by enterprises with growing adoption of SaaS applications. It has also released a new entry-level hardware model (PA-220). Palo Alto Networks enjoys continued success in enterprise firewall selections. Palo Alto Networks Palo Alto Networks is a large pure-play security vendor. and its 2016 revenue exceeded $1. The vendor has recently started to highlight integrations between its solutions as a security platform. California. and new SaaS security and user credential protection features. Palo Alto Networks is a solid contender for all enterprises. threat Intelligence (AutoFocus).webarchive Página 32 de 70 . Palo Alto Networks has recently released version 8 of its operating system (PAN-OS).4 billion.

Customer Experience: Palo Alto Networks has a faithful customer base and scores very highly for overall customer satisfaction. and the vendor very frequently comes out from shortlists with the highest overall evaluation score. With a list price of $1. and to the vendor's ability to meet expected performance in production environments. has the highest attach rate and the largest customer base of all vendors evaluated in this research. Several clients give good scores to vendor support in North America. Many clients report that they will renew without performing a competitive assessment and that they recommend the product to their peers. WildFire. Sales Execution: Palo Alto Networks maintains a very high growth rate. Improvements: The vendor has initiated a refresh of its firewall appliances (PA-800 Series.000. with upgraded performance and a higher number of decrypted concurrent TLS connections. the vendor's sandboxing option. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Combined with its automated event aggregation and filtering and drill- down options. WildFire regional cloud options are available in Europe and Asia.webarchive Página 33 de 70 . CAUTIONS Marketing Strategy: Gartner observes that Palo Alto Networks' security platform strategy may impact the vendor's development capabilities across a growing set of products that also require development for better integrating together. Capabilities: The Application Command Center (ACC) includes visibility of sanctioned and unsanctioned SaaS applications. the new PA-220 allows the vendor to target smaller branches.Gartner Reprint 15/12/17 14(05 efficient. it makes it easy to understand application flows and related risks. PA-5200 Series and PA-220).

Sales Execution: Price is frequently cited by Gartner clients. Sangfor Sangfor was founded in 2000 and is headquartered in Shenzhen. Organizations from these regions should evaluate local resellers more stringently and request local references. can become slow when managing a large number of appliances. Despite recent improvements. Market Responsiveness: Some clients have expressed concern about the pace of firmware releases. especially in regions where the vendor does not provide direct vendor support. Customer Experience: Some clients cite that the vendor's centralized solution. as a reason not to select Palo Alto Networks.Gartner Reprint 15/12/17 14(05 Innovations: Gartner has noticed in recent years that the ability of the vendor to lead the market with in- house innovations ahead of what other vendors offer has shifted to continuous improvements combined with acquisitions of small companies filling a gap in the vendor's portfolio. especially distributed organizations. forcing more conservative organizations to stick with an older version for a long time. Panorama. Sangfor provides network security and cloud computing solutions such as Next Generation file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.0 include mentions of performance improvement for Panorama.webarchive Página 34 de 70 . They would like to see smaller batches of features instead of the very large updates that require more time to stabilize. The vendor has a smaller market share than its direct competitors in some of the European countries and Asia. The release notes of the recently published PAN-OS 8. resellers continue to hope for better tools when migrating from another firewall brand. China. with its EMEA regional headquarters in Dubai.

Sangfor DC.Gartner Reprint 15/12/17 14(05 Application Firewall (NGAF). SSL VPN and Hyper-Converged Infrastructure (HCI). which enables customers to locate threats. WAN Optimization (WANO). Product Strategy: Surveyed customers cite the presence of WAF as a primary motivation for selecting NGAF. Internet Access Management (IAM). the vendor has four virtual firewall models and a central management system. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It now features 17 models for China and 10 models for international customers. 2016 also saw the first release of virtual firewalls. a unique feature among the vendors evaluated. and it has some SDN capabilities. along with a reporting platform. In addition. Recent feature releases include geoawareness and stability improvements.webarchive Página 35 de 70 . with sales and operations mostly in China. Sangfor serves a narrow segment of the market. The vendor is a good shortlist contender for Chinese customers that want WAF merged with a firewall. Customers and partners indicate satisfaction with other advanced features. Sangfor offers support for AWS public cloud. and those that want access to advanced security features faster than some other regional vendors have provided them. such as behavioral botnet detection and risk reporting. for a firewall throughput of up to 80 Gbps. Sangfor SC. and its good price/performance ratio. Sangfor started shipping its enterprise firewall product line (NGAF) in 2011. STRENGTHS Product Execution: Sangfor clients enjoy NGAF's ease of deployment and use. NGAF integrates web application firewall (WAF) functionality in the NGAF platform.

and request references for organizations in the same region.Gartner Reprint 15/12/17 14(05 Customer Experience: Sangfor stakeholders give the vendor's presales and postsales customer support high marks. Product Execution: Potential customers outside of China should first verify the availability of vendor support and product documentation for their use case. aimed at midsize enterprises. Internationalization and an expanded geographic presence of the Sangfor firewall product line are ongoing efforts. SonicWall's enterprise firewall portfolio comprises a total of five physical appliances across the NSA Series. California. Geographic Strategy: Gartner does not see Sangfor firewalls often being shortlisted outside of China. going private and becoming a stand-alone company. End users believe that they can't do advanced configurations without involving the vendor. SonicWall Now based in Santa Clara.webarchive Página 36 de 70 . which is a growing feature request among Gartner clients. SonicWall has no virtual file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Partnerships: The vendor does not have any integration with network security policy management tools. SonicWall was spun out of Dell in 4Q16. Sangfor does decryption acting as a proxy. CAUTIONS Customer Experience: Some customers perceive and don't like that only Sangfor support can perform debugging and software and firmware upgrades. and the SuperMassive Series for larger enterprises and data center deployments. It has no on-box TLS decryption. making it more difficult for enterprises to manage policy in a multivendor situation.

SonicPoints and WAN Acceleration Appliances (WXA).Gartner Reprint 15/12/17 14(05 firewall products. All SonicWall firewalls now have integration with Dell Networking X-Series switches. and its continued investment in channel programs may raise visibility among Gartner clients. The Global Management System (GMS) is a central management platform. The vendor is a good shortlist candidate for value-conscious enterprises that desire more throughput at a reasonable price and a solid firewall appliance that is easy to manage.webarchive Página 37 de 70 . file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. STRENGTHS Product Execution: Surveyed customers frequently mention the ability of the SonicWall product to meet budget and performance requirements. SonicWall also offers GMS Analyzer and GMS Flow Server for additional reporting views. Recent company news includes announced training and marketing enhancements to its channel programs. They also give good scores for ease of management. Product Performance: SonicWall customers and partners note that the vendor does a very good job handling SSL/TLS decryption on-box without massive performance degradation. SonicWall is not typically visible on a large number of enterprise shortlists. Marketing Strategy: SonicWall has worked hard to rebuild its channels in order to reach more customers. In addition to the main GMS consoles. and it does not address some enterprise data center use cases. Product Strategy: The cloud-based Capture Advanced Threat Protection service takes a multiengine approach to advanced threat detection. SonicWall recently launched its Cloud GMS management solution. This approach shows promise and early feedback is positive.

especially in its ability to inspect JavaScript to provide visibility on SaaS usage. and Sophos Central is the cloud-based centralized management portal for all Sophos security products.K. The vendor has recently experienced a decline in revenue. with more than 3. U. including automated host quarantine and the release of a cloud-based sandbox (Sophos Sandstorm).Gartner Reprint 15/12/17 14(05 CAUTIONS Product Strategy: SonicWall's continued lack of a virtual firewall makes it increasingly less relevant to modern data center use cases as enterprises adopt public cloud IaaS and conduct private cloud projects.webarchive Página 38 de 70 . wireless access point (Sophos AP). Marketing Execution: Gartner less frequently sees SonicWall being shortlisted by enterprise clients. Market Responsiveness: The vendor has been slow in providing differentiating new features and enhancing its existing capabilities. and enterprise mobility management (Sophos Mobile). Product Execution: SonicWall cloud security is less mature than its leading competitors. Sophos Sophos is a network and endpoint security vendor headquartered in Abington. Gartner attributes some of this to the succession of ownership changes and subsequent disruptions to the company. Sophos' portfolio now includes firewalls (XG Series and the older SG Series). Sophos' releases in recent months comprise evolutions of its firewall and endpoint integration. Historically an endpoint security vendor (Sophos Endpoint Protection.000 employees.. Sophos Firewall Manager is the name of the centralized management software. Intercept X). The file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Gartner Reprint 15/12/17 14(05 vendor also made two acquisitions of security vendors leveraging machine learning techniques (Invincea and Barricade). helped by its existing presence in the endpoint protection market. Sophos has demonstrated continued market focus and feature improvements. Sophos is worth including on enterprise firewall shortlists. Customer Experience: Clients like the short learning curve to understand the new XG management interface. The vendor scores relatively higher than its competition for the value of the integration between endpoint and firewall (synchronized security).S. Capabilities: The Sophos XG product line includes a comprehensive set of appliances. Sophos management console is available in many European and Asian languages. Sophos' clients cite good price for value as a key factor in selecting the vendor. for the smallest branches. including a dedicated offering.and lower-midsize enterprise organizations. Sophos regularly adds to its intellectual property with tactical acquisitions of technology-driven companies. Its visibility on U. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Remote Ethernet Device (RED). especially when purchasing a firewall cluster. and for existing Sophos endpoint customers. The vendor has demonstrated its commitment to align the roadmap of all its product lines to its product vision of a fully integrated solution. especially for the upper.webarchive Página 39 de 70 . with easy-to-use filtering. STRENGTHS Marketing Execution: The vendor's revenue growth and customer retention rate are higher than the market average. shortlists is growing. Geographic Strategy: Sophos firewalls are visible on European client shortlists for enterprise firewalls. Embedded and centralized reports are comprehensive and easy to navigate.

visibility and control features. Customer Experience: Several clients and surveyed channel partners would like to see substantial improvements in vendor support. Capabilities: The XG firewall is not yet available on AWS. CASB solutions for increased SaaS security. especially in providing enterprise-class responsiveness for first direct contact with the vendor. It does not offer. and heavily distributed organizations.000 employees or less. CAUTIONS Market Segmentation: Sophos' strategy focuses on enterprises with 5. Its portfolio also includes host file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Platform: Surveyed clients would like to see Sophos providing integration with leading endpoint protection platforms. Stormshield offers 15 physical appliances and six virtual models. in addition to the vendor's own solutions. For enterprises. Sophos executes on a very ambitious roadmap to integrate the XG firewall with Sophos' endpoint and cloud-based management. It provides enterprise firewalls and multifunction firewalls for SMBs to EMEA organizations with its Stormshield Network Security appliances. Sophos XG lacks the ability to create virtual instances within a single physical appliance.Gartner Reprint 15/12/17 14(05 Platform: Under the name Synchronized Security. Stormshield Stormshield resulted from the merger of two French security providers (Arkoon and Netasq) in 2014. nor does it integrate with. Its product strategy is not a good fit for very large enterprise and data center use cases.webarchive Página 40 de 70 . and lacks dedicated SaaS discovery. Some clients in regulated environments or with compliance requirements cite the limited reports and logs.

Company news includes an agreement with Ingram Micro to distribute Stormshield products throughout EMEA. Product Execution: Surveyed customers and partners tout a strong behavioral IPS that impacts firewall performance minimally (compared to competitive offerings) as a reason to buy. Certified support centers are available in nine European file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. For example. Stormshield remains primarily a solution serving clients in Western Europe. which makes it a good choice for European government agencies and private organizations working with the public sector. Stormshield introduced a new ruggedized firewall for industrial environments during the Magic Quadrant evaluation period. and it is often selected in that region because it's from a trusted European vendor. The vendor is a suitable shortlist contender for European organizations that value a dependable enterprise firewall that can integrate with same-vendor endpoint protection. Stormshield had early support for the European General Data Protection Regulation (GDPR) by introducing integration between its encryption solution and the firewall. Support: Stormshield's customers cite the value of having in-country customer support. In addition to the new management appliances. Stormshield has introduced Stormshield Management Center and Stormshield Visibility Center. For management and reporting.webarchive Página 41 de 70 . STRENGTHS Compliance: Stormshield owns several regional and nationwide European certifications.Gartner Reprint 15/12/17 14(05 IPS (Stormshield Endpoint Security) and data-at-rest encryption software (Stormshield Data Security). The vendor provides virtual firewall appliances for AWS and Microsoft Azure IaaS platforms.

Product Strategy: Stormshield provides vulnerability management that leverages an integrated passive scanner. Geographic Strategy: Although Stormshield gets support from the large Airbus Defence and Space CyberSecurity group. In 2016. headquartered in Seattle. especially France.webarchive Página 42 de 70 . It lacks threat intelligence feeds. is a recognized brand name for SMBs and distributed enterprises. Sales Execution: The vendor has fewer customers using its firewalls in IaaS environments than most of its competitors. and has yet to build an offering for SDN use cases. CAUTIONS Product Execution: Stormshield continues to lag behind market leaders in some functional areas — how it integrates application control in the security policy and support of only a limited number of virtual domains within a single hardware appliance. it released two new M models for file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. WatchGuard WatchGuard.Gartner Reprint 15/12/17 14(05 nations. Threat Research: Stormshield's internal threat research team collaborates with parent company Airbus Defence and Space CyberSecurity's Security Research Team to gain access to an expanded set of findings. visibility and channel remain focused on EMEA. It allows security analysts to dynamically apply dedicated rules to vulnerable hosts by adding them to a group of vulnerable hosts. making it unsuitable to address certain high-availability use cases. as well as in the United Arab Emirates (UAE) and Singapore. Washington. Stormshield does not support active/active use cases. the majority of its penetration.

Gartner Reprint 15/12/17 14(05 firewalls. STRENGTHS Product Execution: WatchGuard has enhanced its threat detection capabilities as two separate threat intelligence subscriptions. TDR offers better correlation with network and endpoint security events. However. its product strategy is more focused toward midsize and distributed enterprise use cases than toward a majority of enterprise use cases. WatchGuard offers good analytics and reporting capabilities with its cloud-based reporting solution. Reputation Enabled Defense. includes feeds from OEM partners like Kaspersky. Also offered is Threat Detection and Response (TDR) as a part of the Total Security suite. Host Ransomware Prevention is also a component in TDR. AVG as its antivirus engine and Trend Micro as a provider of file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. WatchGuard offers a good product with better price versus performance relative to other vendors in the space. along with third-party threat intelligence feeds that the vendor has partnered with. under the Basic Security suite. Surveyed stakeholders have cited it as one of the key strengths of the portfolio. Technology Partner Ecosystem: Watchguard has partnered with multiple technology providers to provide better features and integration capabilities. WatchGuard also made a few significant feature enhancements around mobile security and VPN. It uses Forcepoint as a URL filtering provider. WatchGuard should be considered by distributed enterprises that want good price/performance value. Dimension. Firebox M4600 and M5600 for SMBs. This will equip WatchGuard customers with better correlation and threat detection capabilities.webarchive Página 43 de 70 . With recent enhancements around threat detection capabilities and multiple technology partnerships. Deutsche Telekom and other threat intelligence sources.

Surveyed VARs have also indicated they sell WatchGuard Firebox appliances to only midsize and distributed enterprise customers. In addition. and it needs improvement there. Surveyed end users have cited this as one of the vendor's strengths. which is raised as an email. WatchGuard has lagged behind most of its competitors in releasing virtual firewall services to support customer deployments in the public cloud. WatchGuard can help distributed enterprises manage and secure a mixed WAN environment. However.Gartner Reprint 15/12/17 14(05 an IPS signatures database. Marketing Execution: WatchGuard has its major presence in midsize and distributed enterprises. a dedicated CASB provider. Policy Map provides a visual flow map showing which policies are hit by traffic moving through the firewall. WatchGuard also offers integration with ManagedMethods. and does not effectively address several enterprise use cases. Sales Execution: The vendor offers good price versus performance value. Features: WatchGuard offers a policy mapping feature for identifying the firewall rule usage. with cost-effective products and subscriptions. CAUTIONS Technical Support: Some surveyed end users have reported that the vendor lacks quick resolution through the technical support ticket process. Gartner does not see WatchGuard being frequently shortlisted by the enterprise clients as a possible firewall candidate. It also has OEM partnerships with multiple threat intelligence feeds. Product Strategy: WatchGuard lacks support for SDN vendors in supporting SDN deployment use cases. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This helps in identifying overlapping rules.webarchive Página 44 de 70 .

Gartner Reprint 15/12/17 14(05 Vendors Added and Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. therefore. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. As a result of these adjustments. Gartner analysts consider that aspects of the vendor's product execution and vision merit inclusion. Added New H3C Group was added to the Magic Quadrant. changed evaluation criteria. Dropped No vendors were dropped from the Magic Quadrant. It may be a reflection of a change in the market and. the mix of vendors in any Magic Quadrant or MarketScope may change over time. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 45 de 70 . The vendor demonstrates a competitive presence in enterprises and sales. or of a change of focus by that vendor. The vendor regularly appears on shortlists for selection and purchases. Inclusion and Exclusion Criteria Inclusion Criteria Network firewall vendors that meet the market definition and description were considered for this research under the following conditions: Gartner analysts have assessed that the vendor has the ability to effectively compete in the enterprise firewall market.

host-based IPSs and WAFs (see Note 1) — all of which are distinctly separate markets.Gartner Reprint 15/12/17 14(05 The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million. scalability and ability to directly compete with the larger firewall product/function view. Products that are suited for SMBs (such as UTM firewalls.webarchive Página 46 de 70 . as well as carriers and ISPs that provide managed services. host-based firewalls. Exclusion Criteria Network firewall vendors may have been excluded from this research for one or more of the following reasons: The vendor has minimal or negligible apparent market share among Gartner clients. or it is not actively shipping products. This includes hardware OEMs. The vendor's products sell as network firewalls. resellers that repackage products that would qualify from their original manufacturers. and within a customer segment that is visible to Gartner. but do not have the capabilities. Evaluation Criteria file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The vendor is not the original manufacturer of the firewall product. The vendor has personal firewalls. We assess the breadth of OEM partners as part of the evaluation of the firewall. or those for small office/home office placements) are not targeted at the market this Magic Quadrant covers (enterprises) and are excluded. The vendor primarily has a network IPS with a non- enterprise-class firewall. and we do not rate platform providers separately.

supported and in users' hands. low latency. console quality. prospects for continuing operations.webarchive Página 47 de 70 . and demonstrated commitment in the firewall and security markets. All vendors were required to disclose comparable market data. breadth and value of offerings through the specific lens of enterprise needs. Key features are weighted heavily. Growth of the customer base and revenue derived from sales are also considered. Execution is not primarily about company size or market share. Sales are a factor. winning in competitive environments through innovation and quality of product and service is more important than revenue. rule optimization and workflow). installed. however. Having a low rate of vulnerabilities in the firewall is important. product service and port density matter. Execution considers factors related to getting products sold. and the ability to support complex deployments and modern DMZs. such as firewall revenue. compliance. although those factors can affect a vendor's Ability to Execute. Strong execution means that a company has demonstrated to Gartner analysts that products are successfully and continually deployed in enterprises. and that the company wins a large percentage in competition with other vendors. and also generate a steady stream of inquiries to Gartner analysts. event management.Gartner Reprint 15/12/17 14(05 Ability to Execute Product or Service: This includes service and customer satisfaction in enterprise firewall deployments. secondary product capabilities (logging. Overall Viability: This includes overall financial health. competitive wins versus key competitors (which are compared with Gartner file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients. company history. Support is rated on the quality. such as foundation firewall functions. The logistical capabilities for managing appliance delivery. range of models.

carriers and managed security service providers (MSSPs). and to present solutions that meet customer protection needs rather than packaging up fear. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and includes the cost of all hardware. The robustness of the enterprise channel and third-party ecosystem is important. as is the pricing model for conducting a refresh while staying with the same product and replacing a competing product without intolerable costs or interruptions. we consider the use of these firewalls to protect the key business systems of enterprise clients and those being considered on competitive shortlists. Cost of ownership over a typical firewall life cycle (three to five years) is assessed. This criterion also considers the provider's history of responsiveness to changes in demand for new features and form factors in the firewall market. and use by enterprises. Sales Execution/Pricing: We evaluate the company's pricing. and think in terms of value over sheer low cost. This includes the strength of the vendor's sales and distribution operations. Market Responsiveness/Record: This evaluates the vendor's ability to respond to changes in the threat environment. Rather. maintenance and installation. and how enterprises deploy network security. deal size.Gartner Reprint 15/12/17 14(05 data on such competitions held by our clients) and devices in deployment. Presales and postsales support is evaluated. uncertainty and doubt.webarchive Página 48 de 70 . Pricing is compared in terms of a typical enterprise-class deployment. support. The number of firewalls shipped or the market share is not the key measure of execution. installed base. Low pricing will not guarantee high execution or client interest. Buyers want good results more than they want bargains.

In addition to buyer and analyst feedback. Customer Experience and Operations: These include management experience and track record. An NGFW capability is heavily weighted.webarchive Página 49 de 70 . Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product or Service High Overall Viability Medium file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Unacceptable device failure rates. such as by driving the market on innovative features co-packaged within the firewall. and which are considered top threats by the others. as well as the depth of staff experience — specifically in the security marketplace. Table 1. as are enterprise- class capabilities. or by offering innovative pricing or support offerings. adaptability of configuration and support for enterprise environments. it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process. and to the range of models to support various deployment architectures. one-off patches) is highly considered. Low latency. vulnerabilities. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment. virtualization. Succeeding in complex networks with little intervention (for example. this ranking looks at which vendors consider the others to be direct competitive threats. The greatest factor in these categories is customer satisfaction throughout the sales and product life cycles. throughput of the IPS capability and how the firewall fared under attack conditions are also important.Gartner Reprint 15/12/17 14(05 Marketing Execution: Competitive visibility is a key factor. poor performance and a product's inability to survive to the end of a typical firewall life span are assessed accordingly. such as multidevice management.

Gartner makes this assessment subjectively by several means.webarchive Página 50 de 70 . Vendors cannot merely state aggressive future goals. and against future trends identified in Gartner research. including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps. Understanding and delivering on enterprise firewall realities and needs are important. too" roadmap. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor. and having a viable and progressive roadmap and continuing delivery of NGFW features are weighted very highly. rather than an "us. We also evaluate the vendor's overall understanding of and commitment to the security and network security markets. they must put plans in place.Gartner Reprint 15/12/17 14(05 Sales Execution/Pricing Medium Market Responsiveness/Record High Marketing Execution Medium Customer Experience High Operations Medium Source: Gartner (July 2017) Completeness of Vision Market Understanding and Marketing Strategy: This includes providing a track record of delivering on innovation that precedes customer demand. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. show that they are following their plans and modify those plans as they forecast how market directions will change.

and they must do so in a technically direct manner. Credible. value for pricing. Building loyalty through credibility with a full-time enterprise firewall staff demonstrates the ability to assess the next generation of requirements. independent third-party certifications include the Common Criteria for Information Technology Security Evaluation. viable strategy for addressing the challenges in SDN deployments is important. and clear explanations and recommendations for detecting events. Vertical/Industry Strategy and Geographic Strategy: These include the ability and commitment to service geographies and vertical markets. It also includes R&D spending. We also evaluate how the vendor understands and serves the enterprise branch office and data center. virtualization and performance. NGFW integration and enhancement. Offering (Product) Strategy: This criterion focuses on a vendor's product roadmap. such as introducing practical new forms of intelligence to which the firewall can apply policy. An articulated. as is evidence of execution within cloud and virtualized environments. such as complex file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. current features. Sales Strategy: This includes preproduct and postproduct support. as well as product integration with other IT systems. Channel and third-party security product ecosystem strategies matter insofar as they are focused on enterprises. Integration with other security components is also weighted.Gartner Reprint 15/12/17 14(05 The NGFW capabilities are expected to be integrated to achieve correlation improvement and functional improvement. is highly rated. Business Model: This includes the process and success rate for developing new features and innovation.webarchive Página 51 de 70 . including zero-day events. rather than selling just fear or next-generation hype. Vendors need to address the network security buying center correctly. Innovation.

and achieving high IPS throughput and low appliance latency. are scored accordingly. Innovation: This includes R&D and quality differentiators. such as: Performance. Solving customer problems is a key element of this criterion. Products that are not intuitive in deployment. Completeness of Vision Evaluation Criteria Evaluation Criteria Weighting Market Understanding High Marketing Strategy Medium Sales Strategy Medium Offering (Product) Strategy High file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. or operations that are difficult to configure or have limited reporting.webarchive Página 52 de 70 . MSSPs.Gartner Reprint 15/12/17 14(05 enterprise multinational deployments. Management interface and clarity of reporting — that is. carriers or governments. rather than adding more alerts and complexity. Firewall virtualization and securing virtualized environments. which includes low latency. new firewall mechanisms. the more a product mirrors the workflow of the enterprise operation scenario. offering interproduct support and leading competitors on features are foremost. Integration with other security products. Reducing the rule base. the better the vision. Table 2. "Giving back time" to firewall administrators by innovating to make complex tasks easier.

Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats. and a management and reporting capability that is designed for complex and high-volume environments.Gartner Reprint 15/12/17 14(05 Business Model Medium Vertical/Industry Strategy No Rating Innovation High Geographic Strategy Medium Source: Gartner (July 2017) Quadrant Descriptions Leaders The Leaders quadrant contains vendors that build products that fulfill enterprise requirements.webarchive Página 53 de 70 . as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. Challengers file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. offering options for hardware acceleration and offering form factors that protect enterprises as they move to new infrastructure form factors. provide expert capability rather than treat the firewall as a commodity and have a good track record of avoiding vulnerabilities in their security products. A solid NGFW capability is an important element. such as multitier administration and rule/policy minimization. support for virtualization and virtual LANs. Common characteristics include handling the highest throughput with minimal performance loss. These requirements include a wide range of models.

because of their strength in execution.Gartner Reprint 15/12/17 14(05 The Challengers quadrant contains vendors that have achieved a sound customer base. Niche Players file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. If firewalling is a competitive element for an enterprise. Many Challengers hold themselves back from becoming Leaders because they choose to place security or firewall products at a lower priority in their overall product sets. Many Challengers have not fully matured their NGFW capability — or they have other security products that are successful in the enterprise and are counting on the relationship. and. but they lack the sales base. Vendors that do not have strong NGFW capabilities are supplementing them in a defensive move. but lack in performance capabilities and support networks.webarchive Página 54 de 70 . Savings and high- touch support can be achieved for organizations that are willing to update products more frequently and to switch vendors if required. then Visionaries are good shortlist candidates. to win deals. Most Visionaries' products have good NGFW capabilities. strategy or financial means to compete consistently with Leaders and Challengers. but trail smaller market share Leaders in the release of features. more automated east/west microsegmentation in public cloud and SDN environments. while vendors that have strong NGFW offerings are focused on manageability and usability. Gartner expects the next wave of innovation in this market to focus on better. these vendors can offer economical security product bundles that others cannot. but they are not consistently leading with differentiated next-generation capabilities. rather than the product. Visionaries Visionaries have the right designs and features for the enterprise. Challengers' products are often well-priced. Firewall market Challengers will often have significant market share.

have increased demand for new firewall features and capabilities. Some enterprises that have the firewall needs of an SMB (for example. Changes in threats. Organizations' final product selection decisions must be driven by their specific requirements. virtualization. and integration with the established security and network infrastructure and teams. although other models from Leaders and Challengers may be more suitable. especially in the relative importance of management capabilities. It is populated with mature vendors and some more recent entrants. Market Overview As the first line of defense between external threats and enterprise networks.webarchive Página 55 de 70 . Context The enterprise firewall market is the largest security product market.Gartner Reprint 15/12/17 14(05 Most vendors in the Niche Players quadrant are smaller vendors of enterprise firewalls. If local geographic support is a critical factor. ease and speed of the deployment. makers of multifunction firewalls for SMBs or branch-office-only product makers that are attempting to break into the enterprise market. firewalls need to continually evolve to maintain effectiveness. Firewalls have high adoption and penetration rates in all file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. acquisition costs. SDN and use of the cloud. Many Niche Players are making larger versions of SMB products with the mistaken hope that this will satisfy enterprises. as well as increased enterprise demand for mobility. IT organization support capabilities. some Type C risk-averse enterprises and some distributed enterprises) may consider products from Niche Players. responding to the continuing evolution in threats as well as to changes in enterprise network speed and complexity. then Niche Players can be shortlisted.

Network security policy management (NSPM) products are increasingly used to manage complexity. user-based policy enforcement in the top business and social media applications. Enterprise Firewalls Are Next-Generation Firewalls One key area of firewall evolution that has been widely supported is what Gartner (in 2009) called "NGFW features" — namely. This means that. the firewall market is driven by refresh cycles of four to five years. integrated deep packet inspection intrusion prevention. and to require enforcement options in their next refresh. Gartner estimates that the transition to NGFW from traditional firewalls will complete within the next two years. as demonstrated through third-party testing under realistic threat and network load conditions. to protect their installed base.webarchive Página 56 de 70 . All enterprise firewall vendors today offer NGFWs. or face either replacement by innovative market entrants or commoditization by low- cost providers. or the ability to enforce policy on thousands of applications. For new firewalls. application identification and granular user control. and fine-grained. Identity-based policy enforcement. especially in multivendor situations (see Note 2). Because it is saturated. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The key differentiators in these areas are IPS effectiveness.to 5-year-old firewalls and IPSs evaluate replacement: Enterprises with traditional firewalls seek to have firewalls that have application and user visibility.Gartner Reprint 15/12/17 14(05 markets. there is no distinction between an enterprise firewall and an NGFW. incumbents must add improved capabilities and increase performance. remains a defining feature. We have seen some common patterns in the firewall market as enterprises with 3.

Gartner Reprint 15/12/17 14(05 Enterprises not currently using any IPSs migrate to NGFWs with minimal use of advanced features. migrate to NGFWs for the firewall with application control and user context. in the past few years. UTM vendors have and continue to target SMB clients. using minimal signature sets) migrate to NGFWs using the built-in IPS capabilities. and do not consolidate web antivirus on the internet-facing file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 57 de 70 . and upgrade IPSs to NGIPSs. High-security environments upgrade to NGFWs for the firewall. with large signature sets and some custom signatures. but it is mostly restricted to two use cases: distributed Type C enterprises (mostly in the retail industry). UTM Still Can't Compete With Enterprise Firewalls Historically. Organizations look to extend their on-premises firewall vendor into IaaS cloud providers. Enterprises with firewalls and stand-alone IPSs that are employed primarily in detection mode (that is. the UTM approach fails to convince Type A and Type B enterprises that require mature application and user control capabilities. but continue using stand-alone IPSs. and firewall-only for network segmentation at low cost. Gartner sees some limited success for Type C enterprises (see Note 3). However. However. the large UTM vendors have tried to expand beyond their traditional use case by stretching into the large enterprise market. Enterprises with firewalls and stand-alone IPSs that are used for active prevention. Enterprises seek NGFW functionality as they transition from physical data center to virtualized environments and SDN. They now try to sell high-throughput UTM to enterprise clients that score price competitiveness higher than security.

a growing number of malware attacks. End-user experience is likely to be affected too. more than 60% of organizations will fail to decrypt HTTPS efficiently. including ransomware. enterprise firewall vendors underestimate the work of building an SMB channel)." Gartner anticipates that. Most enterprise buyers are also wary of shortlisting a UTM vendor because of its primary focus on SMBs and limited brand awareness. principally to enforce web-filtering policy and to prevent malware infections. UTM vendors also face difficulties in building a strong sales and support channel for enterprises (similarly. Decrypting SSL/TLS on a firewall creates organizational issues. such as ensuring employees' right to privacy. despite the self-evaluation bias that generally results in inflated numbers. more than 80% of enterprises' web traffic will be encrypted. Consequently.Gartner Reprint 15/12/17 14(05 firewall (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets" ). In "Predicts 2017: Network and Gateway Security. such as performance issues and product sizing difficulties for the firewall channel. and firewall vendors do a poor job at providing an up-to-date list of exceptions. will move to use HTTPS to covert initial infection and command and control communications.webarchive Página 58 de 70 . and the fact that references provided file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. through 2019. Some application traffic cannot be decrypted. missing most targeted web malware. By 2020. leading to traffic being blocked. Decrypt This Enterprises face a growing need for SSL decryption. and technical challenges. In the client reference survey.

gain traction. virtualization platform vendors and virtual-only firewalls will present a challenge. Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware or AWS) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. such as Citrix Xen and Microsoft Hyper-V. Gartner covers virtual/cloud firewall vendors such as vArmour and Illumio. and as IaaS deployments become more common. Performance and the ability to manage firewall policy through a single integrated management console for stand-alone appliances or virtual appliances are key differentiators. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. networks and east-west segmentation. and some lean-forward customers have adopted these. Virtualized Firewalls: Hype Accelerates.webarchive Página 59 de 70 . but has not seen significant adoption. managing heterogeneous virtualized firewalls from existing physical firewall vendors. VMware's NSX work with Palo Alto Networks. and Demand Starts to Follow As data center virtualization has continued. As other virtualization platforms. demand for virtualized environment support has grown. Check Point Software Technologies.Gartner Reprint 15/12/17 14(05 by vendors tend to use more features than the market average. Adoption is growing quickly (from small numbers). Fortinet and other firewall vendors has created buzz for virtualizing and securing data centers. only 29% of the respondents answered that they were decrypting HTTPS traffic. subject to stringent third-party file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. SDN projects get more numerous. Almost all operating systems within firewall appliances are uniquely hardened.

Gartner believes that the firewall market is "at capacity": This is the largest security product market (fast approaching $10 billion). with growth decelerating for the remainder of that period. as in other markets.4% from 2014 through 2021. so even if great new products emerge. and vendors are scrambling to meet that demand by attempting to increase virtual firewall performance and by automating firewall policy orchestration in dynamic environments. This refresh dynamic results in the market being linear. We also forecast that this market will reach a compound annual growth rate of 7. and incremental market growth is significant. Gartner estimates that the firewall market will grow approximately 7. For 2017. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. However. rather than having macrorefresh cycles or "bumps" of refreshes. Agility is one of the key business benefits of SDN and IaaS.9% to $9.8%. Gartner market data continues to show that virtual firewall revenue accounts for far less than 5% of enterprise firewall market revenue.27 billion. but at a Slowing Pace During the evaluation period.webarchive Página 60 de 70 . the firewall market grew 8. Another big issue in deploying virtual firewalls in SDN or IaaS projects is the inability of enterprise virtual firewalls to spin up appropriate policy as servers are spun up. incumbent firewalls are rarely refreshed before they reach maturity.Gartner Reprint 15/12/17 14(05 security evaluations. and the need for human interaction with firewall policy subtracts from the business benefits these agile architectures bring with them. Firewall refreshes remain constant at a five-year average. client market inquiries show an increased interest in virtual firewalls. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall. The Firewall Market Is Still Growing.

with undermarketing making true innovations a well-kept secret. but for a lower price.webarchive Página 61 de 70 . and Leaders are unable to demonstrate a clear delta in capability that justifies premium prices. Leaders will innovate and Challengers will later adopt those features for their clients who are fine with getting features later. Leaders will allow the lower price offerings of Challengers to win more often when a hands-on evaluation is not extensive. over the past year. almost all enterprise firewall vendors have introduced solutions over the past five years. but with the slower pace of true innovation by Leaders and the absence of Visionaries. and we can't yet consume the newest features" Challengers. the enterprise firewall market has been bifurcated into shortlists of "security first" Leaders and "price really matters. Client "bake-offs" and hands-on comparative evaluations will show today's Leaders as having more capability. however. Gartner has seen these bifurcated shortlists start to change slightly as Challengers creep in. the gap has closed — not through the innovation of Challengers. These file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. especially for management and reporting. Since the emergence of the NGFW. Have Some Advanced Threat Detection With That Firewall Advanced threat detection using a network sandbox — offered by stand-alone vendors such as FireEye — has become a rapidly growing market. This gap widened at first. however. and overmarketing producing "hype" roadmaps and announcements that don't resonate with the buying center. Gartner believes extremes of marketing strategies by Leaders are behind this.Gartner Reprint 15/12/17 14(05 The Absence of Significant Innovation Brings Challengers Closer to Leaders In most technology markets. if this trend continues. Advanced threat defense/detection is penetrating the mainstream market.

Confusing Use of "Application" and "Firewall" in Three Distinct Products Overlapping terminology and unclear marketing can lead to confusion among the three distinct issues of application control. and a considerably lower price. while others are delivered through third-party partnerships. All of the firewall vendors evaluated here either deliver a network sandbox today.webarchive Página 62 de 70 . or have it on their short-term roadmaps. As the desire to defend against the advanced threat is permeating the mainstream market.Gartner Reprint 15/12/17 14(05 firewall-attached sandboxes are delivered mostly as cloud-based sandboxes priced as subscription-based services. customers are increasingly turning to their firewall vendors for their network sandboxing needs (see "Market Guide for Network Sandboxing" ). such as Facebook and peer-to-peer (P2P) file sharing. The cloud advantage is a fixed-fee subscription that does not have to be scaled up nor consume rack space. on- premises sandbox where files are sent for inspection. rather than as a customer-based. Pure-play WAF companies (such as Imperva) or data center file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Firewall-attached sandboxes have almost reached parity with stand-alone solutions. Some of these are built by the firewall vendors. The firewall application control approaches used by enterprise vendors are mostly about controlling access to external applications. WAFs and firewalls on application delivery controllers (ADCs). making them "good enough" for most enterprises. WAFs are different: They are placed primarily in front of web servers in the data centers. Firewall-connected sandboxes have appealed mostly to budget-constrained Type B enterprises that would rather maintain single-console control over their firewall than deploy a separate platform.

if budget allows. While some ADC vendors (such as F5) are now offering network firewalling within their ADCs as well. if no ADC/WAF is present). and are often managed by entirely different teams. These data center firewalls will be challenged to gain any noteworthy enterprise market share until they can provide competitive firewalling for all enterprise use cases in a range of physical and virtual form factors. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. They can.webarchive Página 63 de 70 . such as in cases where the data center is a separate business with its own firewall operations staff. most enterprises have a single brand of network firewall for all placements. however. Many still use discrete WAF (because of its better understanding of custom web applications) and ADC (better application performance to users) as the optimal way to answer that question.Gartner Reprint 15/12/17 14(05 infrastructure vendors that provide WAF technology within their ADCs are concerned with protecting custom internal web applications. data center and branch (see "One Brand of Firewall Is a Best Practice for Most Enterprises" ). which involves a termination and re-encryption of these sessions (see "Security Leaders Must Address Threats From Rising SSL Traffic" and "Web Application Firewalls Are Worth the Investment for Enterprises" ). Most traffic to enterprise web servers remains encrypted until it reaches the ADC (or the server itself. and Gartner recommends this practice. meaning the owners of firewalls and IPSs face the decision of whether to engage SSL inspection. virtualized. This performance impact is often hard to measure clinically. serve a specialized niche of placements. As Gartner advises clients. WAF and ADC technologies converging because they are for different tasks at different placements in the network. Gartner does not see NGFW. and an underestimation of its impact affects everything the firewall is processing. including internet-facing.

Guidelines for responding to the full survey were provided at the time of issue. or that did not meet the guidelines. did not fare as well under some of the scoring criteria. nevertheless. Responses that were lower quality (for example. or were unable to go beyond technical capabilities and demonstrate an understanding of the business environment). Responses were. as well as what other vendors' customers said about that file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 64 de 70 . were unable to explain key concepts. vendor briefings conducted at the request of vendors throughout the year. we took into account the comments from that vendor's references. The analysis in this research was based primarily on interviews and interactions during firewall inquiries with Gartner clients since the 2014 "Magic Quadrant for Enterprise Network Firewalls. generally tended to score lower.Gartner Reprint 15/12/17 14(05 Evidence This Magic Quadrant was conducted in accordance with Gartner's well-defined methodology. Vendors that declined to provide a survey response were assessed by Gartner as to what their likely reply would have been (usually. and. used poor grammar. interviews with references provided by vendors and supporting Gartner quantitative research on market share. therefore. and each reference customer was supplied with a structured survey. of variable quality. Some vendors declined to answer certain questions due to market restrictions. this was in relation to specific revenue breakdowns). respondents ignored the question. For each vendor. We asked for a specific number of references from each vendor (n = 95)." We also considered surveys completed by vendors. were unable to provide high-quality explanations of use cases. References were scored on the basis of their quality and what they told us.

Although the NSPM market is still somewhat small. Note 2 Network Security Policy Management Tools Third-party network security policy management (NSPM) tool vendors (such as AlgoSec. In other cases. these are rarely enabled. very large enterprises may have firewall products from different vendors — sometimes by accident via acquisition rather than through choice. and the customers requiring help with complexity are the very largest. Although a few firewalls offer optional WAF modules. The critical difference is one of direction: Application control in NGFWs is concerned primarily with applications that are external to the enterprise (for example. an off-premises service (such as from Akamai) or within an ADC (such as from F5).webarchive Página 65 de 70 . Vendors could be notably affected by the inability to have a sufficient number of reference customers providing input. Instead. these markets remain very distinct. because a single-vendor solution is usually the best choice. we see WAFs deployed as a stand-alone product (such as from Imperva). whereas WAFs are concerned with protecting custom web applications on servers that are internal to the enterprise. Additionally. it's growing fast.Gartner Reprint 15/12/17 14(05 particular vendor. visualize and reduce firewall rules and policies. Today. FireMon and Tufin) continue to exploit the absence of firewall consoles to optimize. P2P and Facebook). Note 1 Buyer Confusion Concerning WAFs The advent of application control in firewalls has led to some natural confusion between the NGFW and WAF markets in the minds of buyers. an enterprise may be in the file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Type C enterprises are risk-averse to procurement. technology is not critical to the business and is clearly a supporting function. tolerate procurement failure. In addition. They wait. Enterprises that deploy some their infrastructure to the public cloud may choose to use native cloud firewalls there. let others work out the nuances and then leverage the lessons learned. Evaluation Criteria Definitions file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 66 de 70 . NSPM vendors are expanding into managing other network security devices. in some cases. cloud-resident firewalls). For Type B enterprises." They are neither the first nor the last to bring in a new technology or concept. and are willing to invest for innovation that might deliver lead time against their competition. B and C Enterprises Enterprises vary in their aggression and risk-taking characteristics. For Type C enterprises. Type A enterprises seek the newest security technologies and concepts. technology is crucial to business success. such as IPSs. whereas no firewall vendor will effectively manage a competing product. this is the "lean back" security posture that is more accustomed to monitoring rather than blocking. in addition to maintaining the incumbent firewalls in the physical infrastructure. For Type A enterprises. Type B enterprises are "middle of the road. this is the "lean forward" or aggressive security posture. Note 3 Types A. technology is important to the business. perhaps investment-challenged and willing to cede innovation to others. All NSPM vendors support multiple firewall products (including.Gartner Reprint 15/12/17 14(05 midst of a multistage rollout of a new platform.

promotional initiatives. whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria. increase awareness of the products. Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them.webarchive Página 67 de 70 . file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. thought leadership.Gartner Reprint 15/12/17 14(05 Ability to Execute Product/Service: Core goods and services offered by the vendor for the defined market. Marketing Execution: The clarity. quality. quality. change direction. and the likelihood that the individual business unit will continue investing in the product. customer needs evolve and market dynamics change. pricing and negotiation. This "mind share" can be driven by a combination of publicity. feature sets. will continue offering the product and will advance the state of the art within the organization's portfolio of products. presales support. This includes deal management. word of mouth and sales activities. skills and so on. Overall Viability: Viability includes an assessment of the overall organization's financial health. be flexible and achieve competitive success as opportunities develop. Market Responsiveness/Record: Ability to respond. This includes current product/service capabilities. competitors act. and the overall effectiveness of the sales channel. promote the brand and business. and establish a positive identification with the product/brand and organization in the minds of buyers. This criterion also considers the vendor's history of responsiveness. creativity and efficacy of programs designed to deliver the organization's message to influence the market. the financial and practical success of the business unit.

Completeness of Vision Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. service. Marketing Strategy: A clear. availability of user groups. marketing.webarchive Página 68 de 70 . including skills. systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis. technologies. differentiated set of messages consistently communicated throughout the organization and externalized through the website. customer support programs (and the quality thereof). Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation. services and the customer base. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs. this includes the ways customers receive technical support or account support. Operations: The ability of the organization to meet its goals and commitments. expertise. methodology and feature file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Specifically. programs. service-level agreements and so on. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales. experiences. This can also include ancillary tools. customer programs and positioning statements. and can shape or enhance those with their added vision.Gartner Reprint 15/12/17 14(05 Customer Experience: Relationships. skills. and communication affiliates that extend the scope and depth of market reach. functionality. Factors include the quality of the organizational structure. advertising. products and services/programs that enable clients to be successful with the products evaluated.

This publication may not be reproduced or distributed in any form without Gartner's prior written permission. Gartner is a public company. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. and derive revenues from. Innovation: Direct. and may have client relationships with. and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. defensive or pre-emptive purposes. channels and subsidiaries as appropriate for that geography and market.jsp) posted on gartner. omissions or inadequacies in such information. companies discussed herein. Vertical/Industry Strategy: The vendor's strategy to direct resources. or its affiliates.com. If you are authorized to access this publication. Although Gartner research may include a discussion of related legal issues. Gartner is a registered trademark of Gartner. manufacturers and sellers.webarchive Página 69 de 70 . Gartner research is produced independently by its research organization without input or influence from these firms. Business Model: The soundness and logic of the vendor's underlying business proposition. including vertical markets. related.Gartner Reprint 15/12/17 14(05 sets as they map to current and future requirements. and/or its affiliates. complementary and synergistic layouts of resources. Inc. skills and offerings to meet the specific needs of individual market segments. © 2017 Gartner. Inc. either directly or through partners. consolidation. All rights reserved. Gartner does not provide legal advice or services and its research should not be construed or used as such. The opinions expressed herein are subject to change without notice. Gartner's Board of Directors may include senior managers of these firms or funds. Geographic Strategy: The vendor's strategy to direct resources. Gartner disclaims all warranties as to the accuracy. expertise or capital for investment. completeness or adequacy of such information and shall have no liability for errors. The information contained in this publication has been obtained from sources believed to be reliable. Gartner provides information technology research and advisory services to a wide range of technology consumers. skills and offerings to meet the specific needs of geographies outside the "home" or native geography. your use of it is subject to the Usage Guidelines for Gartner Services (/technology/about/policies/usage_guidelines. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

jsp) | IT Glossary (http://www.gartner.gartner.jsp)" About (http://www.com/technology/careers/) | Newsroom (http://www.gartner. (/technology/about/ombudsman/omb_guide2.jsp) | Privacy (https://www.com/technology/site-index.gartner.com/technology/about.com/technology/contact/contact_gartner.com/it-glossary/) | Contact Gartner (http://www. For further information on the independence and integrity of Gartner research.gartner.jsp) file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.com/privacy) | Site Index (http://www.gartner.com/technology/about/policies/guidelines_ov.com/newsroom/) | Policies (http://www. see "Guiding Principles on Independence and Objectivity.Gartner Reprint 15/12/17 14(05 funds or their managers.gartner.webarchive Página 70 de 70 .gartner.jsp) | Careers (http://www.