You are on page 1of 70

Gartner Reprint 15/12/17 14(05


Magic Quadrant for
Enterprise Network
Published: 10 July 2017 ID: G00310171
Analyst(s): Adam Hils, Jeremy D'Hoinne, Rajpreet Kaur (
"Next generation" capabilities have been achieved by
all products in the enterprise network firewall market,
and vendors differentiate on feature strengths.
Security and risk management leaders must consider
the trade-offs between best-of-breed enterprise
network firewall functions and cost.

Strategic Planning Assumptions
Virtualized versions of enterprise network firewalls will
reach 10% of market revenue by year-end 2020, up
from less than 5% today.

By year-end 2020, 25% of new firewalls sold will
include integration with a cloud-based cloud access
security broker (CASB), primarily connected through

By 2020, 50% of new enterprise firewalls deployed will
be used for outbound TLS inspection, up from less
than 10% today.

Market Definition/Description

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 1 de 70

Gartner Reprint 15/12/17 14(05

This document was revised on 12 July 2017. The
document you are viewing is the corrected version. For
more information, see the Corrections page on

The enterprise network firewall market represented by
this Magic Quadrant is still composed primarily of
purpose-built appliances for securing enterprise
corporate networks. Products must be able to support
single-enterprise firewall deployments and large
and/or complex deployments, including branch offices,
multitiered demilitarized zones (DMZs), traditional "big
firewall" data center placements and, increasingly, the
option to include virtual versions for the data center.
Customers should also have the option to deploy
versions within Amazon Web Services (AWS) and
Microsoft Azure public cloud environments, and they
should see the ability to support Google Cloud on the
vendor roadmap within the next 12 months. These
products are accompanied by highly scalable (and
granular) management and reporting consoles, and
there is a range of offerings to support the network
edge, the data center, branch offices, and deployments
within virtualized servers and the public cloud. All
vendors in this market should support fine-grained
application and user control. In effect, all vendors in
the enterprise firewall market have what Gartner has
called "next-generation firewalls (NGFWs)"; in essence,
there is no longer a "next generation" in the firewall

The vendors that serve this market are identifiably
focused on enterprises, as demonstrated by the
proportion of their sales in the enterprise; and as
delivered with their support, sales teams and channels.
These vendors provide features dedicated to solve
enterprise requirements and serve enterprise use

What Has Changed
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 2 de 70

Gartner Reprint 15/12/17 14(05

All enterprise firewall vendors offer NGFW features to
better enforce policy (application and user control) or
detect new threats (intrusion prevention systems
[IPSs], sandboxing and threat intelligence feeds).
Enterprise firewall is now synonymous with NGFW.
Enterprise firewalls continue to gradually replace
stand-alone network IPS appliances at the enterprise
edge. Although this is happening now, some
enterprises will continue to choose to have best-of-
breed next-generation IPSs (NGIPSs). Many
enterprises are looking to firewall vendors to provide
cloud-based malware-detection instances to aid them
in their advanced threat detection efforts, as a cost-
effective alternative to stand-alone sandboxing
solutions (see "Network Sandboxing for Malware
Detection" ).
However, enterprise firewalls will not subsume all
network security functions. All-in-one or unified threat
management (UTM) approaches are suitable for small
or midsize businesses (SMBs), but not for the
remainder of the enterprise market (see "Next-
Generation Firewalls and Unified Threat Management
Are Distinct Products and Markets" ).

The needs for enterprise branch-office firewalls have
become specialized, and they have diverged from UTM
products. As part of increasing the effectiveness and
efficiency of firewalls, branch-office firewalls need to
truly integrate a more granular blocking capability as
part of the base product, go beyond port/protocol
identification and move toward an integrated service
view of traffic, rather than merely performing "sheet
metal integration" of point products. In short, they need
to offer the same levels of security efficacy as the
primary gateway does. Having a subpar configuration
and protection capability for branches is not
acceptable today.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 3 de 70

As more organizations are moving strategic workloads to the public cloud. Magic Quadrant Figure 1. Some don't offer the same level of inspection that on-premises firewalls do. vendor offerings to AWS and Microsoft Azure are uneven. Key to these roadmaps will be more automated firewall policy orchestration that will enable organizations to realize the agility and business benefits that SDN promises. firewalls are becoming important vehicles for TLS termination. Magic Quadrant for Enterprise Network Firewalls file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. principles of software-defined networking (SDN) and east-west microsegmentation. such as downloading of malicious binaries and botnet command and control.Gartner Reprint 15/12/17 14(05 In addition. However. Leading-edge customers are planning.webarchive Página 4 de 70 . These customers seek vendors with some SDN support and forward-looking SDN roadmaps. and sometimes implementing. Today. Enterprise firewall vendors must improve in these areas to remain relevant in the hybrid cloud era. and they all lack sufficient policy automation. customers that enable this capability are still frustrated by the substantial performance burden that in-firewall TLS decryption imposes. an increasing number of them wish to protect those workloads with their incumbent enterprise firewall vendor. The primary use case is to inspect outbound traffic for threats. TLS capabilities also allow them to act as a lightweight data loss prevention (DLP) tool as they decrypt and inspect outbound traffic to ensure that sensitive data is not wrongly sent out.

four of which were introduced in 2016. distributed denial of service (DDoS) attack mitigation. It offers 12 UTM and firewall models for SMBs and enterprises. threat intelligence and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. but has only a limited presence in other East Asian nations. which is a South Korean certification. The AhnLab product portfolio includes firewalls. advanced threat defense. especially in the government and financial verticals. It has sold firewalls since 2007 under the TrusGuard product line.webarchive Página 5 de 70 . NSS Labs or FIPS PUB 140-2). AhnLab enjoys sizable in-country market share. but does not have other third-party evaluations (such as ICSA Labs.Gartner Reprint 15/12/17 14(05 Source: Gartner (July 2017) Vendor Strengths and Cautions AhnLab Headquartered in South Korea. The firewall is Common Criteria-certified EAL4 and TTA IPv6-verified.

and therefore has no offering for SDN frameworks or for infrastructure as a service (IaaS) platforms such as AWS. Capabilities: AhnLab includes URL filtering and file reputation checks for free with its TrusGuard firewalls. especially those using or considering its endpoint solutions. AhnLab is one of a few East Asian vendors with a local certification. It also offers managed security services and forensic and incident response services. This is powered by the vendor's proprietary cloud-maintained malicious URL database and reputation files. Product Offering: AhnLab's network security solutions provide existing endpoint security customers with a single vendor option to maintain the existing vendor relationship and to reduce multivendor management challenges. with a significant local sales and support presence. which is significant in South Korea. AhnLab is not at parity with global or most regional competitors in advanced features.Gartner Reprint 15/12/17 14(05 endpoint security solutions. AhnLab has a limited regional presence. CAUTIONS Product Offering: AhnLab still does not offer a virtual firewall. multiple virtual firewall model support and public cloud deployment support) that are provided in most other vendors' firewalls and are significant for enterprise customers. Outside of South Korea. STRENGTHS Sales Execution: AhnLab is an established endpoint and network security player in South Korea. Microsoft Azure or local file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 6 de 70 . AhnLab is a good shortlist candidate for South Korean enterprises. which number well over a billion. Its firewalls lack some important features (SDN support.

The vendor has a limited global presence concentrated in Western and Central Europe and North America. AhnLab was not listed by any vendor we surveyed as a significant enterprise competitive threat. California. backup and load balancing controls.webarchive Página 7 de 70 . During the evaluation period for this Magic Quadrant. data archiving. Windows. In addition. the vendor also released Zero Touch Deployment service for the F- Series firewalls to eliminate deployment complexity. It lacks a file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The lack of a cloud version makes deploying and supporting MDS more difficult and expensive for customers than it is with leading competitors. providing HTTPS- based access to the network and zero configuration rollout of transparent VPN to end users. the vendor released separate hardware appliance models SC1/F15/F82/F18 3/F800 Revision C Series/F900 Revision B Series and multiple virtual appliance models. Virtual firewalls and public cloud/SDN support are offered by almost all competitors. including most regional ones. It has a broad product portfolio including security. Barracuda Networks Barracuda Networks is headquartered in Campbell. iOS and Android. Gartner sees Barracuda Networks mostly in public clouds and distributed office use cases. it released the CudaLaunch App for macOS. Product Strategy: The Malware Defense System (MDS) is offered only as an appliance. Geographic Strategy: TrusGuard firewalls are not present on Gartner client shortlists outside South Korea. In 2016.Gartner Reprint 15/12/17 14(05 public clouds. It has a legacy of selling products to the SMB market with an easy-to-use interface and affordable pricing.

Enterprises should check local value-added reseller (VAR) availability and direct services in the region before adopting it. In 2016.Gartner Reprint 15/12/17 14(05 strong global channel presence and innovation for large enterprises outside the distributed enterprise use case. Surveyed end users cite the ease of contacting Barracuda technical support to get their issues resolved in a friendly and thorough manner. with support for all the major public cloud platforms such as Microsoft Azure.webarchive Página 8 de 70 . Technology Partner Ecosystem: Barracuda has multiple OEM partnerships. Offering: Barracuda has a strong presence in the public cloud. With the release of the CudaLaunch app in 2016. it also acquired the Sookasa file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. which provides centrally managed network access along with a host-based firewall. AWS and VMware vCloud Air. It is also a good candidate for distributed enterprises that want site-to-site VPN connectivity through multiple tunnels. such as IBM ISS for its URL filtering database and Trend Micro for IPS signatures. Barracuda also offers a VPN client for Windows. As a result. STRENGTHS Technical Support: Barracuda technical support is always rated high and mentioned as a key strength by end users and VARs. it has extended its managed VPN feature to iOS and Android mobile devices. it extended this support to Google Cloud Platform. Gartner has observed that its main presence is in distributed enterprise use cases with multiple site-to-site VPN tunnels. Features: Barracuda offers strong VPN connectivity with enhanced monitoring and deployment features. In 2016. Barracuda should be considered by enterprises that have a cloud infrastructure and want to secure it.

webarchive Página 9 de 70 . It is less visible in large data centers and large enterprise use cases. This creates problems with the VARs that have sold those EOL products to end users. Web Security Gateway and Email Security Gateway. Barracuda also has partnerships with major public cloud platforms including Microsoft Azure. Marketing Execution: Surveyed customers have cited that the vendor does not communicate its roadmap and future enhancements clearly to end users. It also offers the capability to dynamically change QoS for live open sessions. VMware vCloud Air and Google Cloud Platform. hence. Technical Architecture: Despite Barracuda selling multiple products such as Web Application Firewall. it still lacks a centralized management platform to monitor and operate all the products from a single console. VMware NSX. Product Execution: Barracuda offers quality of service (QoS) policy selection at the rule level. they are not aware of the vendor's product vision. Citrix XenServer and Open Xen. along with firewalls. Channel Execution: Surveyed VARs have reported that Barracuda does not provide sufficient notice before announcing a product's end of life (EOL). AWS. and virtualization platform providers including Microsoft Hyper-V. KVM. CAUTIONS Sales Execution: Gartner has observed Barracuda's NextGen Firewalls typically being adopted for public cloud and distributed branch-office enterprise use cases.Gartner Reprint 15/12/17 14(05 CASB solution. such as to prioritize Office 365 and Salesforce. These partnerships have enabled Barracuda to offer better features and services to its clients. This does not give file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This provides easy allocation of QoS features to its traffic dynamically.

10 with improvements to the management console. other than to maintain a single vendor relationship. Enterprise firewalls include the 5000. Also released was SandBlast Cloud to scan Microsoft Office 365 email traffic. In 2016. and 23500 and 23800 for data centers. Co-headquartered in Tel Aviv. and the availability of R80. Gartner has observed many enterprises in Asia mentioning EAL4 certification as a selection criterion. including next-generation security gateway appliances and endpoint.300 employees in R&D. Israel and San Carlos. providing protection against file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. California. Certification: Barracuda firewalls lack Common Criteria EAL4 certification. performance and SandBlast Anti- Ransomware. Recent news include the introduction of new 44000 and 64000 high-end platforms. cloud and mobile security solutions. 44000 and 64000 series of appliances. while the majority of firewall vendors have attained such certification. The vendor is providing a variety of solutions.Gartner Reprint 15/12/17 14(05 an ease of management advantage to those Barracuda clients that use multiple Barracuda product lines. as well SandBlast Cloud for SaaS applications. the release of vSEC for the Google Cloud platform. 23000. Check Point Software Technologies Check Point Software Technologies is a leading network firewall vendor. including 15400 and 15600 for large enterprises. Cloud security is provided through vSEC for private and public cloud. Check Point made available a number of models.webarchive Página 10 de 70 . with more than 1. 15000. Check Point is a large pure-play security vendor. Endpoint security products include SandBlast Agent and mobile security products include Check Point Capsule and SandBlast Mobile.

Check Point recently introduced Check Point Infinity security architecture. The vendor has also recently expanded its cloud security offering with a cloud-based malware detection service that can be integrated in front of SaaS email offerings. cloud and mobile. STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Check Point offers its firewall over AWS and Microsoft Azure for public cloud support. including advanced malware protection (Threat Emulation and Threat Extraction) and multiple threat intelligence feeds (ThreatCloud IntelliStore and Anti- Bot). Its firewall product meets all the enterprise deployment use cases with the breadth of models and features.webarchive Página 11 de 70 . both for endpoint and browser protection. along with the R80 release. a consolidated security across networks. virtual data centers and cloud. Software Blade) to augment its firewall gateway. and continues to lead in market share for firewall equipment. In 2016. Check Point offers numerous subscriptions (e. Check Point's firewalls should be shortlisted by enterprises for which price sensitivity is not as important as granular security features such as high- quality central management for complex networks. It continues to lead in multiple features such as simplified centralized management and granular role-based administration.. Check Point is one of the largest security vendors. the SandBlast Agent was made available.g. Check Point continues as a Leader in the enterprise firewall space. It is a good candidate for enterprises running hybrid networks with a mix of on-premises. and integrates with VMware NSX and Cisco Application Centric Infrastructure (ACI) for SDN use cases.Gartner Reprint 15/12/17 14(05 ransomware.

This makes it a strong enterprise firewall vendor capable of meeting different enterprise deployment use cases. It also offers a mobile security solution. This makes the vendor a shortlist candidate for enterprises looking for an integrated and consolidated approach to their perimeter. and networking and managed services. URL filtering and DLP. 21000. Features: Check Point's enterprise firewalls offer strong web filtering capabilities with a combination of application control. Gartner strongly believes that security vendors should be able to identify and build product support and integration capabilities with the right technology providers to enhance their product offerings. Cisco ACI. 41000 and 61000 series of appliances. through its partner program. Google Cloud and Azure to support public cloud and highly virtualized infrastructure. Product Execution: Check Point offers a large number of firewall models to meet the requirements of all enterprise network types. the vendor extended the integration capabilities for its vSEC virtual appliance line for VMware. It allows end file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. server. which consists of a software container called Capsule (Workspace. 15000. mobile and endpoint. Hyper-V. and Capsule Connect/VPN. Docs and Cloud) for both iOS and Android. OpenStack. KVM. Mobile Threat Prevention. AWS. It offers mature URL filtering capabilities with multiple end- user block and information pages. 23000. Check Point also has a strong and well-established channel globally. Enterprise firewalls include the 12000. 13000.webarchive Página 12 de 70 .Gartner Reprint 15/12/17 14(05 Offerings: Check Point offers a large breadth of security products covering network. endpoint and mobile security based on the maturity on their enterprise security. Partners: Check Point has built a strong ecosystem of technology partners including software. In 2016.

especially in high-compliance environments. Features: Although Check Point has partnered with multiple CASB solution providers. Clients frequently comment that the Check Point roadmap aligns very well to their enterprise needs of tomorrow. such as deployments by very large enterprises and organizations that need formal approval workflow. imbuing strong client retention.Gartner Reprint 15/12/17 14(05 users to explain their reason to bypass policy. while educating them on internet risk and corporate usage policies. Surveyed Check Point clients have also highlighted this and stated that the vendor needs to improve its delivery capabilities on new releases for a smoother customer experience. This makes these firewalls a desirable candidate for enterprises that are considering consolidating their web proxy and require granular web filtering capabilities in their firewall. Even the surveyed VARs and customers have rated this to be the vendor's strongest feature. CAUTIONS Delivery: Existing Check Point clients have often reported that their major firmware releases require jumbo hot fixes and take considerable time to become stable. including FireLayers. robust centralized management offering. Central Management: Check Point continues to lead the market with its strong. are subject to compliance that requires reliable reporting or have large operations teams. It also offers a user check feature to alert users in real time about their application access limitations.webarchive Página 13 de 70 . it still file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and competitors acknowledge Check Point's leadership in this domain. which makes it a desirable vendor for complex firewall policy environments. have complex topologies. Avanan and Microsoft (Adallom). Both application control and URL filtering operations can be performed within the same rule.

Gartner has gradually observed more enterprises considering CASB as a firewall-attached cloud service. which leads to confusion in its messaging in the market. especially if the issue is escalated to a higher level of support and is not communicated well to clients. despite innovating in the threat detection and mobile security spaces. California. Gartner clients often consider Check Point as a "traditional" firewall vendor. Technical Support: Gartner still receives anecdotal feedback from existing Check Point clients that it lacks prompt support.Gartner Reprint 15/12/17 14(05 lacks a built-in CASB feature for granular control and monitoring of growing SaaS applications. Surveyed VARs have also scored the vendor lower on marketing and stated that it requires better product marketing to compete with its competitors. which exists file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. clients that need best-in-class security get what they pay for. Check Point is working toward opening more technical assistance centers (TACs) across the globe for direct availability in different regions. Even the surveyed VARs have reported that the vendor lacks prompt technical support for higher-level support issues.webarchive Página 14 de 70 . Sales Execution/Pricing: Check Point's firewalls are perceived as high-priced solutions. based in San Jose. is the largest networking infrastructure vendor with a broad security portfolio. and some customers have expressed surprise at perceived higher-than-expected renewal costs. Marketing Execution: Check Point lacks proper marketing execution. however. Its main product line that includes all new releases is Cisco Firepower NGFW. Cisco Cisco. as a feature leader. or a notable absence especially when releasing interesting new features.

In addition.Gartner Reprint 15/12/17 14(05 alongside the older Adaptive Security Appliance (ASA) product line and the Meraki range for smaller organizations. Cisco Defense Orchestrator (CDO) enables cloud-based. so some clients should expect to have to maintain CSM as part of one firewall replacement life cycle. Cisco also completed the acquisition of Cloudlock. low-touch management visibility and orchestration across distributed environments. including NGIPS.webarchive Página 15 de 70 . on-box device manager for Cisco Firepower NGFWs and replacement for Adaptive Security Device Manager (ASDM) in managing ASA 5500-X series devices. Cisco is a good shortlist candidate for most enterprise use cases. Cisco offers a range of services on its firewall line. Cisco's recent enterprise firewall news includes the release of its 2100 series. Cisco is executing well in sales and meeting its roadmap execution goals. URL filtering. cloud-based sandboxing and the Advanced Malware Protection (AMP) network. its CASB product. but Gartner does not often see Cisco enterprise firewalls selected on the basis of features or vision. email security. network access control and CASB. network traffic analysis (Stealthwatch). which claims to process traffic more efficiently. Some in-service ASA appliances do not support FMC for complete management. Cisco has two virtual firewalls — the ASAv and NGFWv. secure web gateway. For Cisco deployments with a mix of newer and older firewalls. Cisco has a broad portfolio of additional products that includes advanced endpoint security. particularly when enterprises want to deploy a broad set of security services that interact file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and the release of Firepower Device Manager (FDM). a web-based. In addition. In addition. Firepower Management Center (FMC) and Cisco Security Manager (CSM) are available.

Gartner sees AMP for Endpoints included in more new deals than it sees endpoint advanced threat detection attached for competitors. which is a simplified approach to policy management across NGFW. The vendor has strong channels. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 with the firewall.webarchive Página 16 de 70 . a level of integration that some competitors lack. Capabilities: Cisco stakeholders like Cisco Defense Orchestrator. Advanced Threat Protection: Surveyed customers and partners value the integration between AMP for Networks and AMP for Endpoints. and sees continued momentum for the Cisco Security Enterprise License Agreement (ELA). which is good for organizations that want a single vendor multiproduct solution that provides for staged deployment and product flexibility. broad geographic support and wide availability of other security products. Portfolio: Gartner clients and surveyed Cisco partners value the integration of the Firepower NGFW enterprise firewall with existing and emerging elements of Cisco's enterprise security portfolio. Distributed enterprises use it to gain policy visibility and control across enterprise and mobile/cloud edge security safeguards. and it is an oft-cited reason for loyalty to Cisco security products. STRENGTHS Sales Execution: Gartner sees Cisco firewalls on an increasing number of shortlists. Customer Experience: Gartner clients consistently rate the Cisco support network as excellent. customers can move resources around and even add security services as their needs change and grow. Under the terms of the Cisco Security ELA. ASA and Umbrella.

Forcepoint (formerly Raytheon|Websense) is a pure-play security vendor. Customer Experience: Surveyed customers and partners cite complex and confusing licensing as a significant negative when they attempt to deploy. citing increased complexity of central management. web and email security gateways (Forcepoint Web Security and Forcepoint Email Security). Product Strategy: For the evaluation period. This was a competitive disadvantage.webarchive Página 17 de 70 . Cisco's product was the most frequently listed as the one that vendors claimed to replace the most. Forcepoint Based in Austin. Cisco's current messaging around its network security platform confuses Gartner clients that see instead a list of many products. a data loss prevention offering (Forcepoint DLP). It offers a firewall (Forcepoint NGFW). launched in 2001. and caused some Cisco firewall customers to switch to other vendors. so Cisco could not participate in NSX-led SDN projects. Product Execution: Cisco customers and partners complain about configuration and management difficulties caused by the Java ASDM on-device management graphical user interface (GUI) that persists on in-support ASA models.Gartner Reprint 15/12/17 14(05 Management: Gartner clients and surveyed customers dislike having to continue to use CSM to manage some models and FMC to manage others. Cisco firewalls did not yet integrate with VMware NSX. A signed agreement between Cisco and VMware is now in place. Texas. alter or renew their Cisco firewall and associated portfolio licenses. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. an insider threat solution (Forcepoint Insider Threat) and a cloud access security broker offering (Forcepoint CASB. Sales Execution: In the survey sent to enterprise firewall vendors.

Gartner Reprint 15/12/17 14(05

recently acquired from Imperva). The vendor has more
than 2,000 employees. The Forcepoint NGFW product
line was acquired from Intel Security in January 2016,
along with the McAfee Firewall Enterprise (Sidewinder
was part of the Secure Computing acquisition by
McAfee in 2008).

Forcepoint recent news includes the availability of the
NGFW offering on AWS, the addition of the Sidewinder
proxies on the Forcepoint NGFW and the possibility of
tunneling web traffic to the Forcepoint cloud-based
secure web gateway (Forcepoint Web Security Cloud).

Forcepoint has demonstrated consistently good
feature quality and an expanded capacity to execute
on its roadmap. The vendor is a valid shortlist
candidate on enterprise firewall shortlists for
distributed organizations.
Product Vision: Forcepoint offers multiple solutions
that have the ability to augment firewall capabilities.
The vendor has started with the integration of the
ThreatSeeker threat intelligence feed, and the ability
to tunnel web traffic to the Forcepoint Web Security
Cloud solution.

Customer Experience: Customers give excellent
scores to the centralized management console
(Forcepoint Management Center [SMC]) and high
availability. Forcepoint scores comparatively high for
the quality of its hardware.

Capabilities: Independent tests grant Forcepoint
NGFW better results for attack detection than some
of the Leaders evaluated in this research. The vendor
has an historical focus on building detection engines
resistant to evasion techniques.

Ease of Use: A zero-touch deployment is available
for Forcepoint NGFW. The filtering policy commit
process integrates an optional approval workflow.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 18 de 70

Gartner Reprint 15/12/17 14(05

SMC includes easy-to-use filters and visualizations
to ease the analysis of incidents.

Geographic Strategy: Forcepoint is visible on
distributed organizations' shortlists in Europe,
especially for local government agencies. Two of its
three R&D centers for firewall development are
located there.
Geographic Strategy: Forcepoint NGFW continues to
have much lower visibility among enterprise firewall
buyers in North America and the Asia/Pacific region
than in Europe. Its channel is relatively small
compared to many of its competitors.

Market Responsiveness: Forcepoint has just
released cloud-based sandboxing, six years after the
first vendor evaluated in this market. It has only
recently added Geo-IP and IP reputation in the
filtering policy. Integration of Sidewinder proxies into
the NGFW is also very recent.

Market Segmentation: Forcepoint offers a smaller
number of firewall appliances than its leading
competitor. It lacks the entry-level devices that suit
the needs of the smallest branches. Embedded web
management for one device is not feature-complete,
forcing clients with a single location to learn the
more comprehensive SMC.
Capabilities: Forcepoint's firewall offering does not
yet fully integrate with the recently acquired
Forcepoint CASB.

Product: Forcepoint NGFW's high availability is less
appealing for SDN and IaaS use cases, where part of
the resiliency requirements are handled by the
infrastructure. Forcepoint NGFW is not yet available
on Microsoft Azure. Forcepoint lags behind the
competition on integration with AWS services and
SDN vendors.
file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 19 de 70

Gartner Reprint 15/12/17 14(05

Fortinet is a large network and security vendor, with
more than 4,600 employees, based in Sunnyvale,
California. Its main product line is the FortiGate
firewall, which represented roughly 75% of its total
revenue in 2016. The vendor offers other products,
such as a wireless LAN (FortiAP) and web application
firewall (FortiWeb). Its more recent marketing
message highlights the Security Fabric concept,
focused on cross-device integration to improve overall
visibility and provide additional control options.

Fortinet recent news includes more models of its E
Series, which benefits from the latest generation of
Fortinet Security Processors (SPU). Fortinet also
acquired AccelOps and rebranded it FortiSIEM. Latest
releases include several features related to the
Security Fabric, with traffic forwarding between
Fortinet appliances, unified visibility and tighter
integration with FortiClient endpoints. Fortinet also
recently announced availability of FortiCASB, its
firewall-attached offering for SaaS security.

Fortinet has introduced important new product
functionalities and has made product and marketing
strategy improvements. The vendor is a good shortlist
candidate for all enterprise firewall appliance use
cases, especially when price/performance is rated high
in the evaluation.
Marketing Execution: Fortinet has improved its
visibility in final two vendor shortlists for enterprise
firewalls, being frequently the finalist against one of
the other two leaders. Surveyed channel partners
acclaim Fortinet's assistance during RFP and

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 20 de 70

Market Segmentation: Fortinet's latest chassis models (7000 Series) reinforce its ability to serve the performance required in large data centers. some prospective customers with high-risk exposure still express doubts regarding Fortinet's ability to meet their security requirements. Several of its resellers also offer products from one of the other Leaders in this Magic Quadrant and select Fortinet for its primary "fast firewall" use case. Despite a good security score in independent testing.Gartner Reprint 15/12/17 14(05 Sales Strategy: Fortinet excels in providing the best price/performance offers. Customer Experience: Fortinet's clients gives excellent scores to its firewall performance and hardware quality. and the feature has received few improvements since its first release. at the expense of other areas. good total cost of ownership for bundles and a flexible discount strategy.webarchive Página 21 de 70 . Capabilities: Except for performance. The vendor grows much faster than the market average. relying on the combined use of an extensive appliance portfolio. Fortinet customers also mentioned ease of deployment as a strong point. Marketing Execution: Fortinet fails to move its brand out of the "good enough vendor" zone. Capabilities: Customers not using centralized management tools liked the improved visibility they get from the FortiView reports. CAUTIONS Product Strategy: Fortinet focuses most of its development resources on integrating its existing solutions together (Security Fabric). Fortinet often file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The vendor's investment lags behind the competition in IaaS/SaaS and advanced threat endpoint security. Its attach rate for cloud-based sandboxing is low.

The vendor is an established network security player offering perimeter. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. URL filtering for HTTPS traffic. management. cloud and server security solutions. sandboxing) are heavily weighted. it introduced a few major features such as cloud sandboxing. Hillstone firewalls are a good candidate for enterprises with hybrid networks. Management: Centralized and cloud-based management have made insufficient progress to positively influence Fortinet's score during technical evaluation. Customer Experience: Fortinet does not offer the direct vendor support and premium subscriptions that large enterprise clients might require. VPN. Hillstone Hillstone is headquartered in Beijing. and Latin America. with regional headquarters in Sunnyvale. application control. Client feedback on support is directly impacted by the quality of the channel partner: It gets an average score. and TLS/SSL offloading and enhancement of its existing features. the Middle East and Africa. such as on-premises. such as South East Asia. California. Hillstone is one of the few Chinese network security vendors that is gradually expanding in other regions outside China. It continues to focus on expanding in different regions along with the Chinese market. Customers also report that firmware upgrades and new features might be unequal in quality. cloud and virtualized environments in the abovementioned regions.Gartner Reprint 15/12/17 14(05 comes in second in technical evaluations to one of its direct competitors when core features (IPS.webarchive Página 22 de 70 . In 2016. China.

interfaces and VLAN. protocols. Surveyed partners have rated Hillstone's abnormal behavior detection network traffic analysis feature as one of the product's strengths. Huawei Cloud. China Telecom and China Mobile). Feature enhancements such as link load balancing and granular QoS are more useful for carrier use cases. It can perform functions like link aggregation.webarchive Página 23 de 70 . intelligent DNS. Features: Hillstone has enhanced its link load balancing feature to make it more intelligent and granular. Surveyed VARs have reported this as one of the strongest product features. schedule-based QoS feature with controls that can be applied to IP. including carrier cloud (China Unicom. Public Clouds: Hillstone's virtual CloudEdge firewalls support all the major regional local cloud platforms in China. and offerings such as CloudHive and CloudEdge (with support for multivendor public clouds) are best for cloud infrastructure and hybrid enterprise network use cases. This makes Hillstone a desirable shortlist candidate for enterprises with hybrid networks. for dynamic link selection. zones. The vendor introduced SSL offloading and cloud-based network sandboxing features in 2016 to support typical enterprise network perimeter use cases. The vendor offers a granular.. DNS domain redirection. as they can have a single vendor relationship. Jindong Cloud. AliCloud and other global public file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. users. This offers enterprises the ability to implement tight QoS controls over their traffic. ECMP.Gartner Reprint 15/12/17 14(05 STRENGTHS Product Strategy: Hillstone product offerings and feature enhancements meet all the enterprise use cases more focused toward carrier and cloud infrastructure networks with virtualized environments. etc. ISP routing.

This makes it a good shortlist candidate for organizations with hybrid networks. CAUTIONS Marketing Execution: Surveyed partners have indicated that Hillstone lacks marketing and brand recognition outside China. enterprises are gradually more often looking for a vendor that offers such a feature. Gartner believes the vendor needs to focus more on strong marketing to build a strong brand in the regions it wants to expand in. which is offered by most international vendors against which Hillstone competes in the international market.Gartner Reprint 15/12/17 14(05 clouds like AWS and Azure. whereas with the increase in adoption of SaaS applications. Product Execution: Hillstone only offers cloud-based network sandboxing and does not offer it as a separate appliance. where there are multiple strong firewall vendors with strong marketing. Gartner has observed many enterprises with large data centers that want to build a private cloud for scanning their traffic against advanced malware seek an on-premises network file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Segmentation: Hillstone CloudHive offers a microsegmentation solution for virtual VMware networks along with CloudEdge virtual firewalls for the networks over the cloud.webarchive Página 24 de 70 . Features: Hillstone lacks any integration with CASBs and does not offer advanced SaaS monitoring and control functionality. Product Strategy: Hillstone does not offer anti-spam for emails and SD-WAN capabilities. It does not offer any specific reports for SaaS applications. This offering makes Hillstone a strong vendor for cloud security use cases.

Firewall and related security services can be used via the USG6000V virtual gateway to implement virtual multitenant separation. especially enterprises with high- performance needs. This will lead such enterprises to select a different vendor. China-based Huawei has been shipping firewall products for more than a decade. Huawei Shenzhen.webarchive Página 25 de 70 . STRENGTHS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and offers a variety of other network security appliances. Huawei has executed a fast ramp-up in market presence. however. eSight and Agile Controller are the central management platforms that support the USG line. Huawei is a relevant shortlist candidate for value- conscious enterprises located in the Asia/Pacific region or EMEA.Gartner Reprint 15/12/17 14(05 sandboxing appliance. at the Evaluation Assurance Level (EAL) 4+ under Common Criteria and by NSS Labs. and Eudemon is the model line for carriers and service providers. particularly in EMEA. Huawei USG firewalls have been certified by ICSA. as Hillstone does not offer this. and for customers that already have Huawei products and wish to expand their business to firewalls. including anti-DDoS and IPS. The range of firewall appliances and models is extensive. as opposed to a cloud service. Unified Security Gateway (USG) is the primary enterprise line. Huawei released four new models during the Magic Quadrant evaluation period. Recent features include Cloud Application Security Awareness (CASA) and TLS/SSL decryption enhancements. especially for higher- throughput options. we still do not see it frequently displacing Leaders or other Challengers based on vision or features.

Marketing Execution: Huawei has limited file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. it does not release new capabilities as fast as its leading competitors. Portfolio Strategy: Customers with networks based primarily on Huawei infrastructure products can include Huawei firewalls on their shortlists. demonstrating new perceived value. CAUTIONS Product Strategy: Although Huawei has broadened its support in public and private cloud. Geographic Strategy: Huawei has developed a strong channel in EMEA. support for AWS and Xen public clouds. Thus. the vendor has seen significant growth in the region. Product Execution: Huawei still does not offer a virtual firewall compatible with Microsoft Azure. While these features did not lead the market.webarchive Página 26 de 70 . including cloud-based advanced threat detection. Huawei customers like that firewalls are well-integrated with their infrastructure components. Gartner clients that want first-to-market security capabilities do not often consider Huawei USG as a shortlist candidate. they helped Huawei gain feature parity or near parity with some competitors. one of Huawei's targeted growth regions. Huawei users comment that they would like enhanced reporting and a better GUI.Gartner Reprint 15/12/17 14(05 Marketing and Sales Execution: Huawei's firewall sales greatly outgrew the overall enterprise firewall market during the evaluation period. Product Execution: Huawei released several important new features during the evaluation period. and has worked hard to meet regulatory and customer requirements there. which is a requirement for a growing number of customers in EMEA. and SDN capabilities. which accounts for a significant portion of its firewall revenue.

The vendor has taken considerable steps to address concerns about relying on technology developed in China. however. In addition. the SRX Series. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Juniper Networks Based in Sunnyvale. integrated IPS. Juniper offers AppSecure for application control and visibility.Gartner Reprint 15/12/17 14(05 competitive visibility outside the Asia/Pacific region and EMEA. The cSRX is a firewall that can protect containerized environments. Juniper's recent enterprise firewall news includes an expansion of its SDSN partner infrastructure to build out SDSN with CASB. Juniper serves incumbent Juniper infrastructure customers well with a product with good security features. Juniper also recently introduced the SRX 4100 and 4200. whether it is Juniper or another vendor. which aims to integrate security into all elements of the network infrastructure.webarchive Página 27 de 70 . but it has had difficulty executing in sales. and a new cloud-based anti-malware service (Sky Advanced Threat Protection [ATP]). Juniper just announced that its SDSN Policy Enforcer can now detect threats and enforce policy to non-Juniper switches. Juniper is a sizable networking infrastructure vendor with a long history of providing network security capabilities. Its physical enterprise firewall line. in order to minimize the impact of any compromised device. this concern continues to be a security sales challenge in some markets. two midrange enterprise firewalls. Juniper has an initiative called Software-Defined Secure Networks (SDSN). access and endpoint security solutions. Its Junos Space Security Director is the central management platform. integrated threat intelligence feeds. Juniper has two virtual firewalls — vSRX and cSRX. especially North America. And finally. California. and Gartner sees it being displaced more often than it is selected in competitive situations. comprises 11 models.

Continued emphasis on these items will encourage more existing customers to stick with Juniper and. if this marketing execution is consistent and sustained.webarchive Página 28 de 70 . supporting it with its developing SDSN schema. Marketing Execution: During this Magic Quadrant evaluation period. cSRX and the Juniper Contrail SDN framework. STRENGTHS Product Execution: Surveyed customers and partners often note satisfaction with the SRX's ease of configuration and rich interface. often citing these as primary reasons for selection and continued usage. Product Performance: Good options exist for high- throughput. Product Strategy: Juniper has a strong SDN security story around vSRX. purpose-built appliances. It is also suitable for enterprises buying security and networking in the same buying center. and is cited for strong clustering and advanced routing capabilities. CAUTIONS file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. The vSRX offering is highly rated for performance relative to other virtual firewalls. The vendor is unique among its competitors in offering a container-focused firewall. could inspire potential prospects to evaluate the SRX line. because Gartner sees Juniper often deployed in large data centers. Juniper has a strong range of branch-office firewalls complementing its enterprise products. Gartner began to see awareness of Sky ATP and other advanced security functions and roadmap items among the Juniper ecosystem. especially in the higher-end SRX models.Gartner Reprint 15/12/17 14(05 Juniper is a good shortlist candidate for enterprises that desire high throughput at a low price and the ability for the firewall to support advanced routing scenarios. These branch-office firewalls include WAN and cellular backup technologies.

While New H3C Group is focusing more on introducing new product offerings for different growing markets. WLAN products and management products. and demonstrate that it can win back customers and market share with its newer capabilities. The vendor must more effectively address fundamental sales challenges. China. Until 2016. routers. it operated as a subsidiary of Hewlett Packard Enterprise (HPE) and now is a part of UniGroup.Gartner Reprint 15/12/17 14(05 Innovation: Gartner clients and surveyed customers and partners perceive that Juniper lags behind its major competitors in releasing new security features. switches. Gartner clients lack confidence in Juniper's security strategy. Sales Execution: Juniper has continued losing security market share in the past year. including security products that also cover firewalls. although Azure and VMware NSX integration were announced during the evaluation period. It is a strong infrastructure vendor in China with a large portfolio. New H3C Group New H3C Group was established in November 2003 and is headquartered in Hangzhou. Product Strategy: Gartner believes that most enterprises want an operating system in their security products that differs from the one in network infrastructure components.webarchive Página 29 de 70 . the new roadmap direction for Juniper security solutions is very encouraging to Gartner. cloud computing products. As a result. Product Execution: Juniper has been late to market compared to competitors in areas such as public cloud support and VMware NSX integration. and has experienced declining year-over-year revenue in a growing market. however. it lacks the market understanding and strong product file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

webarchive Página 30 de 70 . It includes the function modules IPS Manager. The vendor is a regional Chinese player. S7500E. These FW modules help customers extend network security capabilities within their existing H3C switches and routers. providing centralized management of a variety of devices. storage products. S9500E or S12500) and routers (SR6600 and SR8800). security products. This gives an advantage to end users that want to maintain a single vendor relationship for their broad range of infrastructure products. It offers a range of solutions for data centers. UTM Manager. Security Architecture: The vendor offers H3C SecCenter Management Center for centrally managing the security devices on a network. Firewall Manager and intelligent Traffic Analysis System (iTAS).Gartner Reprint 15/12/17 14(05 strategy for meeting all enterprise firewall use cases and lacks multiple built-in security features. strong firewall with basic security features. cloud infrastructure and big data. SD-WAN capabilities and SaaS application monitoring. networking and software. which the majority of competitors in the region offer. with a presence only in China. Offering: New H3C Group also offers H3C SecBlade FW modules. The vendor's firewalls should be considered by clients based in China that are already using its products and looking for a high-performance. Product offerings include servers. Customer Experience: Surveyed clients have highly rated the Intelligent Flow Forwarding (IFF) and Security One Platform (SOP) features of the M9000 file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. which can be used on H3C switches (S5800. STRENGTHS Portfolio: New H3C Group has a large portfolio of products and offerings. This gives an advantage to existing customers. such as network sandboxing.

which is offered by a majority of firewall vendors.Gartner Reprint 15/12/17 14(05 Series Multi Service Security Gateways. Product Strategy: New H3C Group's firewall offerings and feature enhancements are more focused on carrier and large data center use cases that operate in highly virtualized environments. Clients have reported these features to be effective in a highly virtualized live environment. especially perimeter security for enterprises.webarchive Página 31 de 70 . This has led to a lack of focus on meeting all enterprise firewall use cases. This shows commitment from the vendor to deliver reliable products and services to the market. along with support for SDN. as opposed to being an add-on feature of their existing firewalls. As per the vendor. the IFF feature is designed to implement distributed traffic flow and the SOP feature offers a virtual firewall function using container-based virtualization technology. Capabilities: Since New H3C Group is a large infrastructure vendor. CAUTIONS Marketing Execution: The vendor's firewalls lacks recognition and brand value in its local market. including those in China. Features: The vendor's firewalls lack an advanced malware network sandboxing feature. it has invested a large amount to develop a high-end testing center and lab with enhanced testing capabilities. New H3C Group does not offer any CASB integration and lacks SaaS monitoring and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Surveyed VARs have also reported that the vendor lacks brand recognition and needs better product marketing compared to other local Chinese vendors. This leaves customers to go with a separate vendor for advanced malware capabilities.

STRENGTHS Marketing Execution: Palo Alto Networks is the pure- play security vendor with the highest visibility on enterprise firewall shortlists. with more than 4. Its offerings include enterprise firewall physical and virtual appliances. with the 5220. It has also released a new entry-level hardware model (PA-220). California. Palo Alto Networks is a solid contender for all enterprises.4 billion. Presales support is file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. two new intermediate appliances (PA-800 Series) and has refreshed its 5000 Series. 5250 and 5260 models.webarchive Página 32 de 70 . Palo Alto Networks Palo Alto Networks is a large pure-play security vendor. which increasingly are sought by enterprises with growing adoption of SaaS applications. The vendor has recently started to highlight integrations between its solutions as a security platform. with improvements for WildFire and Panorama. Palo Alto Networks has recently released version 8 of its operating system (PAN-OS). especially when evaluations give more weight to feature and management quality than to price. The vendor is visible on shortlists across all industries. endpoint software (Traps and GlobalProtect). threat Intelligence (AutoFocus). available since 2011. and its 2016 revenue exceeded $1.000 employees. and new SaaS security and user credential protection features.Gartner Reprint 15/12/17 14(05 management features. and SaaS security (Aperture). The vendor has been shipping enterprise firewalls since 2007. and has high customer satisfaction for its application visibility capabilities. Palo Alto Networks enjoys continued success in enterprise firewall selections. based in Santa Clara.

WildFire. WildFire regional cloud options are available in Europe and Asia. the new PA-220 allows the vendor to target smaller branches. Improvements: The vendor has initiated a refresh of its firewall appliances (PA-800 Series.Gartner Reprint 15/12/17 14(05 efficient. Sales Execution: Palo Alto Networks maintains a very high growth rate. Many clients report that they will renew without performing a competitive assessment and that they recommend the product to their peers. PA-5200 Series and PA-220).000. and to the vendor's ability to meet expected performance in production environments. has the highest attach rate and the largest customer base of all vendors evaluated in this research. and the vendor very frequently comes out from shortlists with the highest overall evaluation score. with upgraded performance and a higher number of decrypted concurrent TLS connections. With a list price of $1. the vendor's sandboxing option. Combined with its automated event aggregation and filtering and drill- down options. Customer Experience: Palo Alto Networks has a faithful customer base and scores very highly for overall customer satisfaction. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. CAUTIONS Marketing Strategy: Gartner observes that Palo Alto Networks' security platform strategy may impact the vendor's development capabilities across a growing set of products that also require development for better integrating together. it makes it easy to understand application flows and related risks.webarchive Página 33 de 70 . Several clients give good scores to vendor support in North America. Capabilities: The Application Command Center (ACC) includes visibility of sanctioned and unsanctioned SaaS applications.

Despite recent improvements. Sangfor Sangfor was founded in 2000 and is headquartered in Shenzhen. Sales Execution: Price is frequently cited by Gartner clients. The release notes of the recently published PAN-OS 8.Gartner Reprint 15/12/17 14(05 Innovations: Gartner has noticed in recent years that the ability of the vendor to lead the market with in- house innovations ahead of what other vendors offer has shifted to continuous improvements combined with acquisitions of small companies filling a gap in the vendor's portfolio. especially in regions where the vendor does not provide direct vendor support.webarchive Página 34 de 70 . The vendor has a smaller market share than its direct competitors in some of the European countries and Asia. China. forcing more conservative organizations to stick with an older version for a long time. Market Responsiveness: Some clients have expressed concern about the pace of firmware releases. Panorama. especially distributed organizations. with its EMEA regional headquarters in Dubai. Customer Experience: Some clients cite that the vendor's centralized solution. Organizations from these regions should evaluate local resellers more stringently and request local references. They would like to see smaller batches of features instead of the very large updates that require more time to stabilize. resellers continue to hope for better tools when migrating from another firewall brand. Sangfor provides network security and cloud computing solutions such as Next Generation file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.0 include mentions of performance improvement for Panorama. as a reason not to select Palo Alto Networks. can become slow when managing a large number of appliances.

In addition. STRENGTHS Product Execution: Sangfor clients enjoy NGAF's ease of deployment and use. Customers and partners indicate satisfaction with other advanced features. Sangfor offers support for AWS public cloud. Recent feature releases include geoawareness and stability improvements. a unique feature among the vendors evaluated. The vendor is a good shortlist contender for Chinese customers that want WAF merged with a firewall. such as behavioral botnet detection and risk reporting. 2016 also saw the first release of virtual firewalls. It now features 17 models for China and 10 models for international customers. Sangfor SC. along with a reporting platform. the vendor has four virtual firewall models and a central management system. Sangfor started shipping its enterprise firewall product line (NGAF) in 2011. and it has some SDN capabilities. with sales and operations mostly in China. Product Strategy: Surveyed customers cite the presence of WAF as a primary motivation for selecting NGAF. and its good price/performance ratio. NGAF integrates web application firewall (WAF) functionality in the NGAF platform. Sangfor DC. SSL VPN and Hyper-Converged Infrastructure (HCI). file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. for a firewall throughput of up to 80 Gbps. which enables customers to locate threats.webarchive Página 35 de 70 .Gartner Reprint 15/12/17 14(05 Application Firewall (NGAF). WAN Optimization (WANO). Sangfor serves a narrow segment of the market. Internet Access Management (IAM). and those that want access to advanced security features faster than some other regional vendors have provided them.

webarchive Página 36 de 70 . going private and becoming a stand-alone company. SonicWall Now based in Santa Clara. SonicWall's enterprise firewall portfolio comprises a total of five physical appliances across the NSA Series. CAUTIONS Customer Experience: Some customers perceive and don't like that only Sangfor support can perform debugging and software and firmware upgrades. Geographic Strategy: Gartner does not see Sangfor firewalls often being shortlisted outside of China. Sangfor does decryption acting as a proxy. California. and the SuperMassive Series for larger enterprises and data center deployments. SonicWall has no virtual file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. SonicWall was spun out of Dell in 4Q16. Product Execution: Potential customers outside of China should first verify the availability of vendor support and product documentation for their use case. End users believe that they can't do advanced configurations without involving the vendor. which is a growing feature request among Gartner clients. and request references for organizations in the same region. aimed at midsize enterprises.Gartner Reprint 15/12/17 14(05 Customer Experience: Sangfor stakeholders give the vendor's presales and postsales customer support high marks. Internationalization and an expanded geographic presence of the Sangfor firewall product line are ongoing efforts. making it more difficult for enterprises to manage policy in a multivendor situation. Partnerships: The vendor does not have any integration with network security policy management tools. It has no on-box TLS decryption.

The vendor is a good shortlist candidate for value-conscious enterprises that desire more throughput at a reasonable price and a solid firewall appliance that is easy to manage. STRENGTHS Product Execution: Surveyed customers frequently mention the ability of the SonicWall product to meet budget and performance requirements. They also give good scores for ease of management. SonicPoints and WAN Acceleration Appliances (WXA). file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. In addition to the main GMS consoles. SonicWall is not typically visible on a large number of enterprise shortlists. This approach shows promise and early feedback is positive. SonicWall also offers GMS Analyzer and GMS Flow Server for additional reporting views. and its continued investment in channel programs may raise visibility among Gartner clients. and it does not address some enterprise data center use cases. All SonicWall firewalls now have integration with Dell Networking X-Series switches. Recent company news includes announced training and marketing enhancements to its channel programs. SonicWall recently launched its Cloud GMS management solution. Product Performance: SonicWall customers and partners note that the vendor does a very good job handling SSL/TLS decryption on-box without massive performance degradation.webarchive Página 37 de 70 . The Global Management System (GMS) is a central management platform.Gartner Reprint 15/12/17 14(05 firewall products. Product Strategy: The cloud-based Capture Advanced Threat Protection service takes a multiengine approach to advanced threat detection. Marketing Strategy: SonicWall has worked hard to rebuild its channels in order to reach more customers.

The file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. U. Sophos' portfolio now includes firewalls (XG Series and the older SG Series). and enterprise mobility management (Sophos Mobile). Sophos Sophos is a network and endpoint security vendor headquartered in Abington. Sophos Firewall Manager is the name of the centralized management software.webarchive Página 38 de 70 . Market Responsiveness: The vendor has been slow in providing differentiating new features and enhancing its existing capabilities. wireless access point (Sophos AP). The vendor has recently experienced a decline in revenue. Historically an endpoint security vendor (Sophos Endpoint Protection. and Sophos Central is the cloud-based centralized management portal for all Sophos security products. especially in its ability to inspect JavaScript to provide visibility on SaaS usage.K. Marketing Execution: Gartner less frequently sees SonicWall being shortlisted by enterprise clients. Gartner attributes some of this to the succession of ownership changes and subsequent disruptions to the company.Gartner Reprint 15/12/17 14(05 CAUTIONS Product Strategy: SonicWall's continued lack of a virtual firewall makes it increasingly less relevant to modern data center use cases as enterprises adopt public cloud IaaS and conduct private cloud projects. with more than 3. Intercept X).000 employees. Product Execution: SonicWall cloud security is less mature than its leading competitors.. including automated host quarantine and the release of a cloud-based sandbox (Sophos Sandstorm). Sophos' releases in recent months comprise evolutions of its firewall and endpoint integration.

and for existing Sophos endpoint customers. Remote Ethernet Device (RED). especially for the upper. shortlists is growing. Geographic Strategy: Sophos firewalls are visible on European client shortlists for enterprise firewalls. The vendor scores relatively higher than its competition for the value of the integration between endpoint and firewall (synchronized security). helped by its existing presence in the endpoint protection market.webarchive Página 39 de 70 . Sophos has demonstrated continued market focus and feature improvements. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.and lower-midsize enterprise organizations.S. including a dedicated offering. with easy-to-use filtering.Gartner Reprint 15/12/17 14(05 vendor also made two acquisitions of security vendors leveraging machine learning techniques (Invincea and Barricade). Sophos is worth including on enterprise firewall shortlists. STRENGTHS Marketing Execution: The vendor's revenue growth and customer retention rate are higher than the market average. Sophos' clients cite good price for value as a key factor in selecting the vendor. Sophos management console is available in many European and Asian languages. Capabilities: The Sophos XG product line includes a comprehensive set of appliances. Sophos regularly adds to its intellectual property with tactical acquisitions of technology-driven companies. Customer Experience: Clients like the short learning curve to understand the new XG management interface. for the smallest branches. Its visibility on U. Embedded and centralized reports are comprehensive and easy to navigate. The vendor has demonstrated its commitment to align the roadmap of all its product lines to its product vision of a fully integrated solution. especially when purchasing a firewall cluster.

Customer Experience: Several clients and surveyed channel partners would like to see substantial improvements in vendor support. It provides enterprise firewalls and multifunction firewalls for SMBs to EMEA organizations with its Stormshield Network Security appliances. CASB solutions for increased SaaS security. visibility and control features. Its portfolio also includes host file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. CAUTIONS Market Segmentation: Sophos' strategy focuses on enterprises with 5. and heavily distributed organizations.Gartner Reprint 15/12/17 14(05 Platform: Under the name Synchronized Security. Sophos XG lacks the ability to create virtual instances within a single physical appliance. Stormshield offers 15 physical appliances and six virtual models. Platform: Surveyed clients would like to see Sophos providing integration with leading endpoint protection platforms. Stormshield Stormshield resulted from the merger of two French security providers (Arkoon and Netasq) in 2014. Capabilities: The XG firewall is not yet available on AWS. For enterprises.webarchive Página 40 de 70 . in addition to the vendor's own solutions.000 employees or less. and lacks dedicated SaaS discovery. Its product strategy is not a good fit for very large enterprise and data center use cases. Sophos executes on a very ambitious roadmap to integrate the XG firewall with Sophos' endpoint and cloud-based management. It does not offer. Some clients in regulated environments or with compliance requirements cite the limited reports and logs. especially in providing enterprise-class responsiveness for first direct contact with the vendor. nor does it integrate with.

and it is often selected in that region because it's from a trusted European vendor. The vendor is a suitable shortlist contender for European organizations that value a dependable enterprise firewall that can integrate with same-vendor endpoint protection.Gartner Reprint 15/12/17 14(05 IPS (Stormshield Endpoint Security) and data-at-rest encryption software (Stormshield Data Security). For example. Stormshield remains primarily a solution serving clients in Western Europe. Stormshield has introduced Stormshield Management Center and Stormshield Visibility Center. Product Execution: Surveyed customers and partners tout a strong behavioral IPS that impacts firewall performance minimally (compared to competitive offerings) as a reason to buy. Company news includes an agreement with Ingram Micro to distribute Stormshield products throughout EMEA. Support: Stormshield's customers cite the value of having in-country customer support. The vendor provides virtual firewall appliances for AWS and Microsoft Azure IaaS platforms. Stormshield had early support for the European General Data Protection Regulation (GDPR) by introducing integration between its encryption solution and the firewall. which makes it a good choice for European government agencies and private organizations working with the public sector. For management and reporting.webarchive Página 41 de 70 . In addition to the new management appliances. Certified support centers are available in nine European file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Stormshield introduced a new ruggedized firewall for industrial environments during the Magic Quadrant evaluation period. STRENGTHS Compliance: Stormshield owns several regional and nationwide European certifications.

CAUTIONS Product Execution: Stormshield continues to lag behind market leaders in some functional areas — how it integrates application control in the security policy and support of only a limited number of virtual domains within a single hardware appliance. headquartered in Seattle. it released two new M models for file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. It allows security analysts to dynamically apply dedicated rules to vulnerable hosts by adding them to a group of vulnerable hosts. and has yet to build an offering for SDN use cases.webarchive Página 42 de 70 . WatchGuard WatchGuard. the majority of its penetration. Threat Research: Stormshield's internal threat research team collaborates with parent company Airbus Defence and Space CyberSecurity's Security Research Team to gain access to an expanded set of findings. Product Strategy: Stormshield provides vulnerability management that leverages an integrated passive scanner. as well as in the United Arab Emirates (UAE) and Singapore. Stormshield does not support active/active use cases. In 2016. It lacks threat intelligence feeds. especially France. Geographic Strategy: Although Stormshield gets support from the large Airbus Defence and Space CyberSecurity group.Gartner Reprint 15/12/17 14(05 nations. making it unsuitable to address certain high-availability use cases. Washington. Sales Execution: The vendor has fewer customers using its firewalls in IaaS environments than most of its competitors. is a recognized brand name for SMBs and distributed enterprises. visibility and channel remain focused on EMEA.

webarchive Página 43 de 70 . Firebox M4600 and M5600 for SMBs. Deutsche Telekom and other threat intelligence sources. Surveyed stakeholders have cited it as one of the key strengths of the portfolio. WatchGuard also made a few significant feature enhancements around mobile security and VPN. Dimension. It uses Forcepoint as a URL filtering provider. Also offered is Threat Detection and Response (TDR) as a part of the Total Security suite.Gartner Reprint 15/12/17 14(05 firewalls. AVG as its antivirus engine and Trend Micro as a provider of file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Reputation Enabled Defense. With recent enhancements around threat detection capabilities and multiple technology partnerships. WatchGuard should be considered by distributed enterprises that want good price/performance value. Host Ransomware Prevention is also a component in TDR. STRENGTHS Product Execution: WatchGuard has enhanced its threat detection capabilities as two separate threat intelligence subscriptions. TDR offers better correlation with network and endpoint security events. This will equip WatchGuard customers with better correlation and threat detection capabilities. WatchGuard offers a good product with better price versus performance relative to other vendors in the space. its product strategy is more focused toward midsize and distributed enterprise use cases than toward a majority of enterprise use cases. along with third-party threat intelligence feeds that the vendor has partnered with. under the Basic Security suite. Technology Partner Ecosystem: Watchguard has partnered with multiple technology providers to provide better features and integration capabilities. includes feeds from OEM partners like Kaspersky. WatchGuard offers good analytics and reporting capabilities with its cloud-based reporting solution. However.

Surveyed end users have cited this as one of the vendor's strengths. and does not effectively address several enterprise use cases. a dedicated CASB provider. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and it needs improvement there. This helps in identifying overlapping rules. WatchGuard can help distributed enterprises manage and secure a mixed WAN environment. It also has OEM partnerships with multiple threat intelligence feeds. which is raised as an email. Policy Map provides a visual flow map showing which policies are hit by traffic moving through the firewall. Sales Execution: The vendor offers good price versus performance value. CAUTIONS Technical Support: Some surveyed end users have reported that the vendor lacks quick resolution through the technical support ticket process. with cost-effective products and subscriptions. Surveyed VARs have also indicated they sell WatchGuard Firebox appliances to only midsize and distributed enterprise customers. WatchGuard also offers integration with ManagedMethods. Product Strategy: WatchGuard lacks support for SDN vendors in supporting SDN deployment use cases.Gartner Reprint 15/12/17 14(05 an IPS signatures database. WatchGuard has lagged behind most of its competitors in releasing virtual firewall services to support customer deployments in the public cloud. Features: WatchGuard offers a policy mapping feature for identifying the firewall rule usage. Marketing Execution: WatchGuard has its major presence in midsize and distributed enterprises.webarchive Página 44 de 70 . In addition. However. Gartner does not see WatchGuard being frequently shortlisted by the enterprise clients as a possible firewall candidate.

It may be a reflection of a change in the market and. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. The vendor demonstrates a competitive presence in enterprises and sales. Added New H3C Group was added to the Magic Quadrant. As a result of these adjustments. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Dropped No vendors were dropped from the Magic Quadrant.webarchive Página 45 de 70 . The vendor regularly appears on shortlists for selection and purchases. Inclusion and Exclusion Criteria Inclusion Criteria Network firewall vendors that meet the market definition and description were considered for this research under the following conditions: Gartner analysts have assessed that the vendor has the ability to effectively compete in the enterprise firewall market.Gartner Reprint 15/12/17 14(05 Vendors Added and Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. changed evaluation criteria. the mix of vendors in any Magic Quadrant or MarketScope may change over time. Gartner analysts consider that aspects of the vendor's product execution and vision merit inclusion. or of a change of focus by that vendor. therefore.

Products that are suited for SMBs (such as UTM firewalls. or those for small office/home office placements) are not targeted at the market this Magic Quadrant covers (enterprises) and are excluded. This includes hardware OEMs. resellers that repackage products that would qualify from their original manufacturers. or it is not actively shipping products. The vendor is not the original manufacturer of the firewall product. and we do not rate platform providers separately. Evaluation Criteria file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. scalability and ability to directly compete with the larger firewall product/function view. host-based IPSs and WAFs (see Note 1) — all of which are distinctly separate markets.Gartner Reprint 15/12/17 14(05 The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million. host-based firewalls. and within a customer segment that is visible to Gartner. We assess the breadth of OEM partners as part of the evaluation of the firewall. as well as carriers and ISPs that provide managed services. The vendor primarily has a network IPS with a non- enterprise-class firewall. The vendor has personal firewalls. The vendor's products sell as network firewalls.webarchive Página 46 de 70 . Exclusion Criteria Network firewall vendors may have been excluded from this research for one or more of the following reasons: The vendor has minimal or negligible apparent market share among Gartner clients. but do not have the capabilities.

Overall Viability: This includes overall financial health. such as foundation firewall functions. and that the company wins a large percentage in competition with other vendors. Sales are a factor. competitive wins versus key competitors (which are compared with Gartner file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Growth of the customer base and revenue derived from sales are also considered. range of models. The logistical capabilities for managing appliance delivery. Strong execution means that a company has demonstrated to Gartner analysts that products are successfully and continually deployed in enterprises. Having a low rate of vulnerabilities in the firewall is important. event management. although those factors can affect a vendor's Ability to Execute. company history. Support is rated on the quality. compliance. Key features are weighted heavily.Gartner Reprint 15/12/17 14(05 Ability to Execute Product or Service: This includes service and customer satisfaction in enterprise firewall deployments. Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients. and the ability to support complex deployments and modern DMZs. such as firewall revenue. Execution considers factors related to getting products sold.webarchive Página 47 de 70 . however. prospects for continuing operations. low latency. product service and port density matter. breadth and value of offerings through the specific lens of enterprise needs. winning in competitive environments through innovation and quality of product and service is more important than revenue. console quality. supported and in users' hands. Execution is not primarily about company size or market share. installed. secondary product capabilities (logging. All vendors were required to disclose comparable market data. rule optimization and workflow). and also generate a steady stream of inquiries to Gartner analysts. and demonstrated commitment in the firewall and security markets.

and includes the cost of all hardware. Market Responsiveness/Record: This evaluates the vendor's ability to respond to changes in the threat environment. carriers and managed security service providers (MSSPs). Pricing is compared in terms of a typical enterprise-class deployment. Sales Execution/Pricing: We evaluate the company's pricing. support. The number of firewalls shipped or the market share is not the key measure of execution. maintenance and installation. Buyers want good results more than they want bargains. and think in terms of value over sheer low cost. installed base. deal size.webarchive Página 48 de 70 . This includes the strength of the vendor's sales and distribution operations. we consider the use of these firewalls to protect the key business systems of enterprise clients and those being considered on competitive shortlists. Cost of ownership over a typical firewall life cycle (three to five years) is assessed. uncertainty and doubt. Presales and postsales support is evaluated. The robustness of the enterprise channel and third-party ecosystem is important. This criterion also considers the provider's history of responsiveness to changes in demand for new features and form factors in the firewall market. Low pricing will not guarantee high execution or client interest. and to present solutions that meet customer protection needs rather than packaging up fear. as is the pricing model for conducting a refresh while staying with the same product and replacing a competing product without intolerable costs or interruptions. Rather. and how enterprises deploy network security. and use by enterprises.Gartner Reprint 15/12/17 14(05 data on such competitions held by our clients) and devices in deployment. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.

Succeeding in complex networks with little intervention (for example. Ability to Execute Evaluation Criteria Evaluation Criteria Weighting Product or Service High Overall Viability Medium file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment. and which are considered top threats by the others. Table 1. this ranking looks at which vendors consider the others to be direct competitive threats. An NGFW capability is heavily weighted. In addition to buyer and analyst feedback. or by offering innovative pricing or support offerings. one-off patches) is highly considered. vulnerabilities. such as by driving the market on innovative features co-packaged within the firewall. throughput of the IPS capability and how the firewall fared under attack conditions are also important. The greatest factor in these categories is customer satisfaction throughout the sales and product life cycles. as well as the depth of staff experience — specifically in the security marketplace. Unacceptable device failure rates. virtualization. poor performance and a product's inability to survive to the end of a typical firewall life span are assessed accordingly. Low latency. such as multidevice management. and to the range of models to support various deployment architectures. Customer Experience and Operations: These include management experience and track record. as are enterprise- class capabilities.webarchive Página 49 de 70 . it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process.Gartner Reprint 15/12/17 14(05 Marketing Execution: Competitive visibility is a key factor. adaptability of configuration and support for enterprise environments.

rather than an "us. too" roadmap. We also evaluate the vendor's overall understanding of and commitment to the security and network security markets. including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps. and against future trends identified in Gartner research. show that they are following their plans and modify those plans as they forecast how market directions will change. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 50 de 70 . Understanding and delivering on enterprise firewall realities and needs are important. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor. Gartner makes this assessment subjectively by several means. Vendors cannot merely state aggressive future goals.Gartner Reprint 15/12/17 14(05 Sales Execution/Pricing Medium Market Responsiveness/Record High Marketing Execution Medium Customer Experience High Operations Medium Source: Gartner (July 2017) Completeness of Vision Market Understanding and Marketing Strategy: This includes providing a track record of delivering on innovation that precedes customer demand. they must put plans in place. and having a viable and progressive roadmap and continuing delivery of NGFW features are weighted very highly.

as well as product integration with other IT systems. Integration with other security components is also weighted. Building loyalty through credibility with a full-time enterprise firewall staff demonstrates the ability to assess the next generation of requirements. and they must do so in a technically direct manner. Offering (Product) Strategy: This criterion focuses on a vendor's product roadmap. such as introducing practical new forms of intelligence to which the firewall can apply policy. Sales Strategy: This includes preproduct and postproduct support. Vertical/Industry Strategy and Geographic Strategy: These include the ability and commitment to service geographies and vertical markets. including zero-day events. NGFW integration and enhancement. and clear explanations and recommendations for detecting events. It also includes R&D spending. as is evidence of execution within cloud and virtualized environments. is highly rated. current features. Vendors need to address the network security buying center correctly. viable strategy for addressing the challenges in SDN deployments is important.Gartner Reprint 15/12/17 14(05 The NGFW capabilities are expected to be integrated to achieve correlation improvement and functional improvement. An articulated. such as complex file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. value for pricing. virtualization and performance. rather than selling just fear or next-generation hype. We also evaluate how the vendor understands and serves the enterprise branch office and data center. Business Model: This includes the process and success rate for developing new features and innovation.webarchive Página 51 de 70 . independent third-party certifications include the Common Criteria for Information Technology Security Evaluation. Channel and third-party security product ecosystem strategies matter insofar as they are focused on enterprises. Innovation. Credible.

webarchive Página 52 de 70 . carriers or governments. Products that are not intuitive in deployment. and achieving high IPS throughput and low appliance latency. are scored accordingly. "Giving back time" to firewall administrators by innovating to make complex tasks easier. or operations that are difficult to configure or have limited reporting. Solving customer problems is a key element of this criterion. Table 2.Gartner Reprint 15/12/17 14(05 enterprise multinational deployments. which includes low latency. Integration with other security products. Completeness of Vision Evaluation Criteria Evaluation Criteria Weighting Market Understanding High Marketing Strategy Medium Sales Strategy Medium Offering (Product) Strategy High file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Innovation: This includes R&D and quality differentiators. Reducing the rule base. the more a product mirrors the workflow of the enterprise operation scenario. Management interface and clarity of reporting — that is. offering interproduct support and leading competitors on features are foremost. new firewall mechanisms. MSSPs. rather than adding more alerts and complexity. such as: Performance. Firewall virtualization and securing virtualized environments. the better the vision.

These requirements include a wide range of models.webarchive Página 53 de 70 . provide expert capability rather than treat the firewall as a commodity and have a good track record of avoiding vulnerabilities in their security products. offering options for hardware acceleration and offering form factors that protect enterprises as they move to new infrastructure form factors. Common characteristics include handling the highest throughput with minimal performance loss. support for virtualization and virtual LANs. and a management and reporting capability that is designed for complex and high-volume environments. such as multitier administration and rule/policy minimization. Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats. as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations.Gartner Reprint 15/12/17 14(05 Business Model Medium Vertical/Industry Strategy No Rating Innovation High Geographic Strategy Medium Source: Gartner (July 2017) Quadrant Descriptions Leaders The Leaders quadrant contains vendors that build products that fulfill enterprise requirements. Challengers file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. A solid NGFW capability is an important element.

Niche Players file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. then Visionaries are good shortlist candidates. Vendors that do not have strong NGFW capabilities are supplementing them in a defensive move. while vendors that have strong NGFW offerings are focused on manageability and usability. more automated east/west microsegmentation in public cloud and SDN environments. but they are not consistently leading with differentiated next-generation capabilities. but they lack the sales base. Challengers' products are often well-priced. these vendors can offer economical security product bundles that others cannot. Most Visionaries' products have good NGFW capabilities. Many Challengers hold themselves back from becoming Leaders because they choose to place security or firewall products at a lower priority in their overall product sets. Visionaries Visionaries have the right designs and features for the enterprise. rather than the product. to win deals. Savings and high- touch support can be achieved for organizations that are willing to update products more frequently and to switch vendors if required.Gartner Reprint 15/12/17 14(05 The Challengers quadrant contains vendors that have achieved a sound customer base. because of their strength in execution. strategy or financial means to compete consistently with Leaders and Challengers. but lack in performance capabilities and support networks. Many Challengers have not fully matured their NGFW capability — or they have other security products that are successful in the enterprise and are counting on the relationship. but trail smaller market share Leaders in the release of features. Gartner expects the next wave of innovation in this market to focus on better. and.webarchive Página 54 de 70 . Firewall market Challengers will often have significant market share. If firewalling is a competitive element for an enterprise.

ease and speed of the deployment. Organizations' final product selection decisions must be driven by their specific requirements. firewalls need to continually evolve to maintain effectiveness. Market Overview As the first line of defense between external threats and enterprise networks. some Type C risk-averse enterprises and some distributed enterprises) may consider products from Niche Players. have increased demand for new firewall features and capabilities. IT organization support capabilities. although other models from Leaders and Challengers may be more suitable. Changes in threats. responding to the continuing evolution in threats as well as to changes in enterprise network speed and complexity. as well as increased enterprise demand for mobility. then Niche Players can be shortlisted. and integration with the established security and network infrastructure and teams. especially in the relative importance of management capabilities.Gartner Reprint 15/12/17 14(05 Most vendors in the Niche Players quadrant are smaller vendors of enterprise firewalls. Firewalls have high adoption and penetration rates in all file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. If local geographic support is a critical factor. It is populated with mature vendors and some more recent entrants. acquisition costs. Many Niche Players are making larger versions of SMB products with the mistaken hope that this will satisfy enterprises. makers of multifunction firewalls for SMBs or branch-office-only product makers that are attempting to break into the enterprise market.webarchive Página 55 de 70 . SDN and use of the cloud. Some enterprises that have the firewall needs of an SMB (for example. Context The enterprise firewall market is the largest security product market. virtualization.

Gartner estimates that the transition to NGFW from traditional firewalls will complete within the next two years. The key differentiators in these areas are IPS effectiveness. This means that. Identity-based policy enforcement. user-based policy enforcement in the top business and social media applications. the firewall market is driven by refresh cycles of four to five years. We have seen some common patterns in the firewall market as enterprises with 3. For new firewalls. incumbents must add improved capabilities and increase performance. integrated deep packet inspection intrusion prevention. Network security policy management (NSPM) products are increasingly used to manage complexity.webarchive Página 56 de 70 . application identification and granular user control. remains a defining feature. to protect their installed base. as demonstrated through third-party testing under realistic threat and network load conditions. Because it is saturated.Gartner Reprint 15/12/17 14(05 markets. or face either replacement by innovative market entrants or commoditization by low- cost providers. especially in multivendor situations (see Note 2). or the ability to enforce policy on thousands of applications. file:///Users/jpereze/Downloads/ 5-year-old firewalls and IPSs evaluate replacement: Enterprises with traditional firewalls seek to have firewalls that have application and user visibility. Enterprise Firewalls Are Next-Generation Firewalls One key area of firewall evolution that has been widely supported is what Gartner (in 2009) called "NGFW features" — namely. there is no distinction between an enterprise firewall and an NGFW. and to require enforcement options in their next refresh. and fine-grained. All enterprise firewall vendors today offer NGFWs.

UTM vendors have and continue to target SMB clients. High-security environments upgrade to NGFWs for the firewall. and upgrade IPSs to NGIPSs. However. migrate to NGFWs for the firewall with application control and user context. using minimal signature sets) migrate to NGFWs using the built-in IPS capabilities.webarchive Página 57 de 70 . They now try to sell high-throughput UTM to enterprise clients that score price competitiveness higher than security. Organizations look to extend their on-premises firewall vendor into IaaS cloud providers. but continue using stand-alone IPSs. the UTM approach fails to convince Type A and Type B enterprises that require mature application and user control capabilities. UTM Still Can't Compete With Enterprise Firewalls Historically. Enterprises with firewalls and stand-alone IPSs that are used for active prevention. in the past few years. Enterprises with firewalls and stand-alone IPSs that are employed primarily in detection mode (that is. but it is mostly restricted to two use cases: distributed Type C enterprises (mostly in the retail industry). with large signature sets and some custom signatures.Gartner Reprint 15/12/17 14(05 Enterprises not currently using any IPSs migrate to NGFWs with minimal use of advanced features. the large UTM vendors have tried to expand beyond their traditional use case by stretching into the large enterprise market. and do not consolidate web antivirus on the internet-facing file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and firewall-only for network segmentation at low cost. Gartner sees some limited success for Type C enterprises (see Note 3). However. Enterprises seek NGFW functionality as they transition from physical data center to virtualized environments and SDN.

and technical challenges. In "Predicts 2017: Network and Gateway Security. will move to use HTTPS to covert initial infection and command and control communications. and the fact that references provided file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and firewall vendors do a poor job at providing an up-to-date list of exceptions. a growing number of malware attacks. UTM vendors also face difficulties in building a strong sales and support channel for enterprises (similarly. Some application traffic cannot be decrypted. Decrypting SSL/TLS on a firewall creates organizational issues. through 2019. missing most targeted web malware. such as performance issues and product sizing difficulties for the firewall channel. more than 80% of enterprises' web traffic will be encrypted. enterprise firewall vendors underestimate the work of building an SMB channel).Gartner Reprint 15/12/17 14(05 firewall (see "Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets" ). more than 60% of organizations will fail to decrypt HTTPS efficiently. Most enterprise buyers are also wary of shortlisting a UTM vendor because of its primary focus on SMBs and limited brand awareness.webarchive Página 58 de 70 . Consequently. By 2020. In the client reference survey. leading to traffic being blocked. End-user experience is likely to be affected too. principally to enforce web-filtering policy and to prevent malware infections. Decrypt This Enterprises face a growing need for SSL decryption. including ransomware." Gartner anticipates that. despite the self-evaluation bias that generally results in inflated numbers. such as ensuring employees' right to privacy.

only 29% of the respondents answered that they were decrypting HTTPS traffic. Fortinet and other firewall vendors has created buzz for virtualizing and securing data centers. but has not seen significant adoption. Check Point Software Technologies. Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware or AWS) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. As other virtualization platforms. Performance and the ability to manage firewall policy through a single integrated management console for stand-alone appliances or virtual appliances are key differentiators. subject to stringent third-party file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Almost all operating systems within firewall appliances are uniquely hardened. gain traction. Adoption is growing quickly (from small numbers).Gartner Reprint 15/12/17 14(05 by vendors tend to use more features than the market average. Virtualized Firewalls: Hype Accelerates.webarchive Página 59 de 70 . SDN projects get more numerous. and some lean-forward customers have adopted these. networks and east-west segmentation. virtualization platform vendors and virtual-only firewalls will present a challenge. and as IaaS deployments become more common. Gartner covers virtual/cloud firewall vendors such as vArmour and Illumio. such as Citrix Xen and Microsoft Hyper-V. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. VMware's NSX work with Palo Alto Networks. demand for virtualized environment support has grown. managing heterogeneous virtualized firewalls from existing physical firewall vendors. and Demand Starts to Follow As data center virtualization has continued.

file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. with growth decelerating for the remainder of that period. Firewall refreshes remain constant at a five-year average.webarchive Página 60 de 70 . and incremental market growth is significant. but at a Slowing Pace During the evaluation period. We also forecast that this market will reach a compound annual growth rate of 7. rather than having macrorefresh cycles or "bumps" of refreshes. Another big issue in deploying virtual firewalls in SDN or IaaS projects is the inability of enterprise virtual firewalls to spin up appropriate policy as servers are spun up. as in other markets. so even if great new products emerge. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall. and vendors are scrambling to meet that demand by attempting to increase virtual firewall performance and by automating firewall policy orchestration in dynamic environments. However.Gartner Reprint 15/12/17 14(05 security evaluations. Gartner market data continues to show that virtual firewall revenue accounts for far less than 5% of enterprise firewall market revenue. the firewall market grew 8. For 2017.8%. Gartner believes that the firewall market is "at capacity": This is the largest security product market (fast approaching $10 billion). The Firewall Market Is Still Growing.9% to $9. Agility is one of the key business benefits of SDN and IaaS. incumbent firewalls are rarely refreshed before they reach maturity. client market inquiries show an increased interest in virtual firewalls. and the need for human interaction with firewall policy subtracts from the business benefits these agile architectures bring with them. This refresh dynamic results in the market being linear.27 billion.4% from 2014 through 2021. Gartner estimates that the firewall market will grow approximately 7.

but with the slower pace of true innovation by Leaders and the absence of Visionaries.webarchive Página 61 de 70 . over the past year. the enterprise firewall market has been bifurcated into shortlists of "security first" Leaders and "price really matters. Gartner believes extremes of marketing strategies by Leaders are behind this. especially for management and reporting. These file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. almost all enterprise firewall vendors have introduced solutions over the past five years. This gap widened at first.Gartner Reprint 15/12/17 14(05 The Absence of Significant Innovation Brings Challengers Closer to Leaders In most technology markets. the gap has closed — not through the innovation of Challengers. however. Since the emergence of the NGFW. Leaders will innovate and Challengers will later adopt those features for their clients who are fine with getting features later. but for a lower price. Advanced threat defense/detection is penetrating the mainstream market. Gartner has seen these bifurcated shortlists start to change slightly as Challengers creep in. and Leaders are unable to demonstrate a clear delta in capability that justifies premium prices. and overmarketing producing "hype" roadmaps and announcements that don't resonate with the buying center. with undermarketing making true innovations a well-kept secret. and we can't yet consume the newest features" Challengers. Client "bake-offs" and hands-on comparative evaluations will show today's Leaders as having more capability. Have Some Advanced Threat Detection With That Firewall Advanced threat detection using a network sandbox — offered by stand-alone vendors such as FireEye — has become a rapidly growing market. however. if this trend continues. Leaders will allow the lower price offerings of Challengers to win more often when a hands-on evaluation is not extensive.

such as Facebook and peer-to-peer (P2P) file sharing. Some of these are built by the firewall vendors.Gartner Reprint 15/12/17 14(05 firewall-attached sandboxes are delivered mostly as cloud-based sandboxes priced as subscription-based services. on- premises sandbox where files are sent for inspection.webarchive Página 62 de 70 . Pure-play WAF companies (such as Imperva) or data center file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Confusing Use of "Application" and "Firewall" in Three Distinct Products Overlapping terminology and unclear marketing can lead to confusion among the three distinct issues of application control. and a considerably lower price. customers are increasingly turning to their firewall vendors for their network sandboxing needs (see "Market Guide for Network Sandboxing" ). The cloud advantage is a fixed-fee subscription that does not have to be scaled up nor consume rack space. WAFs and firewalls on application delivery controllers (ADCs). Firewall-connected sandboxes have appealed mostly to budget-constrained Type B enterprises that would rather maintain single-console control over their firewall than deploy a separate platform. As the desire to defend against the advanced threat is permeating the mainstream market. while others are delivered through third-party partnerships. Firewall-attached sandboxes have almost reached parity with stand-alone solutions. The firewall application control approaches used by enterprise vendors are mostly about controlling access to external applications. making them "good enough" for most enterprises. rather than as a customer-based. or have it on their short-term roadmaps. All of the firewall vendors evaluated here either deliver a network sandbox today. WAFs are different: They are placed primarily in front of web servers in the data centers.

if budget allows. While some ADC vendors (such as F5) are now offering network firewalling within their ADCs as well. and Gartner recommends this practice. As Gartner advises clients. They can. serve a specialized niche of placements. WAF and ADC technologies converging because they are for different tasks at different placements in the network. including internet-facing.webarchive Página 63 de 70 . These data center firewalls will be challenged to gain any noteworthy enterprise market share until they can provide competitive firewalling for all enterprise use cases in a range of physical and virtual form factors. Many still use discrete WAF (because of its better understanding of custom web applications) and ADC (better application performance to users) as the optimal way to answer that question. and an underestimation of its impact affects everything the firewall is processing. Gartner does not see NGFW. which involves a termination and re-encryption of these sessions (see "Security Leaders Must Address Threats From Rising SSL Traffic" and "Web Application Firewalls Are Worth the Investment for Enterprises" ). however. such as in cases where the data center is a separate business with its own firewall operations staff. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. and are often managed by entirely different teams. meaning the owners of firewalls and IPSs face the decision of whether to engage SSL inspection. most enterprises have a single brand of network firewall for all placements. data center and branch (see "One Brand of Firewall Is a Best Practice for Most Enterprises" ).Gartner Reprint 15/12/17 14(05 infrastructure vendors that provide WAF technology within their ADCs are concerned with protecting custom internal web applications. if no ADC/WAF is present). virtualized. Most traffic to enterprise web servers remains encrypted until it reaches the ADC (or the server itself. This performance impact is often hard to measure clinically.

Gartner Reprint 15/12/17 14(05 Evidence This Magic Quadrant was conducted in accordance with Gartner's well-defined methodology. The analysis in this research was based primarily on interviews and interactions during firewall inquiries with Gartner clients since the 2014 "Magic Quadrant for Enterprise Network Firewalls. We asked for a specific number of references from each vendor (n = 95). were unable to explain key concepts. For each vendor. interviews with references provided by vendors and supporting Gartner quantitative research on market share. generally tended to score lower. as well as what other vendors' customers said about that file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Vendors that declined to provide a survey response were assessed by Gartner as to what their likely reply would have been (usually. of variable quality. Guidelines for responding to the full survey were provided at the time of issue. therefore. vendor briefings conducted at the request of vendors throughout the year. or that did not meet the guidelines." We also considered surveys completed by vendors. and each reference customer was supplied with a structured survey. were unable to provide high-quality explanations of use cases. we took into account the comments from that vendor's references. respondents ignored the question. References were scored on the basis of their quality and what they told us. did not fare as well under some of the scoring criteria. Some vendors declined to answer certain questions due to market restrictions. nevertheless. Responses that were lower quality (for example. used poor grammar. this was in relation to specific revenue breakdowns). or were unable to go beyond technical capabilities and demonstrate an understanding of the business environment). Responses were. and.webarchive Página 64 de 70 .

these markets remain very distinct. FireMon and Tufin) continue to exploit the absence of firewall consoles to optimize. Vendors could be notably affected by the inability to have a sufficient number of reference customers providing input. Additionally. very large enterprises may have firewall products from different vendors — sometimes by accident via acquisition rather than through choice.Gartner Reprint 15/12/17 14(05 particular vendor. In other cases. Although the NSPM market is still somewhat small. Today. it's growing fast. and the customers requiring help with complexity are the very largest. Although a few firewalls offer optional WAF modules. visualize and reduce firewall rules and policies. these are rarely enabled. P2P and Facebook). an enterprise may be in the file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.webarchive Página 65 de 70 . Note 1 Buyer Confusion Concerning WAFs The advent of application control in firewalls has led to some natural confusion between the NGFW and WAF markets in the minds of buyers. Note 2 Network Security Policy Management Tools Third-party network security policy management (NSPM) tool vendors (such as AlgoSec. we see WAFs deployed as a stand-alone product (such as from Imperva). The critical difference is one of direction: Application control in NGFWs is concerned primarily with applications that are external to the enterprise (for example. an off-premises service (such as from Akamai) or within an ADC (such as from F5). whereas WAFs are concerned with protecting custom web applications on servers that are internal to the enterprise. Instead. because a single-vendor solution is usually the best choice.

in addition to maintaining the incumbent firewalls in the physical infrastructure. Enterprises that deploy some their infrastructure to the public cloud may choose to use native cloud firewalls there.Gartner Reprint 15/12/17 14(05 midst of a multistage rollout of a new platform. this is the "lean back" security posture that is more accustomed to monitoring rather than blocking.webarchive Página 66 de 70 . Evaluation Criteria Definitions file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. tolerate procurement failure. whereas no firewall vendor will effectively manage a competing product." They are neither the first nor the last to bring in a new technology or concept. technology is crucial to business success. let others work out the nuances and then leverage the lessons learned. NSPM vendors are expanding into managing other network security devices. and are willing to invest for innovation that might deliver lead time against their competition. For Type A enterprises. B and C Enterprises Enterprises vary in their aggression and risk-taking characteristics. Note 3 Types A. perhaps investment-challenged and willing to cede innovation to others. For Type C enterprises. technology is not critical to the business and is clearly a supporting function. All NSPM vendors support multiple firewall products (including. cloud-resident firewalls). Type A enterprises seek the newest security technologies and concepts. In addition. For Type B enterprises. They wait. in some cases. Type B enterprises are "middle of the road. Type C enterprises are risk-averse to procurement. this is the "lean forward" or aggressive security posture. technology is important to the business. such as IPSs.

feature sets. Marketing Execution: The clarity. thought leadership. the financial and practical success of the business unit. word of mouth and sales activities. be flexible and achieve competitive success as opportunities develop. and establish a positive identification with the product/brand and organization in the minds of buyers.webarchive Página 67 de 70 . This includes current product/service capabilities. quality. competitors act. whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.Gartner Reprint 15/12/17 14(05 Ability to Execute Product/Service: Core goods and services offered by the vendor for the defined market. customer needs evolve and market dynamics change. presales support. Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. change direction. This "mind share" can be driven by a combination of publicity. This includes deal management. skills and so on. promote the brand and business. and the likelihood that the individual business unit will continue investing in the product. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. Market Responsiveness/Record: Ability to respond. promotional initiatives. This criterion also considers the vendor's history of responsiveness. and the overall effectiveness of the sales channel. increase awareness of the products. Overall Viability: Viability includes an assessment of the overall organization's financial health. pricing and negotiation. will continue offering the product and will advance the state of the art within the organization's portfolio of products. quality. creativity and efficacy of programs designed to deliver the organization's message to influence the market.

this includes the ways customers receive technical support or account support. and can shape or enhance those with their added vision. methodology and feature file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. programs. service. functionality. and communication affiliates that extend the scope and depth of market reach. advertising. customer support programs (and the quality thereof). systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis. Factors include the quality of the organizational structure. differentiated set of messages consistently communicated throughout the organization and externalized through the website. service-level agreements and so on. experiences. customer programs and positioning statements.Gartner Reprint 15/12/17 14(05 Customer Experience: Relationships. expertise. including skills. availability of user groups. skills. Marketing Strategy: A clear. technologies. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales.webarchive Página 68 de 70 . Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation. products and services/programs that enable clients to be successful with the products evaluated. Completeness of Vision Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. This can also include ancillary tools. services and the customer base. Operations: The ability of the organization to meet its goals and commitments. marketing. Specifically.

Gartner is a registered trademark of Gartner. channels and subsidiaries as appropriate for that geography and market. companies discussed herein. Vertical/Industry Strategy: The vendor's strategy to direct resources. skills and offerings to meet the specific needs of geographies outside the "home" or native geography. and may have client relationships with.webarchive Página 69 de 70 . Inc. related. complementary and synergistic layouts of resources. Gartner provides information technology research and advisory services to a wide range of technology consumers. Gartner is a public company. and derive revenues The information contained in this publication has been obtained from sources believed to be reliable. manufacturers and sellers. © 2017 Gartner. Gartner research is produced independently by its research organization without input or influence from these firms. skills and offerings to meet the specific needs of individual market segments. Innovation: Direct. All rights reserved. omissions or inadequacies in such information.jsp) posted on gartner. either directly or through partners. or its affiliates. Business Model: The soundness and logic of the vendor's underlying business proposition. Gartner disclaims all warranties as to the accuracy. including vertical markets. consolidation. completeness or adequacy of such information and shall have no liability for errors. Gartner does not provide legal advice or services and its research should not be construed or used as such. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. If you are authorized to access this publication. expertise or capital for investment. The opinions expressed herein are subject to change without notice. Inc. Although Gartner research may include a discussion of related legal issues.Gartner Reprint 15/12/17 14(05 sets as they map to current and future requirements. Geographic Strategy: The vendor's strategy to direct resources. your use of it is subject to the Usage Guidelines for Gartner Services (/technology/about/policies/usage_guidelines. Gartner's Board of Directors may include senior managers of these firms or funds. defensive or pre-emptive purposes. file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. and/or its affiliates.

com/technology/ | Newsroom (http://www.jsp) | Privacy (https://www.gartner.webarchive Página 70 de 70 .gartner. see "Guiding Principles on Independence and file:///Users/jpereze/Downloads/Gartner%20Magic%20Quadrant.Gartner Reprint 15/12/17 14(05 funds or their | Site Index (http://www.gartner.jsp)" About ( For further information on the independence and integrity of Gartner research.gartner.gartner.jsp) | Careers ( | Contact Gartner ( | Policies (http://www. (/technology/about/ombudsman/omb_guide2.gartner.jsp) | IT Glossary (http://www.