“Next-generation” capability has been achieved by the leading products in the network firewall market, and competitors are working to keep the gap from widening. Buyers must consider their operational realities, the burden of switching, and the trade-offs between “best-of-breed” function and costs.
The enterprise network firewall market represented by this Magic Quadrant is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions, often within the data center. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers.
The companies that serve this market are identifiably focused on enterprises — as demonstrated by the proportion of their sales in the enterprise; as delivered with their support, sales teams and channels; but also as demonstrated by the features dedicated to solve enterprise requirements and serve enterprise use cases.
As the firewall market continues to evolve, NGFWs add new features to better enforce policy (application and user control) or detect new threats (intrusion prevention systems [IPSs], sandboxing and threat intelligence feeds). The stand-alone Secure Sockets Layer (SSL) VPN market has largely been absorbed by the firewall market. Eventually, the NGFW will continue to subsume more of the stand-alone network IPS appliance market at the enterprise edge. This is happening now; however, some enterprises will continue to choose to have best-of-breed IPSs embodied in next-generation IPSs (NGIPSs). More recently, enterprises have begun looking to firewall vendors to provide cloud-based malware-detection instances to aid them in their advanced threat efforts, as a cost-effective alternative to stand-alone sandboxing solutions (see “Market Guide for Network Sandboxing”).
However, next-generation firewalls will not subsume all network security functions. All-in-one or unified threat management (UTM) approaches are suitable for small or midsize businesses (SMBs), but not for the enterprise (see “Next-Generation Firewalls and Unified Threat Management Are Distinct Products and Markets”).
The needs for branch-office firewalls are becoming specialized, and they are diverging from, rather than converging with, UTM products. As part of increasing the effectiveness and efficiency of firewalls, they will need to truly integrate more-granular blocking capability as part of the base product, go beyond port/protocol identification and move toward an integrated service view of traffic, rather than merely performing “sheet metal integration” of point products.
Download the Report at: Magic Quadrant for Enterprise Network Firewalls