Who Made Gartner's 2015 Magic Quadrant For The Enterprise Network Firewall Market?

The Network Firewall Market: Leaders, Contenders And Not-Quite-There Players

Of all the security markets, the enterprise network firewall market is one of the most mature, growing 9.5 percent in 2014, to $9.5 billion. The market isn't going to slow down anytime soon, research firm Gartner said, estimating it will grow 10 percent in 2015, to $10.5 billion. Because of that, enterprises are faced with a deluge of choices, from the rise of next-generation firewalls, to unified threat management vendors expanding into enterprises, to virtualized firewalls.

Despite the growth, Gartner's 2015 Magic Quadrant ranking found only two companies leading the market with execution and vision, with most vendors labeled Niche Players. Take a look at who Gartner said was leading, and who could be leading next in the enterprise network firewall market.


For all of its Magic Quadrant reports, Gartner ranks vendors based on "ability to execute" and "completeness of vision." From there, companies fall into one of four categories: Niche Players (scoring low in both categories), Visionaries (scoring high in vision but low in execution), Challengers (high in execution but low in vision) and Leaders (high in both categories). For the enterprise network firewall market, Gartner ranked 17 companies, most of which fell into the Niche Player category.

Leader: Check Point Software Technologies

Check Point was named a leader by Gartner yet again as it continued to demonstrate strong technical scores and execution on its enterprise road map. Over the past year, Check Point has invested big in expanding its portfolio, diving into mobile security with its April acquisition of Lacoon Mobile Security and stepping up its advanced threat detection capabilities with the acquisition of Hyperwise in February. The result is a broad portfolio that consistently scores high on Gartner's technical evaluations and proves itself in the market with continued enterprise customer wins.

Check Point

Strengths: Gartner highlighted Check Point's continued success in winning new clients and supporting its enterprise client base, one of the largest of any vendor, with its channel partners. Gartner said clients are drawn to the company's wide portfolio of easily manageable solutions, including next-generation firewalls, threat protection, Web security, endpoint, and mobile and cloud security.

Cautions: Where Check Point is challenged, Gartner said, is that its product is more expensive than that of some of its competition, so it is undercut on renewal deals by cheaper options. Check Point customers also tend to be more hesitant to adopt more emerging technologies, which Gartner blamed in part on "insufficient ... marketing operations."

Leader: Palo Alto Networks

Palo Alto Networks' continued technical leadership in the next-generation firewall market yet again landed it a leadership spot on Gartner's Magic Quadrant. In business since 2007, the pure-play network security company has seen wild success for its next-generation firewall, as well as application control and integrated IPS in firewalls. The company offers 18 models in its firewall product line. Gartner said Palo Alto is consistently on the client short list for next-generation firewalls and most vendors named it as their strongest competitor.

Palo Alto Networks

Strengths: Palo Alto Networks consistently wins praise from clients for technical capabilities and ease of use of its App-ID and IPS, particularly how they integrate within the vendor's firewall solution. Gartner said Palo Alto's road map "displays strong leadership," particularly around the company's partnership with VMware NSX.

Cautions: Gartner clients said Palo Alto and its resellers are "being overly optimistic" about performance of the vendor's antivirus solutions, an approach Gartner said "has eroded customer trust." As Palo Alto looks to enter the endpoint security market, Gartner said, it isn't seeing the same wild success it's had in the firewall market. Gartner said it is a "high risk move that could dilute company attention into a nonadjacent market and could alienate the network security buying center."

Challenger: Fortinet

With a broad security technology portfolio, Fortinet has landed as a Challenger on the Gartner magic quadrant and "continues to make progress within the Gartner customer base." Fortinet has proved a strong customer base, but is not consistently leading with differentiated capabilities. In particular, Gartner said, it is seeing the Sunnyvale, Calif.-based vendor "displacing competitors on value and performance," but features and vision are holding it back from taking a leadership spot in the market against companies like Palo Alto Networks and Check Point. However, that might not be true for long, as Fortinet sits near the axis that would push it into the Leader quadrant.


Strengths: Gartner praised Fortinet's ability to leverage its large R&D team to bring new functions to market quickly for its application-specific integrated circuit and operating system. The company's wide range of products and price ranges allows it to sell into a wide variety of markets, from SMB to data centers, service providers and enterprises. The company's strategy is "well-articulated," Gartner said, especially around virtualization, public cloud and SDN.

Cautions: The most common Gartner client comment on why Fortinet was "shortlisted but not selected" is its management capability compared with the completion, though Gartner did point out that the company made improvements last year. Gartner said Fortinet could do a better job marketing its Feature Select as a "made-for-enterprise" solution and needs to overcome a "lingering brand disadvantage."

Challenger: Cisco

As a networking behemoth, Cisco has a lot of sales and channel weight to put behind selling its firewall, IPS, Web security and email security offerings to enterprise customers. In particular, Gartner said, it has seen Cisco winning more in the next-generation firewall market since it introduced ASA with FirePower services in September of last year.

That being said, Gartner found the San Jose, Calif.-based company was not "displacing leaders based on vision or features" and "rarely saw" firewall innovations, instead winning on sales through its strong channel or aggressive discounting. For those reasons, Gartner said Cisco was a Challenger in the enterprise network firewall market, but not yet a Leader.


Strengths: Strong Cisco channels and a wide geographic reach have consistently landed the vendor an "excellent" ranking and is the "most-cited reason for loyalty." Gartner clients also praised the company's wide array of product options for firewalls, particularly highlighting the company's Platform Exchange Grid as "the most promising development" in the Cisco firewall road map.

Cautions: Cisco products most frequently win the market when combined with the vendor's infrastructure, but "consistently score low versus competitors" in assessments by clients, and scores lower in overall client satisfaction. That being, according to Gartner, a move to integrate key offerings from recent acquisitions such as Sourcefire and ThreatGrid could bring improvements in those areas.

Niche Player: Intel Security (McAfee)

Sold under the McAfee brand, which Intel acquired in 2010 for nearly $8 billion, Intel Security's firewalls are part of a wide-reaching set of offerings that include endpoint, server and network security. The firewall offering, in particular, has performed well in testing, Gartner said, and is expected to be integrated with the company's Network Security Platform offering.

As a Niche Player in the enterprise network firewall industry, Intel Security "primarily sells alongside other Intel and McAfee security products" rather than winning independently, Gartner said. However, Gartner said, the company's security brand is still "not established" in the market.

Intel Security

Strengths: Overall, Gartner highlighted Intel Security's broad portfolio as a strength, allowing clients to get a wide breadth of security solutions, including secure Web gateways, email security, IPS and more, from a single vendor. In particular, Gartner said, the McAfee next-generation firewall line has scored high in client surveys.

Cautions: Gartner said McAfee's network security unit presents a challenge for the vendor, which is known as a "primarily host-based security company" within a chip manufacturer. Gartner estimated that the company's market share remains small, around 5 percent. "Intel Security was not listed by any vendor we surveyed as a significant enterprise competitive threat, and Intel is not established as being a strong brand in network security," Gartner wrote.

Niche Player: WatchGuard Technologies

While traditionally positioned for the SMB market with its firewall solutions, Gartner said, WatchGuard has been investing in enterprise use cases over the past year, including traffic management, IPv6 and APT Blocker. Because of the company's budding large enterprise offerings, Gartner named the Seattle-based vendor a Niche Player as it has yet to see it frequently making the client short list of vendors and displacing leaders in client wins.


Strengths: WatchGuard clients ranked the vendor strongly for price and performance, as well as high satisfaction with its management console. While the company has targeted other markets in the past, Gartner said it has seen the company invest in enterprise use cases. In particular, Gartner praised the company's WatchGuard Dimension cloud-based reporting solution, which it says has "proven to be a good addition to the set of features."

Cautions: Gartner said that WatchGuard will need to continue expanding its offerings to fill gaps in its enterprise portfolio; for example, launching an option for large enterprises to deploy a WatchGuard resident engineer. Around that, the company will have to grow its support and enterprise-class channel partners if it wants to compete, Gartner said.

Niche Player: Dell SonicWall

Under the umbrella of a strong technology brand, Dell SonicWall offers four lines of firewall brands: SuperMassive, E-Class Network Security Appliance (NSA), NSA and TZ. As a Niche Player, Gartner said, Dell has seen a "strong correlation" between the line's sales and incumbent customers, but its offerings fall short of bringing timely innovations to the enterprise market successfully despite marketing efforts and an extensive network of channel partners.

Dell SonicWall

Strengths: Gartner said Dell SonicWall shines for distributed enterprises and midsize companies. "For current Dell customers that want to have fewer security vendors, Dell SonicWall is a good choice because of its wide range of products and available SMB-oriented feature set," Gartner said. In particular, Gartner highlighted the company's SuperMassive line as a strength for the company.

Cautions: From a brand perspective, Gartner said that Dell SonicWall is perceived as a midsize brand associated with Dell, not as an enterprise player. As a result, the vendor "scored low as a significant enterprise competitive threat." As for channel partners, Garter said Dell SonicWall is challenged by VARs who view Dell as a competitor and therefore are easily converted by others.

Niche Player: Barracuda Networks

While the vendor is primarily known for its security and storage products for SMB clients, Gartner said Campbell, Calif.-based Barracuda Networks has a "competitive choice" for enterprises with its NG Firewall offering. That being said, Gartner said Barracuda "does not effectively sell its enterprise-capable product" outside of Europe, making it a Niche Player on this year's Magic Quadrant list.


Strengths: Gartner said Barracuda is a "strong competitor" with clients who choose based on price, have other Barracuda offerings or are looking for simple deployments. Gartner said it has seen a "considerable increase" in year-over-year sales with its clients of NG Firewall.

Cautions: As Barracuda usually caters to SMB customers, its enterprise client base is "not yet well-established," Gartner said. For that reason, Gartner said, no vendor on the list named Barracuda as a "significant enterprise threat" and it did not land on the vendor short list for enterprise clients. In addition, Gartner said, the company's product naming is "confusing for enterprise clients."

Niche Player: Sophos

Focusing primarily on endpoint security, Sophos dove into the enterprise network firewall market with its February 2014 acquisition of India-based Cyberoam. It now offers two lines: SG and NG. Sophos' focus on the upper-mid-market and smaller enterprise landed it in the Niche Player area in the overall enterprise network firewall market, as it has "limited visibility" in the data center and a "low" appearance on large enterprise clients' vendor short lists.


Strengths: With a growing endpoint security business, Sophos is adding customers that are also short listing its firewall and cloud management offerings. Gartner praised the company's road map, particularly with how the vendor looks to address overlap and synergies in its security portfolio.

Cautions: Gartner cautioned that Sophos "remains low" on client short lists and still draws most of its demand from existing customers. One reason for that, Gartner said, is that mid-market and large enterprises have different needs than Sophos' offerings, which are geared toward smaller enterprises and upper-mid-market customers.

Niche Player: Hillstone Networks

Hillstone Networks is a pure-play firewall vendor with a strong presence in the Asia/Pacific market, particularly in China. The Beijing and Sunnyvale, Calif.-based vendor has been making moves to extend its three firewall product lines to the global market, but has yet to successfully challenge established leader vendors, Gartner said. For that reason, Gartner named it a Niche Player in the enterprise network firewall market.

Hillstone Networks

Strengths: Gartner said Hillstone's recent launch of a behavior-based policy for its firewall shows it has a "motivation to bring further innovation to the enterprise firewall market." Beyond that, Gartner praised Hillstone's "strong presence" in China, where the vendor offers a dedicated firewall product, and integrations with FireMon and AlgoSec.

Cautions: While Hillstone has a strong showing in China, Gartner cautioned that the vendor is not yet making the short list for clients outside of Asia/Pacific and is starting to face increased competition there. Beyond that, Gartner said customer surveys show high rates of "performance degradation" for intrusion prevention compared with competitors as well as calls for improvement in its management interface.

Niche Player: Juniper Networks

Gartner named Juniper Networks a Niche Player for enterprise network firewalls, as it is a "benefit" for customers already using Juniper infrastructure, but sees limited cases of it displacing competitors in the market for its multiple model lines of firewalls, including SRX, SSG, NS, ISG and vSRX. That being said, Gartner wrote, it does see the Sunnyvale, Calif.-based vendor on client short lists for mobile and large-enterprise data center deployments.


Strengths: Juniper sees particular strength with clients who are already standardized on the vendor's Junos-based infrastructure products. Gartner said Juniper had "good options" for high-throughput, purpose-built appliances for large data centers as well as a "strong range" of solutions for branch-office firewalls. Gartner also highlighted Gartner's threat intelligence platform and its third-party integrations.

Cautions: Beyond its current client base, Juniper does not have a "compelling or differentiated security vision," Gartner said, and must address "fundamental sales and marketing challenges" to win back customers and a steadily dropping market share percentage. From a technical perspective, Gartner said, its clients asked for support, platform stability and operating system improvements.

Niche Player: Huawei

With over a decade in the market and an "extensive" line of firewall and other network security offerings, Gartner said, Huawei has seen significant traction with customers already using Huawei products and with carriers, ISPs and cloud and service providers. However, Gartner said, the Shenzhen, China-based vendor is a Niche Player as it has lower traction with enterprises and SMBs as well as a "narrow geographic segment," focusing primarily on the Asia/Pacific market.


Strengths: Technically, Gartner said, Huawei has a high throughput and 2014 saw improved features, such as application control, for the vendor's firewall solutions. Overall, Gartner said, it "assesses Huawei as having a very good overall network security strategy and a large security research team."

Cautions: While Huawei has a strong presence in the Asia/Pacific region and a growing presence in Europe, the Middle East and Africa, Gartner said it has "limited competitive visibility" in other global markets overall, and that its Chinese headquarters poses a "security sales challenge in some markets." From a technical perspective, Gartner said, clients said improvements could be made in the user interface, reporting and partnerships with firewall policy management vendors.

Niche Player: F5 Networks

With a focus on data center and ISP infrastructure customers, F5 Networks has a growing portfolio of security solutions, including traffic management modules, Application Security Manager, Web application firewall, Advanced Firewall Manager and a network firewall. Gartner said it believes F5 is "successfully using security as a competitive feature in the [Application Delivery Controller] market rather than being a pure play in the firewall market," and for that reason named it a Niche Player.

F5 Networks

Strengths: Gartner said F5 received "good scores" for its technology, particularly in its ability to scale and strong SSL optimization capabilities, which appeals to the company's data center and ISP infrastructure client base. Garter expects that to continue going forward as F5 has dedicated "significant efforts" to security investments as well as an overall security-focused road map.

Cautions: Gartner said competitors do not really view F5 as a threat and it "does not appear" on client short lists unless they are already running the vendor's technology. What's missing is entry-level appliances for branch offices as well as a stand-alone Internet-facing firewall option, Gartner said, though it also cautioned against the vendor's efforts to expand its feature set as it could hurt its product depth.

Niche Player: AhnLab

Based in South Korea, AhnLab has seen wins in its home geography. The company has a long history in the antivirus software market, but also has firewalls, IPSs and advanced threat solutions. Because of the company's limited geographical reach and a general focus on endpoint security over building leading firewall solutions, Gartner named the vendor a Niche Player in the enterprise network firewall market.


Strengths: Gartner said AhnLab has particular market share strength in South Korea, where the vendor is based. Gartner praised its "very broad" product range that allows clients to add network firewalls onto an existing vendor relationship for endpoint products.

Cautions: Gartner said AhnLab was "not listed by any vendor we surveyed as a significant enterprise competitive threat." Technical cautions for the vendor included a lack of virtual firewall models, no integration of malware detection and not allowing multiple enterprise administrators to make rule changes.

Niche Player: Hewlett-Packard

HP offers two lines of enterprise network firewalls: TippingPoint Next-Generation Firewall and F5000 and F1000. Gartner said that HP "has the potential to be a disruptive influence and a market challenger through continued product advancement and utilization of the HP channel," but remains a Niche Player for the time being as it has yet to get its firewall product on many client short lists.


Strengths: Part of HP's strength is its wide reach in the market, Gartner said, with the "most mentioned" reason for choosing an HP firewall was the customer "already having other HP security products." Beyond that, Gartner said the vendor's next generation firewall was the most highly ranked for user satisfaction around IPS and because the company's broad range of options sped up deployments.

Cautions: While HP has traction with incumbent customers, Gartner said HP has proven "slow to execute" on its road map, making new customers hesitant to try out an unproven product. Gartner said it has also seen the vendor trending toward "re-emphasizing standalone IPSs over firewalls" as it faces headwinds in the firewall market, a trend Gartner recommended customers watch closely.

Niche Player: Stormshield

Formed by the merger of Arkoon and Netasq under parent company Airbus, Stormshield has a long history of providing network security solutions to the French and European markets. The vendor's product line include nine network security appliances, including UTM systems and enterprise firewalls with integrated IPSs and vulnerability management. Gartner named Stormshield as a Niche Player because of its narrow geographical focus on the European market.


Strengths: Focused in Europe, Gartner says, Stormshield is seen as having a leg up on sales to EU governments and agencies who are "EU Restricted," and the researcher sees credibility added by the company's Airbus ownership. The research company also praised Stormshield's execution on its product road map and wide range of virtual and AWS-based instances for hybrid environments.

Cautions: As with some of the other Niche Players, Stormshield has a very narrow geographical focus, with its market reach focused around EMEA, and for that reason doesn’t make Gartner client short lists. Gartner also cautioned that the company's more than 36 models "may stress Stormshield's R&S resources and its ability to execute" on its technology road maps.

Niche Player: Sangfor

Sangfor is one of the newer vendors in the market, launching in 2000 and rolling out its enterprise firewall product line in 2011. The company is based in Shenzhen, China, and operates mostly in that region. Gartner named the company a Niche Player because of its narrow geographic footprint and serves a smaller subset of the enterprise firewall market.


Strengths: Gartner said Sangfor shines in ease of implementation, security reporting, price and performance.

Cautions: As with other geographical players, Gartner said Sangfor isn't seen making client short lists outside of the Chinese market. Gartner said the technology is also newer to market than some of its more established competitors, making some features unproven in the market.