Gartner Magic Quadrant: Enterprise Firewall Vendors To Watch

Next-Generation Firewall Vendors

Security leaders and even Gartner analysts by no means consider the research firm's Magic Quadrant the quintessential element in a business' vendor evaluation process. It may be a helpful starting point, but thorough evaluations require a firm grasp of the problem being solved, the company's priorities and wish list, solution providers tell CRN.

Every company has its own risk tolerance and cost considerations, said Skip Gould, CEO of BrightPlanIT, a Buffalo, N.Y.-based systems integrator. BrightPlanIT partners with Check Point Software Technologies and Cisco Systems, but Gould told CRN he doesn't pigeon-hole clients into any single vendor. Every engagement is unique with industry verticals at different maturity levels, he said. One company may be more interested in the highest throughput, while another wants more granular controls, he said.

CRN pulled together some of Gartner's analysis of the enterprise firewall market leaders with observations from solution providers on the state of the overall market.

Market Leaders Check Point, Palo Alto

Check Point and Palo Alto Networks held on to their market leadership positions in the 2014 Gartner Magic Quadrant for Next Generation Firewalls. Gartner rated both vendors highly for their stability, effectiveness and robust capabilities. Gartner has been critical of Check Point's high price tag and its software blade architecture, which offers many options a la carte. Palo Alto is aggressively taking on the market, but Gartner said it's also expensive and lacks a robust ecosystem.

Businesses often neglect to address their incident response requirements, security experts tell CRN. "Incident response is where the security market is heading," said Amit Yoran, a security industry veteran and general manager and senior vice president at RSA, the security division of EMC. "You should be looking for agile platforms that can address a series of challenges. You want to find the tools and technologies that harmonize in addressing your series of requirements."

Market Heavyweights Cisco, Juniper

Gartner said the firewall market grew 9 percent to $8.7 billion in 2013 and estimates it will grow another 9 percent in 2014, reaching $9.4 billion. Cisco's presence in the market with its ASA appliances is dominated by aggressive discounting for large Cisco networks and not for "vision or feature," Gartner said in its report. The research firm praised the company's support network as the primary reason behind customer loyalty. Gartner also praised Juniper Networks' various firewall models and noted its strength in high throughput and data center deployments, but said its security vision is not compelling enough to attract new customers.

Cisco has a large, viable product portfolio that attracts and maintains customers over time, said William Payne, president and CEO of East Point, Ga.-based ICP Systems, a Cisco partner in the federal market. Payne said ICP Systems has had both public and private sector wins.

HP Has Potential To Be Market Challenger, Gartner Says

HP introduced its TippingPoint next-generation firewall appliances last year, unveiling five models with inline IPS capabilities, DNS reputation, application control and deep packet inspection. Gartner gave HP strong marks for its stand-alone IPS appliances and said the company has the potential to be a disruptive influence and market challenger through its channel partners. Gartner said that the next-generation firewall appliances require certifications and third-party testing. It noted the lack of any natively built advanced threat detection capabilities that can be integrated into the devices.

HP is investing heavily in its Fortify On Demand, Arcsight and TippingPoint security portfolio, said Eli J. Kalil, vice president of HP Enterprise Security global sales channels. The company's hybrid sales model drives security deals of $100,000 or less through the channel, Kalil said.

Fortinet Wins On Value, Performance, Gartner Says

Fortinet is visible in every market segment, said Gartner. The company's appliances include models that may appeal to small businesses, where value is often the biggest consideration, or to enterprises, where its high-power, carrier-grade models address wire and line speed. Gartner praised Fortinet's research and development efforts but was critical of its ever-expanding models and its unified threat management marketing strategy.

The move to Fortinet from another vendor resulted in strong growth, said Nathan Vincent of Billings, Mont.-based NextX Communications. In a recent interview with CRN, Vincent said he liked Fortinet's strong channel philosophy and praised the support NextX Communications receives despite not being a high volume seller.

Sophos Wins With SMBs On Simplicity, Gartner Says

Sophos has signaled its intention to heavily embrace the channel following its hiring of channel veterans Michael Valentine and Kendra Krause from Fortinet along with other Fortinet channel sales and support executives. The company's vision is to bolster its unified threat management and reporting capabilities and deeply integrate it with its endpoint security, mobile and data protection software. Gartner praised the ease of installation of the Sophos unified threat management but said its integration strategy may be confusing to potential customers and erode its ability to develop new features.

Sophos' strong channel team and focus on the SMB market led Right Systems to partner with the vendor, said Julie Castronuevo, corporate inside sales manager. Right Systems is building out its security practice and said Sophos' strong network and endpoint capabilities were a good fit.

Channel Conflict Hinders Dell-SonicWall, Gartner Says

Gartner was critical of the potential channel conflict at Dell-SonicWall and said competitors have been seizing the opportunity to win away partners. The research firm said the Dell-SonicWall appliance line would be a good fit for enterprises with remote offices and retail and franchises.

Dell's mixture of direct and channel sales is not sitting well with some longtime SonicWall partners, but those with established managed services practices told CRN they have worked out a winning formula. In a recent interview with CRN, Mike Johnson, president and CEO of Dublin, Ohio-based MSP Cerdant, said the company manages about 4,000 SonicWall firewalls and it's been important to keep in contact and work with Dell sales representatives.

Intel Security Gains Clout With Stonesoft Integration, Gartner Says

Intel Security (formerly McAfee) is deeply integrating its acquisition of Finnish next-generation firewall appliance maker Stonesoft and is pushing an interconnected platform based on its endpoint software and networking and file analysis appliances to detect advanced threats and automate the remediation process. The Gartner report praised the company's threat intelligence and reputation feeds and called the Stonesoft firewall a significant improvement over competitive offerings. The research firm said the company still has a lot more engineering work to do to reduce overlapping technologies and estimated the company's firewall market share at only 2 percent.

Huawei, Hillstone Make Inroads Abroad, Gartner Says

Gartner included Chinese networking giant Huawei in its report, noting its firewall's strong presence in carrier, ISP, and cloud and service provider deployments that require high throughput. The research firm said Huawei has a strong presence in Asia-Pacific markets and is gaining attention in Europe, Middle East and Africa. Beijing-based Hillstone Networks also has gained a presence in the Gartner report. The company sells its Intelligent Next-Generation Firewall to businesses in China. The research firm said Hillstone is not yet a competitive threat elsewhere and said users have requested better features.

F5 Networks

F5 Networks indicated its interest in expanding its security presence when it hired Cisco veteran Manuel Rivelo in 2011. A year later, the company, recognized for application delivery platforms and traffic management gear, launched the Vault partner program to attract partners to its firewalls, access control, VPNs and other security products. Gartner said F5's firewall is best suited for users of the F5 Big-IP traffic management appliances because the firewalls use the same custom rules language for policies. Gartner said the F5 firewall lacked intrusion prevention features and said companies deploying it may require other vendor firewalls for use in branch offices, or segmented networks in front of the data center.