The 10 Coolest Network Security Products Of 2016

Innovation In Network Security

While the industry recently has seen a resurgence in other areas of security technology, such as endpoint, network security still remains key. Companies in network security continued to innovate throughout 2016, launching new offerings and integration that stepped up their existing offerings or expanded their portfolio into new areas. This year's list of coolest network security products includes launches from legacy vendors and startups, with new offerings to take cloud security, firewalls, Wi-Fi, advanced threat protection and more to the next level. While there are many hot new network security offerings on the market, take a look at CRN's roundup of some of the coolest of the year that are available through partners.

Sophos XG Firewall

Sophos ramped up the capabilities in its XG Firewall line in December, adding Sophos Sandstorm for zero-day ransomware and targeted threat protection, Secure Web Gateway policy enforcement, and dynamic application traffic identification. The security vendor also extended its Security Heartbeat connection with the XG Firewall, restricting traffic to and from endpoints that it detects have irregular activity, and blocks infected endpoints from communicating with other devices or servers. Sophos also added Microsoft Azure support and updated its firewall rule screen for a better user experience. The next-gen firewall offering is available on- premise or in the cloud.

Check Point Software Technologies vSEC Cloud Security

Check Point said in August that it was extending its advanced threat protection offerings to work across any cloud platform, including VMware NSX, Cisco ACI, OpenStack, Microsoft Azure and Amazon Web Services. Behind that push is Check Point's R80 security management platform, which it launched in February.

"Cyberattacks can happen anywhere across your network infrastructure, whether on-premise or off-premise," said Erez Berkner, director of product management, cloud security, in a statement at the time. "vSEC cloud security with R80 Management provides powerful threat prevention, which scales as you grow in any cloud environment. Businesses get dynamic and advanced security tailored for their needs so they can confidently host their data center applications and workloads in private, public or hybrid cloud environments."

Versa VNF

Launched from stealth last fall, Versa Networks was formed by two former top Juniper Network engineers (and brothers) to provide next-generation WAN and branch offerings for service providers and enterprises. In November, the company also added former Cisco top service provider executive Kelly Ahuja as CEO. Versa's flagship product, called Versa VNF, is what the company says is the first true software-defined security offering, using network functions virtualization capabilities to create software-defined security offerings, including DNS security, secure web gateways, next-generation firewall, anti-virus, intrusion prevention and content filtering. The company has been gaining traction for its network security technology, including being named a finalist in the RSA Conference Innovation Sandbox competition.

Cisco Digital Network Architecture

In March, Cisco launched the Digital Network Architecture (DNA), an open, software-driven, service-centric offering based on automation, virtualization, analytics, managed services and open APIs that is aimed at enabling digital business. The platform includes an automation platform and applications, an array of cloud-based management services, and network functions virtualization targeting the enterprises. Cisco also launched updates for cloud-based management, advanced malware protection and threat intelligence for Meraki appliances, network security, content filtering, security services and threat detection and complex network forensics – that all fall under DNA. Partners at the time said the launch of DNA shows Cisco recognizes the shift from hardware- to software-based security offerings at a time when it is rapidly looking to ramp up its security portfolio.

Tenable Network Security Threat Hunting

While enterprises might deploy all kinds of security offerings to protect their network, those often leave behind security gaps and blind spots. That's why Tenable Network Security launched its Threat Hunting offering in February -- to help companies proactively identify threats with integration support, active scanning, intelligent connectors, agent-based scanning, continuous listening and host activity data. The offering builds on Tenable's portfolio of network security offerings for providing visibility, analytics and vulnerability management. It fits inside Tenable's SecurityCenter Continuous View offering. Tenable has been on a high growth trajectory in 2016, with double-digit growth and the addition of former RSA President Amit Yoran as CEO (effective in January).

Symantec Advanced Threat Protection

Last fall, Symantec dove into the competitive advanced persistent threat market with the launch of Symantec Advanced Threat Protection, providing a way for solution providers and customers to detect, prioritize and remediate threats across email, endpoints and the network under a single-pane-of-glass console. The offering leverages existing Symantec technology, including its extensive threat intelligence network. It also incorporates cloud-based sandbox and detonation service Symantec Cynic for remediation, and cross-control point correlation tool Symantec Synapse for detection. It can also be deployed leveraging Symantec Endpoint Protection and Email so it can be installed without any additional agents. Symantec executives said the company is already starting to see significant traction for the ATP offering, with $100 million in deals already in the pipeline for 2017 as of May.

Fortinet Security Fabric

In April, Fortinet unveiled the Fortinet Security Fabric, a unified security platform that brings together its network security offerings into a single architecture. That includes security offerings for infrastructure, wired and wireless networks, end-user and IoT devices, access layers, public and hybrid cloud models, software-defined networks and virtualization. The products are backed up with intelligence from the FortiGuard Labs and technical integration with vendor partners. In a statement at the time, CEO Ken Xie said the Security Fabric allows companies to upgrade their security strategies to meet the digitization and technology trends, like IoT and cloud, that are affecting their businesses. Since the launch, some partners have said the Security Fabric messaging has helped them sell more Fortinet offerings to customers.


Cryptzone is a growing network security startup that provides context-aware data protection and user access for both infrastructure and applications. While the company isn't new to the market, its technology hits on an exploding market right now for data and application security, something that has led the company to significant growth in recent months and attract new executives to grow marketing, services and finances. Cryptzone has also been pushing big into the channel, adding former Dimension Data vice president Tina Gravel as channel chief and rolling out an enhanced partner program late last year. Cryptzone was acquired in November by private equity firms BC Partners and Medina Capital, who added it to a joint venture of data centers and co-location businesses it had acquired from CenturyLink and Medina's security, compliance and data analytics portfolio.

Dell SonicWall Advanced Threat Protection

SonicWall jumped into the ATP space with the Dell SonicWall Capture Advanced Threat Protection Service. The new system was SonicWall's first foray into the advanced threat protection market, providing an additional layer of protection against zero-day and advanced threats for its largely SMB customer base. SonicWall is now operating independently, part of a sale of Dell Software to private equity in June and subsequent spinout into an independent company. The ATP offering is available as an optional subscription service on top of the Dell SonicWall appliance. The product differentiates itself by offering what SonicWall says is a new take on ATP protection, lacing together three sandboxing engines (SonicWall, Lastline and VMRay) to deliver a multilayer defense approach.

WatchGuard Wi-Fi Cloud

WatchGuard looked to take on Fortinet and Cisco Meraki with a new WatchGuard Wi-Fi Cloud offering in October. The offering includes a new portfolio of cloud-ready access points, with a management platform, built-in wireless security, analytics and engagement tools. The technology also provides BYOD policy enforcement, accurate location tracking and flexible deployment options. It is aimed at small- and midsize-business customers or branch offices. WatchGuard CTO Corey Nachreiner said at the time that the wireless intrusion prevention system launch is an extension of the company's strategy to provide a "total security" platform. The offering can be sold through partners to customers who already have WatchGuard's UTM offering, or it can be sold as a stand-alone offering if clients are already using a competitive UTM solution or want to augment an existing Meraki or other cloud wireless offering.