firewall vendor landscape: the top eight...
TRANSCRIPT
Firewall Vendor Landscape: The Top Eight Vendors Publish Date: July 28, 2009
Firewalls are a security necessity in today’s business world. They serve to protect the enterprise network from a host of threats. Use this vendor landscape to gain an understanding of the leading firewall vendors and the key criteria on which to focus when choosing a new firewall for the enterprise.
© 1998-2009 Info-Tech Research Group
About this research note:
Product Comparison notes provide a detailed, head-to-head, analytical comparison of products in a given market in order to simplify the selection process.
www.infotech.com
Executive Summary Info-Tech has identified three key areas to consider when evaluating firewalls:
» System architecture.
» System throughput.
» System management.
The top eight firewall vendors have been evaluated and grouped into three categories: Leaders, Competitors, and Followers. These groupings are based on specific rankings in the three evaluation categories plus how well suited the vendors and products are to mid-sized enterprises.
Product Comparison 2 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Industry Overview The firewall industry is a mature one where both feature and market consolidation is rampant. It is nearly impossible to buy a firewall on its own anymore. Firewalls are now considered to be Unified Threat Management (UTM) appliances due to the inclusion of security features such as anti-malware, intrusion prevention and detection, and content filtering.
The shift from regular firewalls to UTM appliances has forced vendors to add more features to their products to remain competitive, hence the high number of acquisitions in the industry. Having multiple security features included with firewalls results in seamless communication and interaction between all of the products, potentially resulting in higher levels of security than would be present in security environments with distinct solutions.
Key Evaluation Criteria There are three main categories of criteria that IT must consider when selecting a firewall:
1. System Architecture
2. System Throughput
3. System Management
For more information on these criteria, refer to the ITA Premium research brief, “Firewall Fundamentals to Consider When Upgrading.”
System Architecture » Type of firewall. Firewalls can be stateful, application layer, or both:
− Stateful firewall. This type of firewall keeps track of the traffic as it traverses the network gateway. Transmission information is checked and all packets that belong to a checked transmission are allowed to pass.
− Application-layer firewall/proxy firewall. This type of firewall scrutinizes each packet of a communication, examining not only the headers, but also the packet contents. Once a packet has been checked, a copy is made and forwarded to the intended destination while the original is discarded.
» Integrated capabilities. Many of the integrated capabilities that are packaged with firewalls can also be purchased as distinct solutions. When the integrated features of a firewall are used, rather than distinct solutions, the overall security of the system is improved since there will be a higher level of seamless communication and efficiency in the security system.
Product Comparison 3 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
» Software or hardware firewall. A hardware or appliance-based firewall is essentially a dedicated server that comes pre-loaded with the vendor’s software. Conversely, a software-based firewall requires that the company purchase the necessary hardware component separately. Hardware-based firewalls are fully compatible with the software loaded on them and are generally easier to manage and maintain.
System Throughput » Maximum firewall throughput. Firewall throughputs can range anywhere from under 100 Mbps
to over 4 Gbps. Be sure to choose a firewall throughput that best serves the organization’s current and future needs.
» Degraded firewall throughput. The effect of turning on integrated capabilities such as VPN, anti-virus software, and intrusion prevention systems (IPS) generally results in throughput degradation.
System Management » User interface. Two types of user interfaces are available: Graphic User Interfaces (GUI) or
Command Line Interfaces (CLI). GUIs allow users to manipulate the firewall using a familiar visual representation of folders and desktop structure, whereas CLIs allow users to manipulate the firewall using a specified command language in a text only interface. It is common for firewalls to offer both CLI and GUI; however, some have one or the other.
» Nature of console. There are three types of consoles that can be used with firewalls:
− Device consoles. Supports the firewall only.
− Vendor consoles. Supports the firewall as well as other vendor systems.
− Third-party consoles. Vendor neutral management consoles such as HP Software (previously HP OpenView), CA Unicenter, Altiris, and Tivoli.
Vendor Scorecard This vendor landscape takes a look at eight prominent firewall vendors. To be evaluated, each firewall has to have approximately 400 Mbps to 1 Gpbs of stateful throughput; anything more or less than this range is considered unsuitable for mid-sized enterprises. The rankings below are meant only as a guide; fully consider all options before choosing a firewall for the organization.
Product Comparison 4 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
To determine the leaders, competitors, and followers in the industry, Info-Tech compared vendor performance in three key areas:
» Company strength. A combination of vendor stability, market share, and focus on mid-sized enterprises.
» Features. The appropriateness of the amount and type of features offered to mid-sized enterprises.
» Affordability. Product prices among the vendors.
Refer to Figure 1 for the vendor ranking breakdown.
Figure 1. Vendor Rankings for Mid-Sized Companies*
Source: Info-Tech Research Group
Vendor Company Strength Features Affordability Vendor
Ranking
IBM ISS Proventia High Medium High Leader
Secure Computing (McAfee)
Medium High High Leader
SonicWALL Medium Medium High Leader
Fortinet Medium High Low Competitor
Check Point Software Technologies
Medium Medium Medium Competitor
Juniper Networks Medium Medium Medium Competitor
Cisco Systems High Low Low Follower
Palo Alto Networks Low High Low Follower
*Rankings include leader, competitor, and follower.
Product Comparison 5 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Leader Landscape IBM
Company Strength Features Affordability Vendor Score
High Medium High 8
Figure 2. IBM ISS Proventia Series Comparison Chart
Source: Info-Tech Research Group
Vendor IBM
Year Founded: 1924
Number of Employees: 386,558
Company Type: Public
Vendor Market Stability
2008 Sales: $103.6 Billion
Series Name ISS Proventia
Model MX4006
Protection Architecture
Stateful Firewall Yes
Application Layer Firewall No
Integrated VPN Capabilities Yes (250 tunnels)
Integrated IPS Yes
Integrated Anti-Malware Functionality
Yes
Product Comparison 6 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 2. IBM ISS Proventia Series Comparison Chart (Continued)
Integrated Content Filtering Yes
Hardware or Software-Based Hardware-Based
Throughput
Maximum Stateful Firewall Throughput
600 Mbps
Maximum Application Firewall Throughput
N/A
IPS Throughput 450 Mbps
VPN Throughput 170 Mbps
Anti-Virus Throughput 120 Mbps
System Management
User Interface GUI and CLI
Console Type Vendor Console
Info-Tech Insight
The IBM ISS Proventia Series is a well priced, feature-rich firewall series. It includes features such as anti-virus, anti-spam, Web filtering, and spyware blocking, which many vendors charge for separately or on a subscription basis. When considering the ISS Proventia Series, companies need to bear in mind that the maximum firewall throughputs are degraded by switching on the included security features.
Key Points
Pros Cons
The acquisition of ISS by IBM resulted in an enhancement of the security products offered by IBM.
No application layer firewall is available in the ISS Proventia series.
Product Comparison 7 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Secure Computing (McAfee)
Company Strength Features Affordability Vendor Score
Medium High High 8
Figure 3. Secure Computing Sidewinder Series Comparison Chart
Source: Info-Tech Research Group
Vendor Secure Computing (McAfee)
Year Founded: Secure Computing: 1989 / McAfee: 1987
Number of Employees: 971 / 4250
Company Type: Public / Public
Vendor Market Stability (Secure Computing/McAfee)
2007 Sales: $237.9 Million / $1.3 Billion
Series Name Sidewinder
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Protection Architecture
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Stateful Firewall Yes Yes Yes
Application Layer Firewall Yes Yes Yes
Integrated VPN Capabilities (PPTP/IPSec Tunnels)
Yes (unlisted number of tunnels)
Yes (unlisted number of tunnels)
Yes (unlisted number of tunnels)
Integrated IPS Yes Yes Yes
Integrated Anti-Malware Functionality
Available Available Available
Product Comparison 8 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 3. Secure Computing Sidewinder Series Comparison Chart (Continued)
Protection Architecture (Continued)
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Integrated Content Filtering Available Available Available
Hardware or Software-Based Hardware-Based Hardware-Based Hardware-Based
Throughput
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Maximum Stateful Firewall Throughput
170 Mbps 250 Mbps 600 Mbps
Maximum Application Firewall Throughput
140 Mbps 230 Mbps 250 Mbps
IPS Throughput Unlisted Unlisted Unlisted
VPN Throughput 80 Mbps 160 Mbps 160 Mbps
Anti-Virus Throughput Unlisted Unlisted Unlisted
System Management
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
User Interface GUI and CLI GUI and CLI GUI and CLI
Console Type Vendor Console Vendor Console Vendor Console
Info-Tech Insight
McAfee has recently been involved in a number of acquisitions, the most recent being that of Secure Computing in 2008. Through this acquisition, McAfee intends to broaden its firewall offerings. The Sidewinder series offers mid-sized enterprises many choices at competitive prices. One potential concern with McAfee and Secure Computing is that the total number of firewall models offered seems excessive. Since all of the available models will not use the same components and parts, if a company purchases a low selling model from the vendor, it may run into problems in the future if that model is discontinued and it requires a part or component for repairs.
Product Comparison 9 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Key Points
Pros Cons
Secure Computing has a strong focus on mid-sized enterprises and offers a wide range of security products and options to best suit their needs.
Secure Computing was only just acquired by McAfee. Since this occurred fairly recently, both companies may potentially experience some growing pains in the future.
SonicWALL
Company Strength Features Affordability Vendor Score
Medium Medium High 7
Figure 4. SonicWALL NSA Series Comparison Chart
Source: Info-Tech Research Group
Vendor SonicWALL
Year Founded: 1991
Number of Employees: 700
Company Type: Public
Vendor Market Stability
2007 Sales: $199.2 Million
Series Name NSA Series
Models NSA 240 NSA 2400
Product Comparison 10 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 4. SonicWALL NSA Series Comparison Chart (Continued)
Protection Architecture
Models NSA 240 NSA 2400
Stateful Firewall Yes Yes
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes Yes
Integrated IPS Available Available
Integrated Anti-Malware Functionality
Available Available
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Throughput
Models NSA 240 NSA 2400
Maximum Stateful Firewall Throughput
600 Mbps 775 Mbps
Maximum Application Firewall Throughput
Unlisted Unlisted
IPS Throughput 195 Mbps 275 Mbps
VPN Throughput 150 Mbps 300 Mbps
Anti-Virus (plus UTM suite) Throughput
115 Mbps 160 Mbps
Product Comparison 11 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 4. SonicWALL NSA Series Comparison Chart (Continued)
System Management
Models NSA 240 NSA 2400
User Interface GUI GUI
Console Type Third Party Management Console
Third Party Management Console
Info-Tech Insight
The SonicWALL NSA 240 and NSA 2400 models are highly customizable, allowing organizations to subscribe to various UTM functionalities. The models in the NSA series are offered at affordable price points – likely because additional features such as anti-virus, anti-spyware, and content filtering are available only through subscription, resulting in additional costs.
Key Points
Pros Cons
SonicWALL offers products that are well tailored for use by small and mid-sized enterprises.
The company is shifting its focus from small and mid-sized enterprises to larger organizations and carriers. This may have negative implications for smaller enterprises.
Competitor Landscape Fortinet
Company Strength Features Affordability Vendor Score
Medium High Low 6
Product Comparison 12 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 5. Fortinet FortiGate 300-800 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Fortinet
Year Founded: 2000
Number of Employees: 1000+
Company Type: Private
Vendor Market Stability
2007 Sales: $150 M
Series Name Fortinet 200-800 Series
Models 300A 400A 500A 800/800F
Protection Architecture
Models 300A 400A 500A 800/800F
Stateful Firewall Yes Yes Yes Yes
Application Layer Firewall Yes Yes Yes Yes
Integrated VPN Capabilities Yes (1500 tunnels)
Yes (2000 tunnels)
Yes (3000 tunnels)
Yes (3000 tunnels)
Integrated IPS Yes Yes Yes Yes
Integrated Anti-Malware Functionality
Yes Yes Yes Yes
Integrated Content Filtering Yes Yes Yes Yes
Hardware or Software-Based Hardware-Based
Hardware-Based
Hardware-Based
Hardware-Based
Product Comparison 13 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 5. Fortinet FortiGate 300-800 Series Comparison Chart (Continued)
Throughput
Models 300A 400A 500A 800/800F
Maximum Stateful Firewall Throughput
400 Mbps 500 Mbps 600 Mbps 1000 Mbps
Maximum Application Firewall Throughput
Unlisted Unlisted Unlisted Unlisted
IPS Throughput 200 Mbps 300 Mbps 400 Mbps 600 Mbps
VPN Throughput 120 Mbps 140 Mbps 150 Mbps 200 Mbps
Anti-Virus Throughput 70 Mbps 100 Mbps 120 Mbps 150 Mbps
System Management
Models 300A 400A 500A 800/800F
User Interface GUI GUI GUI GUI
Console Type Vendor Console
Vendor Console
Vendor Console
Vendor Console
Info-Tech Insight
The Fortinet FortiGate 200-800 series is aimed specifically at enterprises that are mid-sized or larger and offers plenty of choices. On the medium to high end of the pricing scale, the series comes with the full suite of security features that small and mid-sized enterprises require: anti-virus, Web filtering, anti-spam, and IPS software. While these features are included in-the-box, enterprises will have to pay a subscription fee to keep the feature signatures up to date.
Key Points
Pros Cons
Fortinet offers a wide selection of firewall and UTM products and has strong in-house technological capabilities.
Fortinet products are very expensive for most mid-sized enterprises.
Product Comparison 14 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Check Point Software Technologies
Company Strength Features Affordability Vendor Score
Medium Medium Medium 6
Figure 6. Check Point Software Technologies UTM-1 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Check Point Software Technologies
Year Founded: 1993
Number of Employees: 1800
Company Type: Public
Vendor Market Stability
2007 Sales: $730.9 Million
Series Name UTM-1
Models UTM-1 270 UTM-1 570
Protection Architecture
Models UTM-1 270 UTM-1 570
Stateful Firewall Yes Yes
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (tunnels unlisted) Yes (tunnels unlisted)
Integrated IPS No No
Integrated Anti-Malware Functionality
Yes Yes
Integrated Content Filtering Yes Yes
Hardware or Software-Based Hardware-Based Hardware-Based
Product Comparison 15 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 6. Check Point Software Technologies UTM-1 Series Comparison Chart (Continued)
Throughput
Models UTM-1 270 UTM-1 570
Maximum Stateful Firewall Throughput
Unlisted Unlisted
Maximum Application Firewall Throughput
400 Mbps 1100 Mbps
IPS Throughput N/A N/A
VPN Throughput 100 Mbps 250 Mbps
Anti-Virus Throughput Unlisted Unlisted
System Management
Models UTM-1 270 UTM-1 570
User Interface GUI and CLI GUI and CLI
Console Type Vendor Console Vendor Console
Info-Tech Insight
Check Point Software Technologies is a well recognized Internet security software vendor. The UTM-1 270 and UTM-1 570, the models best suited to the mid-sized market, are reasonably priced for these companies. However, in the UTM-1 series, unified threat management is not included in the suite by default. In order to get full UTM protection, companies must subscribe to the UTM suite.
Key Points
Pros Cons
Check Point Software Technologies is a strong company with good technological backing behind all of its firewall products.
The company on the whole has a poor focus on small and mid-sized enterprises.
Product Comparison 16 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Juniper Networks
Company Strength Features Affordability Vendor Score
Medium Medium Medium 6
Figure 7. Juniper SSG Series Comparison Chart
Source: Info-Tech Research Group
Vendor Juniper Networks
Year Founded: 1996
Number of Employees: 5800+
Company Type: Public
Vendor Market Stability
2008 Sales: $3.6 Billion
Series Name SSG Series
Models SSG 140 SSG320M/ SSG350M
SSG 520/ SSG 520M
SSG 550/ SSG 550M
Protection Architecture
Models SSG 140 SSG320M/ SSG350M
SSG 520/ SSG 520M
SSG 550/ SSG 550M
Stateful Firewall Yes Yes Yes Yes
Application Layer Firewall Yes Yes Yes Yes
Integrated VPN Capabilities Yes (150 tunnels)
Yes (250/350 tunnels)
Yes (500 tunnels)
Yes (1000 tunnels)
Integrated IPS No* No* No* No*
Integrated Anti-Malware Functionality
Yes Yes Yes Yes
Product Comparison 17 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 7. Juniper SSG Series Comparison Chart (Continued)
Protection Architecture (Continued)
Integrated Content Filtering Yes Yes Yes Yes
Hardware or Software-Based Hardware-Based
Hardware-Based
Hardware-Based
Hardware-Based
Throughput
Models SSG 140 SSG320M/ SSG350M
SSG 520/ SSG 520M
SSG 550/ SSG 550M
Maximum Stateful Firewall Throughput
350 Mbps 450 Mbps/ 550 Mbps
600 Mbps 1000 Mbps
Maximum Application Firewall Throughput
Unlisted Unlisted 300 Mbps 500 Mbps
IPS Throughput N/A N/A N/A N/A
VPN Throughput 100 Mbps 175 Mbps/ 225 Mbps
300 Mbps 500Mbps
Anti-Virus Throughput Unlisted Unlisted Unlisted Unlisted
System Management
Models SSG 140 SSG320M/ SSG350M
SSG 520/ SSG 520M
SSG 550/ SSG 550M
User Interface GUI GUI GUI GUI
Console Type Vendor Console
Vendor Console
Vendor Console
Vendor Console
*Listed as having integrated IPS functionality, however, this is actually deep inspection functionality.
Product Comparison 18 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Info-Tech Insight
The Juniper Networks SSG series provides many options from which to choose. Juniper is partnered with other security vendors for various aspects of the SSG series; these vendors are the best in their respective classes, thus strengthening the SSG series security protection. The SSG series does not support IPS, and while the SSG series data sheets list them as having integrated IPS functionality, it is actually deep packet inspection functionality. In other words, instead of stopping intrusions from occurring, the firewall is really just performing the role of an application firewall.
Key Points
Pros Cons
Juniper Networks is a large company with a broad product portfolio.
Juniper has very limited small and mid-sized enterprise focus due to its mandate to focus on large enterprises only.
Follower Landscape Cisco Systems
Company Strength Features Affordability Vendor Score
High Low Low 5
Figure 8. Cisco ASA 5510 Comparison Chart
Source: Info-Tech Research Group
Vendor Cisco Systems
Year Founded: 1984
Number of Employees: 61,000+
Company Type: Public
Vendor Market Stability
2008 Sales: $39.5 Billion
Series Name ASA 5500
Product Comparison 19 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 8. Cisco ASA 5510 Comparison Chart (Continued)
Models ASA 5520 ASA 5540
Protection Architecture
Models ASA 5520 ASA 5540
Stateful Firewall No No
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (750 tunnels) Yes (5000 Tunnels)
Integrated IPS Available Available
Integrated Anti-Malware Functionality
Available Available
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Throughput
Models ASA 5520 ASA 5540
Maximum Stateful Firewall Throughput N/A N/A
Maximum Application Firewall Throughput
450 Mbps 650 Mbps
IPS Throughput (Firewall and IPS Throughput)
(225/375/ 450 Mbps*) (500/ 650 Mbps*)
VPN Throughput 225 Mbps 325 Mbps
Anti-Virus Throughput Unlisted Unlisted
Product Comparison 20 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 8. Cisco ASA 5510 Comparison Chart (Continued)
System Management
Models ASA 5520 ASA 5540
User Interface CLI and GUI CLI and GUI
Console Type Vendor Console Vendor Console
* The maximum firewall and IPS throughput is determined by the type of Advanced Inspection and Prevention Security
Services Module that is installed.
Info-Tech Insight
Cisco Systems is the dominant player in the enterprise networking space. For mid-sized enterprises, the Adaptive Security Appliance (ASA) 5500 Series is available. This series offers multiple security options at the medium to high end of the pricing scale. While intrusion prevention and anti-malware are available in the ASA 5520 and 5540 models, they are not capable of running the features concurrently, forcing enterprises to choose between the two. This represents a severe limitation of the ASA series – most vendors do not impose such limitations.
Key Points
Pros Cons
Cisco Systems is a mature and reliable company, it has a large install base, and is considered to be the litmus test for the rest of the IT industry.
The available features in the ASA 5500 series are quite limited compared to the offerings of other vendors.
Palo Alto Networks
Company Strength Features Affordability Vendor Score
Low High Low 5
Product Comparison 21 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 9. Palo Alto Networks PA-2000 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Palo Alto Networks
Year Founded: 2005
Number of Employees: Unlisted
Company Type: Private
Vendor Market Stability
2008 Sales: $12 Million
Series Name PA-2000
Models PA-2020 PA-2050
Protection Architecture
Models PA-2020 PA-2050
Stateful Firewall No No
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (1000 Tunnels) Yes (2000 Tunnels)
Integrated IPS Yes Yes
Integrated Anti-Malware Functionality
Available Available
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Product Comparison 22 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Figure 9. Palo Alto Networks PA-2000 Series Comparison Chart (Continued)
Throughput
Models PA-2020 PA-2050
Maximum Stateful Firewall Throughput
N/A N/A
Maximum Application Firewall Throughput
500 Mbps 1000 Mbps
IPS Throughput 200 Mbps 500 Mbps
VPN Throughput 200 Mbps 300 Mbps
Anti-virus Throughput Unlisted Unlisted
System Management
Models PA-2020 PA-2050
User Interface CLI and GUI CLI and GUI
Console Type Vendor Console Vendor Console
Info-Tech Insight
Palo Alto Networks is a young company that was founded in 2005. The company uses its own proprietary technology in its firewalls:
» App-ID: (Patent Pending) Classifies Internet traffic by the applications that are generating it.
» User-ID: Monitors user activity by linking IP addresses to specific users and groups. This allows enterprises to monitor and regulate network traffic.
» Content-ID: Contains aspects of traditional Data Leakage Protection and Content Filtering technologies.
Palo Alto Networks PA-2000 Series is priced at the high end of the pricing range. The higher prices are perhaps due to the use of the company’s proprietary technologies in the firewalls. Palo Alto is an up-and-comer in the firewall industry; enterprises should be on the lookout for its movement both upstream and downstream in the market. For now, its products are better suited to larger companies seeking to obtain a cutting-edge UTM device.
Product Comparison 23 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com
Key Points
Pros Cons
Palo Alto proprietary firewall technologies are market leading and cutting edge.
The company currently focuses mainly on large companies, and the prices of the units are significantly higher than other firewall solutions.
Recommendations 1. Know enterprise security requirements. Before sifting through all of the firewalls available, IT
professionals must have an understanding of enterprise security requirements. Pay attention to security policy requirements and any regulatory standards that need to be met. Also, keep in mind any growth that the enterprise will experience in the future and take this into consideration in the decision process. This will help prevent enterprises from buying firewalls with too much or too little security protection and capacity.
2. Base vendor selection on company needs. Don’t base the vendor selection process solely on the rankings presented in this vendor landscape. Depending on the needs of the enterprise, different vendors will be ranked higher on the enterprise’s individual vendor scorecard. The rankings in this note are based on the average requirements of a mid-sized enterprise.
3. Consider how the TCO will be calculated. Since firewalls are not replaced very often, when performing Total Cost of Ownership calculations, use a time period of between three to five years.
Bottom Line Firewalls are a security necessity in today’s business world. They serve to protect the enterprise network from a host of threats. Use this vendor landscape to gain an understanding of the leading firewall vendors and the key criteria on which to focus when choosing a new firewall for the enterprise.
Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full
spectrum of IT concerns. Our practical approach is designed to have a clear and measurable positive impact on your organization's bottom line.
We serve over 21,000 clients at 8,000 organizations around the world. Since 1998, we have focused on making the work of IT professionals
easier - and on helping them achieve greater personal and corporate success.
More About Info-Tech
Product Comparison 24 Firewall Vendor Landscape: The Top Eight Vendors
www.infotech.com