The CF List: 20 Next-Gen Firewall Security Providers You Should Know
Demand for NGFWs and other security appliances remains high.
![Twenty, 20, SD-WAN providers Twenty, 20, SD-WAN providers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Eric Hanselman of 451 Research and David Holmes of Forrester cited Barracuda Networks as a top NGFW provider. Barracuda CloudGen Firewall protects cloud-connected users, network workloads and devices wherever they reside.
Holmes said Barracuda has a good road map as it tries to move upward in the enterprise firewall market.
Bitdefender’s firewall adds an extra layer of protection by blocking inbound and outbound unauthorized connection attempts, both on local networks and on the internet. In July, Bitdefender rolled out eXtended EDR (XEDR) with the addition of analytics and cross-endpoint security event correlation to Bitdefender Endpoint Detection and Response (EDR) and GravityZone Ultra, the company’s unified endpoint prevention, detection and response and risk analytics platform.
Cato Networks is a new competitor that’s taking full advantage of the shift to a cloud-delivered security model, Holmes said. Cato Cloud aggregates all enterprise traffic across data centers, branches, mobile users and cloud infrastructure into a cloud network with built-in NGFW. Cato enforces application-aware corporate security policy for WAN-and internet-bound traffic.
Hanselman, Holmes and Omdia’s Eric Parizo said Check Point Software Technologies is a top NGFW provider. Forrester’s 2020 Enterprise Firewall Wave ranks Check Point among vendors who perform well and have significant market presence.
“The cutting-edge firewalls acknowledge and leverage that many of the security capabilities like URL filtering and DNS filtering should be cloud-delivered,” Holmes said. “Cloud-delivered security capabilities, consumed as a service, are the larger trend and of intense interest by clients we talk to.”
Hanselman, Holmes and Parizo cited Cisco as a top NGFW contender. Forrester’s 2020 Enterprise Firewall Wave ranks Cisco FTD (now Secure Firewall) among vendors who perform well and have significant market presence.
“Legacy leaders Cisco and Check Point remain competitive, but they’re now staring up at Fortinet and Palo Alto Networks in the revenue standings,” Parizo said.
Hanselman, Holmes and Parizo cited Forcepoint among top competitors. Through a single console, Forcepoint NGFW enables security teams to deploy, monitor and update thousands of firewalls, VPNs and IPSs, whether in-house or via an MSP.
“The greatest change in the firewall market is the dispersal of more sophisticated firewall functionality into cloud and virtual networking offerings,” Hanselman said. “Being able to put firewall functionality closer to the assets that they protect can increase performance and provide more granular control.”
Hanselman, Holmes and Parizo said Fortinet is a top NGFW vendor. Forrester’s 2020 Enterprise Firewall Wave ranks Fortinet FortiGate among vendors that perform well and have significant market presence. Parizo said Fortinet is one of the biggest and hungriest players.
FortiGate delivers enterprise-class security, prevents ransomware, delivers hyperscale and enables work-from-anywhere with built-in zero trust network access (ZTNA) and SD-WAN capabilities.
“Fortinet has grown due largely to its consistently strong packet-processing performance, powered by its custom, self-manufacturer, application-specific integrated circuit (ASIC) processors,” Parizo said.
IMARC Group cites India vendor GajShield Infotech among key NGFW players. It has deployed more than 10,000 firewalls spread across geographic regions in India, Europe, the United States, the Middle East, Africa, Australia, New Zealand and Southeast Asia.
Hanselman said Hillstone Networks is a top NGFW provider. With 20,000 global customers, Hillstone’s product suite includes NGFW, breach detection, SD-WAN, as well as virtual machine (VM) and cloud security.
“To a greater extent than in other areas in the security marketplace, managed service offerings for firewalls are seeing greater uptake,” he said. “Persistent staffing and skills shortages are making managed services more attractive.”
Holmes said Hillstone is one to watch in APAC.
Holmes cited Huawei among prominent NGFW vendors. Huawei’s USG6700E series NGFWs are designed for next-generation data centers and large enterprise campuses. They provide NGFW capabilities and collaborate with other security devices to defend against network threats, enhance border detection capabilities and resolve performance deterioration problems.
Hanselman, Holmes and Parizo said Juniper Networks is a top NGFW contender. Juniper’s NGFW services provide an array of cyber defenses that work together to reduce the attack surface. With the SRX Series firewall at their foundation, NGFW services deliver integrated threat protection with application awareness, user identity, and content inspection with throughput and scalability.
“Juniper has newly energized capability after having seemed dormant in the security market for years,” Holmes said.
Netskope is a new competitor that’s taking full advantage of the shift to a cloud-delivered security model, Holmes said. Earlier this month, Netskope announced Cloud Exchange, a suite of integration modules from Netskope and strategic partners aimed at making customers’ existing security infrastructure more efficient at stopping cloud security threats. Cloud Exchange enables cloud-based data and intelligence sharing across security and IT operations teams, helping those teams act faster and more effectively.
Hanselman, Holmes and Parizo cited Palo Alto Networks as a top NGFW provider. Forrester’s 2020 Enterprise Firewall Wave ranks Palo Alto Networks among vendors who perform well and have significant market presence. And Parizo said it’s one of the biggest and hungriest players.
“Palo Alto Networks quickly rose on the popularity of its tightly integrated NGFW and cloud-based malware sandboxing, a combination it still employs today alongside many other cloud-delivered capabilities,” Parizo said.
Holmes said Qi-AnXin is one to watch in APAC. Its NGFW can respond to traditional network attacks and advanced threats. It can be widely used in the business network boundaries of various enterprises and organizations to achieve network security domain isolation, refined access control and increased efficiency.
Holmes said Sangfor Technologies is one to watch in the APAC market. Sangfor’s NGFW is a network firewall security device designed to filter and inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network.
Holmes said SonicWall is a noteworthy NGFW provider. The SonicWall Network Security Appliance (NSA) NGFW series integrates the company’s multi-engine capture advanced threat protection (ATP) service and real-time deep memory inspection (RTDMI) technology to detect and block threats by inspecting deeply in memory.
Hanselman and Holmes cited Sophos as a noteworthy contender. Holmes said Sophos has a good roadmap as it tries to move upward in the enterprise firewall market.
The newest version of the Sophos XG Firewall adds synchronized app control, which identifies, classifies and enables the control of all previously unknown applications active on the network.
Part of Versa Networks‘ secure access service edge (SASE), Versa NGFW includes decryption capabilities that perform macro and micro segmentation, in addition to full multitenancy, providing complete protection inside, outside and along the border of the enterprise.
Versa enables the identification of users, flows, packets and applications while establishing, monitoring and adjusting security and network policies based on threats, vulnerabilities and changes in the network environment.
Parizo said VMware is now delivering componentized network security services like firewalling, intrusion detection and prevention system (IDPS), dynamic file analysis and others within its NSX platform. That means instead of one or a series of virtual firewalls at the perimeter of east-west intra-data center networks, each application can have its own built-in network security stack.
“In a relatively short time in the market, VMware is seeing strong success with this approach, and Omdia believes it will significantly disrupt the overall network security appliance market, including NGFW, especially once other platform players like Microsoft and IBM follow suit,” he said. “The NGFW vendors need to be prepared for it and have a competitive response.”
Holmes cited WatchGuard Technologies as a top NGFW provider. Last month, WatchGuard released its new Firebox M290, M390, M590 and M690 unified threat management appliances. The new firewalls deliver increased security and faster performance, with the processing power to handle encrypted and HTTPS traffic.
Holmes cited WatchGuard Technologies as a top NGFW provider. Last month, WatchGuard released its new Firebox M290, M390, M590 and M690 unified threat management appliances. The new firewalls deliver increased security and faster performance, with the processing power to handle encrypted and HTTPS traffic.
Demand remains high for all security appliances, but especially for next-generation firewall (NGFW). It’s the linchpin of most enterprise buyers’ network security strategies.
That’s according to the Omdia Cybersecurity Network Security Appliances & Software Market Tracker – 2Q21 Analysis. Worldwide network security appliance and software revenue for the second quarter of 2021 was $2.83 billion. That’s up nearly 2% quarter over quarter and nearly 11% year over year.
A traditional firewall typically provides inspection of incoming and outgoing network traffic. However, NGFW security includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.
According to Mordor Intelligence, the global NGFW market was worth $2.8 billion in 2020 and should exceed $5.5 billion by 2026. As more electronic devices become interconnected, the IoT trend is increasing. This has given rise to the protection of network infrastructure.
Our latest CF List focuses on NGFW security. Analysts with Omdia, S&P Global Market Intelligence and Forrester weighed in on NGFW market trends and what it takes to be a successful provider.
Biggest Firewall Shifts
Eric Hanselman is chief analyst with 451 Research, part of S&P Global Market Intelligence.
451 Research’s Eric Hanselman
“The biggest shift in firewalls is the ability to operate across multiple platforms and in different forms,” he said. “All of the major vendors have the ability to extend across on-premises and cloudy environments. The differentiating points are around management capabilities and the level of operational simplicity for hybrid deployments. With the pandemic-driven shift to greater levels of remote work, remote access is receiving much more attention. And branch office-friendly capabilities, such as SD WAN functionality, have become requirements, rather than options.”
Enhanced security is driven by the ability to integrate greater levels of context, Hanselman said.
“NGFWs were originally differentiated by their ability to bring application context into security management,” he said. “Today, the ability to integrate real-time threat feeds for things like DNS reputation and the extent of identity integration are the keys to building context to defend against ransomware and more sophisticated attackers. Expanding the capabilities of evaluating network-transferred files with enhanced sandboxing is also an area where vendors are looking to differentiate themselves.”
More Requirements
Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. He said even with distributed IT environments, the death of the traditional enterprise perimeter “has been greatly overhyped.”
Omdia’s Eric Parizo
“Organizations still need to inspect inbound traffic (and, ideally, outbound traffic, too) at the network perimeter, as well as maintain detailed network traffic policies and the ability to apply controls,” he said. “NGFWs remain perfectly suited to perform all of these functions.”
Not long ago, NGFW was all about the ability to inspect level 7 or application traffic, including encrypted traffic, as well as employ all the other services such as anti-malware, intrusion prevention system (IPS) and more at line speed, Parizo said.
“But now it’s about more than performance,” he said. “It’s about being able to deliver these solutions in all settings, data centers, edge networks, branch offices and event hybrid cloud/east-west environments with consistent capabilities, single-pane-of-glass management, and unified policy, regardless of form factor.”
When it comes to the most effective NGFW, it’s all about accomplishing that tricky balancing act, Parizo said.
“[That’s] identifying anomalous (and thereby likely malicious) traffic that should be interrupted, but not disrupting unusual, but necessary business traffic,” he said. “The more bad traffic an enterprise can prevent at the network perimeter, wherever that may be, the less bad activity it has to detect and respond to after the threat actors get inside. The NGFW is equally important in this way from both tactical and strategic perspectives.”
New Terminology
David Holmes is senior analyst at Forrester.
Forrester’s David Holmes
“We’re moving away from the term NGFW as that term is now 13 years old,” he said. “We refer to them as just enterprise firewalls because regardless of the name, this is what the modern enterprise should be using.”
An enterprise firewall is a layer 7 firewall, capable of decrypting traffic at scale, identifying users and applications, applying policy to both, and providing inline inspection and analysis for all, Holmes said.
We’ve compiled a list, in alphabetical order, of 20 top NGFW providers. It’s based on analysts’ feedback and recent news reports. The list is by no means complete. It includes a mix of well-known providers as well as lesser-known ones making strides in NGFW.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like