Vendor Landscape: Next Generation Firewall - WatchGuard

3m ago
9 Views
0 Downloads
1.41 MB
49 Pages
Last View : 11d ago
Last Download : n/a
Upload by : Oscar Steel
Share:
Transcription

Vendor Landscape: Next Generation FirewallContinued consolidation of capabilities means high performing products.Vendor Landscape: NGFWInfo-Tech Research Group, Inc. Is a global leader in providing IT research and advice.Info-Tech’s products and services combine actionable insight and relevant advice withready-to-use tools and templates that cover the full spectrum of IT concerns. 1997-2014 Info-Tech Research Group Inc.Info-Tech Research Group1

IntroductionNetwork security is still a high priority for organizations; the right perimetermeans more threats stay outside and sensitive data remains inside.This Research Is Designed For:This Research Will Help You: Enterprises seeking to select a solution for Next Understand what’s new in the NGFW market.Generation Firewall (NGFW). Their NGFW use case may include: Enterprises looking for a network perimetersecurity appliance for comprehensiveprotection of the network edge. Evaluate NGFW vendors and products for yourenterprise needs. Determine which products are most appropriatefor particular use cases and scenarios. Enterprises that have established theirnetwork perimeter NGFW strategyindependently and need guidance inevaluating available products.Vendor Landscape: NGFWInfo-Tech Research Group2

Executive summaryInfo-Tech evaluated ten competitors in the NGFW market,including the following notable performers:Champions: Dell (SonicWALL) has the full package – great features and price. Fortinet: a consistent leader in the firewall space. WatchGuard: a strong product for organizations with a strictbudget. Sophos: one of the only products evaluated with a full feature set.Value Award: WatchGuard has a highly competitive price for organizationslooking for a comprehensive product without spending the dollars.Trend Setter Award: WatchGuard: the product’s reporting functions were adifferentiator amongst other NGFWs.Info-Tech Insight1. Protect outbound data as well asinbound.Built-in Data Leakage Protection (DLP)capabilities ensures that sensitive orconfidential data is protected.2. The more traffic your firewall can see, thebetter it can protect it.Encrypted traffic can conceal threats fromfirewalls, while Wi-Fi networks provide aroute for attacks to bypass firewalls. Today’sfirewall solutions focus on controlling thesetypes of traffic.3. Capabilities should not cut down onperformance.Despite the breadth of features, NGFWshould not have a significant impact to youroverall network performance, even if youhave the capabilities fully “switched on.”Vendor Landscape: NGFWInfo-Tech Research Group3

Market overviewHow it got hereWhere it’s going Firewalls originated theoretically in the late 1980s beforebeing brought to fruition as traffic-controlling tools. NGFWs reflect a movement towards more contentaware security, combining additional capabilities on topof anti-malware and intrusion prevention, such as: Firewalls have evolved four times over from simplepacket filters (that evaluated source, destination, andprotocol) to stateful inspectors (with the capability of“remembering” the nature of ongoing communicationsand origin of the packets involved), proxies (evaluatedpacket contents, rather than just the packets), to UnifiedThreat Management systems (UTMs) or NextGeneration Firewalls (NGFWs). The last iteration – originating as the term UTM – beganintegrating capabilities such as anti-malware andintrusion prevention for a more robust firewall. While there is still debate over the semantics, UTMs arenow frequently referred to as Next Generation Firewalls.o Data Leakage Protection (DLP)o Network Access Control (NAC)o Application controlo User identity-related controlA growing number of vendors are also adding webapplication firewalling functionality. As more organizations seek out consolidated solutionsfor economical savings and resource management,NGFW will be replacing most standalone securitysolutions like DLP. Some vendors have already startedphasing out standalones this year.As the market evolves, capabilities that were once cutting edge become default and new functionalitybecomes differentiating. Intrusion prevention has become a Table Stakes capability and should no longerbe used to differentiate solutions. Instead focus on DLP and web application control to get the best fit foryour requirements.Vendor Landscape: NGFWInfo-Tech Research Group4

NGFW vendor selection / knock-out criteria: market share,mind share, and platform coverage While there is some debate over semantics regarding UTM vs. NGFW, the market remains stable, represented by longtime, experienced vendors and newer, but just as strong, competitors. For this Vendor Landscape, Info-Tech focused on those vendors that offer broad capabilities across multiple platformsand that have a strong market presence and/or reputational presence among mid and large-sized enterprises.Included in this Vendor Landscape: Barracuda. Highly competitive solution in terms of features and the space’s best kept secret. Check Point. One of the progenitors of the firewall space and still one of the most recognizable names. Cisco. The ASA firewall line remains one of the strongest solutions, coupled with Cisco’s networking market share. Dell (SonicWALL). After being acquired by Dell in 2012, it has emerged as one of the stronger solutions features-wise. Fortinet. The vendor that coined the UTM term and one of the first to incorporate enhanced capabilities. Juniper. Entered the firewall market through acquisition of NetScreen and has established a solid foothold since then. McAfee. NGFW is another piece to the security giant’s already broad portfolio of products. Palo Alto. The most recent entrant to the market of the reviewed solutions, but still offering a competitive solution. Sophos. Acquired Cyberoam in 2014 to bolster its NGFW portfolio. WatchGuard. Another vendor growing into larger markets after an early focus in the SMB space.Vendor Landscape: NGFWInfo-Tech Research Group5

NGFW criteria & weighting factorsProduct Evaluation CriteriaFeaturesThe solution provides basic and advancedfeature/functionality.UsabilityThe end-user and administrative interfaces areintuitive and offer streamlined workflow.AffordabilityImplementing and operating the solution isaffordable given the technology.ArchitectureMultiple deployment options and extensiveintegration capabilities are available.Criteria AffordabilityProduct50%Vendor Evaluation CriteriaViabilityStrategyReachChannelVendor Landscape: NGFWVendor is profitable, knowledgeable, and will bearound for the long term.Vendor is committed to the space and has afuture product and portfolio roadmap.50%VendorViability25%Vendor offers global coverage and is able to selland provide post-sales support.Vendor channel strategy is appropriate and thechannels themselves are strong.Strategy30%15%Channel30%ReachInfo-Tech Research Group6

The Info-Tech NGFW Vendor LandscapeThe zones of the LandscapeThe Info-Tech NGFW Vendor LandscapeChampions receive high scores for most evaluationcriteria and offer excellent value. They have a strongmarket presence and are usually the trend settersfor the industry.Market Pillars are established players with verystrong vendor credentials, but with more averageproduct scores.BarracudaInnovators have demonstrated innovative productstrengths that act as their competitive advantage inappealing to niche segments of the market.Emerging Players are comparatively newervendors who are starting to gain a foothold in themarketplace. They balance product and vendorattributes, though score lower relative to ophosCiscoJuniperCheck PointPalo AltoMcAfeeFor an explanation of how the Info-Tech Vendor Landscape is created, see Information Presentation – Vendor Landscape in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group7

Balance individual strengths to find the best fit for arracudaCheck Point*CiscoFortinetJuniper*Intel(McAfee)*Palo Alto*Dell(SonicWALL)SophosWatchguardLegend Exemplary Good Adequate Inadequate Poor*The vendor declined to provide pricing and publicly available pricing could not be found.For an explanation of how the Info-Tech Harvey Balls are calculated, see Information Presentation – Criteria Scores (Harvey Balls) in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group8

The Info-Tech NGFW Value IndexWhat is a Value Score?On a relative basis, WatchGuardmaintained the highest Info-Tech ValueScoreTM of the vendor group. Vendorswere indexed against WatchGuard’sperformance to provide a complete,relative view of their product offerings.ChampionThe Value Score indexes eachvendor’s product offering andbusiness strength relative to itsprice point. It does not indicatevendor ranking.Vendors that score high offer morebang-for-the-buck (e.g. features,usability, stability, etc.) than theaverage vendor, while the inverse istrue for those that score lower.Price-conscious enterprises maywish to give the Value Score moreconsideration than those who aremore focused on specificvendor/product attributes.100Average Score: 5292859080 4270 26601150 1000040302010*The vendor declined to provide pricing andpublicly available pricing could not be found.For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group9

Table Stakes represent the minimum standard; without these,a product doesn’t even get reviewedThe Table StakesFeatureWhat it is:FirewallThe solution includes a stateful inspection.VPNOffers IPSEC (for site-to-site tunnels) and SSLVPN (for remote access) options.Anti-MalwareBuilt-in perimeter anti-virus and anti-spywareprotection.IntrusionPreventionAbility to recognize and restrict inappropriateand unauthorized access.What does this mean?The products assessed in this VendorLandscapeTM meet, at the very least, therequirements outlined as Table Stakes.Many of the vendors go above and beyond theoutlined Table Stakes, some even do so inmultiple categories. This section aims tohighlight the products’ capabilities in excessof the criteria listed here.If Table Stakes are all you need from your NGFW solution, the only true differentiator for the organization isprice. Otherwise, dig deeper to find the best price to value for your needs.Vendor Landscape: NGFWInfo-Tech Research Group10

Advanced Features are the capabilities that allow for granularmarket differentiationScoring MethodologyInfo-Tech scored each vendor’s featuresoffering as a summation of its individual scoresacross the listed advanced features. Vendorswere given one point for each feature theproduct inherently provided. Some categorieswere scored on a more granular scale withvendors receiving half points.Advanced FeaturesFeatureWhat we looked for:Identity-BasedControlData LeakageProtectionNetwork AccessControlMapping of specific security policies to defineduser groups and individuals.URL FilteringApplicationControlWi-Fi NetworkControlWAN Routing &OptimizationEncrypted DataControlWeb AppFirewallingRestriction on the egress of sensitive privilegedor confidential data.Endpoint integration to ensure each connectingdevice has appropriate security.Restrictive filtering of web surfing to limitexposure to harmful and inappropriate sites.Ability to restrict, on a granular level, which webapps are allowed to run.Ensuring Wi-Fi networks have the same securitystance and abilities as the perimeter.Dynamic routing of WAN traffic backed by QoSand prioritization capabilities.Native decryption and re-encryption of SSL andSFTP traffic for thorough inspection.Ability to protect web servers against attacks likeSQL injections.For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group11

Each vendor offers a different feature set; concentrate on whatyour organization needsEvaluated FeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionBarracudaCheck PointCiscoFortinetJuniperMcAfeePalo AltoDell(SonicWALL)SophosWatchGuardLegend Feature fully present Feature partially present/pending Feature absentFor an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group12

Beyond traffic, data also deserves protection and NGFW haveincorporated such capabilitiesSolutions with either DLP, web application control, and encryption, or justweb application control and encryption, will inspect and control your data.112Enhanced inbound trafficprotectionCustomer requires DLP, web app control, & encryptionWhy Scenarios?In reviewing the products includedin each Vendor LandscapeTM,certain use cases come to theforefront. Whether those use casesare defined by applicability incertain locations, relevance forcertain industries, or as strengths indelivering a specific capability, InfoTech recognizes those use casesas Scenarios, and calls attention tothem where they exist.Customer has DLP; requires Web app control &encryptionFor an explanation of how Scenarios are determined, see Information Presentation – Scenarios in the Appendix.Vendor Landscape: NGFWInfo-Tech Research Group13

Dell (SonicWALL) is one of the best all-around solutions,along with being one of the most arters:Website:Founded:Presence:SuperMassive Series, NSASeries, TZ Series100,000Round Rock, TXdell.com1991NASDAQ:DELL3 year TCO for this solution falls into pricingtier 5, between 50,000 and 100,000 After Dell’s acquisition of SonicWALL in 2012, Dell leveraged itsexisting presence to establish a strong NGFW strategy.Strengths The Dell (SonicWALL) NGFW Series has a strong feature set,missing only NAC. The product’s interface was one of the best of the solutionsevaluated. It was interactive, featuring an attractive and usefulgeographical map to show where the firewalls were located. It alsoincluded data transfer reporting to see what it was costing theorganization by day (ideal for demonstrating producteffectiveness). Many of the offered reporting options were alsoattractive.Challenges Currently the NGFW series is only available through hardware andvirtual deployments, limiting the options organizations have fortheir NGFW. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group14

The SuperMassive, NSA, and TZ series all offer one of thestrongest feature sets in this evaluationVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput Ranges800406003040020200100TZTZTZ105/W 205/W 215/WValue Index853rd out of 10FW Throughput Ranges500NSANSA220W 250M/WGbpsMbpsSolutions range from 200 Mbps to 40 GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:The one downside to the otherwise stellar Dell (SonicWALL)’s firewalls is that they currently only offerhardware and virtual deployment options. But for organizations that want a highly competitive andaffordable solution, Dell (SonicWALL)’s firewall products are ideal choices.Vendor Landscape: NGFWInfo-Tech Research Group15

Fortinet offers a best all-around NGFW ters:Website:Founded:Presence: Fortinet helped define the UTM space with its original FortiGate.Fortinet’s firewalls still remain its strongest product, even with itsexpanded portfolio.FortiGate NGFW2,300Sunnyvale, CAfortinet.com2000NASDAQ:FTNTStrengths3 year TCO for this solution falls into pricingtier 5, between 50,000 and 100,000 Fortinet offers a wide range of deployment options: hardwareappliances, cloud-ready, multi-tenant/virtual domain options, andthrough Amazon Web Services. In today’s diverse market,organizations are looking beyond simply hardware, giving Fortineta competitive advantage. While Fortinet has only been in the space since 2000,organizations can feel confident in its overall stability and stronggrowth internationally – including support options.Challenges Fortinet’s web application firewall capability is in a separateproduct, rather than an inherent capability of the NGFW product. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group16

FortiGate NGFW is feature rich, with flexible deploymentoptionsVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput RangesFW Throughput Ranges15010008001006004005020000100D30DValue Index424th out of 10MbpsGbpsSolutions range from800 Mbps to 120 GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:Fortinet’s FortiGate solution is ideal for organizations looking for a lot of bells and whistles, along with thebudget to afford it. The solution also offers a range of deployment possibilities from cloud-ready optionsto Amazon Web Services.Vendor Landscape: NGFWInfo-Tech Research Group17

WatchGuard’s XTM series is the best bangfor any organization’s :Website:Founded:Presence: WatchGuard strongly, through no longer exclusively, focuses onthe firewalling needs of the SMB space. The company is strongand the products able.XTM Series400 Seattle, WAwatchguard.com2006Privately HeldStrengths WatchGuard’s XTM series offers the best bang-for-your-buck withan affordable price for a solid and scalable product. The XTM firewall can provide reports from different levels(executive dashboard, security dashboard, threat map, etc.), andeach dashboard includes various components that are clickable toprovide detailed event information in an attractive way – adifferentiator amongst its competitors.3 year TCO for this solution falls into pricingtier 5, between 50,000 and 100,000Challenges The XTM series is missing some key advanced features such asweb application firewalling and NAC. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group18

WatchGuard’s affordability is unprecedented in this evaluationVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceXTM 5 SeriesXTM 800 Series1543102510Value Index1001st out of 100XTM515XTM525XTM535XTM545XTM XTM XTM850 860 870GbpsGbpsWatchGuard recommended the 5 Series and the 800 Series for our pricing scenario, so the ranges are spec’d out here. The 5Series ranges from 2 Gbps to 3.5 Gbps. The 800 Series ranges from 8 bps to 14 Gbps.FeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:With a solid advanced features set and the right price, WatchGuard’s XTM series also offers goodscalability, making it a good choice for any-sized organization looking to stay within a budget.Vendor Landscape: NGFWInfo-Tech Research Group19

Sophos’ SG Series’ full feature set and high performancemakes it a rs:Website:Founded:Presence:SG Series2,200 Oxford, UK & Boston, MAsophos.com1985Privately Held Acquired NGFW company, Cyberoam, in 2014 demonstrating itsincreased focus on the firewall space, as they also transition to thehigh performance SG Series.Strengths Sophos SG Series has a full advanced features set – meaning allof the capabilities are there if you want all features (such as DLP,web application firewalling, etc.) turned on your NGFW. The SG Series interface is highly configurable for networkdefinitions, offers bandwidth control, a wide range of reportingoptions, drag-and-drop functionality for rule creation, and more.3 year TCO for this solution falls into pricingtier 6, between 100,000 and 250,000Challenges Sophos’s products are typically more expensive than othercomparable solutions; but with this solution – what you pay for iswhat you get. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group20

Sophos’ high performance SG Series demonstrates acompetitive feature setVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput Ranges3020116th out of 10SG 450SG 430SG 330SG 310Value IndexSG 2300SG 21010GbpsSolutions range from 11 Gbps to 27 GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:Sophos’ NGFW has all of the advanced features evaluated. The vendor’s one downside is that itsproducts are often on the pricier side. Organizations with the right budget, or larger organizations dealingwith a lot of data, will appreciate the comprehensiveness and performance of Sophos’ firewalls.Vendor Landscape: NGFWInfo-Tech Research Group21

Cisco users will appreciate ASA’s firewall range, with diversedeployment optionsOverviewMarket ed:Presence:ASA 5500-X Series NGFW70,000 San Jose, CAcisco.com1984NASDAQ:CSCO By virtue of leveraging its dominant networking market share,Cisco is one of the largest firewall vendors in the world.Strengths Cisco’s ASA firewalls offer an easy-to-configure dashboard, withoptions for reporting such as identity-based reporting and devicebased reporting. Despite Cisco being viewed as primarily a network vendor, itsglobal presence has created a good reputation for the ASA line,particularly for organizations that are already Cisco shops.3 year TCO for this solution falls into pricingtier 6, between 100,000 and 250,000Challenges One minor loss in terms of the firewall’s reporting functionality isthat there are no built-in templates for compliance requirementslike PCI-DSS. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group22

Cisco has a decent firewall, but tends to be more expensivethan others in the spaceVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput RangesFW Throughput Ranges1.580060014000.5200005545-X5512-X 5515-X 5525-XValue Index107th out of 10Mbps5555-XSolutions range from200 Mbps to 1.4 GbpsGbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:Cisco has leveraged its network presence to build a solid reputation for its ASA firewalls; however, lackof deployment options can turn some organizations away that are looking for virtual appliances, forexample. Regardless, Cisco-shop organizations will find the ASA solutions work well with their currentarchitecture.Vendor Landscape: NGFWInfo-Tech Research Group23

McAfee’s vendor stability can’t make up for its lack ofadvanced featuresOverviewMarket ed:Presence: Now a wholly-owned division of Intel, McAfee is the world’s largestdedicated security solutions provider. It entered the firewall marketvia its 2008 acquisition of Secure Computing.Next Generation FW7,637Santa Clara, CAmcafee.com2003NASDAQ:ITNCStrengths Viability, reach, and channel capabilities that are unparalleledmake this a vendor that enterprises can trust if they’re looking fora long-term relationship with a vendor. The management console integrates with the ePolicy Orchestrator(ePO), McAfee’s holistic management platform. It offerscentralized management of the entire McAfee stack through asingle console.The vendor declined to provide pricing, andpublicly available pricing could not be foundChallenges McAfee’s NGFW product is lacking in some key advancedfeatures such as DLP, NAC, Wi-Fi network control, and encrypteddata inspection. 1Vendor Landscape: NGFW 2.5M Info-Tech Research Group24

McAfee, despite being a security giant, is lagging behind itsfirewall competitorsVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput Ranges150100520632063202140210650103550GbpsValue IndexN/ASolutions range from 10 Gbps to 120 GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionThe vendor declined to provide pricing,and publicly available pricingcould not be found.Info-Tech Recommends:McAfee’s ePO Orchestrator and its presence in the market are its main differentiators. The ability tocentrally manage its portfolio is attractive to organizations that need that convenience. Other than that,the NGFW product is lacking key advanced features that its competitors have had for years.Vendor Landscape: NGFWInfo-Tech Research Group25

Barracuda is a great match for mid-range organizations, withits solid solution & robust rters:Website:Founded:Presence: Barracuda built its business on mid-range cost, high function spamand malware “firewalls,” and has continued to grow its portfolio. Itentered the NGFW market via its 2009 acquisition of Phion.NG Firewall1,100Campbell, CAbarracuda.com2003NYSE:CUDAStrengths3 year TCO for this solution falls into pricingtier 5, between 50,000 and 100,000 Barracuda offers one of the strongest feature sets out of thesolutions evaluated, including capabilities such as Data LeakagePrevention (DLP) and some web application firewalling through itsIPS engine. NG Firewall has great usability, with a column that shows real-timeevents and highly customizable reporting functions. The product also allows you to do a deep application dive whereadmins can actually click on the files and see exactly what theirusers had been viewing.Challenges Since entering the NGFW market a little later than othercompetitors, Barracuda has been working towards more marketshare; however, name recognition is developing. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group26

Barracuda is an underrated player with a competitive solutionVendor rd.Arch.OverallViabilityStrategyReachChannelSocial Features for Customer ServiceFW Throughput RangesFW Throughput Ranges25800206001540010200500F10Value Index922nd out of 10F280F100- F200- F-300101201301MbpsF400F600Solutions range from300 Mbps to 22.2 GbpsF800F900GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:Barracuda may not be top-of-mind when it comes to these products, but organizations are aware of itsgood reputation in the space. This NGFW solution is ideal for mid-sized organizations looking for anoption outside of their traditional choices.Vendor Landscape: NGFWInfo-Tech Research Group27

Juniper’s features set and product range make it one of themost robust solutionsOverviewEmerging ed:Presence: Juniper is a high performance networking and security company.The acquisition of NetScreen in 2004 formed the basis of itsenterprise firewall capabilities; one segment of its market-leadingsecurity portfolio.SRX9,000Sunnyvale, CAjuniper.net1996NASDAQ:JNPRStrengths3 year TCO for this solution falls into pricingtier 6, between 100,000 and 250,000 Juniper’s SRX series offers a full feature set, giving the product alot of options for organizations looking for a top-of-the-line product. Juniper’s been a fairly long-standing vendor, and despite enteringthe firewall market in 2004, has secured itself strongly in themarket with its SRX product and channel strength. Juniper’s Junos Central is an online area where customers havethe opportunity to engage in training, live webinars, etc., fosteringan educational community.Challenges Juniper has limited deployment options: only hardware andsoftware available. 1 2.5M Pricing provided by vendorVendor Landscape: NGFWInfo-Tech Research Group28

Juniper’s SRX series offers a full advanced features set forcomprehensive protectionVendor cial Features for Customer ServiceFW Throughput Ranges250200150100265th out of 10SRX5800SRX5600SRX5400SRX3600Value IndexSRX34000SRX140050GbpsSolutions range from 10 Gbps to 200 GbpsFeaturesIdentityDLPWCFApp ControlApp FWNACWi-FiWANEncryptionInfo-Tech Recommends:Organizations looking for the ability to turn on all NGFW features should add Juniper to their vendorshortlist. One downside is that the scalability of the range is primarily for enterprise-sized organizationsand may not appeal to mid-sized.Vendor Landscape: NGFWInfo-Tech Research Group29

Check Point continues to be the standard for firewallsOverviewEmerging ed:Presence: A long-standing competitor in the security space, Check Point’score focus has always been firewalls.Next Generation FW2,200Redwood City, CAcheckpoint.com1993NASDAQ:CHKPStrengths Name-recognition and stability are key strengths of Check Point.Organizations looking for industry standards and requiringstraightforward deployment options – hardware, software, orvirtual – will appreciate Check Point’s solid presence in themarket. Check Point’s software blade architecture can provide someorganizations with the flexibility they are looking for, with eachcapability existing as an add-on blade.The vendor declined to provide pricing, andpublicly available pricing could not be foundChallenges While it is one of its strengths, some users have reviewed thesoftware blade architecture as clunky and confusing. Despite being one of the first firewall providers, Check Point hasbeen lacking innovation in the space for a few years. 1Vendor Landscape: NGFW 2.5M Info-Tech Research Group30

Check Point offers some scalability and v

Fortinet: a consistent leader in the firewall space. WatchGuard: a strong product for organizations with a strict budget. Sophos: one of the only products evaluated with a full feature set. Value Award: WatchGuard has a highly competitive price for organizations looking