Frost Industry Quotient (IQ): Asia- Pacific Network Firewall Vendors, 2014 Table of Contents

1. Market Definition & Scope 3 2. Market Assessment 6 Market Size and Forecasts 6 3. Industry Trends 8 Regulatory 8 Technology 9 Competition 10 4. Frost IQ Matrix: Asia-Pacific Network Firewall Vendors, 2014 14 5. Profiles of Network Firewall Vendors 15 5.1 Cisco 15 5.2 Check Point Software Technologies 16 5.3 Juniper Networks 17 5.4 Fortinet 18 5.5 Palo Alto Networks 19 5.6 Beijing TopSec Network Security Technology 20 5.7 Venustech 21 5.8 Neusoft Corporation 21 5.9 Dell SonicWall 22 5.10 WatchGuard Technologies 23 6. The Analyst Word 25 7. Frost IQ Methodology 26

2 frost.com 1. Market Definition and Scope

In recent years, the security market has evolved to take on significant challenges to combat cyber criminals. This started with reported breaches in the retail sector, with millions of email addresses and credit card credentials stolen due to advanced persistent threats. Vulnerabilities discovered in legacy SSL encryption technologies, have allowed attackers to take full advantage of these flaws. The network firewall, as the main gateway of all Internet traffic to the trusted network of an organization, thus has a greater responsibility to secure the network from a plethora of security possibilities. These include preventing threats from infiltrating the network to detecting and remediating them should a breach occur.

Frost & Sullivan defines the Network Firewall as a product that includes the firewall and/or IPSec VPN on a single platform that can be offered across different form factors (Figure 1). The firewall and IPSec VPN can be defined as:

A firewall is a system or group of systems that enforces an access control policy between networks. It includes the features of blocking and/or permitting traffic as pre-determined by the administrator. In recent years, the firewall has integrated more features within the appliance, offering more security services such as application control, web filtering and anti-malware, which belong to the integrated security appliance category. Fundamentally, the firewall solution tracked for this report should have the abilities to conduct stateful or deep packet inspection on Internet traffic, and be able to exist in either software or appliance-based form factors.

VPN, or virtual private communication network, exists within a shared or public network platform, i.e., the Internet. VPN uses a shared public infrastructure while maintaining privacy through security procedures and tunneling protocols. Internet Protocol Security (IPSec) is a common protocol used to support secure communication at the IP layer. IPSec VPNs operate at the network layer (layer three) of the Open System Interconnection (OSI) network architecture model.

frost.com 3 Figure 1: Key Network Firewall Form Factors

Network Firewall

Secure Router/ Standalone Software FW/ Integrated Switch + FW/ FW/VPN IPSec VPN Security IPsec VPN Appliance Appliance

Source: Frost & Sullivan analysis

The dynamism and heterogeneity of the modern-day network environment have contributed to the increased threat exposure faced by organizations across different industries. This has led many businesses to follow the industry trend of transforming their traditional firewalls into multifaceted security platforms that encompass a multitude of security capabilities. Figure 2 shows the relevant market segmentations in enterprise-size and industry-type covered in our research report.

4 frost.com Figure 2: Network Firewall Market Segmentation

ENTERPRISE HORIZONTALS Large Business (>500 employess) (large) Small and Medium sized Business (<500 employees) (SMB)

ENTERPRISE VERTICALS Banking, Financial Service and Insurance (BFSI) Goverment Network Manufacturing Firewall Market Education Segmentation Others (includes pharmaceuticals, retail, logistics, oil and gas, energy, mining, agriculture, IT/IT Enables Service (ITes), and Business process (BPO))

SERVICE Managed PROVIDER Internal Resell

Source: Frost & Sullivan analysis

frost.com 5 2. Market Assessment: Size and Forecast

The Asia-Pacific network firewall market (Figure 3) is expected to grow at a CAGR of 8.4% over the forecast period from 2013 to 2020, and is forecasted to reach a total market size of US$3 billion in 2020. Greenfield firewall opportunities are predicted to grow at new data centers, critical infrastructures and cloud platform requirements in the near future. This is likely to be followed by a slowdown in growth as the market matures and witnesses more renewals or upgrades of firewalls to meet higher security and throughput demands.

Across the Asia-Pacific, the retail and hospitality industries in particular, have seen a growing demand for newer, integrated firewalls offering advanced capabilities to mitigate Advanced Persistent Threats (APTs). Throughout 2014, these industry segments encountered major security breaches in the , most notably the credit card breach at US retail giant Target. This has led to rising concerns about cyber security in the Asia-Pacific market. Due to the complexity of managing distributed networks, and budgetary issues, integrated firewalls with sandboxing technologies are likely to become the preferred model in the long run. In fact, security vendors have started to incorporate these features in their existing product platforms.

The rapid evolution of the Internet of Things (IoT) is accelerating new demand for network firewalls to look at securing critical infrastructure and providing cyber security for operational systems, as they start connect to the Internet to improve overall business efficiency. Asia-Pacific countries investing heavily in the creation of new energy, manufacturing and industrial plants will also need to incorporate network firewalls as part of their design and implementation. This is to take advantage of what the Internet protocol can bring in network standardization and aid in supervisory control and data acquisition (SCADA) requirements. Form factor requirements for protecting operational technologies will thus be critical components in security design and implementation. Healthcare and transport

6 frost.com companies are also actively looking at IoT initiatives that have resulted in more network transformation requirements moving forward. High growth in these industries is expected as they source for new network security requirements to handle greater capacities in connections due to the surge of more Internet-based sensors that need to be monitored.

Robust adoption of cloud computing among enterprises, coupled with the emergence of Software-Defined Networking (SDN), are slated to herald in the next phase of form factors that network firewalls will need to adapt to, be it to offer compatibility with the latest SDN protocols, or as virtualized versions used on Network Function Virtualization (NFV) platforms. The trend towards designing and building Software-Defined Datacenters (SDDCs) will continue to be the major direction firewall vendors take to develop new products to meet market demand in the years to come.

Figure 3: Network Firewall Market Sizing and Forecast, 2013-2020 Growth Rate (%) Revenues ($ Million)

Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan analysis

frost.com 7 3. Industry Trends

Regulatory A new paradigm shift in IT security is starting to emerge as enterprises begin to accept the possibility that their organizations may be breached, even after they have invested significantly in security technologies to prevent such incidents from happening. As a result, more enterprises are looking beyond a preventive approach, to detection and remediation capabilities as part of their overall security strategy. Many are also seeking assurances in the form of having the ability to detect and remediate as soon as prevention tools fail, and a security breach occurs. To this end, a certain level of forensics, aided by the visibility provided by the network firewall, is increasingly needed to detect the root cause of the breach, as well as devise countermeasures to be implemented, to ensure the same breach does not recur. This attitudinal shift has seen more security vendors introduce products and services related to detection and remediation in their portfolios.

Regulations in the payment card industry (PCI), usually referred to as the PCI-DSS standard, have driven the retail and hospitality industries to adopt network firewalls with adequate features to meet these standards, and provide required reporting and visibility to comply with auditing requirements. Due to the nature of the industry, which requires multi-site deployments, it is observed that integrated security appliances are fast becoming the preferred choice, due to their ease of management and fast implementation. Moreover, mandating PCI-DSS has led to stronger adoption of PCI- DSS-compliant network firewalls, especially in markets where consumers are actively moving towards cashless transactions.

Recent regulations in Mainland have also shed the spotlight on cross-border sensitivities inherent in the IT security market. China’s prohibition of non-local vendor products for government and related organizations has created new challenges for global network firewall vendors, many of which are based in the US. The regulations rolled out by the Chinese government this year has seen local vendors catering to

8 frost.com requirements of Web Application Firewalls (WAFs) and combating APTs, either through technology acquisitions or in-house development of relevant security technologies for the Chinese market.

Technology Most network firewall vendors are working on technology enhancements aligned with the current trends in cloud computing, mobility, and big data. Similarly, there is an emerging focus on technology verticalization, with vendors looking to develop security solutions that are more aligned with industry-specific needs and transformation.

With enterprises aiming to get more out of their network investment outlay and simplify management in the process, various integrated firewall vendors have incorporated wireless access point controllers in the firewall appliance, and developed their own access points to be used exclusively with it. This reduces the complexity of managing a wireless network by incorporating the features into the network firewall and reducing the total cost of ownership for the organization. As enterprises move towards establishing policies that allow for BYOD (Bring Your Own Device) in their organizations, Mobile Device Management (MDM) features are increasingly being incorporated into the network firewall. In doing so, enterprises are able to ensure that security policies relating to issues such as web security and data loss protection remain active when the device leaves the corporate network or connects to a cellular network. Such an approach has witnessed high acceptance and adoption levels in verticals such as retail, hospitality and education.

More improvements in visibility and reporting on the network firewall have been observed in 2014. Most security vendors have also begun offering cloud-based reporting tools instead of the standard on-premise reporting equipment. Although they do not provide the full-fledged capabilities of a Security Incident and Event Management (SIEM) solution, the visibility tools are projected to be an easy source of information for enterprises with distributed networks to conveniently view network and Internet-related activities at various remote locations.

frost.com 9 To mitigate APTs, network firewall vendors have introduced cloud-based threat intelligence and/or sandboxing capabilities on their firewall platforms as a security service. Due to the lack of computing power required to perform an on-premise detonation of the suspected file in a virtual environment, a suspicious object can now be transmitted to the cloud for fingerprinting against known file histories. This technology is seeing rising acceptance within the SME sector given the budgetary constraints in acquiring dedicated appliances for APT mitigation. In highly-regulated sectors, however, such as government and BFSI enterprises, a dedicated on-premise sandboxing solution is still the preferred choice to scan files due to data privacy issues.

Cloud computing, fueled by the adoption of server virtualization, multi-tenant segmentation and the roll-out of virtual desktop infrastructures (VDIs), have led to the need for virtualized network firewalls in virtual machines. This has resulted in the trend of Software-Defined Data centers with network firewall vendors developing and promoting the relevant security solutions to enable companies to adopt cloud computing. Most of them have already developed virtualized network firewalls that can be used in VMware, Windows Hyper-V or Citrix Zen virtual environments.

Firewall vendors continue to work on improving throughput and number of concurrent connections to reduce bottlenecks brought about by the demands for high Internet speeds. Faster chassis-grade hardware has also been introduced to meet growing data center requirements.

Competition The top 4 network firewall vendors remain unchanged from 2013, with Cisco maintaining the lead with 21.7% of the market share, followed by Check Point Software Technologies at 19.2%, Juniper Networks at 11.9%, and Fortinet at 11.3%. Three other major US brands – Palo Alto Networks, Dell Sonicwall and WatchGuard Technologies also made the Top 10 list, contributing a total of 9.5% of the overall market share in the Asia-Pacific. China-based security vendors, TopSec, Neusoft and

10 frost.com Venustech continue to account for a sizable 8.3% share of the market, even though the majority of their revenues continue to come from the Mainland China market.

Figure 4: Asia-Pacific Network Firewall Vendors Market Share (2013)

Cisco 21.7% Check Point 19.2% Juniper 11.9% Fortinet 11.3% Palo Alto Networks 5.4% TopSec 3.6% Venustech 2.6% Neusoft 2.1% Dell SonicWall 2.1% WatchGuard 2.0% Others 18.0%

Source: Frost & Sullivan analysis

frost.com 11 Most vendors showcased in this report have developed virtualized versions of their network firewall to meet the demands in cloud computing, and cater to the fast-emerging trend of software-defined data centers. On the cloud front, network firewall vendors are also keen to offer cloud services on top of their traditional product offerings to tap into the growing demand for cloud security services. Likewise, growing enterprise interest in the areas of software-defined networks and network function virtualization have prompted many network firewall vendors to drive greater product development and marketing focus on their virtual firewall offerings. Moving forward, network firewall vendors are expected to look increasingly at aligning their solution strategy to the software-defined paradigm, particularly as enterprises seek to simplify yet enhance the intelligence of their networks.

In addition, network firewall vendors continue to develop strong product features for readiness in the IPv6 technology, to meet the requirements of telecommunication companies and service providers. The need for IPv6 readiness is particularly pertinent given that many vendors are also cognizant of emerging IoT trends on the horizon, as well as the requirements relating to the security of connected devices in the future. Network firewall vendors that are positioned in the mid-sized enterprise segment are incorporating wireless controller features as well as wireless access points that can be controlled exclusively by the firewall. Enhancements continue to be made to hardware platforms, as vendors seek to meet the needs of faster throughput demands and enterprise expectations on improved performance levels when multiple services are turned on.

Beyond the product platform, many larger network firewall vendors have introduced consulting services to complement their product offerings and provide a more holistic approach towards the security requirements of their customers. These include developing visibility reports to aid enterprises in assessing their current security posture and providing policy enhancement and risk advisory services to enable enterprises to improve on their security strategy. The promise held by big

12 frost.com data analytics in the area of IT security has also spurred network firewall vendors to either look at ways to leverage analytics to improve their reporting tools or work with analytics vendors such as Splunk to enhance their overall value proposition.

frost.com 13 4. Frost IQ Matrix: Network Firewall Vendors, 2014

Frost & Sullivan evaluated the top 10 network firewall vendors in the Asia-Pacific based on their market share performance in CY2013. Besides market share, the following criteria were also considered in the Frost IQ matrix as featured in Figure 5: • Product/service strategy • People and skills strategy • Ecosystem strategy • Business strategy

Figure 5: Frost IQ Matrix 2014 - Network Firewall Vendors

Source: Frost & Sullivan analysis

14 frost.com 5. Profiles of Network Firewall Vendors

5.1 Cisco A global leader in networking solutions, Cisco is headquartered in San Jose, California. US. As a strategic move to expand its security capabilities in 2013, the vendor successfully acquired Sourcefire Inc, an industry-leading enterprise-class Intrusion Prevention System (IPS) vendor, as well as Meraki Inc, a leader in cloud networking and security solutions to supplement Unified Threat Management appliances suited for the mid-sized and small business requirements. Meanwhile, Cisco’s flagship security appliance, Cisco ASA, has been repositioned to meet the needs of enterprise, cloud, and data center requirements.

Strengths Cisco continues to leverage its strong brand name for enterprise networking solutions across all industries, which means that resellers can easily bundle their network firewalls with their switching and routing solutions in their go-to- market. At the strategic level, Cisco has increased its security focus through the strengthening of the Cisco Global Security Sales Organization (GSSO), as well as incorporated Sourcefire’s Next Generation IPS and Advanced Malware Protection (AMP) services into its Cisco ASA-X models. The Meraki UTM solutions are projected to help Cisco penetrate the small to mid-sized enterprise market with its strengths in cloud-based wireless networks, application control, and visibility. Cisco continues to capture market share with its broad networking installed base, as well as solid brand mindshare and presence in every country in the Asia-Pacific.

Challenges Improvements made to Cisco’s adaptive security appliances continue to lag behind other major competitors while many of its channels have started to work on other brands well-positioned for the enterprise segment. Meanwhile, its installed base of legacy ASA and PIX firewalls remain targets for competitors in firewall replacement deals. In a way, Cisco may need to bring its new, improved technology to the

frost.com 15 market more aggressively and instill new confidence in partners to choose Cisco in security-centric deals involving major network firewall requirements. As more services integrate into the ASA platform, additional development needs to be done on the hardware platform to meet the demands of high throughput required with multi-layered security protection.

5.2 Check Point Software Technologies A multinational corporation headquartered in Tel Aviv, Israel, Check Point Software Technologies, remains a leading global network security vendor widely adopted by private enterprises and viewed as a trusted brand by most governmental organizations. Check Point strived to provide better usability and manageability for its clients, as well as meet increasing security requirements for telecommunication networks and data centers, by introducing new software blades and appliances throughout 2014.

Strengths The Check Point portfolio was extended to meet the needs of small businesses in early 2013, by introducing smaller, lower-cost appliances that cater to the budgetary concerns of SMEs, yet provide strong security features designed for large enterprises. It has also introduced a new software blade – the Check Point R77 to meet the needs of easy management and more reliable security for the enterprise segment. This contains the new Software Compliance Blade to ensure that security policies are aligned with global regulations, the ThreatCloud emulation service to mitigate advanced persistent threats, as well as the HyperSpect performance-enhancing technology that boosts the performance speeds of their network firewalls. It has also started the 13000-appliance line-up for mid-range enterprise data centers, and Check Point Virtual Edition (VE) to meet the needs of cloud computing, partnering with VMware to deploy security services in virtualized environments.

16 frost.com Challenges Organizational restructuring and changes in the Asia-Pacific management team in 2013 may have created some adverse impact on channel confidence, which subsequently affected the growth momentum and market share performance of Check Point. Similarly, its pricing model continues to be on the high side which has caused some Check Point resellers to partner with their key competitors to offer alternatives, to meet the budgetary constraints of small and mid-sized businesses.

5.3 Juniper Networks Headquartered in Sunnyvale California, US, this global leader in networking is also known as a security vendor with its latest SRX Series Dynamic Service Gateways. This is a series of network firewalls running on the JUNOS operating system. Juniper Networks has also invested heavily towards creating software-defined networking solutions with its wealth of security appliances to be part of the SDN ecosystem.

Strengths Juniper introduced the Junos Spotlight Secure, a new global attacker intelligence service, which gives customers definitive intelligence about threats, attackers and individual devices via the Juniper SRX gateways. This allows the SRX series to attain effective threat intelligence that delivers prompt protection against the latest threats. It also helps apply a variety of threat intelligence information for flexibility and design of highly-customized firewall policies, as well as reduce the operational burden through centralized management of firewall policies. Juniper has also released Firefly Suite, a virtualized security portfolio that provides security solutions for private and public clouds. The suite has introduced Firefly Perimeter, a virtual version of the SRX Series gateway for security requirements in the virtual environment. Its large networking installed base continues to be the cross-selling platform for their SRX line-up to be bundled.

frost.com 17 Challenges Juniper’s increasing emphasis on establishing itself as a leader in software-defined networking technologies has led to a loss of focus towards its security business and its position as a top-of-mind security vendor. Most resellers/integrators have reportedly chosen to partner with other leading network firewall vendors to compete more efficiently on large tenders. Their principal competitors have also consistently cited it as a replacement target, which has resulted in Juniper having to defend its market share.

5.4 Fortinet A leading network security vendor based in Sunnyvale California, US, Fortinet is primarily known for its Unified Threat Management FortiGate appliances. It provides a range of multi-faceted security capabilities in its integrated network firewall approach, the control of which is extended to dedicated wireless access points, end-point protection, as well as token authentication, and all of this is powered by threat intelligence from FortiGuard. Fortinet implements a multi-feature integration strategy for its FortiGate appliances powered by Application-Specific Integrated Circuit (ASIC), and this is complemented by its launch of FortiGate-VM for virtualized environments.

Strengths Fortinet continues to focus on features required in telecommunications and service provider companies, especially those pertaining to virtual domains (VDOMs) and IPv6 compliance. The vendor’s strategic approach to establishing key partnerships in the market enabled it to enhance its sell-through business via service providers in the region. It also strengthened its go-to-market strategy by partnering with NEC for its platform software in the area of software-defined networks. This, coupled with the improvements made to its hardware line-up, which is being powered by the new FortiASIC NP6 network processor and CP8 content processor for the new FortiGate 1500D and 3700D appliances, have contributed significantly to the growth of the company. In Asia-Pacific, it has a strong tech support presence, based out of Malaysia, along with sales and marketing offices in every key market.

18 frost.com Challenges While ASIC technology helps in accelerating throughput for packet filtering requirements, the drop in performance when VPN or various security services, such as anti-malware are being activated, continues to be a challenge faced by the vendor. While Fortinet remains committed to technology innovation, introducing better-performing platforms in its solution line-up, the frequent release of new models has become a challenge for its partners to manage. Similarly, while growth continues to be strong in the service provider segment, Fortinet is still working to improve its branding and capabilities for the government and banking/financial services industries.

5.5 Palo Alto Networks Palo Alto Networks is a multinational network security company based in Santa Clara, California, US. The vendor is a pioneer in terms of introducing the next- generation firewall concept to the market in the late 2000s. The company’s core product is a series of firewalls designed to provide visibility and granular control of network activity based on application, user, and content identification. The company continues to lead in innovative security technologies, and its recent strategic acquisitions have disrupted and strongly influenced the network firewall competitive landscape in Asia-Pacific.

Strengths Palo Alto Networks has achieved healthy growth among network firewall vendors and has put in place a well-defined strategy focusing on growing its business presence in Asia-Pacific. This includes pouring investments into headcount and establishing more offices across the region. The company has also taken the lead to embed cloud-based sandboxing technology into the network firewall by offering its Wildfire services on the Next Generation Firewall platform to combat Advanced Persistent Threats. In addition, Palo Alto Networks acquired Cyvera, an endpoint protection company as part of its vision to provide a holistic enterprise security solution where network firewalls will need to work and correlate closely with endpoint security. The vendor’s vision of a more holistic approach towards

frost.com 19 security is also strengthened by its acquisition of Morta Security, a security firm that has capabilities to expedite the detection of new attack variations. A strong marketing focus towards the enterprise and government sectors in Asia-Pacific, along with an aggressive go-to-market plan on its solutions for Software-Defined Data centers have contributed to Palo Alto Networks being regarded as a Tier 1 network firewall vendor within a short timeframe after entering the market in late 2008.

Challenges Competitors that offer much higher throughput speeds on basic firewall packet filtering have challenged Palo Alto Networks’ entry into the data center space. The vendor also needs to educate the industry on the importance associated with the usage of its App-ID concept. High prices have inevitably marred its entry into the lower-end markets, as well as distributed enterprise environments that may need smaller appliances to cater to the requirements of smaller branch offices and kiosks. The vendor continues to face challenges in greater China, such as meeting compliance requirements.

5.6 Beijing Topsec Network Security Technology (Topsec) Beijing-based Topsec is the largest network security and firewall vendor in China. It is also the largest local integrated provider of information security products and services in China, with more than 30 offices countrywide.

Strengths Topsec continues its push to provide integrated security appliances through its powerful, data center grade NGFW4000-UF Qingtian firewall and Netguard security gateway TopGate (UTM) platform. The vendor also leverages its strong network of local sales offices in China to expand and retain market share.

Challenges Topsec continues to focus mainly on the Chinese market, with some attempts into

20 frost.com the US market. The brand is unheard of at the Asia-Pacific level, and its products do not have innovative features, nor does the vendor offer solutions for cloud computing needs.

5.7 Venustech Venustech, known for its intrusion detection systems and web application firewalls, acquired Leadsec and its network firewall business in China. Its main network firewall line-up features Venusense, which provides the features of the firewall, VPN, content filtering, application control, web behavior management, Anti-DDoS, for unified threat management.

Strengths Its firewall technology employs the use of MIPS64 multi-core hardware architecture, achieving high performance and low-power consumption. Venustech focuses on delivering end-to-end network security capabilities, from endpoint to web application firewalls, and has a security operation center to correlate all intelligence from network appliances and perform detection and remediation actions when necessary. Venustech also excels in visibility and reporting capabilities.

Challenges Venustech may need to consider standardizing its branding and market positioning after the incorporation of Leadsec, to establish a better mindshare for enterprise clients. It has faced some challenges moving its network firewall business out of China, although the vendor has seen some success with its firewall offerings in .

5.8 Neusoft Corporation Neusoft Corporation is a leader in software and IT services, headquartered in , China. The public-listed company is viewed as one of the largest local software enterprises in the country, and Neusoft Security Group now has the Neusoft Integrated Security Gateway in its line-up, which is positioned as its next generation firewall offering.

frost.com 21 Strengths The Neusoft Integrated Security Gateway has expanded its product line-up and security capabilities to include DDoS mitigation and application control features, along with Intrusion Prevention System (IPS), anti-virus, anti-spam, and URL filtering features. It is now available in virtualized versions for both VMware and Citrix virtual environments, as well as offered as a cloud service through Amazon Web Services. When compared with the other local Chinese vendors, it is moving faster in adopting cloud computing trends and reaching out to the international market while maintaining a strong presence in China to serve the domestic market.

Challenges Beyond the local office Neusoft has established in the Japanese market, the company is an unfamiliar name in other Asia-Pacific markets. More localization and compliance are required to enable Neusoft to enter new markets across the region.

5.9 Dell SonicWall A leading global network security vendor with a broad range of network firewall products, Dell SonicWall’s firewall products include the SonicWALL TZ Series UTMs, NSA and E-Class Next Generation Firewall families. The vendor enjoys a strong mindshare and a large installed base in the SMB and Enterprise segment. This is supplemented by the Supermassive line-up that is designed to meet the demands of high throughput required in data centers and telecommunications companies.

Strengths Dell has in place a new structure to run its network security division, with the Dell Software group taking charge of the SonicWall business. The services team will operate independently without the conflicting interest of the Dell Software group structured to be a strictly channel-centric business. SonicWall’s vision is to provide a suite of security solutions for the user environment, instead of a point

22 frost.com solution (such as a network firewall), and work with various Dell solutions (such as KACE) to provide a more holistic approach towards security. Its Supermassive range has received high levels of customer interest and sold well to enterprise customers, providing the vendor with good business growth. It is also one of the vendors to offer an integrated wireless controller feature for its dedicated access points.

Challenges Dell has a legacy of business that directly competes with system integrators in the Asia-Pacific. The company still faces challenges in getting market recognition and trust for its channel program for the SonicWall business. It has yet to offer virtualized versions of its network firewall for cloud computing needs; hence, the vendor may find itself lagging behind competitors as more enterprises adopt virtualized security solutions to protect their cloud infrastructures.

5.10 WatchGuard Technologies A pure-play network security solution provider, WatchGuard Technologies is headquartered in Seattle, Washington, US. It provides Unified Threat Management solutions through its XTM Series product line-up and has a well-established mindshare and installed base among small to medium-sized businesses, as well as distributed enterprise networks. To power its security services, WatchGuard also adopts the strategy of partnering with best-of-breed security vendors, such as AVG, Websense, Trend Micro, Cyren, and most recently, Lastline for its APT Blocker services to combat advanced persistent threats.

Strengths With a keen focus on improving its visibility features on the XTM, WatchGuard has launched WatchGuard Dimension as a new visibility and reporting tool available for every user. The vendor is also witnessing growing adoption for its line-up of XTM800, 1500 and 2500 models designed for mid-sized to large enterprise networks and features a 1-rack unit form factor that maintains good throughput

frost.com 23 when all security services are turned on. It also launched its virtualized edition of the XTMv that can be used in VMware and HyperV environments. In addition, WatchGuard introduced a range of dedicated wireless access points that can be used with the XTM appliance directly as it features an integrated wireless controller. The vendor has established a strong channel program that has led to an increase of partners, contributing to its growth in the Asia-Pacific.

Challenges Its sales and marketing team remains lean in the Asia-Pacific and the vendor has not expanded its presence as aggressively as other US-based vendors. It is a challenge for WatchGuard to move up the value chain to target large enterprises as it has a legacy of providing integrated network firewalls for smaller and mid- sized businesses, and lacks partnerships with large system integrators in the region.

24 frost.com 6. Analyst Word

The network firewall is moving beyond its role in preventing security breaches, to facilitating detection and remediation requirements, if needed. This will require network firewalls of the future to harness multifaceted abilities to correlate with endpoint protection systems, as well as harden its core security systems with services to combat zero-day threats. In addition, the network firewall is increasingly expected to provide insights in network behavior through visibility, reporting and seamless correlation with analytic tools, backed up by a good security intelligence team, as offered by various vendors mentioned in this report.

In addition, most network firewall vendors are catering towards growing cloud computing requirements among enterprises by introducing virtualized versions of their firewalls, and have reported healthy adoption levels as the trend gains momentum. Several vendors have also begun to offer network firewall services through public cloud platforms, such as AWS, paving the way for the future where network firewalls can be provisioned on-demand, whenever needed. Network firewalls are now taking on new form factors of meeting the needs of software-defined networking, where compatibility with protocols such as OpenFlow may become a commoditized necessity.

As the enterprise environment moves into the era of Internet of Things, where millions of devices are increasingly connected to and interacting with one another, the network firewall will need to take on new form factors to not only protect business networks, but critical infrastructures such as oil refineries, water and energy power stations as they connect to the Internet to tap business efficiency advantages. The operational, technological needs of these industries may require the firewall to be embedded into industry-specific hardware that can be used in harsh conditions, or be compatible with special protocols for SCADA that it has to inspect. As the Internet connects to objects in the consumer space, we may see network firewalls installed in new areas and form factors to protect body area networks, connected cars, and households, to name a few examples.

frost.com 25 More integration of services is expected in the near future, and integrated network appliances may see a higher adoption in enterprises as they move towards simplicity and ease of management. Similarly, data centers will demand faster, more powerful packet filter firewall appliances to handle the increasing use of Internet services, where the individual may access such services via more connected devices than ever before.

7. Frost IQ Methodology

The focus of Frost IQ is to provide a balanced assessment of research markets that have been tracked rigorously by Frost & Sullivan analysts. Data collected, such as vendor revenue, is scrutinized and forms part of the input for the Frost IQ matrix. Additional vendor information is collected from both primary and secondary research. The study approach provides a mix of quantitative and qualitative assessments. The Frost IQ matrix has two major attributes: market share and future growth strategy.

1. Market Share Market share information is derived from Frost & Sullivan research programs which include market trackers and syndicated research reports. Based on the regular research studies conducted at quarterly, semi-annual or annual intervals, the analysts build a strong revenue database of key vendors in the market. According to the Frost IQ matrix, the X-axis measures market share on a percentage scale. The dividing line on the matrix is set at 50 percent of the market share of the leading participant in that market.

2. Growth Strategy Frost & Sullivan considers 4 main components in the growth strategy assessment part of Frost IQ. The guiding principle is that these components and their subcomponents should follow the MECE (Mutually Exclusive and Comprehensively Exhaustive) test. The proposed components are: • Product/service strategy • People and skills strategy

26 frost.com • Ecosystem strategy • Business strategy

There is equal weightage to all the components with measurement on a 10-point scale. The dividing line on the Y-axis is at the mid-point, i.e., a weighted score of 5 on a 10-point scale. Analysts will provide feedback on industry participants on the above parameters based on continual market research and analysis.

Further details of Frost & Sullivan’s methodology are available on request.

frost.com 27 About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best-practice models to drive the generation, evaluation, and implementation of powerful growth strategies. Frost & Sullivan leverages more than 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 40 offices on six continents. To join our Growth Partnership, please visit http://www.frost.com.

Contact Tel: (65) 6890 0999 Email: [email protected] Website: www.frost.com

Copyright Notice

The contents of these pages are copyright © Frost & Sullivan. All rights reserved.

Except with the prior written permission of Frost & Sullivan, you may not (whether directly or indirectly) create a database in an electronic or other from by downloading and storing all or any part of the content of this document.

No part of this document may be copied of otherwise incorporated into, transmitted to, or stored in any other website, electronic retrieval system, publication or other work in any form (whether hard copy, electronic or otherwise) without the prior written permission of Frost & Sullivan.

28 frost.com Auckland Dubai Mumbai Shenzhen Bahrain Frankfurt Moscow Silicon Valley Bangkok Iskandar, Johor Bahru New Delhi Singapore Sophia Beijing Jakarta Oxford Antipolis Bengaluru Kolkata Paris Sydney Bogota Kuala Lumpur Pune Taipei Buenos Aires London Rockville Centre Tel Aviv Cape Town Manhattan San Antonio Tokyo Chennai Mexico City Sao Paulo Toronto Colombo Miami Seoul Warsaw Detroit Milan Washington D.C.

frost.com 29