About this research note: Product Comparison notes provide Firewall Vendor a detailed, head-to-head, analytical comparison of products in a given Landscape: The Top market in order to simplify the selection process. Eight Vendors
Publish Date: July 28, 2009
Firewalls are a security necessity in today’s business world. They serve to protect the enterprise network from a host of threats. Use this vendor landscape to gain an understanding of the leading firewall vendors and the key criteria on which to focus when choosing a new firewall for the enterprise.
© 1998-2009 Info-Tech Research Group
www.infotech.com
Executive Summary Info-Tech has identified three key areas to consider when evaluating firewalls: » System architecture. » System throughput. » System management. The top eight firewall vendors have been evaluated and grouped into three categories: Leaders, Competitors, and Followers. These groupings are based on specific rankings in the three evaluation categories plus how well suited the vendors and products are to mid-sized enterprises.
Product Comparison 2 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Industry Overview The firewall industry is a mature one where both feature and market consolidation is rampant. It is nearly impossible to buy a firewall on its own anymore. Firewalls are now considered to be Unified Threat Management (UTM) appliances due to the inclusion of security features such as anti-malware, intrusion prevention and detection, and content filtering. The shift from regular firewalls to UTM appliances has forced vendors to add more features to their products to remain competitive, hence the high number of acquisitions in the industry. Having multiple security features included with firewalls results in seamless communication and interaction between all of the products, potentially resulting in higher levels of security than would be present in security environments with distinct solutions.
Key Evaluation Criteria There are three main categories of criteria that IT must consider when selecting a firewall: 1. System Architecture 2. System Throughput 3. System Management For more information on these criteria, refer to the ITA Premium research brief, “Firewall Fundamentals to Consider When Upgrading.”
System Architecture » Type of firewall. Firewalls can be stateful, application layer, or both: − Stateful firewall. This type of firewall keeps track of the traffic as it traverses the network gateway. Transmission information is checked and all packets that belong to a checked transmission are allowed to pass. − Application-layer firewall/proxy firewall. This type of firewall scrutinizes each packet of a communication, examining not only the headers, but also the packet contents. Once a packet has been checked, a copy is made and forwarded to the intended destination while the original is discarded. » Integrated capabilities. Many of the integrated capabilities that are packaged with firewalls can also be purchased as distinct solutions. When the integrated features of a firewall are used, rather than distinct solutions, the overall security of the system is improved since there will be a higher level of seamless communication and efficiency in the security system.
Product Comparison 3 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
» Software or hardware firewall. A hardware or appliance-based firewall is essentially a dedicated server that comes pre-loaded with the vendor’s software. Conversely, a software-based firewall requires that the company purchase the necessary hardware component separately. Hardware- based firewalls are fully compatible with the software loaded on them and are generally easier to manage and maintain.
System Throughput » Maximum firewall throughput. Firewall throughputs can range anywhere from under 100 Mbps to over 4 Gbps. Be sure to choose a firewall throughput that best serves the organization’s current and future needs. » Degraded firewall throughput. The effect of turning on integrated capabilities such as VPN, anti-virus software, and intrusion prevention systems (IPS) generally results in throughput degradation.
System Management » User interface. Two types of user interfaces are available: Graphic User Interfaces (GUI) or Command Line Interfaces (CLI). GUIs allow users to manipulate the firewall using a familiar visual representation of folders and desktop structure, whereas CLIs allow users to manipulate the firewall using a specified command language in a text only interface. It is common for firewalls to offer both CLI and GUI; however, some have one or the other. » Nature of console. There are three types of consoles that can be used with firewalls: − Device consoles. Supports the firewall only. − Vendor consoles. Supports the firewall as well as other vendor systems. − Third-party consoles. Vendor neutral management consoles such as HP Software (previously HP OpenView), CA Unicenter, Altiris, and Tivoli.
Vendor Scorecard This vendor landscape takes a look at eight prominent firewall vendors. To be evaluated, each firewall has to have approximately 400 Mbps to 1 Gpbs of stateful throughput; anything more or less than this range is considered unsuitable for mid-sized enterprises. The rankings below are meant only as a guide; fully consider all options before choosing a firewall for the organization.
Product Comparison 4 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
To determine the leaders, competitors, and followers in the industry, Info-Tech compared vendor performance in three key areas: » Company strength. A combination of vendor stability, market share, and focus on mid-sized enterprises. » Features. The appropriateness of the amount and type of features offered to mid-sized enterprises. » Affordability. Product prices among the vendors. Refer to Figure 1 for the vendor ranking breakdown.
Figure 1. Vendor Rankings for Mid-Sized Companies*
Source: Info-Tech Research Group
Company Vendor Vendor Features Affordability Strength Ranking
IBM ISS Proventia High Medium High Leader
Secure Computing Medium High High Leader (McAfee)
SonicWALL Medium Medium High Leader
Fortinet Medium High Low Competitor
Check Point Software Medium Medium Medium Competitor Technologies
Juniper Networks Medium Medium Medium Competitor
Cisco Systems High Low Low Follower
Palo Alto Networks Low High Low Follower
*Rankings include leader, competitor, and follower.
Product Comparison 5 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Leader Landscape IBM
Company Strength Features Affordability Vendor Score
High Medium High 8
Figure 2. IBM ISS Proventia Series Comparison Chart
Source: Info-Tech Research Group
Vendor IBM
Vendor Market Stability Year Founded: 1924
Number of Employees: 386,558
Company Type: Public
2008 Sales: $103.6 Billion
Series Name ISS Proventia
Model MX4006
Protection Architecture
Stateful Firewall Yes
Application Layer Firewall No
Integrated VPN Capabilities Yes (250 tunnels)
Integrated IPS Yes
Integrated Anti-Malware Yes Functionality
Product Comparison 6 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 2. IBM ISS Proventia Series Comparison Chart (Continued)
Integrated Content Filtering Yes
Hardware or Software-Based Hardware-Based
Throughput
Maximum Stateful Firewall 600 Mbps Throughput
Maximum Application N/A Firewall Throughput
IPS Throughput 450 Mbps
VPN Throughput 170 Mbps
Anti-Virus Throughput 120 Mbps
System Management
User Interface GUI and CLI
Console Type Vendor Console
Info-Tech Insight The IBM ISS Proventia Series is a well priced, feature-rich firewall series. It includes features such as anti-virus, anti-spam, Web filtering, and spyware blocking, which many vendors charge for separately or on a subscription basis. When considering the ISS Proventia Series, companies need to bear in mind that the maximum firewall throughputs are degraded by switching on the included security features. Key Points
Pros Cons
The acquisition of ISS by IBM resulted in No application layer firewall is available in an enhancement of the security products the ISS Proventia series. offered by IBM.
Product Comparison 7 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Secure Computing (McAfee)
Company Strength Features Affordability Vendor Score
Medium High High 8
Figure 3. Secure Computing Sidewinder Series Comparison Chart
Source: Info-Tech Research Group
Vendor Secure Computing (McAfee)
Vendor Market Stability Year Founded: Secure Computing: 1989 / McAfee: 1987 (Secure Computing/McAfee) Number of Employees: 971 / 4250
Company Type: Public / Public
2007 Sales: $237.9 Million / $1.3 Billion
Series Name Sidewinder
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Protection Architecture
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Stateful Firewall Yes Yes Yes
Application Layer Firewall Yes Yes Yes
Integrated VPN Capabilities Yes (unlisted Yes (unlisted Yes (unlisted (PPTP/IPSec Tunnels) number of tunnels) number of tunnels) number of tunnels)
Integrated IPS Yes Yes Yes
Integrated Anti-Malware Available Available Available Functionality
Product Comparison 8 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 3. Secure Computing Sidewinder Series Comparison Chart (Continued)
Protection Architecture (Continued)
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Integrated Content Filtering Available Available Available
Hardware or Software-Based Hardware-Based Hardware-Based Hardware-Based
Throughput
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
Maximum Stateful Firewall 170 Mbps 250 Mbps 600 Mbps Throughput
Maximum Application 140 Mbps 230 Mbps 250 Mbps Firewall Throughput
IPS Throughput Unlisted Unlisted Unlisted
VPN Throughput 80 Mbps 160 Mbps 160 Mbps
Anti-Virus Throughput Unlisted Unlisted Unlisted
System Management
Models Sidewinder 210 Sidewinder 410 Sidewinder 510
User Interface GUI and CLI GUI and CLI GUI and CLI
Console Type Vendor Console Vendor Console Vendor Console
Info-Tech Insight McAfee has recently been involved in a number of acquisitions, the most recent being that of Secure Computing in 2008. Through this acquisition, McAfee intends to broaden its firewall offerings. The Sidewinder series offers mid-sized enterprises many choices at competitive prices. One potential concern with McAfee and Secure Computing is that the total number of firewall models offered seems excessive. Since all of the available models will not use the same components and parts, if a company purchases a low selling model from the vendor, it may run into problems in the future if that model is discontinued and it requires a part or component for repairs.
Product Comparison 9 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Key Points
Pros Cons
Secure Computing has a strong focus on Secure Computing was only just acquired mid-sized enterprises and offers a wide by McAfee. Since this occurred fairly range of security products and options to recently, both companies may potentially best suit their needs. experience some growing pains in the future.
SonicWALL
Company Strength Features Affordability Vendor Score
Medium Medium High 7
Figure 4. SonicWALL NSA Series Comparison Chart
Source: Info-Tech Research Group
Vendor SonicWALL
Vendor Market Stability Year Founded: 1991
Number of Employees: 700
Company Type: Public
2007 Sales: $199.2 Million
Series Name NSA Series
Models NSA 240 NSA 2400
Product Comparison 10 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 4. SonicWALL NSA Series Comparison Chart (Continued)
Protection Architecture
Models NSA 240 NSA 2400
Stateful Firewall Yes Yes
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes Yes
Integrated IPS Available Available
Integrated Anti-Malware Available Available Functionality
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Throughput
Models NSA 240 NSA 2400
Maximum Stateful Firewall 600 Mbps 775 Mbps Throughput
Maximum Application Unlisted Unlisted Firewall Throughput
IPS Throughput 195 Mbps 275 Mbps
VPN Throughput 150 Mbps 300 Mbps
Anti-Virus (plus UTM suite) 115 Mbps 160 Mbps Throughput
Product Comparison 11 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 4. SonicWALL NSA Series Comparison Chart (Continued)
System Management
Models NSA 240 NSA 2400
User Interface GUI GUI
Console Type Third Party Management Third Party Management Console Console
Info-Tech Insight The SonicWALL NSA 240 and NSA 2400 models are highly customizable, allowing organizations to subscribe to various UTM functionalities. The models in the NSA series are offered at affordable price points – likely because additional features such as anti-virus, anti-spyware, and content filtering are available only through subscription, resulting in additional costs. Key Points
Pros Cons
SonicWALL offers products that are well The company is shifting its focus from tailored for use by small and mid-sized small and mid-sized enterprises to larger enterprises. organizations and carriers. This may have negative implications for smaller enterprises.
Competitor Landscape Fortinet
Company Strength Features Affordability Vendor Score
Medium High Low 6
Product Comparison 12 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 5. Fortinet FortiGate 300-800 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Fortinet
Vendor Market Stability Year Founded: 2000
Number of Employees: 1000+
Company Type: Private
2007 Sales: $150 M
Series Name Fortinet 200-800 Series
Models 300A 400A 500A 800/800F
Protection Architecture
Models 300A 400A 500A 800/800F
Stateful Firewall Yes Yes Yes Yes
Application Layer Firewall Yes Yes Yes Yes
Integrated VPN Capabilities Yes (1500 Yes (2000 Yes (3000 Yes (3000 tunnels) tunnels) tunnels) tunnels)
Integrated IPS Yes Yes Yes Yes
Integrated Anti-Malware Yes Yes Yes Yes Functionality
Integrated Content Filtering Yes Yes Yes Yes
Hardware or Software-Based Hardware- Hardware- Hardware- Hardware- Based Based Based Based
Product Comparison 13 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 5. Fortinet FortiGate 300-800 Series Comparison Chart (Continued)
Throughput
Models 300A 400A 500A 800/800F
Maximum Stateful Firewall 400 Mbps 500 Mbps 600 Mbps 1000 Mbps Throughput
Maximum Application Unlisted Unlisted Unlisted Unlisted Firewall Throughput
IPS Throughput 200 Mbps 300 Mbps 400 Mbps 600 Mbps
VPN Throughput 120 Mbps 140 Mbps 150 Mbps 200 Mbps
Anti-Virus Throughput 70 Mbps 100 Mbps 120 Mbps 150 Mbps
System Management
Models 300A 400A 500A 800/800F
User Interface GUI GUI GUI GUI
Console Type Vendor Vendor Vendor Vendor Console Console Console Console
Info-Tech Insight The Fortinet FortiGate 200-800 series is aimed specifically at enterprises that are mid-sized or larger and offers plenty of choices. On the medium to high end of the pricing scale, the series comes with the full suite of security features that small and mid-sized enterprises require: anti-virus, Web filtering, anti-spam, and IPS software. While these features are included in-the-box, enterprises will have to pay a subscription fee to keep the feature signatures up to date. Key Points
Pros Cons
Fortinet offers a wide selection of firewall Fortinet products are very expensive for and UTM products and has strong in- most mid-sized enterprises. house technological capabilities.
Product Comparison 14 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Check Point Software Technologies
Company Strength Features Affordability Vendor Score
Medium Medium Medium 6
Figure 6. Check Point Software Technologies UTM-1 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Check Point Software Technologies
Vendor Market Stability Year Founded: 1993
Number of Employees: 1800
Company Type: Public
2007 Sales: $730.9 Million
Series Name UTM-1
Models UTM-1 270 UTM-1 570
Protection Architecture
Models UTM-1 270 UTM-1 570
Stateful Firewall Yes Yes
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (tunnels unlisted) Yes (tunnels unlisted)
Integrated IPS No No
Integrated Anti-Malware Yes Yes Functionality
Integrated Content Filtering Yes Yes
Hardware or Software-Based Hardware-Based Hardware-Based
Product Comparison 15 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 6. Check Point Software Technologies UTM-1 Series Comparison Chart (Continued)
Throughput
Models UTM-1 270 UTM-1 570
Maximum Stateful Firewall Unlisted Unlisted Throughput
Maximum Application 400 Mbps 1100 Mbps Firewall Throughput
IPS Throughput N/A N/A
VPN Throughput 100 Mbps 250 Mbps
Anti-Virus Throughput Unlisted Unlisted
System Management
Models UTM-1 270 UTM-1 570
User Interface GUI and CLI GUI and CLI
Console Type Vendor Console Vendor Console
Info-Tech Insight Check Point Software Technologies is a well recognized Internet security software vendor. The UTM-1 270 and UTM-1 570, the models best suited to the mid-sized market, are reasonably priced for these companies. However, in the UTM-1 series, unified threat management is not included in the suite by default. In order to get full UTM protection, companies must subscribe to the UTM suite. Key Points
Pros Cons
Check Point Software Technologies is a The company on the whole has a poor strong company with good technological focus on small and mid-sized enterprises. backing behind all of its firewall products.
Product Comparison 16 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Juniper Networks
Company Strength Features Affordability Vendor Score
Medium Medium Medium 6
Figure 7. Juniper SSG Series Comparison Chart
Source: Info-Tech Research Group
Vendor Juniper Networks
Vendor Market Stability Year Founded: 1996
Number of Employees: 5800+
Company Type: Public
2008 Sales: $3.6 Billion
Series Name SSG Series
Models SSG 140 SSG320M/ SSG 520/ SSG 550/ SSG350M SSG 520M SSG 550M
Protection Architecture
Models SSG 140 SSG320M/ SSG 520/ SSG 550/ SSG350M SSG 520M SSG 550M
Stateful Firewall Yes Yes Yes Yes
Application Layer Firewall Yes Yes Yes Yes
Integrated VPN Capabilities Yes (150 Yes (250/350 Yes (500 Yes (1000 tunnels) tunnels) tunnels) tunnels)
Integrated IPS No* No* No* No*
Integrated Anti-Malware Yes Yes Yes Yes Functionality
Product Comparison 17 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 7. Juniper SSG Series Comparison Chart (Continued)
Protection Architecture (Continued)
Integrated Content Filtering Yes Yes Yes Yes
Hardware or Software-Based Hardware- Hardware- Hardware- Hardware- Based Based Based Based
Throughput
Models SSG 140 SSG320M/ SSG 520/ SSG 550/ SSG350M SSG 520M SSG 550M
Maximum Stateful Firewall 350 Mbps 450 Mbps/ 600 Mbps 1000 Mbps Throughput 550 Mbps
Maximum Application Unlisted Unlisted 300 Mbps 500 Mbps Firewall Throughput
IPS Throughput N/A N/A N/A N/A
VPN Throughput 100 Mbps 175 Mbps/ 300 Mbps 500Mbps 225 Mbps
Anti-Virus Throughput Unlisted Unlisted Unlisted Unlisted
System Management
Models SSG 140 SSG320M/ SSG 520/ SSG 550/ SSG350M SSG 520M SSG 550M
User Interface GUI GUI GUI GUI
Console Type Vendor Vendor Vendor Vendor Console Console Console Console
*Listed as having integrated IPS functionality, however, this is actually deep inspection functionality.
Product Comparison 18 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Info-Tech Insight The Juniper Networks SSG series provides many options from which to choose. Juniper is partnered with other security vendors for various aspects of the SSG series; these vendors are the best in their respective classes, thus strengthening the SSG series security protection. The SSG series does not support IPS, and while the SSG series data sheets list them as having integrated IPS functionality, it is actually deep packet inspection functionality. In other words, instead of stopping intrusions from occurring, the firewall is really just performing the role of an application firewall. Key Points
Pros Cons
Juniper Networks is a large company with Juniper has very limited small and mid- a broad product portfolio. sized enterprise focus due to its mandate to focus on large enterprises only.
Follower Landscape Cisco Systems
Company Strength Features Affordability Vendor Score
High Low Low 5
Figure 8. Cisco ASA 5510 Comparison Chart
Source: Info-Tech Research Group
Vendor Cisco Systems
Vendor Market Stability Year Founded: 1984
Number of Employees: 61,000+
Company Type: Public
2008 Sales: $39.5 Billion
Series Name ASA 5500
Product Comparison 19 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 8. Cisco ASA 5510 Comparison Chart (Continued)
Models ASA 5520 ASA 5540
Protection Architecture
Models ASA 5520 ASA 5540
Stateful Firewall No No
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (750 tunnels) Yes (5000 Tunnels)
Integrated IPS Available Available
Integrated Anti-Malware Available Available Functionality
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Throughput
Models ASA 5520 ASA 5540
Maximum Stateful Firewall Throughput N/A N/A
Maximum Application Firewall 450 Mbps 650 Mbps Throughput
IPS Throughput (Firewall and (225/375/ 450 Mbps*) (500/ 650 Mbps*) IPS Throughput)
VPN Throughput 225 Mbps 325 Mbps
Anti-Virus Throughput Unlisted Unlisted
Product Comparison 20 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 8. Cisco ASA 5510 Comparison Chart (Continued)
System Management
Models ASA 5520 ASA 5540
User Interface CLI and GUI CLI and GUI
Console Type Vendor Console Vendor Console
* The maximum firewall and IPS throughput is determined by the type of Advanced Inspection and Prevention Security Services Module that is installed.
Info-Tech Insight Cisco Systems is the dominant player in the enterprise networking space. For mid-sized enterprises, the Adaptive Security Appliance (ASA) 5500 Series is available. This series offers multiple security options at the medium to high end of the pricing scale. While intrusion prevention and anti-malware are available in the ASA 5520 and 5540 models, they are not capable of running the features concurrently, forcing enterprises to choose between the two. This represents a severe limitation of the ASA series – most vendors do not impose such limitations.
Key Points
Pros Cons
Cisco Systems is a mature and reliable The available features in the ASA 5500 company, it has a large install base, and is series are quite limited compared to the considered to be the litmus test for the rest offerings of other vendors. of the IT industry.
Palo Alto Networks
Company Strength Features Affordability Vendor Score
Low High Low 5
Product Comparison 21 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 9. Palo Alto Networks PA-2000 Series Comparison Chart
Source: Info-Tech Research Group
Vendor Palo Alto Networks
Vendor Market Stability Year Founded: 2005
Number of Employees: Unlisted
Company Type: Private
2008 Sales: $12 Million
Series Name PA-2000
Models PA-2020 PA-2050
Protection Architecture
Models PA-2020 PA-2050
Stateful Firewall No No
Application Layer Firewall Yes Yes
Integrated VPN Capabilities Yes (1000 Tunnels) Yes (2000 Tunnels)
Integrated IPS Yes Yes
Integrated Anti-Malware Available Available Functionality
Integrated Content Filtering Available Available
Hardware or Software-Based Hardware-Based Hardware-Based
Product Comparison 22 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Figure 9. Palo Alto Networks PA-2000 Series Comparison Chart (Continued)
Throughput
Models PA-2020 PA-2050
Maximum Stateful Firewall N/A N/A Throughput
Maximum Application Firewall 500 Mbps 1000 Mbps Throughput
IPS Throughput 200 Mbps 500 Mbps
VPN Throughput 200 Mbps 300 Mbps
Anti-virus Throughput Unlisted Unlisted
System Management
Models PA-2020 PA-2050
User Interface CLI and GUI CLI and GUI
Console Type Vendor Console Vendor Console
Info-Tech Insight Palo Alto Networks is a young company that was founded in 2005. The company uses its own proprietary technology in its firewalls: » App-ID: (Patent Pending) Classifies Internet traffic by the applications that are generating it. » User-ID: Monitors user activity by linking IP addresses to specific users and groups. This allows enterprises to monitor and regulate network traffic. » Content-ID: Contains aspects of traditional Data Leakage Protection and Content Filtering technologies. Palo Alto Networks PA-2000 Series is priced at the high end of the pricing range. The higher prices are perhaps due to the use of the company’s proprietary technologies in the firewalls. Palo Alto is an up-and- comer in the firewall industry; enterprises should be on the lookout for its movement both upstream and downstream in the market. For now, its products are better suited to larger companies seeking to obtain a cutting-edge UTM device.
Product Comparison 23 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com
Key Points
Pros Cons
Palo Alto proprietary firewall technologies The company currently focuses mainly on are market leading and cutting edge. large companies, and the prices of the units are significantly higher than other firewall solutions.
Recommendations 1. Know enterprise security requirements. Before sifting through all of the firewalls available, IT professionals must have an understanding of enterprise security requirements. Pay attention to security policy requirements and any regulatory standards that need to be met. Also, keep in mind any growth that the enterprise will experience in the future and take this into consideration in the decision process. This will help prevent enterprises from buying firewalls with too much or too little security protection and capacity. 2. Base vendor selection on company needs. Don’t base the vendor selection process solely on the rankings presented in this vendor landscape. Depending on the needs of the enterprise, different vendors will be ranked higher on the enterprise’s individual vendor scorecard. The rankings in this note are based on the average requirements of a mid-sized enterprise. 3. Consider how the TCO will be calculated. Since firewalls are not replaced very often, when performing Total Cost of Ownership calculations, use a time period of between three to five years.
Bottom Line Firewalls are a security necessity in today’s business world. They serve to protect the enterprise network from a host of threats. Use this vendor landscape to gain an understanding of the leading firewall vendors and the key criteria on which to focus when choosing a new firewall for the enterprise.
Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. Our practical approach is designed to have a clear and measurable positive impact on your organization's bottom line.
We serve over 21,000 clients at 8,000 organizations around the world. Since 1998, we have focused on making the work of IT professionals easier - and on helping them achieve greater personal and corporate success.
More About Info-Tech
Product Comparison 24 Firewall Vendor Landscape: The Top Eight Vendors www.infotech.com