Gartner has recently released its Magic Quadrant for Enterprise Network Firewalls. Many enterprises will be looking to this piece of research to inform their decisions with which technology to go with to meet their security requirements.
The MQ, on first glance, seems easy to decipher. It’s tempting for organizations to look at it and pick the vendor who is most “up and to the right,” namely in 2017 Check Point, Palo Alto Networks and Fortinet with Cisco close to crossing into the leader quadrant. But each has capabilities and drawbacks that earned them their placement. Though it’s not our intention to recommend one vendor over the other, it is important to get the right technology that is appropriate for your organization.
In that vein, earlier this year, FireMon studied the use of firewalls in enterprises in its 2017 State of the Firewall Report and found a number of observations about over 400 organizations of varying sizes and their use of firewalls. These observations can hopefully add a bit of context to the results of the 2017 MQ.
Fortinet has been somewhat of a rising star in the enterprise firewall market, pushing itself into the Leader category this year after being a “Challenger” in 2016. Historically, Fortinet has been a good SMB option, and the State of the Firewall data supports that with organizations with fewer than 1,000 employees deploying it more often than other market options.
For large enterprises with 15,000+ users, Check Point, Cisco and Palo Alto Networks pretty evenly dominate deployments. Across all size organizations, Cisco is the most popular, which didn’t come as much of a surprise to us.
Important Firewall Features
In our survey, we asked each respondent to assign a rating to firewall features – performance, manageability, APIs, scalability, price and next-gen capabilities – based on importance to their buying decision. Cisco came out on top for performance and just under Palo Alto Networks for manageability, while Fortinet was the clear choice for the lower-cost option and most likely why it is used in smaller deployments. The MQ report notes that all firewall vendors now have next-generation capabilities; however, the survey found that Palo Alto Networks users still value this quality more than users from any of the other vendors.
But of course, organizations have different preferences in terms of vendor features, so here is how they stacked up in order of importance (on a scale of 1 to 5) for customers for those vendors leading in the MQ:
|Check Point||Cisco||Fortinet||Palo Alto Networks|
|Manageability – 4.42*||Performance – 4.52*||Performance – 4.41||Performance – 4.46|
|Performance – 4.40||Manageability – 4.45||Manageability – 4.28||Manageability – 4.45*|
|Next-Gen – 4.22||Next-Gen – 4.23||Next-Gen – 4.21||Next-Gen – 4.44*|
|Scalability – 4.08||Price – 4.10||Price – 4.15*||Scalability – 4.12*|
|Price – 3.98||Scalability – 4.07||Scalability – 3.92||Price – 4.01|
|APIs – 3.47||APIs – 3.43||APIs – 3.56||APIs – 3.53|
* indicates highest rating across vendors
Digging into the average ratings, it’s clear Check Point and Palo Alto Networks customers both value scalability over price, while Fortinet’s customer base values price over scalability, as does Cisco’s, but to a lesser extent. Check Point is the only vendor whose customers value manageability over anything else – perhaps due to its history with central management, and Palo Alto Networks is the only vendor to value next-gen features nearly equally to performance and manageability.
Complexity is still a big challenge
It’s not as black and white as simply choosing one firewall vendor over another, as indeed they each have different merits and in fact, two-thirds of enterprises stated they use multiple firewall vendors. However, no matter what the choice of firewall vendor is, across the board, the organizations we surveyed confessed that the complexity of managing firewall rules and policies remains the biggest challenge. And with 70% of organizations stating they have 10 or more firewalls to manage, it can be a pretty big task.
FireMon helps reduce this complexity with Intelligent Security Management – find out how with a free demo.