IGG-09252002-03 R. Stiennon Article 25 September 2002 CIO Update: The Gartner Firewall Magic Quadrant for 2H02 In presenting its latest Firewall Magic Quadrant, Gartner discusses how the firewall market is evolving. Firewalls and intrusion prevention are converging, while security platforms are emerging. Two firewall vendors have left the market. As hacking attacks and cybercrime incidents continue to soar, enterprise security issues have come to the forefront on many CIOs agendas. In presenting its latest Firewall Magic Quadrant, Gartner discusses how the firewall market is evolving. Firewalls and intrusion prevention are converging, while security platforms are emerging. Two firewall vendors have left the market. The Role of a Firewall A firewall is placed at the gateway (or node) at which a secure network, such as the enterprise s internal network, and an insecure network, such as the Internet, meet. As a general rule, all network traffic, inbound and outbound, flows through the firewall, which screens all incoming traffic, and blocks any traffic that does not meet the restrictions of the enterprise s security policy. Simply, the role of the firewall is to restrict incoming traffic from the Internet into an enterprise s internal network according to certain parameters. Once a firewall is configured, it filters network traffic, examining packet headings, determining which packets should be forwarded or allowed to enter and which should be stopped. The challenge for firewalls is that it is fairly easy to monitor the initial connection from client to server, but it is more difficult to monitor the return connection. Firewall Market Dynamics Firewalls are the core of an enterprise s defense against cyberattacks. Gartner expects the firewall to remain the main ingredient to perimeter defense, and it will also contribute to hardening the inside network via enterprisewide firewall deployment to provide more granular control over who is allowed to view what is on the network. The firewall industry in 2002 continues to evolve and expand. A concomitant evolution of security threats and e-business deployments has continued to challenge firewall vendors, two of which have left the market: Secure Computing acquired Network Associates Gauntlet. Gartner Entire contents 2002 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
WatchGuard acquired RapidStream, an application-specific integrated circuitbased appliance that runs Check Point Software FireWall-1. Security Platforms Many vendors have introduced what Gartner calls security platforms. Security platforms have a carrier-class chassis, including the following: High-speed back planes Redundant power supplies On-board load balancing and high availability Multiple blades (essentially separate card-mounted servers) that can run best-of-breed security products Security platforms initially were targeted at carriers and Internet service providers (ISPs) to enable those providers to offer security services besides raw connectivity. Security platforms are being deployed in the enterprise data center, where they can separate multiple network segments that run gigabit backbones. The Firewall Magic Quadrant Many firewall vendors continue to expand their product lines to address a broad range of needs, from small office/home office to enterprise gateway. For example, a network interface card-based firewall from 3Com is powered by Secure Computing s Sidewinder. Managing that firewall from a single console is a key requirement for placement on the Completeness of Vision axis of the Gartner Firewall Magic Quadrant for 2H02 (see Figure 6). Figure 6 Firewall Magic Quadrant for 2H02
Challengers Leaders Microsoft Symantec Cisco Systems Check Point Software Ability to Execute Stonesoft Whale Communications CyberGuard NetScreen SonicWALL Secure Computing WatchGuard Source: Gartner Research Leaders BorderWare Niche Players Completeness of Vision As of August 2002 Visionaries Check Point Software is the market leader. Lacking an appliance product of its own, Check Point continues to expand the number of independent vendors whose hardware platforms support FireWall-1. FireWall-1 is the best-of-breed solution that runs on security platforms from Crossbeam Systems, Nortel Networks and Cosine Communications. Check Point s challenge is to continue to enhance its customer relationships and reputation for customer service, while facing pricing pressure from Cisco Systems and NetScreen. Cisco Systems has continued to broaden its line of PIX Firewall appliances with the introduction of two midrange boxes (the PIX 515E and 506E). Because of its competitive position in the carrier space, Cisco will have to stress its dominant position in the network backbone to compete with new security platform offerings from competitors. NetScreen has moved into the Leaders Quadrant. Some of the factors that contribute to NetScreen s positioning include a successful initial public offering and continued product enhancements, such as the introduction of a multigigabit NetScreen 5000 system with high port density and virtual LAN capabilities, which will make NetScreen a player in the enterprise data
center. NetScreen s acquisition of OneSecure demonstrates a vision that includes higher-level packet inspection and the application of more granular security rules at the gateway. Challengers Symantec is the largest and most successful security software vendor. However, it is burdened with a legacy firewall technology from its acquisition of Axent, which, although popular with its installed base, does not enjoy much market share. An array of firewall products includes Raptor Software, which runs on a general-purpose server (Solaris, Windows NT and HP-UX), the Velociraptor appliance, and a family of new, all-in-one security appliances that perform antivirus, intrusion detection and firewall functions. Gartner believes that the all-in-one appliance will perform well in the small and midsize business (SMB) area because it is from a trusted antivirus brand. Customer confusion regarding the rest of the product lineup makes it difficult for enterprises to work Symantec s firewalls into their security strategies. Microsoft offers the Internet Security Accelerator (ISA) Server, which has been in the market for more than a year. It still is viewed as the follow-on product to replace Microsoft Proxy Server. ISA Server, because it is a software-only product that runs on a single platform (Windows 2000), will not address all of an enterprise s needs for low cost, low maintenance, high availability and reliability that can be delivered on an appliance platform. Visionaries Secure Computing purchased Gauntlet from Network Associates, which Gartner previously dropped from the Magic Quadrant because it had lost traction in the market. Secure s flagship firewall, Sidewinder, had been a direct competitor to Gauntlet as well as Symantec s Raptor in the application proxy arena. The expansion of Secure s customer base by 3,000, and a well-executed product integration of the best qualities of Gauntlet and Sidewinder, could provide a long-term solution for enterprise buyers that want application proxy technologies. SonicWALL continues to introduce firewall appliances with good performance and easy manageability. However, it is struggling to gain market share. WatchGuard, while pioneering the brick firewall appliance market, has lost ground because of NetScreen s and SonicWALL s better remote management and broader product lineups. The acquisition of a Check Point FireWall-1 appliance company (RapidStream) gives WatchGuard an improved team of developers. WatchGuard s challenge is to avoid confusion in the channel, which it faces by selling both a Check Point-enabled appliance and its own technology. Niche Players Stonesoft is attempting to support a software-only firewall, StoneGate. StoneGate is a software firewall running on several platforms, with built-in solutions for clustering, load balancing, high availability and even balancing across multiple ISPs. For stand-alone e-business initiatives that require an always-on configuration and the flexibility of a full-fledged operating system, StoneGate offers a viable solution. The challenge is for this small company from Finland to be heard amid other activity in the firewall space.
CyberGuard has begun to push outside its mainline customer base of government into the SMB space. CyberGuard was one of the first firewalls to attain Common Criteria EAL4 (Evaluation Assurance Level 4) certification, and it has set the pace in certifications for other vendors. Whale Communications has succeeded in productizing its e-gap technology to offer applicationspecific firewalling capability. e-gap Webmail protects Web mail applications from layer-7 attacks. BorderWare offers the Firewall Server, which also has EAL4 certification. BorderWare s bundling of secure mail, FTP and Domain Name System servers provides SMBs with an all-in-one solution. Network-Based Vendors The security platforms that are garnering the most market attention are from Cosine, Crossbeam and Nortel. TippingPoint, ipolicy Networks, OmniCluster and BladeFusion have also introduced security platforms since 2001. Gartner believes that platforms able to run best-of-breed security applications are most likely to succeed. Bottom Line Because firewalls are key components of effective e-business, more demands are being placed on them. High availability, application defense, throughput and manageability are the key factors for successful enterprise firewalls. Enterprises should pick firewall platforms based on the firewall s ability to address these factors. By 1Q04, more than 50 percent of Fortune 1000 enterprises will have distributed firewalls internally (0.8 probability). Written by Edward Younker, Research Products Analytical source: Richard Stiennon, Gartner Research For related Inside Gartner articles, see: Management Update: Network Security Predictions for 2002, 13 February 2002 Management Update: Information Security Policies Are Critical, 6 February 2002