Firewall Market Trends



Similar documents
CIO Update: The Gartner Firewall Magic Quadrant for 2H02

What Are Network Security Platforms?

CIO Update: Enterprise Security Moves Toward Intrusion Prevention

The growing focus on managing information security risk is challenging

Firewall Evolution - Deep Packet Inspection by Ido Dubrawsky last updated July 29, 2003

Hierarchy of Needs for Content Networking

CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

How to build a Carrier-Grade Defense-Shield. Dr. Antonio Nucci Chief Technology Officer, Narus Inc.

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

The Cisco ASA 5500 as a Superior Firewall Solution

NGFWs will be most effective when working in conjunction with other layers of security controls.

Chapter 9 Firewalls and Intrusion Prevention Systems

Building A Secure Microsoft Exchange Continuity Appliance

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

SSL VPN 1H03 Magic Quadrant Evaluation Criteria

Networking for Caribbean Development

INTRODUCTION TO FIREWALL SECURITY

EMEA CRM Analytics Suite Magic Quadrant Criteria 3Q02

Next-Generation Firewalls: Critical to SMB Network Security

Organizations Must Employ Effective Data Security Strategies

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

The Hillstone and Trend Micro Joint Solution

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Security Technology: Firewalls and VPNs

Vendor Classification

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Top 10 Reasons Enterprises are Moving Security to the Cloud

Guideline on Firewall

White Paper. ZyWALL USG Trade-In Program

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System

The Leading Provider of Endpoint Security Solutions

What we hired the network to do in the

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Unified Threat Management Throughput Performance

INTRUSION DETECTION SYSTEMS and Network Security

Executive Brief on Enterprise Next-Generation Firewalls

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Network Access Security. Lesson 10

Your Security Partner of Choice

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Managing Vulnerabilities For PCI Compliance

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

SonicWALL PCI 1.1 Implementation Guide

Business Applications and Infrastructure Entwined

Copyright 2013 WatchGuard Technologies, Inc. All rights reserved. Introducción a Watchguard DLP Data Loss Prevention

The Magic Quadrant Framework

By 2007, 80 percent of enterprise communications purchase decisions will require support for unified communications (0.6 probability).

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Managed Remote-Access 1H03 Leaders, Challengers

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Network Immunity Solution. Technical White paper. ProCurve Networking

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Unified Threat Management, Managed Security, and the Cloud Services Model

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Network protection and UTM Buyers Guide

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Cisco Small Business ISA500 Series Integrated Security Appliances

Virus Protection Across The Enterprise

Towards End-to-End Security

SSL VPN 1H03 Magic Quadrant

Magic Quadrant for Storage Services, 2Q05 25 May 2005 Adam W. Couture Robert E. Passmore

SSL-Based Reverse Proxy Access: Network Security at the Application Layer

Key Findings. Recommendations. Overview. What You Need to Know. 1 of 5 10/11/2010 9:44 AM

Security Services. 30 years of experience in IT business

INSTANT MESSAGING SECURITY

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Firewall Environments. Name

Outline (Network Security Challenge)

Firewalls Overview and Best Practices. White Paper

Business Value Drives VoIP and IP-Telephony Layering

Network Security Monitoring: Looking Beyond the Network

Market Trends in 2002 and 2003

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

UTM-Enabled Network Protection

Defending Against Cyber Attacks with SessionLevel Network Security

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

2012 North American Enterprise Firewalls Market Penetration Leadership Award

How To Buy Nitro Security

Market Guide for Network Sandboxing

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

SSL VPN. Virtual Private Networks based on Secure Socket Layer. Mario Baldi. Politecnico di Torino. Dipartimento di Automatica e Informatica

2003 Desktop Software Distribution Magic Quadrant

Introducing IBM s Advanced Threat Protection Platform

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Chapter 15. Firewalls, IDS and IPS

Chapter 1 The Principles of Auditing 1

Next Gen Firewall and UTM Buyers Guide

Firewalls, Tunnels, and Network Intrusion Detection

Remote Services. Managing Open Systems with Remote Services

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Transcription:

Markets, R. Stiennon Research Note 19 June 2003 Magic Quadrant for Enterprise Firewalls, 1H03 Deep packet inspection technology is driving the firewall market to an inflection point that is characterized by rapid changes in product evolution and the vendor space. Core Topic Security and Privacy: Security Tools, Technologies and Tactics Key Issues Which vendors will emerge as leaders in the information security domain? Which product approaches and practices will help enterprises achieve higher levels of data integrity? Strategic Planning Assumption By fourth-quarter 2005, market-leading firewall vendors will offer deep packet inspection technologies for application defense (0.9 probability). Network-level firewalls have been commoditized. Enterprises must make security decisions based on deep packet inspection of application content, in addition to simple stateful protocol filtering. Gartner believes that firewalls must provide a wider range of intrusion prevention capabilities, or face extinction. We have updated our criteria for firewall market leadership to heavily weight ability to execute and vision in migrating to the next generation of firewalls. Firewall Market Trends Firewalls long have been able to enforce security policies based on who or what gets to connect to which service/machine. However, the content of the packets allowed through has been invisible to the firewall. Firewalls typically look only at header information; thus, they have limited ability to block attacks based on packet content. However, new worms, malicious code and cyberattacks have targeted application weaknesses, and more applications and protocols are tunneling through the firewall by connecting over port 80 and, in some cases, encapsulating in HTTP or S-HTTP formats. The greatest recent shakeup to the security area occurred on 18 September 2001, when "Nimda," a multiheaded worm, exploited a vulnerability in Microsoft IIS Web Server to infect hundreds of thousands of servers. This exploit was not detected by intrusion detection systems (IDSs), nor blocked by firewalls or antivirus software. Many enterprises experienced significant downtime and financial losses because of Nimda. In 2003, the "SQL Slammer" worm proved that although many enterprises had done a better job of patching Windows vulnerabilities, firewalls were still not providing useful protection at the application level. Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

Most investments in security are still in response to "pain" that is, reactive vs. proactive planning and risk assessment. Nimda caused visceral pain that has spawned investments in dozens of new products that emerged to address application vulnerability. We recommend positioning these network devices in front of critical servers, typically in the transaction zone (see "The DMZ Is DOA: Transaction Zones Replace the DMZ"). These devices are in-line and apply security policies to protect the assets behind them. We believe that application and Web defense products are firewalls, although they are not marketed as such. Several products meet the criteria for an enterprise firewall, including central management, a good graphical user interface, logging and reporting. Others exhibit the security capabilities of a firewall, but are several generations away from becoming a network's sole defense. They lack only the addition of a network stateful inspection capability. Magic Quadrant Criteria In this fresh look at perimeter defenses, we modified the criteria used to determine positions on the Magic Quadrant for Enterprise Firewalls, 1H03 (see Figure 1). Ability to Execute History of success in the traditional firewall market Financial strength, such as increasing revenue, the size of investment, number of employees and other factors Partnerships and channels, including partnerships with highspeed processing platforms and content inspection leaders Completeness of Vision Recognizes and blocks attacks based on protocol anomalies, signatures of attacks, content inspection, behavior (usually based on history of use) and traffic volume Builds solutions that address enterprises' needs Invests in specialized network processing hardware application-specific integrated circuits (ASICs) to perform deep packet inspection at wire speeds Enables central management of many remote devices Able to load balance or configure in a "highly available" mode Provides logging and reporting functionality 19 June 2003 2

Quickly rolls out new application defenses based on the ability to perform deep packet inspection Figure 1 Magic Quadrant for Enterprise Firewalls, 1H03 Challengers Leaders Cisco Systems Check Point Software Technologies NetScreen Technologies Ability to Execute Microsoft F5 Networks Mazu Networks Array Networks Radware SonicWALL Blue Coat Systems Symantec Secure Computing ipolicy Networks Teros Sanctum Top Layer Networks Network Associates (IntruVert) WatchGuard Technologies Whale Communications NetContinuum Fortinet TippingPoint Technologies Kavado As of June 2003 Niche Players Visionaries Source: Gartner Research (June 2003) Completeness of Vision Vendors that introduce new protection capabilities on an extremely short production cycle best leverage the strength of their investment in processing power for example, performing antivirus functions in-line, proxying instant messaging (IM), and providing Domain Name System and sendmail defenses. The greatest challenge will be to perform full Extensible Markup Language (XML) parsing and filtering. The ability to decrypt a Secure Sockets Layer (SSL) session, perform inspection and filtering, and re-establish the SSL session is also heavily weighted. 19 June 2003 3

To be considered a challenger, visionary or leader, a vendor must combine network-level and application-level firewall capabilities in an integrated product. Vendors that have only one or the other will be niche players in the future. Leaders We believe that because of the trends described above, the enterprise firewall market is immature again. The established market share leaders will not necessarily dominate as they previously have done. Therefore, there are no leaders identified in the 1H03 Magic Quadrant, although we expect that several products will qualify for the Leaders quadrant in the next six months. Challengers Check Point Software Technologies has recognized that the market is moving from access control to application defense, and it has rolled out a SmartDefense subscription service in which customers can get pre-configured defenses against newly discovered attacks. It recently launched Application Intelligence to ease management of application defenses. Application Intelligence relies on a combination of Check Point's stateful inspection engine and "services," or software proxies. Gartner believes that this approach is not adequate for 100-percent deep packet inspection at wire speeds. Check Point will need to invest in silicon to compete. It likely will leverage its market-leading Firewall-1 product line's best-of-breed management and graphical user interface to develop the added security functions of a deep packet inspection product. Cisco Systems has changed its market-leading focus on network security and is now committed to end-point security, as evidenced by its purchase of Okena, a host protection company (see "Cisco to Buy Okena, Try to Compete in Security Software"). It may have recognized the need for integration because it has pulled together these elements into a single group. Cisco will need to combine separate products in intrusion detection and firewall with content inspection capabilities that it could derive from internal or external sources. NetScreen Technologies was the first major firewall vendor to recognize the importance of deep packet inspection by purchasing one of the first intrusion prevention vendors, OneSecure. Today, the NetScreen Intrusion Detection and Protection appliance must be deployed behind the firewall to obtain full application defense. NetScreen's challenge is to deliver on its promise to produce an appliance that incorporates stateful inspection firewall and intrusion prevention functionalities 19 June 2003 4

by third-quarter 2003. The vendor also must show that it has the management capabilities to make this transition while continuing to grow. Radware is a content-switching appliance vendor that has added security features to its product line. Its application switches can block hundreds of attack signatures at wire speeds. Incorporating SSL termination and application defense, as well as stateful firewall capabilities, in the same appliance would make Radware a serious contender in this space. Visionaries Fortinet has demonstrated its investment in powerful network processing technology by filtering viruses in-line, which requires an unprecedented level of packet assembly and filtering. Fortinet has reached an impressive level of revenue in its first year of production because of its initial market penetration at the very low end of appliances. It will have to address the fact that many competitors in the Visionaries quadrant have concentrated on SSL termination vs. traditional IPsec, or Internet Protocol Security, virtual private networks (VPNs). NetContinuum is the only deep packet inspection vendor that has architected its appliance to protect the privacy of communication going through it. Its "split brain" solution provides for management and policy setting on a separate CPU from the packet assembly, as well as filtering functions that reside on an ASIC with extremely high-speed processing capabilities for SSL termination, packet assembly and filtering. This may prove to be a deciding factor in purchase decisions where that separation is important. Network Associates has purchased IntruVert Networks. As an early player in the intrusion prevention space, IntruVert has gained market traction for its products, which take IDSs a critical step forward to blocking attacks in-line. Network Associates must recognize that it has re-entered the firewall space, and provide R&D and customer support, to be a leader in next-generation firewalls. TippingPoint Technologies has most closely created a comprehensive network protection device, although it has been slow to gain customers because of its industry-leading marketing message of prevention vs. detection. Designed to be placed directly behind the firewall and provide protection across the spectrum of protocols, TippingPoint's product is poised to move to the gateway position with the addition of a complete set of network firewall filtering and reporting functions. 19 June 2003 5

Niche Players Blue Coat Systems is the reincarnation of CacheFlow, the network proxy vendor. Similar to F5 Networks, Blue Coat has recognized that the position of its product in front of critical Web servers as well as its content switching ability are the elements needed to provide protection for Web servers. An example of the power of deep packet inspection is Blue Coat's recent quick development and introduction of an IM proxy solution that allows enterprises to apply security policies to IM traffic. Blue Coat is the product of choice for secure proxying of out-bound connections. F5 Networks has recognized that load balancing, SSL termination and content switching rely on the same processing capabilities that are needed for a security appliance. The recent introduction of network attack blocking is F5's first foray into the protection space. F5's challenge is to pick a technology partner (or make an acquisition) with security domain expertise that can help it leverage its hardware and installed base to be a significant player in the firewall market. Microsoft's Internet Security Acceleration Server is a powerful software proxy and is evolving into Microsoft's lead security product, with built-in application defense and access controls. Although the Internet Security Acceleration Server is good technology, it is trailing market expectations because most enterprises look for hardware gateway devices, not software running on general-purpose operating systems. Secure Computing has delivered on its promise to take the best of Gauntlet (acquired from Network Associates) and combine it with the best of Sidewinder, its own software firewall. The combined product, SidewinderG2, represents the freshest and most-advanced software proxy firewall, with central management and ease of deployment. Enterprises will continue to find positions in their networks for the specialized capabilities that are available from SidewinderG2. SonicWALL has been slow to move into the application defense space with an offering to address recent activity by Check Point and NetScreen. An investment in hardware-based network processing capabilities would give SonicWALL an opportunity to continue to translate large enterprise solutions into products that its small and midsize business customers demand. Symantec remains a niche player in the firewall space. The old Raptor technology in the Symantec Enterprise Firewall is being replaced more often than it is purchased a negative adoption rate. The Symantec Secure Gateway Appliance is new software running on an appliance that provides firewall, IDS, content 19 June 2003 6

filtering VPN and antivirus functionalities. This is a good solution for the small and midsize business market, and perhaps for remote offices. WatchGuard Technologies is profiting from its series of lowcost, easy-to-manage appliances. Its RapidStream purchase gave it the technology for more-advanced application defenses, while supporting Check Point Firewall-1 and virtual local-area networks. Whale Communications is focusing on the SSL VPN space. Whale's technology can process any payload traffic and apply security policies to it. Array Networks, ipolicy Networks, Kavado, Magnifire, Mazu Networks, Sanctum, Teros and Top Layer Networks each combine hardware appliances with application defense capabilities to address various attacks. Not on the Magic Quadrant Some firewall vendors, such as BorderWare Technologies and CyberGuard, greatly rely on software proxies for application defense. However, they have matured considerably and added improvements, as well as management capabilities, to these proxies. Several vendors, such as DataPower Technology and Reactivity, are targeting XML firewall functionality. Parsing XML and checking for protocol anomalies at wire speeds are daunting tasks because in theory, the schema could be different for every message. Decrypting, checking digital signatures and blocking malicious code are other tasks that drive innovation in this arena. These tasks will require the most investment in hardware acceleration. Acronym Key ASIC IDS IM SSL VPN XML application-specific integrated circuit intrusion detection system instant messaging Secure Sockets Layer virtual private network Extensible Markup Language Bottom Line: The first major innovation in gateway security since stateful inspection is embodied in deep packet inspection firewalls. Leading vendors will offer the ability to assemble and inspect packet payloads at wire speeds. Enterprises should redirect intrusion detection system investments toward application defenses such as those offered by the thoughtleading firewall vendors in the Magic Quadrant for Enterprise Firewalls, 1H03. 19 June 2003 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information