What is the best Firewall among UTM and Enterprise Firewalls Leaders?

What is the best Firewall among UTM and Enterprise Firewalls Leaders?

Anyone who has ever thought about the question:

Which firewall should I choose?

Was probably confronted with the magic square Gartner (a well-known analytical agency).

At the end of June 2017, the next report on the state of the Unified Threat Management (UTM) market was released – the Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) and in July 2017, Enterprise Firewalls – Magic Quadrant for Enterprise Network Firewalls. If you are interested in knowing who was among the leaders, how the situation has changed over the past year and what trends are observed, then welcome on board.

UTM market:

  • I recall that by definition, Gartner is: Unified Threat Management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM:
  1. Firewall/intrusion prevention system (IPS) 
  2. Virtual private network (VPN), Secure Web Gateway Security (URL filtering, Web antivirus [AV]);
  3. Messaging security (anti-spam, mail AV). “
  • That is, under this definition, there are network security platforms targeting small companies (Small) and companies with a little more (Midsize) (under small companies (Small and Midsize Business) Gartner considers companies with a staff of 100 to 1000 people).
  • UTM solutions typically contain typical firewall functionality, Intrusion Prevention System (IPS), VPN gateway, web traffic filtering (URL filtering, streaming anti-virus for web traffic), and mail traffic filtering (filtering Spam messages and an anti-virus system for mail traffic), and of course you should not forget about the basic routing system and support for various WAN technologies.
  • According to Gartner predictions, the market of firewalls until 2020, will remain approximately in the same condition as now.
  • In the year 2022. According to Gartner predictions, the use of the Firewall as a Service class (FWaaS), Cloud firewalls, where client traffic will be tunneled, and the share of new installations for the SMB market will be more than 50%, compared to the current 10% share.
  • In addition, they predicted by 2022, 25% of users in the SMB segment will use their firewall as a monitoring tool and an intermediate broker to provide inventory and control of the use of SaaS resources as a means of managing mobile devices or a means of enforcing security policies on end-user devices (currently less than 2% of users use this functionality On firewalls). FWaaS solutions will be more popular for distributed branch structures, this solution will use 10% of new installations compared to less than 1% today.
  • Since UTM solutions are targeted at relatively small companies (by Gartner standards), it is clear that having received all the functionality from one box, the end customer will somehow be satisfied with tradeoffs in terms of performance, network security and functionality, but for such customers as well It is important that the solution is easily managed (control via the browser as an example), the solution administrator could be trained faster because of simplified management so that the solution contained embedded Means of at least basic reporting, for some customers, localized software and documentation are also important.
  • Gartner believes that the needs of SMB customers and Enterprise customers are very different from the point of view of Enterprise’s needs for implementing more complex management policies and enhanced capabilities in implementing network security.

For example:

The customers of the Enterprise segment that has a distributed branch structure often have branches that can be the same size as the whole SMB company. However, the criteria for selecting equipment for the branch are usually dictated by the choice of equipment at the head office (usually the equipment of the same vendor that is used at the head office, Low-End Enterprise Class equipment) is selected in the branches, since the customer needs to have confidence in Ensuring compatibility of equipment, and in addition, such customers often use a single management console to ensure the manageability of the branch network (where there may not be specialists of the corresponding profile) from the head office.

  • In addition, the economic component is also important, the corporate customer can receive additional discounts for “volume” from the manufacturers of internetwork solutions, including solutions for the branch network. For these reasons, Gartner is considering solutions for the distributed branch structures of Enterprise customers in Enterprise Grid solution squares (NGFW/Enterprise Firewall, IPS, WAF, etc.).
  • Separately, Gartner identifies customers with a distributed network of highly autonomous offices (a typical example is a network retail where the total number of employees can be more than 1000 people) who, like a typical SMB customer, have rather limited budgets, a very large number of remote sites and Usually a small IT/IB staff. Some UTM manufacturers even specifically focus on solutions for such customers more than for traditional SMB.

Let’s look at the current situation with the Gartner square on the UTM market as of June 2017:

Current situation with the Gartner

And here is what was a year ago, in August 2016:

The situation with the Gartner in 2016

In the list of leaders of the UTM market is:

  1. Fortinet;
  2. Check Point
  3. Sophos.

And the situation is gradually heating up – the positions of leaders are gradually tightening up to each other.Juniper got out of the niche players in the pursuers, pulled up a little of their positions SonicWall.

What does Gartner think about the leaders of the UTM segment separately:

1. Fortinet:

  • A representative of the leaders of the UTM market, a frequent guest in SMB shorts, has a strong position in terms of functionality/price/performance, which helps him to be a frequent choice of UTM solutions. The most often selected vendor in short-lists for both normal SMBs and a distributed network of stand-alone offices.
  • The headquarters is in Sunnyvale (USA, California). Has more than 4,600 employees worldwide, including an R & D staff of more than 1,000 people. The product portfolio includes solutions for network security and endpoint security, including SMB and Enterprise Fortified firewalls, FortiClient, Web Application Firewall / WAF (FortiWeb), and an integration solution from their products Network security (Fortinet Security Fabric).

2. Check Point Software Technologies:


Check Point Software Technologies
  • The one more of the leaders of the UTM market, the SMB solution is represented by an enterprise-class firewall, which is fairly easy to manage and has an intuitive graphical interface (GUI).
  • Headquarters are in Tel Aviv (Israel) and San Carlos (USA). Check Point is a vendor focused on network security, has more than 1,300 employees in R & D. The product portfolio includes SMB and Enterprise Security (Firewall) firewalls, Sandblast Agent, Sandblast Mobile protection solution and virtual firewalls (vSEC for private and public clouds). The current line of SMB class firewalls includes 700, 1400, 3100, 3200, 5100, 5200, 5400, 5600 families, all devices were introduced in 2016/2017.

3. Sophos:

  • The third one of the market leaders UTM. Continues to increase market share, due to ease of use, the good functionality of the Security component, successful integration with its own solution to protect the end nodes. A frequent guest in the short-sheets of the SMB-customer, as well as for distributed networks of stand-alone offices.
  • Headquartered in Abingdon, UK, it has over 3,000 employees worldwide. The product portfolio includes a mix of network security solutions and endpoint security solutions. The Sophos XG line of firewalls contains 19 models and was updated for the last time in the 4th quarter of 2016, as well as the outdated Sophos SG line. Sophos UTM solutions are available as virtual applications with the integration of IaaS-AWS and Azure platforms. Endpoint security solutions include Sophos Endpoint and Intercept X. The integration solution between Sophos UTM and Sophos Endpoint came under the name Sophos Synchronized Security. There are also solutions in the vendor’s portfolio for protecting mobile devices and providing data encryption.

The Enterprise Firewall market:

In 2011 Gartner introduced a new definition in the Enterprise Firewall – Next Generation Firewall (NGFW) market:

  • Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
  • An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that is not closely integrated.
  • Then it was an innovation, around which there was a lot of controversies. Several years have passed, a lot of water has flowed, and in 2017, Gartner no longer considers this any special advantage, but simply states the fact that all the leading players of this market have acquired this functionality for a long time, and now differentiate themselves from other vendors in terms of functionality.
  • According to forecasts of Gartner by 2020, virtualized Enterprise class firewalls will take up to 10% of the market compared to 5% at the moment. By the end of 2020, 25% of firewalls sold will include the integration of cloud security brokers (Cloud Access Security Broker, CASB) integrated with the corresponding APIs. By 2020 50% of new firewall installations will use outbound TLS inspection, compared to less than 10% at the current time.
  • According to Gartner, the Enterprise Firewall market consists mainly of solutions for protecting corporate networks (Enterprise Networks). Products included in these solutions can be deployed as a single firewall, and larger and more complex scenarios, including branch networks, multi-layered DMZs, in traditional deployment scenarios as a “large” firewall in the data center, And also include the use of virtual firewalls in the data center.
  • Customers should also be able to deploy solutions within the Amazon Web Services (AWS) public cloud infrastructure, Microsoft Azure, and the vendor must have Google Cloud support in its roadmap within the next 12 months. Products should be able to be managed with highly scalable (and granular) controls, have a well-developed reporting system, and have a wide range of solutions for the network perimeter, data centers, branch network and deployment in the virtualization infrastructure and public cloud. All manufacturers in this market segment must support the fine-tuning and monitoring of applications and users.
  • The Next Generation Firewall functionality is no longer an advantage, but a necessity. So Gartner crosses out the term she coined since this functionality is considered quite normal and absolutely necessary in the Enterprise Firewall market. In fact, Gartner considers NGFW and Enterprise Firewall to be synonymous. Manufacturers working in this market place emphasize and build a sales strategy and technical support for large companies (Enterprises), and the functionality they develop is also aimed at solving the problems of large companies (Enterprise).
  • Gartner claims that, according to her research, NGFW is gradually continuing the trend of replacing stand-alone IPS devices on the perimeter of the network, although some customers state that they will continue to use the Next Generation IPS (NGIPS) devices, adhering to the Best of Breed strategy. Many enterprise customers are interested in cloud-based Malware detection solutions as a cheaper alternative to separately installed Sandboxing solutions.
  • Unlike the UTM market, the corporate firewall market does not imply that NGFW solutions must contain all the functionality to protect the network. Instead, Gartner sees in corporate firewalls the need for specialization specifically on NGFW functionality. For example, for Enterprise class branch firewalls, it is required to maintain a high degree of granularity of blocking network traffic that should go into the product database, an integrated service approach to the processing of network traffic is required, product management must be highly integrated, and not look like a hastily compiled different engines in one product . The level of protection and convenience of configuring enterprise-class firewalls for branch networks should not be inferior to solutions for the head office.
  • In 2017 Gartner pays special attention to solutions to ensure the termination of TLS sessions to ensure that outbound traffic is checked for threats such as downloading malicious code, managing botnets. In some ways, the ability to verify outgoing TLS traffic brings NGFW closer to DLP solutions in a lightweight version, since decoding and subsequent inspection of outbound TLS traffic make sure that sensitive data is not sent out. However, some customers using this feature may notice a significant performance decrease when this feature is activated due to the high cost of decrypting TLS.
  • Some progressive customers are planning, and some are already using the opportunities provided by the Software Defined Networking (SDN) paradigm, and are using micro-segmentation capabilities in a virtualized data center. Such customers look at manufacturers with the support of various SDN-solutions, as well as their plans for further development in the direction of SDN. Solution manufacturers include more and more automated approaches to the orchestration of firewall policies to provide the flexibility and business benefits that the SDN paradigm promises.

Let’s now look at the current situation with the Gartner square on the Enterprise Firewall market as of July 2017:

The Enterprise Firewall market as of July 2017

But that was a year ago, in May 2016:

the Enterprise Firewall market as of May 2016

The list of long-standing leaders in the Enterprise Firewall market is

  1. Palo Alto Networks;
  2. Check Point.
  3. Fortinet
  • This year, Gartner moved Fortinet from the Challengers to the leader category. Passions are heating up – the positions of leaders in this segment are also approaching each other. Cisco and this year could not become a leader, remaining in the pursuers. But surprising Huawei, which of the niche players quite confidently was placed in the section of pursuers.


What does Gartner think about the leaders of the Enterprise Firewall market separately:

1.Palo Alto Networks:

Palo Alto Networks
  • It is one of the leaders of the Enterprise Firewall market, it is also a pure Security vendor based in Santa Clara (USA, California), the staff exceeds 4000 employees. Produces firewalls since 2007, in 2016. Revenues exceeded $ 1.4 billion. In the portfolio of solutions, there are Enterprise class firewalls in physical and virtualized versions, endpoint protection solutions (Traps and GlobalProtect), collection, aggregation, correlation, real-time threat analytics to support defensive measures (Threat Intelligence, AutoFocus), security solutions for SaaS (Aperture). The manufacturer is actively working to integrate solutions into a single platform for network security.
  • Palo Alto Networks has recently released the 8th version of the PAN-OS operating system with improvements for WildFire and Panorama, a new SaaS security feature, and protection of user credentials. Also, an entry-level firewall model PA-220, a middle-class PA-800 Series device was released, and the line of firewalls PA 5000 Series (new models 5240, 5250, 5260) was also updated.

2. Сheck Point Software Technologies:

Check Point Software Technologies
  • The second one of the leaders of the Enterprise Firewall market. The Enterprise product portfolio includes a large number of solutions, including NGFW firewalls and endpoint security solutions, cloud and mobile network security solutions. Flagship products Check Point – enterprise security gateways (Enterprise Network Security Gateways include the family 5000, 15000, 23000, 44000 and 64000). Cloud security is provided through a sec solution for private and public clouds, and there is also a SandBlast Cloud solution for SaaS applications. Endpoint security solutions include SandBlast Agent and mobile security solutions – Check Point Capsule and SandBlast Mobile. A SandBlast Cloud solution was also released to scan mail traffic in Microsoft Office 365. In 2016, The models 15400 and 15600 became available for large corporate customers, as well as 23500 and 23800 for data centers.
  • Recently, new Hi-End platforms for 44000 and 64000 were introduced, vSEC was released for Google Cloud, and a new version of R80.10 with improvements for the management console, improved performance, and SandBlast Anti-Ransomware, providing protection against malicious software of the Ransomware class. Also introduced is the new network security architecture Check Point Infinity, which combines the security of networks, clouds, and mobile users.
  • Check Point also extended the cloud protection solution from Malware, which can be integrated with SaaS email services. Check Point offers numerous software blades that expand the firewall capabilities, including advanced protection against malware – Advanced Malware Protection (Threat Emulation and Threat Extraction), Threat Intelligence services – ThreatCloud IntelliStore and Anti-Bot. Shell Point supports its firewalls in public clouds Amazon Web Services (AWS) and Microsoft Azure, there are solutions for integration with SDN-solutions from VMWare NSX and Cisco Application Centric Infrastructure (ACI).
  • Check Point solution should be on the short list of the corporate customer, for which price sensitivity is not so important as the granularity of network security functionality, coupled with high-quality centralized control for complex networks. It is also a good candidate for customers using hybrid networks, consisting of equipment installed at the customer, virtualized data centers, and clouds.

3. Fortinet:

  • Is the newcomer in the segment of the market leaders Enterprise Firewall. The flagship product is Fortigate, which accounted for 75% of the company’s revenue in 2016. The manufacturer also offers other products, such as wireless networks (FortiAP) and a specialized solution for protecting the Web – Application Firewall (FortiWeb). A new integration solution from network security products is presented under the name Fortinet Security Fabric.
  • In the line, Fortigate recently appeared models with the index “-E”, which is equipped with a hardware platform based on the latest generation of dedicated network security processors Fortinet Security Processors (CPU). Fortinet also acquired SIEM-manufacturer AccelOps and re-branded its solution under the name FortiSIEM. The latest releases of the FortiOS operating system include various features that relate to the Fortinet Security Fabric solution, with more tight integration between solution components, including the FortiClient endpoint security solution. The availability of FortiCASB solution providing protection for SaaS was announced.
  • Fortinet is also an excellent candidate for the corporate customer’s short list for all application scenarios, especially if the customer highly estimates the price/performance ratio and puts it first in its ranking.

And if you disregard what was written above, then many modern UTM solutions are already quite an Enterprise-class, and many vendors are producing Enterprise-class firewalls adapted to the budgets of SMB-customers.

  • In fact, all the leading manufacturers of network security do not have a clear division of UTM / NGFW solutions, therefore, in our opinion, Gartner’s segmentation of the network security markets on UTM and Enterprise Firewall / NGFW is somewhat artificial and far-fetched, In fact, in real life, the boundary between markets is blurred, only Gartner divides them in favor of the marketing component, perhaps also with the goal of selling more of their reports .
  • On the other hand, it is worth considering the position of Gartner in the part of UTM (the All-Security-In-a-Box approach) as a distribution on the market to the customer, who primarily needs an integrated solution to provide network protection and protection of end nodes from one box (by analogy with Home appliances – an integrated music center or boom box). And individual Gartner squares for Enterprise Firewall, Web Application Firewall, Web / E-Mail Security, Endpoint Security, etc. (Similar to home appliances – block HiFi audio equipment) – for those customers who need even more functionality than UTM solutions can provide, or it is necessary to provide a layered network security and security of end nodes or those customers who do not like the scaling capabilities UTM solutions.