WIXLIB

About this research note:Product Comparison notes providea detailed, head-to-head, analyticalcomparison of products in a givenmarket in order to simplify theselection process.Firewall VendorLandscape: The TopEight VendorsPublish Date: July 28, 2009Firewalls are a security necessity in today’s business world.They serve to protect the enterprise network from a host ofthreats. Use this vendor landscape to gain an understanding ofthe leading firewall vendors and the key criteria on which tofocus when choosing a new firewall for the enterprise. 1998-2009 Info-Tech Research Groupwww.infotech.com

Executive SummaryInfo-Tech has identified three key areas to consider when evaluating firewalls:»System architecture.»System throughput.»System management.The top eight firewall vendors have been evaluated and grouped into three categories: Leaders,Competitors, and Followers. These groupings are based on specific rankings in the three evaluationcategories plus how well suited the vendors and products are to mid-sized enterprises.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors2www.infotech.com

Industry OverviewThe firewall industry is a mature one where both feature and market consolidation is rampant. It is nearlyimpossible to buy a firewall on its own anymore. Firewalls are now considered to be Unified ThreatManagement (UTM) appliances due to the inclusion of security features such as anti-malware, intrusionprevention and detection, and content filtering.The shift from regular firewalls to UTM appliances has forced vendors to add more features to theirproducts to remain competitive, hence the high number of acquisitions in the industry. Having multiplesecurity features included with firewalls results in seamless communication and interaction between all ofthe products, potentially resulting in higher levels of security than would be present in securityenvironments with distinct solutions.Key Evaluation CriteriaThere are three main categories of criteria that IT must consider when selecting a firewall:1. System Architecture2. System Throughput3. System ManagementFor more information on these criteria, refer to the ITA Premium research brief, “Firewall Fundamentalsto Consider When Upgrading.”System Architecture»»Type of firewall. Firewalls can be stateful, application layer, or both: Stateful firewall. This type of firewall keeps track of the traffic as it traverses the networkgateway. Transmission information is checked and all packets that belong to a checkedtransmission are allowed to pass. Application-layer firewall/proxy firewall. This type of firewall scrutinizes each packet ofa communication, examining not only the headers, but also the packet contents. Once apacket has been checked, a copy is made and forwarded to the intended destination whilethe original is discarded.Integrated capabilities. Many of the integrated capabilities that are packaged with firewalls canalso be purchased as distinct solutions. When the integrated features of a firewall are used,rather than distinct solutions, the overall security of the system is improved since there will be ahigher level of seamless communication and efficiency in the security system.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors3www.infotech.com

»Software or hardware firewall. A hardware or appliance-based firewall is essentially a dedicatedserver that comes pre-loaded with the vendor’s software. Conversely, a software-based firewallrequires that the company purchase the necessary hardware component separately. Hardwarebased firewalls are fully compatible with the software loaded on them and are generally easier tomanage and maintain.System Throughput» Maximum firewall throughput. Firewall throughputs can range anywhere from under 100 Mbpsto over 4 Gbps. Be sure to choose a firewall throughput that best serves the organization’scurrent and future needs.» Degraded firewall throughput. The effect of turning on integrated capabilities such as VPN,anti-virus software, and intrusion prevention systems (IPS) generally results in throughputdegradation.System Management» User interface. Two types of user interfaces are available: Graphic User Interfaces (GUI) orCommand Line Interfaces (CLI). GUIs allow users to manipulate the firewall using a familiar visualrepresentation of folders and desktop structure, whereas CLIs allow users to manipulate thefirewall using a specified command language in a text only interface. It is common for firewalls tooffer both CLI and GUI; however, some have one or the other.» Nature of console. There are three types of consoles that can be used with firewalls: Device consoles. Supports the firewall only. Vendor consoles. Supports the firewall as well as other vendor systems. Third-party consoles. Vendor neutral management consoles such as HP Software(previously HP OpenView), CA Unicenter, Altiris, and Tivoli.Vendor ScorecardThis vendor landscape takes a look at eight prominent firewall vendors. To be evaluated, each firewallhas to have approximately 400 Mbps to 1 Gpbs of stateful throughput; anything more or less than thisrange is considered unsuitable for mid-sized enterprises. The rankings below are meant only as a guide;fully consider all options before choosing a firewall for the organization.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors4www.infotech.com

To determine the leaders, competitors, and followers in the industry, Info-Tech compared vendorperformance in three key areas:» Company strength. A combination of vendor stability, market share, and focus on mid-sizedenterprises.» Features. The appropriateness of the amount and type of features offered to mid-sizedenterprises.» Affordability. Product prices among the vendors.Refer to Figure 1 for the vendor ranking breakdown.Figure 1. Vendor Rankings for Mid-Sized Companies*Source: Info-Tech Research kingIBM ISS ProventiaHighMediumHighLeaderSecure heck Point niper NetworksMediumMediumMediumCompetitorCisco SystemsHighLowLowFollowerPalo Alto NetworksLowHighLowFollowerVendor*Rankings include leader, competitor, and follower.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors5www.infotech.com

Leader LandscapeIBMCompany StrengthFeaturesAffordabilityVendor ScoreHighMediumHigh8Figure 2. IBM ISS Proventia Series Comparison ChartSource: Info-Tech Research GroupVendorIBMVendor Market StabilityYear Founded: 1924Number of Employees: 386,558Company Type: Public2008 Sales: 103.6 BillionSeries NameISS ProventiaModelMX4006Protection ArchitectureStateful FirewallYesApplication Layer FirewallNoIntegrated VPN CapabilitiesYes (250 tunnels)Integrated IPSYesIntegrated Anti-MalwareFunctionalityYesProduct ComparisonFirewall Vendor Landscape: The Top Eight Vendors6www.infotech.com

Figure 2. IBM ISS Proventia Series Comparison Chart (Continued)Integrated Content FilteringYesHardware or Software-BasedHardware-BasedThroughputMaximum Stateful FirewallThroughput600 MbpsMaximum ApplicationFirewall ThroughputN/AIPS Throughput450 MbpsVPN Throughput170 MbpsAnti-Virus Throughput120 MbpsSystem ManagementUser InterfaceGUI and CLIConsole TypeVendor ConsoleInfo-Tech InsightThe IBM ISS Proventia Series is a well priced, feature-rich firewall series. It includes features such asanti-virus, anti-spam, Web filtering, and spyware blocking, which many vendors charge for separately oron a subscription basis. When considering the ISS Proventia Series, companies need to bear in mindthat the maximum firewall throughputs are degraded by switching on the included security features.Key PointsProsConsThe acquisition of ISS by IBM resulted inan enhancement of the security productsoffered by IBM.No application layer firewall is available inthe ISS Proventia series.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors7www.infotech.com

Secure Computing (McAfee)Company StrengthFeaturesAffordabilityVendor ScoreMediumHighHigh8Figure 3. Secure Computing Sidewinder Series Comparison ChartSource: Info-Tech Research GroupVendorSecure Computing (McAfee)Vendor Market Stability(Secure Computing/McAfee)Year Founded: Secure Computing: 1989 / McAfee: 1987Number of Employees: 971 / 4250Company Type: Public / Public2007 Sales: 237.9 Million / 1.3 BillionSeries NameSidewinderModelsSidewinder 210Sidewinder 410Sidewinder 510Protection ArchitectureModelsSidewinder 210Sidewinder 410Sidewinder 510Stateful FirewallYesYesYesApplication Layer FirewallYesYesYesIntegrated VPN Capabilities(PPTP/IPSec Tunnels)Yes (unlistednumber of tunnels)Yes (unlistednumber of tunnels)Yes (unlistednumber of tunnels)Integrated IPSYesYesYesIntegrated leProduct ComparisonFirewall Vendor Landscape: The Top Eight Vendors8www.infotech.com

Figure 3. Secure Computing Sidewinder Series Comparison Chart (Continued)Protection Architecture (Continued)ModelsSidewinder 210Sidewinder 410Sidewinder 510Integrated Content FilteringAvailableAvailableAvailableHardware or -BasedThroughputModelsSidewinder 210Sidewinder 410Sidewinder 510Maximum Stateful FirewallThroughput170 Mbps250 Mbps600 MbpsMaximum ApplicationFirewall Throughput140 Mbps230 Mbps250 MbpsIPS ThroughputUnlistedUnlistedUnlistedVPN Throughput80 Mbps160 Mbps160 MbpsAnti-Virus ThroughputUnlistedUnlistedUnlistedSystem ManagementModelsSidewinder 210Sidewinder 410Sidewinder 510User InterfaceGUI and CLIGUI and CLIGUI and CLIConsole TypeVendor ConsoleVendor ConsoleVendor ConsoleInfo-Tech InsightMcAfee has recently been involved in a number of acquisitions, the most recent being that of SecureComputing in 2008. Through this acquisition, McAfee intends to broaden its firewall offerings. TheSidewinder series offers mid-sized enterprises many choices at competitive prices. One potentialconcern with McAfee and Secure Computing is that the total number of firewall models offered seemsexcessive. Since all of the available models will not use the same components and parts, if a companypurchases a low selling model from the vendor, it may run into problems in the future if that model isdiscontinued and it requires a part or component for repairs.Product ComparisonFirewall Vendor Landscape: The Top Eight Vendors9www.infotech.com

Key PointsProsConsSecure Computing has a strong focus onmid-sized enterprises and offers a widerange of security products and options tobest suit their needs.Secure Computing was only just acquiredby McAfee. Since this occurred fairlyrecently, both companies may potentiallyexperience some growing pains in thefuture.SonicWALLCompany StrengthFeaturesAffordabilityVendor ScoreMediumMediumHigh7Figure 4. SonicWALL NSA Series Comparison ChartSource: Info-Tech Research GroupVendorSonicWALLVendor Market StabilityYear Founded: 1991Number of Employees: 700Company Type: Public2007 Sales: 199.2 MillionSeries NameNSA SeriesModelsNSA 240Product ComparisonFirewall Vendor Landscape: The Top Eight VendorsNSA 240010www.infotech.com

Figure 4. SonicWALL NSA Series Comparison Chart (Continued)Protection ArchitectureModelsNSA 240NSA 2400Stateful FirewallYesYesApplication Layer FirewallYesYesIntegrated VPN CapabilitiesYesYesIntegrated IPSAvailableAvailableIntegrated ted Content FilteringAvailableAvailableHardware or utModelsNSA 240NSA 2400Maximum Stateful FirewallThroughput600 Mbps775 MbpsMaximum ApplicationFirewall ThroughputUnlistedUnlistedIPS Throughput195 Mbps275 MbpsVPN Throughput150 Mbps300 MbpsAnti-Virus (plus UTM suite)Throughput115 Mbps160 MbpsProduct ComparisonFirewall Vendor Landscape: The Top Eight Vendors11www.infotech.com