The enterprise firewall market is one of the largest and most mature security markets. It is populated with both mature vendors and some more recent entrants. Changes in threats, as well as increased enterprise demand for mobility, virtualization and use of the cloud, have increased demand for new firewall features and capabilities. Organizations' final product selection decisions must be driven by their specific requirements, especially in the relative importance of management capabilities, ease and speed of the deployment, acquisition costs, IT organization support capabilities, and integration with the established security and network infrastructure.

Magic Quadrant

Figure 1. Magic Quadrant for Enterprise Network Firewalls

Source: Gartner (December 2011)

Market Overview

Firewalls are generally the first line of defense between untrusted networks (such as the Internet or connections to business partners). They limit the attack aperture for vulnerable PCs, servers and other infrastructure elements. Firewalls long ago became a "check the box" requirement in most compliance regimes for securing trust boundaries. Throughout the years, firewalls have continued to evolve to add deeper and more flexible inspection and enforcement capabilities as threats advanced, and to run at faster and faster throughput rates as network speeds increased.

In 2010 and 2011, Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms (see "Defining the Next-Generation Firewall") that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level. As enterprises increase the use of Web-based applications — with more complex connections within applications, more complex data centers and more data being presented to customers — firewalls have had to keep up with features and performance to meet these changing needs. Gartner also saw increased enterprise demands for aggregate throughput rates of 5Gbps and higher, as well as demand for the ability to partition higher-capacity firewall platforms into multiple virtual firewalls.

Gartner also observed an acceleration of the trend for large distributed businesses moving away from backhauling or "home running" all branch-office Internet connectivity back through the headquarters firewall and toward allowing direct branch-office connectivity to the Internet for user Web surfing and the like. The majority of enterprises still look to their primary firewall vendors to provide the branch-office devices. With few exceptions, a single brand of firewall vendor is the best practice (see "Q&A: Is It More Secure to Use Firewalls From Two Different Vendors?"). However, many enterprises are moving their Web security gateway tier to cloud-based or as-a-service delivery to deal with mobile employee Web use, and are finding that this is also a very attractive approach for providing low-cost secure Web access to branch offices without requiring customer premises equipment. For simple branch offices, this enables the branch's point-of-presence router to be used for connectivity back to headquarters and the Internet without an additional firewall product.

Branch office firewalls and small or midsize business (SMB) firewalls continue to diverge as increasingly distinct products, along with relatively simple management tools to deploy and operate them (see "Magic Quadrant for Unified Threat Management"). In that midsize market, Gartner sees managed security service providers (MSSPs) as having increased influence over firewall and intrusion prevention system (IPS) product selection, as small businesses limit their hiring of expensive security personnel.

Acquisitions and initial public offerings were limited in 2010 and 2011 to the purchase of Astaro by Sophos (see "Astaro Acquisition Will Extend Sophos' Midmarket Security Offerings"). McAfee, which had acquired Secure Computing, was acquired by Intel, and SonicWALL was acquired by Thoma Bravo, an investment firm that owns several other security companies, such as Entrust and Tripwire. IBM ceased production of its Proventia product, but stated that it will enter the NGFW market at some point in the future. Sourcefire also announced plans to add NGFW capabilities to its product line, which had previously been dominated by IPS offerings. Gartner believes that 2012 will bring some additional acquisition activity, as larger vendors that are trying to compete in the network infrastructure markets against Cisco look to add network security products to their portfolios.

The firewall market remains a large market, with firewall/VPN revenue of approximately $5.9 billion in 2010, an approximate 10% increase over the $5.4 billion of 2009. Gartner estimates that total 2011 firewall revenue will be approximately $6.3 billion. Most firewall vendors saw strong revenue growth over this period, as delayed firewall refresh from previous pent-up demand, and increased use of video and social networking drove up network bandwidth demands. As NGFW capabilities have dominated feature comparisons (as shown by Palo Alto Networks' rapid growth), price pressure has been reduced to some degree. However, the trends we identified last year of cloud and virtualization still continue to impact the market. Gartner saw increased demand for software-only versions of firewalls for use inside virtualized data centers, but most of this demand was directed toward incumbent firewall vendors. We do not see openings for virtual-only firewall vendors.

As NGFW products become more widely used, focus will shift toward manageability and scalability — until the next threat wave. 2012 will be the year most mainstream firewall vendors catch up to the smaller innovative vendors in feature count. The innovative vendors must show that they have the same management tools, as well as third-party ecosystem support and scale, as the larger vendors. Enterprises should continue to focus on threat-facing capabilities, throughput and manageability as key evaluation criteria for firewalls, with technical criteria typically weighted two times to three times cost criteria.

Firewall policy management (FPM) products (see Note 1) are a distinct, adjacent market. Gartner recommends FPM tools be considered where the complexity of the environment exceeds the firewall console capability, where the firewall rule base is exceptionally large or dynamic, where there is more than one brand of firewall in use, if a complex transition to another brand of firewall is planned, or if workflow tools are required as part of firewall rule management.

The Strategic Planning Assumptions for the enterprise firewall market are:

• Virtualized versions of enterprise network safeguards will not exceed 2% of the market through 2012, or 20% through 2016.
• Through 2015, more than 75% of enterprises will continue to seek security from a vendor different from their infrastructure vendor.
• Less than 5% of Internet connections today are secured using NGFWs. By year-end 2014, this will rise to 35% of the installed base, with 60% of new purchases being NGFWs.