Firewalls have long been a staple of enterprise security. They have played a key role in filtering content and protecting IT systems. But in today’s high-risk business landscape, first and second-generation devices aren’t enough to protect against increasingly sophisticated attack methods. They also don’t reflect the needs of organizations in the cloud. As a result, organizations large and small are adopting more advanced next-generation firewalls (NGFW).
Next-generation firewalls combine conventional firewall protections with more sophisticated features, including in-line deep packet inspection, intrusion detection and website filtering. According to Research and Markets, the next-generation firewall market is projected to grow at a CAGR of over 12 percent between 2018 and 2023. The growth of NGFW’s revolves around their ability to address web-based exploit kits, sophisticated malware, application-layer attacks, and highly targeted threats.
Here are the top vendors in the NGFW space, according to eWEEK. Vendors appearing in this guide scored high on the Gartner MQ and Gartner Peer Review sites. Other sources included NSS Labs, vendor websites and our sister site, eSecurity Planet. For more information, see our top security vendor methodology.
Headquarters: Campbell, Calif.
Barracuda’s focus is heavily on protecting cloud-based environments, including AWS, Azure, Google Cloud and VMware vCloud Air. It also has strong OEM partnerships in place, including with IBM and Trend Micro. The Firewall F-Series is specifically designed to protect legacy hardware along with virtual, hybrid and cloud environments from threats. This includes zero-day attacks. It features Layer 7 application control, intrusion prevention, web filtering, malware and advanced treat protection (ATP), anti-spam and network access control. It also includes robust SD-WAN capabilities. NSS Labs rated the firm’s CloudGen F800 at a 95.4% effectiveness rating. Barracuda solutions ranked high among users in security and performance, management and support, and cloud functionality.
Check Point Software Technologies
Headquarters: Tel Aviv, Israel, and San Carlos, Calif.
Check Point focuses on preventing and blocking attacks. The vendor’s website boasts that the NGFW uses the world’s largest application library, with more than 6,600 Web 2.0 applications. The approach is a standout. The company ranks among the top three in Gartner’s Magic Quadrant. In fact, Gartner says that Check Point should be on any company’s short list. When NSS Labs tested Check Point’s 15600 Next Generation Threat Prevention appliance it found that it repelled 99.2 percent of attacks. However, it did not pass all stability and usability tests. As a result, NSS placed it in the “caution” category. Core features include: application control, advanced URL filtering, IPS, antivirus, anti-bot, email security, policy management, monitoring and event management. Users give the company high marks, including integration with a wide variety of clouds, including VMware, Cisco ACI, KVM, HyperV, OpenStack, AWS, Google Cloud and Azure. The only area the company doesn’t rate high with customers is in support. Overall, Check Point boasts 170,000 customers, including 100 percent of Fortune 100 companies.
Headquarters: San Jose, Calif.
The networking giant has established itself as key player in the NGFW arena. The breadth of its offerings and features is impressive: intrusion prevention, advanced malware protection, cloud-based sandboxing, URL filtering, endpoint protection, web gateway protection, email security, network traffic analysis, network access control and CASB. Cisco Defense Orchestrator (CDO) enables cloud-based, low-touch management visibility and orchestration across distributed environments, Gartner noted. Cisco achieved “good” scores in an NSS analysis. The Firepower 4120 trailed market leaders but blocked 95.7 percent of attacks. In terms of value, implementation, management, support and cloud features, users rated Cisco NGFW’s “good” to “very good.” The company’s offers cloud and virtual NGFWs that support AWS, Azure, Azure government cloud and other platforms.
Headquarters: Austin, Texas
Gartner has labeled Forcepoint a “visionary” in its Magic Quadrant. The company focuses on a behavioral analysis approach that analyzes how people access and interact with critical data. Using a single console, Forcepoint NGFW allows an organization to deploy, monitor and update numerous firewalls and VPNs quickly and seamlessly. The appliances support high-availability clustering and SD-WAN networking, which accelerates application performance. NSS ranked the firm’s 2105 appliance as 99.7 percent effective, which placed Forcepoint at the top among all products in its class. Users ranked the company high in most categories, though cloud features were an exception. However, the company has added support for AWS and Azure, among others, with virtual and cloud appliances. A small channel network has also been cited as a concern among some users.
Headquarters: Sunnyvale, Calif.
The company has established itself as a leading vendor in the NGFW space by offering solutions that are both highly rated and affordable. In fact, Gartner rated Fortinet among the top three companies in its Magic Quadrant ratings for enterprise network firewalls. It also gives the company high marks for TCO. Fortinet’s NGFW solutions are highly scalable, highly configurable and easily-integrated with other products running on the FortiOS operating system. NSS Labs found that the FortiGate 500E performed at a 99.3 percent security effectiveness rating. Users gave the firm’s solutions high marks, particularly for installation and usability. Although Fortinet has trailed other vendors in delivering cloud features, it is closing the gap in recent months.
Headquarters: Sunnyvale, Calif.
Juniper long ago established itself as a leader in networking technology. Its roots date back to 1996. The company’s NGFW products are considered by Gartner to fall into the “niche” category. Its SRX Series Services Gateways pull information from the company’s threat prevention service and a third-party source to adapt the firewall as new threats emerge. Key capabilities include: application visibility and control, IPS, user-based application policies that are tightly integrated with Microsoft Active Directory, and unified threat management (UTM). Unfortunately, NSS was unable to test Juniper’s firewall solutions. It recommends a comprehensive evaluation prior to purchasing the vendor’s technology. Users rated the product “good” to “very good” for value, implementation, management, support and cloud features.
Palo Alto Networks
Headquarters: Santa Clara, Calif.
Among cyber-security vendors, Palo Alto Networks (PAN) ranks at the top. Its broad array of NGFW solutions, including physical and virtual appliances, is no exception. They deliver best-in-class performance and a robust feature list. The company is among the highest rated on the Gartner Magic Quadrant. NSS Labs gave the PA-5220 a 98.7 percent security effectiveness rating. Users rate the company’s products and services, including support, as mostly “very good.” Palo Alto’s NGFWs also integrate well with public and private cloud environments. As a result, the company boasts more than 50,000 customers in over 150 countries. This includes 85 of the Fortune 100. The downside of Palo Alto, if one exists, is the company’s relatively high price for solutions.
Headquarters: San Jose, Calif
The company boasts that its NGFW’s are installed at more than 500,000 organizations across 150 countries. SonicWall offers solutions for SMBs, mid-sized and large enterprises. The company’s pricing is attractive, and the vendor’s products are rated very high. “Surveyed customers frequently mention the ability of the SonicWall product to meet budget and performance requirements,” Gartner reported. Key features include application intelligence and control, real-time visualization, and WLAN management. NSS Labs reported that the SonicWall NSa 2650 is 98.8 percent security effective in blocking threats. That’s among the best among NGFWs. Users rated SonicWall excellent in most categories, including value, implementation, management functions and support. The one area that the company doesn’t receive high ratings is in its cloud features. It recently introduced a virtual firewall and AWS support.
Headquarters: Burlington, Mass.; Abingdon, UK
A pioneer in security, Sophos is rated as a “visionary” in the Gartner Magic Quadrant. The company’s website boasts that the solution exposes hidden risks, stops unknown threats and isolates infected systems. The vendor’s solutions offer traffic insights, system status reports and shows active firewall rules. However, Gartner reports that Sophos lacks integration with other tools, including endpoint protection platforms. NSS Labs reported that the XG Firewall 750 SFOS NGFW blocks 93.5 percent of attacks--though it failed in 9 of 180 evasion techniques and landed in the “caution” category. Users report that the solution offers good value and they give it high marks for implementation, management, support and cloud functionality. It offers cloud app visibility, including support for AWS and Azure.
Headquarters: San Jose, Calif.
Versa Networks is a relatively new entry in the firewall marketplace. The firm, founded in 2012, places a heavy emphasis on cloud integration. It describes the platform as “a next-generation software platform that integrates cloud, networking and security services.” The VERSA FlexVNF is a multi-service, multi-tenant software platform with built in NGFW. It features context-aware policy management, multi-tenancy support and full-featured routing, SD-WAN and UTM. NSS found that the FlexVNF blocked 90.36 percent of attacks. It was effective against 190 out of 190 evasions tested. However, NSS also found that the appliance ran at 3,661 Mbps, which is lower than the 20,000 Mbps performance level the vendor claims. Customers give the company high marks for innovation and robust feature sets.
Headquarters: Seattle, Wash.
The security firm, which has provided solutions since 1996, offer NGFWs for small, medium and large enterprise. The solutions have consistently received above average ratings from NSS Labs. The WatchGuard M670 received a 97.2 percent effectiveness rating by NSS and it passed all stability and reliability test. However, NSS also found that the device ran at 1,589 Mbps, which is lower than WatchGuard’s claim of 2,400 Mbps. WatchGuard offers a variety of protections, including integrated firewall, AV, IPS, UTM and VPN, in both desktop and rackmount models. Users rate the company high overall. Many reported easy installation and excellent value, along with an easy-to-use GUI interface.
Information for this article was compiled by Samuel Greengard, an established author on IT topics.