Magic Quadrant for Network Firewalls
用于网络防火墙的魔力象限
Published 17 September 2019 - ID G00375686 - 86 min read


With firewall providers embedding multiple security features in firewalls and enabling integration and automation capabilities with other security products, firewalls are evolving into network security platforms.
随着防火墙提供商在防火墙中嵌入多种安全特性,并支持与其他安全产品的集成和自动化功能,防火墙正在演变为网络安全平台。
• Strategic Planning Assumptions
• 战略规划目标

By 2024, 20% of new distributed branch office firewall deployments will switch to firewall as a service, up from less than 5% today.
到2024年,20%的新的分布式分支机构防火墙部署将以服务的形式切换到防火墙,而目前这一比例不到5%。
By 2024, 25% of new firewall deployments will have users consider cloud-native firewall policy support of infrastructure as a service (IaaS) platforms as a mandatory selection criterion, from less than 5% today.
到2024年,25%的新防火墙部署将要求用户将基础设施即服务(IaaS)平台的云本地防火墙策略支持作为强制选择标准,而目前这一比例还不到5%。
By year-end 2024, 25% of firewall end-user spend will be contained within larger security “platform” deals delivered by enterprise license agreements (ELAs), up from less than 5% today.
到2024年年底,由企业许可协议(ELAs)提供的更大的安全“平台”交易将占到防火墙终端用户支出的25%,而目前这一比例还不到5%。
By 2024, 50% of new firewall purchases in distributed enterprises will utilize SD-WAN features with growing adoption of cloud-based services, up from less than 20% today.
到2024年,在分布式企业中购买的新防火墙中,有50%将使用基于云服务的SD-WAN特性,而目前这一比例还不到20%。
Market Definition/Description市场定义/描述
This year, Gartner has modified the definition of network firewalls. As we are observing more clients moving toward hybrid networks and seeking firewall capabilities in the cloud, cloud vendors are also offering native firewall capabilities to their clients.
今年,Gartner修改了网络防火墙的定义。随着我们观察到越来越多的客户端转向混合网络,并在云中寻找防火墙功能,云供应商也在为他们的客户端提供本地防火墙功能。
The traditional firewalls also offer support for these cloud platforms. Hence, starting this year, Gartner has started to also evaluate the native firewall capabilities of cloud providers, along with stand-alone firewall vendors. Also this year, the Magic Quadrants for Enterprise Firewalls and Unified Threat Management (UTM) have been consolidated into a single Magic Quadrant for Network Firewalls.
传统的防火墙还提供对这些云平台的支持。因此,从今年开始,Gartner也开始评估云提供商的本地防火墙功能,以及独立的防火墙供应商。同样在今年,用于企业防火墙和统一威胁管理(UTM)的魔力象限也被合并到用于网络防火墙的单个魔力象限中。
Gartner defines the network firewall market as follows: The network firewall market represented by this Magic Quadrant is composed primarily of firewalls offering bidirectional controls (both egress and ingress) for securing networks.
Gartner对网络防火墙市场的定义如下:这个魔力象限所代表的网络防火墙市场主要由提供双向控制(出口和入口)以保护网络的防火墙组成。
These networks can be on-premises, hybrid (on-premises and cloud), public cloud or private cloud. Network firewalls can also offer additional capabilities such as application awareness and control, intrusion detection and prevention, advanced malware detection, logging, and reporting.
这些网络可以是主集群、混合型(主集群和cloud)、公有云或私有云。网络防火墙还可以提供其他功能,如应用程序感知和控制、***检测和预防、高级恶意软件检测、日志记录和报告。
The companies that serve this market have an identifiable focus on network-based firewall controls — as demonstrated by the proportion of their sales and delivered with their support, sales teams and channels. These vendors provide features dedicated to solve firewall requirements and serve firewall-related use cases.
服务于这一市场的公司有一个明确的重点,即基于网络的防火墙控制——这可以从他们的销售比例和他们的支持、销售团队和渠道中得到证明。这些供应商提供专门用于解决防火墙需求的特性,并提供与防火墙相关的用例。
This Magic Quadrant includes the following types of network firewalls:
这个神奇的象限包括以下类型的网络防火墙:
• Purpose-built physical appliances专用的物理设备
• Virtual appliances虚拟设备

• An embedded firewall module嵌入式防火墙模块
• Firewall controls delivered from IaaS platform providersIaaS平台提供商提供的防火墙控制
Magic Quadrant
Figure 1. Magic Quadrant for Network Firewalls
Source: Gartner (September 2019)

2019度网络防火墙的魔力象限报告_第1张图片
Vendor Strengths and Cautions
供应商的优势和注意事项
Barracuda
Barracuda is based in Campbell, California. Its firewalls are visible on public IaaS platforms and in SD-WAN-related use cases on Gartner clients’ shortlists.
梭子鱼建立在加利福尼亚州的坎贝尔。它的防火墙可以在公共IaaS平台和Gartner客户的入围名单上与sd - wan相关的用例中看到。
These days, with a growing number of firewall vendors offering support for public cloud, Barracuda is facing strong competition because of limited visibility in the on-premises firewall use case. The vendor continues to introduce enhancements related to support for public IaaS platforms and SD-WAN. It is primarily shortlisted by midsize enterprises.
这些天来,随着越来越多的防火墙供应商提供对公共云的支持,Barracuda面临着激烈的竞争,因为在本地防火墙用例中可见性有限。供应商继续介绍与支持公共IaaS平台和SD-WAN相关的增强功能。它主要是由中型企业入围的。
Barracuda targets organizations looking for cost-effective security solutions. Its firewall product line (CloudGen Firewall F-Series) includes physical and virtual appliances. It is available on the popular public IaaS platforms Amazon Web Services (AWS), Microsoft Azure and Google Cloud.
Barracuda的目标是寻找经济有效的安全解决方案的组织。其防火墙产品线(CloudGen防火墙f系列)包括物理和虚拟设备。它可以在流行的公共IaaS平台Amazon Web Services (AWS)、Microsoft Azure和谷歌云上使用。
Its firewall centralized management solution, Control Center, is only available as either a software appliance or a public cloud image. Its security portfolio extends beyond firewalls to web application firewalls, data protection and email security solutions.
它的防火墙集中管理解决方案Control Center只能作为软件设备或公共云映像使用。其安全投资组合已从防火墙扩展到web应用程序防火墙、数据保护和电子邮件安全解决方案。
Recent product updates include integration with macmon for network access control (NAC) and full integration, and support for Microsoft Azure Virtual WAN, as well as new firewall instances in Microsoft Azure, Google Cloud Platform and AWS. Barracuda also discontinued its hardware appliances for centralized management, focusing on virtual and IaaS deployments.
最近的产品更新包括与macmon网络访问控制(NAC)的集成和完全集成,以及对Microsoft Azure虚拟WAN的支持,以及Microsoft Azure、谷歌云平台和AWS中的新的防火墙实例。Barracuda也停止了硬件设备的集中管理,专注于虚拟和IaaS部署。
Strengths优势 SD- WAN软件定义广域网:是将SDN技术应用到广域网场景中所形成的一种服务,这种服务用于连接广阔地理范围的企业网络、数据中心、互联网应用及云服务。
• SD-WAN: Barracuda offers mature SD-WAN capabilities within its firewalls. It has extended this SD-WAN support, including tunnels between Barracuda devices and support of the new Microsoft Azure Virtual WAN.
• SD-WAN: Barracuda在其防火墙内提供成熟的SD-WAN功能。它扩展了对SD-WAN的支持,包括Barracuda设备之间的
隧道和对新的Microsoft Azure虚拟WAN的支持。
• Product: Barracuda continues to enhance support for public IaaS platforms. It offers easy-to-use templates for connecting on-premises environments to multiple public IaaS vendors, specifically AWS, Microsoft Azure and Google Cloud Platform for creating policies and rules. Cloud connections to all cloud providers are configured and monitored from the centralized management console.
• 产品:梭子鱼继续加强对公共IaaS平台的支持。它提供了易于使用的模板,用于将本地环境连接到多个公共IaaS供应商,特别是AWS、Microsoft Azure和谷歌云平台,用于创建策略和规则。从集中式管理控制台配置和监视到所有云提供商的云连接。
• NAC: In addition to offering integration with macmon (an NAC vendor), the vendor offers a lightweight NAC solution called Barracuda Network Access Client combined with its SSL solution for basic client health checks.
• 除了提供与macmon(一个NAC供应商)的集成之外,该供应商还提供了一种轻量级的NAC解决方案,称为Barracuda Network Access Client,它结合了SSL
解决方案,用于基本的客户端健康检查。
• Customer Feedback: Surveyed customers report higher-than-average overall satisfaction, with Barracuda highlighting ease of deployment, centralized management and service.
• 客户反馈:接受调查的客户总体满意度高于平均水平,梭子鱼强调部署的便利性、集中管理和服务。
• Product Strategy: The retirement of the small and midsize business (SMB)-oriented X-Series and on-premises management appliance simplifies the overall product line and centralized management options.
• 产品策略:退休的面向中小型企业(SMB)的x系列和本地管理设备简化了整体产品线和集中管理选项。
Cautions注意事项
• Customer Experience: A lack of a complete set of APIs and missing integration with the Barracuda Content Shield endpoint security solution were cited as key concerns by customers surveyed. However, in the recent firmware release (8.0), the vendor has made enhancements by offering support for relatively more APIs.
• 客户体验:缺少一套完整的api,并且缺少与Barracuda Content Shield端点安全解决方案的集成,这些都是被调查的客户所关注的关键问题。然而,在最近的固件版本(8.0)中,供应商通过提供对更多api的支持进行了增强。
• Sales Execution: While the vendor offers firewall appliances scaling from 1.2 Gbps to 46 Gbps (pure stateful inspection throughput), Gartner does not see them as a preferred shortlist for data center and enterprise perimeter use cases by Gartner clients.
• 销售执行:虽然供应商提供的防火墙设备从1.2 Gbps扩展到46 Gbps(纯有状态检查吞吐量),但Gartner并不认为它们是Gartner客户的数据中心和企业边界用例的首选候选名单。
• Marketing Execution: Resellers express concern that potential customers do not see the vendor as enterprise-grade or competing with larger competitors. Despite receiving high marks for ease of cloud connectivity with CloudGen Firewalls, the overall adoption rate of virtual firewall instances within IaaS as either pay-as-you-go or bring-your-own licenses remains low.
• 营销执行:经销商表示,他们担心潜在客户不认为该供应商是企业级的或与更大的竞争对手竞争。尽管CloudGen防火墙在云连接方面获得了很高的分数,但IaaS中虚拟防火墙实例的总体采用率(即使用即付或自带许可)仍然很低。
• Geographic Strategy: Barracuda remains primarily focused on North America and Europe, and is not often seen in South America, the Asia/Pacific region and the Middle East.
• 地理战略:梭子鱼的市场主要集中在北美和欧洲,在南美、亚太地区和中东并不常见。
• Market Responsiveness: Barracuda lacks a FWaaS offering and any cloud access security broker (CASB) integration, which is a favorable requirement with the growing use of SaaS applications. The firewalls also lack support for SDN platforms.
• 市场响应性:Barracuda缺乏FWaaS产品和任何云访问安全代理(CASB)集成,这是SaaS应用程序使用不断增长的有利需求。防火墙也缺乏对SDN平台的支持
• Sandboxing: The vendor lacks an on-premises network sandboxing product, but offers integration with Lastline.
• 沙盒:供应商缺少本地网络沙箱产品,但提供与Lastline的集成
• Product Certification: Barracuda firewalls lack certain certifications that are important to enterprises with heavy regulations such as Common Criteria EAL4.
• 产品认证:Barracuda防火墙缺乏某些认证,而这些认证对于法规严格的企业来说非常重要,比如通用标准EAL4。
Check Point Software Technologies CP软件技术科技
Check Point Software Technologies is a global pure-play security vendor, with headquarters in Tel Aviv, Israel, and San Carlos, California. Its firewalls are facing strong competition from leading firewall players in the market.
Check Point Software Technologies是一家全球性的纯安全性供应商,总部位于以色列的特拉维夫和加州的圣卡洛斯。它的防火墙正面临来自市场领先防火墙厂商的激烈竞争。
Gartner is gradually noticing the vendor’s decreasing visibility for different firewall use cases in client inquiries as compared to other Leaders. With Check Point now showing a focus on cloud and application security with acquisitions, if executed well, it can gain traction in these use cases.
Gartner逐渐注意到,与其他领导者相比,供应商在客户询问中对不同防火墙用例的可见性在下降。Check Point现在将重点放在云和应用程序安全上,如果执行良好,它可以在这些用例中获得支持。
Check Point’s security portfolio, branded as the Check Point Infinity Architecture, includes enterprise firewall appliances (Security Gateway), virtual appliances available on the major cloud platforms (the CloudGuard brand, which includes CloudGuard IaaS, CloudGuard SaaS, CloudGuard Dome9 and CloudGuard Log.ic).
Check Point的安全组合,被称为Check Point Infinity架构,包括企业防火墙设备(安全网关),主要云平台上可用的虚拟设备(CloudGuard品牌,包括CloudGuard IaaS、CloudGuard SaaS、CloudGuard Dome9和CloudGuard Log.ic)。
The SandBlast brand encompasses threat prevention technologies, including network sandboxing appliances, an endpoint security solution (SandBlast Agent) and a mobile security solution (SandBlast Mobile). Check Point’s centralized management suites (Security Management, SmartEvent and Compliance) are available as a physical appliance (Smart-1 security management appliance) or as software, with a Windows-based management console (SmartConsole).
喷沙品牌包含威胁预防技术,包括网络沙盒设备、端点安全解决方案(喷沙代理)和移动安全解决方案(喷沙移动)。Check Point的集中管理套件(安全管理、SmartEvent和遵从性)可以作为物理设备(Smart-1安全管理设备)或软件使用,带有基于windows的管理控制台(SmartConsole)。
Checkpoint introduced four new Security Gateway appliances in the past year. In addition, it acquired Dome9 for cloud security posture management (CSPM) and ForceNock for web application and API protection (WAAP) security. The vendor offers 23 Security Gateway models — from lower-end options to high-end appliances with 1.6 Tbps throughput.
在过去的一年里,Check Point引入了四个新的安全网关设备。此外,它还收购了Dome9用于云安全态势管理(CSPM)和ForceNock用于web应用程序和API保护(WAAP)安全。该供应商提供23个安全网关模型——从低端选择到1.6 Tbps吞吐量的高端设备。
Strengths
• Pricing Strategy: Check Point offers a simple pricing model where appliances come with a choice of three bundles of subscriptions: Next Generation Firewall (firewall, intrusion detection and prevention system [IDPS], application control and URL filtering), Next Generation Threat Prevention (Next Generation Firewall features plus antivirus, anti-spam and anti-bot), and Next Generation Threat Prevention & SandBlast NGTX (NGTP plus sandboxing and content disarm and reconstruction). Check Point also offers the Infinity Total Protection ELA, as well as a-la-carte pricing.
• 定价策略:CP提供了一个简单的定价模型,电器有选择订阅的三个包:下一代防火墙(防火墙、*检测和预防系统(idps)、应用程序控制和URL过滤),下一代威胁的预防(赢面下一代防火墙功能+防病毒、防垃圾短信和的反傀儡程式),预防和下一代的威胁和沙盒仿真NGTX (NGTP加上沙盒和内容解除和重建)。CP还提供无限总保护ELA,以及a-la-点菜定价。
• Product Execution: Check Point has one of the largest threat research teams among the vendors evaluated in this research. It also offers a third-party threat intelligence feed as an additional option for customers, further increasing the scope of its threat intelligence offering. The vendor’s attach rates for its add-on products are higher than many competitors, which improves its threat intelligence capabilities.
• 产品执行:在本研究中评估的供应商中,Check Point拥有最大的威胁研究团队之一。它还为客户提供了一个第三方威胁情报提要作为一个额外的选项,进一步扩大了其威胁情报提供的范围。该供应商的附加产品的附加率高于许多竞争对手,这提高了其威胁情报能力。
• Partners: Check Point has a historically strong partner ecosystem, with VMware, Silver Peak, Microsoft and Radware being the recent additions. The vendor has also launched a new partner program called Check Point Engage that rewards providers that strengthen relationships with Check Point customers focused on cloud and mobile over hardware purchases.
• 合作伙伴:Check Point有一个强大的合作伙伴生态系统,VMware、Silver Peak、Microsoft和Radware是最近加入的。该公司还推出了一个名为Check Point Engage的新合作项目,奖励那些加强与Check Point客户关系的供应商,这些客户关注的是云计算和移动设备,而不是硬件采购。
• Scalability: Check Point has invested heavily in building specialized offerings to respond to vertical-specific challenges, including ruggedized appliances for critical infrastructure, telecom-specific hyperscale, and protocols such as GTPv1, GTPv2, Diameter, SCTP and SS7. The Maestro Hyperscale Orchestrator appeals to certain verticals like telecommunications and carrier-grade networks that value extremely high throughput capacities.
• 可伸缩性:Check Point在构建专门的产品以应对垂直特定的挑战方面投入了大量资金,包括用于关键基础设施的加固设备、电信特定的超大规模以及诸如GTPv1、GTPv2、Diameter、SCTP和SS7等协议。Maestro超大规模管弦乐编曲吸引了某些垂直领域,如电信和电信级网络的价值极高的吞吐量能力。
• Feature: Check Point continues to lead in centralized management offerings, even for very large, complex and highly exposed environments. Its management suite includes several features such as multidomain security management and smart provisioning to specifically serve managed security service providers (MSSPs).
• 特性:即使对于非常大、复杂和高度暴露的环境,Check Point仍然在集中式管理产品中处于领先地位。它的管理套件包括多个特性,如多域安全管理和智能供应,以专门服务于托管安全服务提供商(MSSPs)。
• Product Support: Check Point supports a large number of private, hybrid and public IaaS environments with its CloudGuard IaaS product line, including VMware NSX, Cisco ACI, AWS, Microsoft Azure and Azure Stack, Google Cloud Platform, Oracle Cloud, OpenStack, and Alibaba Cloud. With Dome9, Check Point is showing a growing focus on public IaaS.
• 产品支持:Check Point以其CloudGuard IaaS产品线支持大量的私有、混合和公共IaaS环境,包括VMware NSX、Cisco ACI、AWS、Microsoft Azure和Azure Stack、谷歌云平台、Oracle云、OpenStack、阿里巴巴云。通过Dome9, Check Point越来越关注公共IaaS。
Cautions
• Marketing Execution: Gartner estimates that, in 2018, Check Point lost market share to its rivals and increasingly is less visible in Gartner client inquiries. Client surveys indicate that the vendor is often left off of shortlists when clients are considering replacement of incumbent firewall vendors.
• 市场执行:Gartner估计,2018年,Check Point的市场份额被竞争对手夺走,在Gartner的客户咨询中越来越不显眼。客户调查显示,当客户考虑替换现有的防火墙供应商时,供应商常常被排除在候选名单之外。
• Market Responsiveness: Check Point is lagging its competition in introducing a full FWaaS offering. The vendor continues to lack the SD-WAN focus found with other firewall vendors.
• 市场反应:Check Point在引入全面的FWaaS方面落后于竞争对手。该供应商仍然缺乏与其他防火墙供应商一样的SD-WAN焦点。
• Product: Check Point Security Management Portal (SMP; cloud-based management console) is only available for limited firewall models and lacks support for the entire firewall series. Check Point firewalls also lack support for TLS 1.3; the product currently downgrades TLS 1.3 connections to TLS 1.2 when decrypting traffic.
• 产品:Check Point安全管理门户(SMP;基于云的管理控制台)只适用于有限的防火墙模型,并且缺乏对整个防火墙系列的支持。Check Point防火墙也缺乏对TLS 1.3的支持;该产品目前降级TLS 1.3连接到TLS 1.2当解密流量
• Customer Feedback: Customers and surveyed resellers perceive performance issues requiring purchase of larger appliances than anticipated, giving lower scores for overall performance, especially when enabling multiple features such as DLP. While Check Point is one of the most shortlisted firewalls for public IaaS platforms, clients cite that the installation and deployment process is not a smooth experience and often requires professional services or help from the support team.
• 客户反馈:客户和被调查的分销商认为性能问题需要购买比预期更大的设备,总体性能得分较低,特别是在启用DLP等多个功能时。虽然Check Point是入围公共IaaS平台的最常见的防火墙之一,但客户指出,安装和部署过程并不顺利,通常需要专业服务或支持团队的帮助。
• Marketing Strategy: Check Point continues to market Infinity as both an architecture and an ELA around the concept of generational threat protection (currently Gen V). Gartner clients express confusion around this messaging and which solutions the vendor can provide to help protect their environment. Check Point lacks strong positioning and product messaging.
• 市场策略:Check Point继续将Infinity作为一个架构和一个ELA围绕代际威胁保护(目前为Gen V)的概念进行营销。Check Point缺乏强大的定位和产品信息。
• Technical Support: Gartner clients continue to cite that Level 3 escalations take longer than Level 1 and Level 2 escalations, and that the vendor lacks in timely updated communication while the team is working on it.
• 技术支持:Gartner客户继续指出,第3级升级比第1级和第2级升级耗时更长,并且在团队进行升级时,供应商缺乏及时更新的沟通。
Cisco
Cisco is a large network, infrastructure and security vendor, based in San Jose, California. It continues to offer multiple firewall models for different use cases, although many models under the different firewall product lines overlap with each other. Cisco firewalls continue to be part of large Cisco infrastructure deals. Gartner does observe the vendor being shortlisted by existing Cisco clients as one of the firewall vendors. Its vision of cloud and automation, if executed well, can help the vendor gain traction in related use cases.
思科是一家大型网络、基础设施和安全供应商,总部位于加州圣何塞。它继续为不同的用例提供多个防火墙模型,尽管不同防火墙产品线下的许多模型相互重叠。思科防火墙仍然是思科大型基础设施交易的一部分。Gartner确实注意到该供应商被现有的思科客户列为防火墙供应商之一。它对云和自动化的愿景,如果执行良好,可以帮助供应商在相关用例中获得牵引力。
Cisco’s security product portfolio includes many solutions, including firewalls, and it has grown continually over the past few years, mainly through acquisitions. It offers endpoint security client Cisco AMP, Cisco AnyConnect (*
client), Stealthwatch and Stealthwatch Cloud (network traffic analysis [NTA]), secure web gateway (SWG), email security, network access control and a CASB — with Talos threat intelligence included with Cisco security products.
思科的安全产品组合包括许多解决方案,包括防火墙。在过去几年里,思科主要通过收购不断发展壮大。它提供端点安全客户端Cisco AMP, Cisco AnyConnect (*客户端),Stealthwatch和Stealthwatch云(网络流量分析[NTA]),安全网络网关(SWG),电子邮件安全,网络访问控制和一个CASB -包括Talos威胁情报思科安全产品。
Cisco continues to sell multiple firewall product lines: Cisco Adaptive Security Appliance (ASA) 5500-X Series and Adaptive Security Virtual Appliance (ASAv), its virtual firewall appliances; Cisco Firepower NGFW Series, which also exists in the form of virtual appliances (NGFWv); the Meraki MX series; and Cisco IOS Firewall. The vendor also offers two industrial firewalls (the ISA series).
思科继续销售多个防火墙产品线:思科自适应安全设备(ASA) 5500-X系列和自适应安全虚拟设备(ASAv),其虚拟防火墙设备;思科火力NGFW系列,也以虚拟设备(NGFWv)的形式存在;Meraki MX系列;和思科IOS防火墙。供应商还提供了两个工业防火墙(ISA系列).
Cisco Umbrella is the vendor’s cloud DNS security and secure web gateway. Cisco Tetration started as cloud visibility software, and recently evolved into an agent-based firewall for application and microsegmentation.
思科伞是供应商的云DNS安全和安全的网络网关。Cisco Tetration最初是云可视化软件,最近发展成为一个基于代理的应用和微分割防火墙。
Cisco Threat Response (CTR) is the Cisco web portal for threat investigation, adding context and an indicator of compromises to events sent from registered Cisco security products.
思科威胁响应(CTR)是思科威胁调查的门户网站,为注册的思科安全产品发送的事件添加上下文和危害指标。
The vendor continues its effort to build a unified centralized management console with Cisco Defense Orchestrator (CDO), which aims at managing all of its firewall product lines. The Cisco Meraki MX series also offers cloud-based management targeting distributed organization use cases.
供应商继续努力,以建立一个统一的集中式管理控制台与思科防御编配(CDO),旨在管理其所有的防火墙产品线。Cisco Meraki MX系列还提供了针对分布式组织用例的基于云的管理。
Firepower Management Center (FMC) is Cisco’s on-premises centralized management offering, available for Cisco ASA 5500-X and Firepower devices only.
火力管理中心(FMC)是思科的现场集中管理产品,仅适用于思科ASA 5500-X和火力设备。
Strengths
• Sales Execution: Cisco’s global footprint is a big asset when trying to convince large organizations to purchase its firewalls and adjacent security products. Gartner analysts see a large number of organizations signing ELAs with Cisco, including for a large number of Cisco Firepower firewalls. Many clients describe themselves as “Cisco shops.”
• 销售执行:当试图说服大型组织购买思科的防火墙和邻近的安全产品时,思科的全球足迹是一项巨大的资产。Gartner分析师认为,许多组织与思科签署了ELAs协议,其中包括思科的大量火力防火墙。许多客户将自己描述为“思科商店”。
• Marketing Execution: Cisco owns a broad portfolio of network and security solutions. Gartner sees the vendor enthusiastically promoting the integration and automation roadmap within its products as a strong marketing and sales strategy, which is also resonating with end users. It is also an attractive proposition for clients that want to consolidate toward a single vendor.
• 市场执行:思科拥有广泛的网络和安全解决方案。Gartner认为,供应商热情地在其产品中推广集成和自动化路线图,这是一种强有力的营销和销售策略,也引起了终端用户的共鸣。对于希望向单个供应商合并的客户来说,这也是一个有吸引力的建议。
• During inquiries, Gartner clients mention the Cisco integration story among the different Cisco products as a primary reason for the purchase.
• 在询问中,Gartner的客户提到了思科不同产品之间的集成故事,这是购买的主要原因。
• Capability: Customers and resellers continue to give high scores to Talos threat research and to advanced malware protection (AMP) features available on Firepower. Existing Sourcefire customers also like the IDPS integration on Firepower.
• 能力:客户和经销商继续给予高度评价Talos威胁研究和先进的恶意软件保护(AMP)功能可用的火力。现有的Sourcefire客户也喜欢集成在“火力”上的IDPS。
• Capability: Cisco Meraki MX appeals to distributed organizations looking for ease of deployment and maintenance. Cisco Meraki MX’s proprietary auto-*
and SD-WAN simplify site-to-site deployments when using only Meraki devices.
• 能力:Cisco Meraki MX呼吁寻求部署和维护的简便性的分布式组织。Cisco Meraki MX的专有自动
和SD-WAN在仅使用Meraki设备时简化了站点到站点的部署。
• Feature: The Cisco AnyConnect
client offers support for most mobile devices and their OSs. Gartner constantly receives inquiries in which clients rate the offered by the vendor as higher compared to other vendors. They state that the tunnels are stable and users do not experience disconnected sessions. Many Gartner clients that replace their Cisco ASAs with a firewall from a different vendor continue to use ASAs for only.
• 特点:思科AnyConnect
客户端为大多数移动设备及其操作系统提供支持。Gartner经常收到客户的询问,其中客户对供应商提供的的评价高于其他供应商。他们表示隧道是稳定的,用户不会经历断开的会话。许多Gartner的客户用来自不同供应商的防火墙替换了他们的Cisco as,他们仍然只将ASAs用于*。
Cautions
• Project Execution: While Cisco has made progress on its competitive positioning, it struggles to win firewall evaluation against other competitors in pure firewall deals based on technical evaluation alone. This puts Cisco in a difficult spot when the three vendors offer similar prices, which is more frequent than in the past due to recent pricing strategy changes from Cisco and its competitors.
• 项目执行:虽然思科在竞争定位上取得了进展,但在纯粹的基于技术评估的防火墙交易中,思科很难从其他竞争对手那里赢得防火墙评估。当这三家供应商提供类似的价格时,思科陷入了一个困难的境地。由于思科及其竞争对手最近改变了定价策略,这种情况比以往更加频繁。
• Product Execution: Cisco clients that have purchased multiple Cisco security products with Cisco Firepower firewall to utilize integration and automation capabilities, as highlighted by the vendor at the time of sales, are often disappointed when they don’t work in their environment. Gartner clients often cite the lack of automation between Cisco ISE (NAC solution) and Cisco Firepower as quite frustrating. Gartner highly recommends that clients evaluate the integration capabilities between different Cisco products before purchase.
• 产品执行:Cisco的客户购买了多个Cisco安全产品,并使用了Cisco的“火力防火墙”来利用集成和自动化功能,正如供应商在销售时强调的那样,当他们不能在自己的环境中工作时,常常会感到失望。Gartner的客户经常说,思科的ISE (NAC解决方案)和思科的“火力”之间缺乏自动化是非常令人沮丧的。Gartner强烈建议客户在购买之前评估对比不同思科产品之间的集成能力。
• Product Execution: Cisco Meraki MX, Firepower and, increasingly, Viptela can be relevant in overlapping use cases for distributed organizations with SD-WAN requirements. As the three solutions do not have full feature parity, prospective clients and Cisco resellers struggle to build an architecture when it needs to combine multiple solutions. CDO is still a work in progress and lacks fully featured unified management, which could help with the issue.
• 产品执行:Cisco Meraki MX、和Viptela在具有SD-WAN需求的分布式组织的重叠用例中可能越来越重要。由于这三种解决方案没有完全的功能对等,潜在客户和思科经销商在需要组合多个解决方案时,很难构建架构。CDO还在进行中,缺乏全功能的统一管理,这有助于解决问题。
• Capabilities: Cisco Firepower lacks SD-WAN features and zero-touch deployment. Gartner observes that Cisco clients are less likely to use application control, TLS decryption and URL filtering features. Surveyed customers also express frustration with the lack of comprehensive real-time logging and reporting solutions.
• 能力:思科火力缺乏SD-WAN功能和零接触部署。Gartner指出,思科客户不太可能使用应用程序控制、TLS解密和URL过滤功能。被调查的客户还对缺乏全面的实时日志记录和报告解决方案表示失望。
• Geographic Strategy: Gartner is noticing declining visibility of Cisco firewalls in pure firewall deals outside North America in client inquiries. The vendor is more visible in other regions as part of large Cisco infrastructure deals. Gartner has also observed more focus by the vendor on expanding the Cisco Meraki MX product line in the U.S. and U.K.
• 地理战略:Gartner注意到,思科防火墙在北美以外的客户咨询业务中,纯防火墙业务的可看性正在下降。作为思科大型基础设施交易的一部分,思科在其它地区的知名度更高。Gartner还注意到,思科更加注重在美国和英国扩展思科Meraki MX产品线
• Capabilities: Cisco clients continue to complain about their inability to effectively deploy Firepower virtual machines on IaaS platforms. They mention stability issues and feature inconsistencies. Gartner also does not see Cisco being deployed on public cloud, compared to competitors.
• 功能:思科客户继续抱怨他们无法有效地在IaaS平台上部署火力虚拟机。他们提到稳定性问题和特性的不一致性。与竞争对手相比,Gartner也认为思科不会部署在公共云上。
• Customer Experience: Cisco scored lower than average on surveyed customers’ satisfaction with quality of support. This aligns with what Gartner analysts observe during client inquiries, where the ability to get timely answers has been reported as degrading over time, especially when facing issues with centralized management features.
• 客户体验:思科在客户对支持质量的满意度调查中得分低于平均水平。这与Gartner分析师在客户咨询过程中观察到的情况一致,据报道,及时获得答案的能力会随着时间的推移而下降,尤其是在集中管理功能出现问题时。
• Capability: Cisco Firepower’s management API lags in maturity behind its direct competitors. This has noticeable consequences, such as delays in support from network security policy management tools (NSPM), and the absence of integration, notably with any third-party endpoint detection and response (EDR) tools.
• 能力:思科“火力”的管理API在成熟度上落后于其直接竞争对手。这带来了明显的后果,比如网络安全策略管理工具(NSPM)的支持延迟,以及缺乏集成,特别是与任何第三方端点检测和响应(EDR)工具的集成。
F5
F5, based in Seattle, Washington, is a leading data center application delivery controller vendor. It continues to focus on data center and CSP use cases for its firewall module deployment. Clients using F5 or procuring application delivery products for the vendor should consider using the firewall module offered by the vendor. The primary use case for using the vendor’s firewall is vendor consolidation, higher throughput requirements and advanced routing capabilities.
位于华盛顿州西雅图的F5是一家领先的数据中心应用程序交付控制器供应商。它继续专注于数据中心和CSP用例的防火墙模块部署。使用F5或为供应商采购应用程序交付产品的客户应考虑使用供应商提供的防火墙模块。使用供应商防火墙的主要用例是供应商整合、更高的吞吐量需求和高级路由功能。
F5’s Advanced Firewall Manager (AFM) module, as a part of its BIG-IP appliances, is sometimes visible in the vendor’s quotations with other products offered. Gartner comes across existing F5 clients that want to evaluate the firewall capabilities offered by the vendor with other firewall vendors in the market. F5 firewalls have limited visibility in data centers and large enterprise deployment.
F5的高级防火墙管理器(AFM)模块作为其BIG-IP设备的一部分,有时可以在供应商提供的其他产品的报价中看到。Gartner遇到过一些现有的F5客户端,他们希望与市场上的其他防火墙供应商一起评估该供应商提供的防火墙功能。F5防火墙在数据中心和大型企业部署中可见性有限。
F5’s security portfolio includes a WAF solution, access policy manager (APM), web fraud protection (WebSafe), and a DDoS mitigation solution, DDoS Hybrid Defender (DHD). Under the Silverline brand, F5 delivers a cloud WAF and DDoS protection. Its firewall product relies on the BIG-IP appliances (21 models, from 5 Gbps up to 320 Gbps) and VIPRION chassis (six models, up to 1.2TB throughput) hardware platforms, running the F5 Traffic Management Operating System (TMOS). F5 also offers 11 virtual appliances (F5 Virtual Editions [VE]) and centralized management (BIG-IQ) for its BIG-IP solutions.
F5的安全组合包括WAF解决方案、访问策略管理器(APM)、web欺诈保护(WebSafe)和DDoS缓解解决方案、DDoS混合防御器(DHD)。在Silverline品牌下,F5提供了云WAF和DDoS保护。其防火墙产品依赖于大ip设备(21个型号,从5 Gbps到320 Gbps)和VIPRION底盘(6个型号,最高1.2TB吞吐量)硬件平台,运行F5流量管理操作系统(TMOS)。F5还为其BIG-IP解决方案提供11个虚拟设备(F5虚拟版本[VE])和集中管理(BIG-IQ)。
Recent product news includes multiple enhancements related to routing, traffic inspection and DDoS mitigation.
最近的产品新闻包括与路由、流量检查和DDoS缓解相关的多个增强。
Strengths
• Product Strategy: F5’s software is optimized for data center and ISP infrastructure protection use cases with its highly scalable architecture, native load balancing support and focus on carrier-grade issues such as carrier-grade network address translation (CGNAT) and DDoS capabilities.
• 产品策略:F5的软件针对数据中心和ISP基础设施保护用例进行了优化,具有高度可伸缩的体系结构、本地负载平衡支持,并专注于电信级问题,如电信级网络地址转换(CGNAT)和DDoS功能。
• Feature: The vendor offers strong load balancing and DDoS mitigation capabilities. This offers clients the ability to consolidate firewall functionality with mature application delivery and security capabilities. However, all the features come as separate products with dedicated subscriptions.
• 特性:该供应商提供强大的负载平衡和DDoS缓解功能。这为客户提供了利用成熟的应用程序交付和安全功能来整合防火墙功能的能力。但是,所有的功能都是单独的产品,并且有专门的订阅。
• Customer Experience: F5’s customers report better-than-average satisfaction with the vendor’s technical support. Customers also report above-average performance of the F5 firewall, and cite performance and throughput as key deciding factors when selecting F5 for their firewall.
• 客户体验:F5的客户对供应商技术支持的满意度高于平均水平。客户还报告说F5防火墙的性能高于平均水平,并将性能和吞吐量作为选择F5作为防火墙的关键决定因素。
• Product Strategy (IaaS): F5 partners with multiple public IaaS cloud service providers including Alibaba, AWS, Azure, Google Cloud Platform, IBM and Oracle, making it a desirable shortlist candidate for mutlicloud deployments.
• 产品战略(IaaS): F5与多个公共IaaS云服务提供商合作,包括阿里巴巴、AWS、Azure、谷歌云平台、IBM和Oracle,使其成为多云部署的理想候选。
• Product: F5 offers strong TLS decryption in its BIG-IP appliance, as well as a dedicated TLS decryption appliance (SSL Orchestrator). F5 fully supports RFC 8446 TLS 1.3 decryption in TMOS 14.1.0.1 and higher, well ahead of many other firewall vendors, making SSL decryption capabilities stronger than the competitors.
• 产品:F5在其大ip设备中提供强大的TLS解密,以及专用的TLS解密设备(SSL编制器)。F5完全支持TMOS 14.1.0.1及更高版本的RFC 8446 TLS 1.3解密,远远领先于许多其他防火墙厂商,使SSL解密能力强于竞争对手。
• Geographic Presence: F5 is a long-established application delivery vendor with a large, loyal global channel. The vendor also has a direct presence through regional offices worldwide. This makes it a strong global vendor.
• 地理位置:F5是一个历史悠久的应用程序交付供应商,拥有一个大型的、忠诚的全球渠道。该供应商还通过全球区域办事处直接开展业务。这使它成为一个强大的全球供应商。
Cautions
• Sales Execution: F5 rarely appears on Gartner client competitive shortlists for enterprise firewall selection, and often complements other firewalls rather than replacing them. In addition, there has been significant turnover in its sales leadership, impacting reseller relationships over the past year.
• 销售执行:F5很少出现在Gartner客户端竞争企业防火墙的候选名单上,通常是对其他防火墙的补充,而不是取代它们。此外,在过去的一年里,其销售领导层出现了很大的人员流动,影响了经销商之间的关系。
• Customer Experience: F5’s customers generally report satisfaction with its product, but are reluctant to provide unqualified recommendations of it due to a lack of common firewall features, which prevents it from being used in certain use cases such as end-user perimeter firewalls. Surveyed clients have reported more reliance on the vendor’s professional services because of a lack of sufficient product documentation and steep learning curve as product limitations.
• 客户体验:F5的客户通常对其产品表示满意,但不愿提供不合格的建议,因为缺乏通用的防火墙功能,这阻止了它在某些用例中被使用,比如终端用户周边的防火墙。被调查的客户报告更多地依赖于供应商的专业服务,因为缺乏足够的产品文档和陡峭的学习曲线作为产品的局限性。
• Product: The F5 firewall lacks advanced threat detection features such as anti-malware and sandboxing, native or third-party endpoint security integration, and support for SD-WAN, which are commonly provided by vendors competing in the enterprise firewall market.
• 产品:F5防火墙缺乏先进的威胁检测功能,如反恶意软件和沙箱、本地或第三方端点安全集成,以及对SD-WAN的支持,这些功能通常由企业防火墙市场上的竞争厂商提供。
• Product Strategy: F5 does not offer a set of low-end appliances, a multitenant FWaaS option, NAC integration or cloud-based management consoles, and tends to focus its products on carrier-grade networks and large enterprise internal data center use cases. Unlike other vendors in the market, the network team is most likely to manage F5 due to its integration with the application delivery controller and, therefore, may not be managed or considered by security teams for firewall use cases.
• 产品策略:F5不提供一组低端设备、多租户FWaaS选项、NAC集成或基于云的管理控制台,其产品往往集中于电信级网络和大型企业内部数据中心用例。与市场上的其他供应商不同,网络团队最有可能管理F5,因为它与应用程序交付控制器集成,因此,对于防火墙用例,安全团队可能不会管理或考虑F5。
• Market Responsiveness: F5 includes an IDPS feature based on a limited number of SNORT signatures. Gartner advises that customers looking for high-security, network-based intrusion prevention solutions augment the F5 IDPS because it is not as robust or mature as other offerings seen in the network firewall market today.
• 市场响应性:F5包含一个基于有限数量的SNORT签名的IDPS特性。Gartner建议,寻求高安全性、基于网络的*
防御解决方案的客户会增加F5的IDPS,因为它不像目前网络防火墙市场上看到的其他产品那样健壮或成熟。
Forcepoint准能科技
Forcepoint is a security vendor headquartered in Austin, Texas. Its firewalls continue to be visible primarily in distributed office use cases where clients are looking for mature SD-WAN, and centralized management capabilities. Gartner sees good potential in the firewall to meet other use cases, but sees a delay in market responsiveness and a lack of focus to expand the customer base beyond distributed office use cases by Forcepoint.
Forcepoint是一家总部位于德克萨斯州奥斯汀的安全供应商。它的防火墙仍然主要出现在分布式办公用例中,在这些用例中,客户正在寻找成熟的SD-WAN、
和集中式管理功能。Gartner认为防火墙具有满足其他用例的良好潜力,但它认为市场响应能力较差,并且缺乏通过Forcepoint将客户基础扩展到分布式办公用例之外的重点。
The vendor offers a firewall (Forcepoint NGFW), web and email security gateways (Forcepoint Web Security and Forcepoint Email Security), data loss prevention (Forcepoint DLP), an insider threat solution (Forcepoint Insider Threat), a cloud access security broker (Forcepoint CASB), and user and entity behavior analytics (Forcepoint UEBA). It also offers government-specific security solutions.
供应商提供防火墙(Forcepoint NGFW)、web和电子邮件安全网关(Forcepoint web安全和Forcepoint电子邮件安全)、数据丢失预防(Forcepoint DLP)、内部威胁解决方案(Forcepoint内部威胁)、云访问安全代理(Forcepoint CASB)和用户和实体行为分析(Forcepoint UEBA)。它还提供针对政府的安全解决方案。
Virtual Forcepoint firewalls offer support for Azure and AWS, where they are available, as pay as you go as well.
Virtual Forcepoint防火墙提供了对Azure和AWS的支持,只要你愿意,随时都可以使用它们。
Forcepoint’s recent news includes the introduction of five new compact desktop models. Other updates include support for new, compact desktop models (33x and 5x series), and feature enhancements for SD-WAN and networking. Support for auto-scaling and management for its visual firewalls with virtualized environments (AWS, Azure, VMware, etc.) is available.
Forcepoint的最新消息包括推出五款新的小型台式电脑。其他更新包括对新的、紧凑的桌面模型(33x和5x系列)的支持,以及对SD-WAN和网络的功能增强。支持使用虚拟环境(AWS、Azure、VMware等)自动扩展和管理其可视化防火墙。
Strengths
• Market Execution: The majority of the installed base for Forcepoint firewalls with mature and SD-WAN capabilities is in distributed office use cases. Even the vendor is keen to focus on this use case by continually introducing more enhancements for and SD-WAN.
• 市场执行:具有成熟和SD-WAN功能的Forcepoint防火墙的安装基础主要是在分布式办公用例中。甚至供应商也热衷于关注这个用例,不断地为和SD-WAN引入更多的增强功能。
• Product: Security Management Center (SMC), which is the vendor’s centralized management offering, is very intuitive and easy to use. SMC is available as a management appliance, management appliance ISO image and software.
• 产品:安全管理中心(SMC),是供应商的集中管理产品,非常直观,易于使用。SMC是一种可用的管理设备,管理设备ISO映像和软件。
• It offers features such as drag and drop, which is very smooth. SMC provides granular administrator access control. Administrator roles can be defined, and mapped with select NGFWs, access control lists and Domains. There is also an administrator privilege for approving pending changes with features such as drag and drop. Surveyed clients have also highly rated SMC and scored it higher in ease of management.
• 它提供了拖放等功能,非常平滑。SMC提供细粒度的管理员访问控制。管理员角色可以通过选择NGFWs、访问控制列表和域来定义和映射。管理员还可以使用拖放等特性批准挂起的更改。接受调查的客户也对SMC给予了很高的评价,并在管理便利性方面给予了更高的分数。
• Feature (IDPS): The vendor has a legacy reputation of mature IDPS offers. Forcepoint utilizes threat intelligence from McAfee GTI and the Lastline reputation service, in addition to Forcepoint TI. Forcepoint firewalls offers best-of-breed firewall clustering capabilities, with a mature load balancing capability between different appliance models and running different firmware. Surveyed clients have also highly rated the firewall clustering capabilities, which are easy to manage and failover is transparent to the network.
• 特性(IDPS):该供应商拥有成熟IDPS产品的传统声誉。Forcepoint利用来自McAfee GTI和Lastline声誉服务的威胁情报,此外还有Forcepoint TI。Forcepoint防火墙提供了最好的防火墙集群功能,在不同的设备模型和运行不同的固件之间具有成熟的负载平衡功能。被调查的客户还高度评价了防火墙的集群功能,这些功能易于管理,而且故障转移对网络是透明的。
• Automation: Forcepoint offers cloud provisioning tools and automated scripts for DevOps use cases. The vendor offers public GitHub project SMC Python and SMC integration for Ansible.
• 自动化:Forcepoint为DevOps用例提供云供应工具和自动化脚本。供应商为Ansible提供公共GitHub项目SMC Python和SMC集成。
• Feature (): Forcepoint firewalls offer easy-to-configure templates. The vendor has a large installed base of multiple branch office use cases. The UI offers easy-to-monitor-and-manage multiple tunnels.
• 特性(): Forcepoint防火墙提供易于配置的模板。该供应商拥有一个庞大的多分支机构用例的安装基础。UI提供了易于监视和管理的多个隧道。
• Capability: The vendor offers built-in UEBA capabilities, bringing advanced threat detection capabilities beyond network sandboxing without the need for an additional subscription. The Forcepoint firewall platform collects data from network engines (physical/software/virtual/cloud variants), endpoint intelligence agents and via Syslog feeds from other third-party solutions deployed within an organization.
• 功能:该供应商提供内置的UEBA功能,带来了超越网络沙箱的高级威胁检测功能,不需要额外的订阅。Forcepoint防火墙平台从网络引擎(物理/软件/虚拟/云变体)、端点情报代理和组织内部署的其他第三方解决方案的Syslog提要收集数据。
Cautions
• Market Execution: Forcepoint sells multiple product lines, out of which Web Security, its SWG product, seems to be the primary product where most R&D work is focused. Gartner finds that the vendor focuses less on its firewall product line as a result, keeping it confined to distributed office use cases. While Gartner thinks that Forcepoint has good experience and a good R&D team, the firewall has the potential to be one of the industry leaders if the vendor focused more toward this product line.
• 市场执行:Forcepoint销售多个产品线,其中其SWG产品Web Security似乎是大多数研发工作重点关注的主要产品。Gartner发现,供应商因此较少关注其防火墙产品线,从而将其限制在分布式办公用例中。虽然Gartner认为Forcepoint有良好的经验和良好的研发团队,但如果供应商更关注这个产品线,防火墙有潜力成为行业领导者之一。
• Marketing: Forcepoint lacks strong marketing of its firewall products; as a result, it does not have much visibility on client shortlists. Despite the firewall offering mature threat detection capabilities, the marketing team markets its SD-WAN and capabilities most of the time, resulting in a lack of awareness within the end-user base.
• 营销:Forcepoint防火墙产品营销力度不够;因此,它在客户入围名单上的可见度不高。尽管防火墙提供了成熟的威胁检测功能,但营销团队大部分时间都在推销其SD-WAN和
功能,导致终端用户缺乏意识。
• Offering: The vendor lacks EDR client integration capabilities. It also lacks firewall integration with third-party EDR clients.
• 产品:该供应商缺乏EDR客户端集成功能。它也缺乏与第三方EDR客户端的防火墙集成。
• Product Strategy: Despite having a strong client base and a focus on distributed office use cases, the vendor does not offer a cloud-based management portal, as offered by most competitors. The vendor also lacks FWaaS, despite offering multiple other cloud-based product lines.
• 产品策略:尽管拥有强大的客户基础和对分布式办公用例的关注,但是该供应商并没有像大多数竞争对手那样提供基于云的管理门户。该供应商还缺乏FWaaS,尽管提供了多个其他基于云的产品线。
• Customer Feedback: Surveyed clients have reported that the vendor’s Level 1 support is not competent enough to deal with common support issues and escalates them further, creating longer escalation cycles.
• 客户反馈:接受调查的客户报告称,供应商的一级支持不足以处理常见的支持问题,并将其进一步升级,从而形成更长的上升周期。
Fortinet 飞塔
Fortinet is a network and security player, headquartered in Sunnyvale, California. This year, Fortinet firewalls continue to be visible in distributed office deals where integrated SD-WAN is the primary selection criterion. They are also seen as replacing dedicated routers and act as an edge appliance with firewalls. Fortinet is also a favorable firewall shortlist for customers that cite pricing as an important selection criterion. The vendor offers a range of firewall models to meet multiple firewall deployment use cases. It also offers support for bare metal and virtual firewalls for Alibaba Cloud, AWS, Azure, Google Cloud Platform, IBM Cloud and Oracle OCI IaaS platforms.
Fortinet是一家网络和安全公司,总部位于加州森尼韦尔。今年,在集成SD-WAN为主要选择标准的分布式办公协议中,Fortinet防火墙继续可见。它们也被视为替代专用路由器,并充当防火墙的边缘设备。对于那些将价格作为重要选择标准的客户来说,Fortinet也是一个不错的防火墙候选名单。该供应商提供了一系列防火墙模型,以满足多个防火墙部署用例。它还为阿里巴巴提供裸金属和虚拟防火墙支持
The other products in Fortinet’s portfolio cover network security, endpoint security, security information and event management (SIEM), NAC, wireless access points and switches. FortiGate firewalls are still the vendor’s most popular and best-selling product.
Fortinet的其他产品包括网络安全、端点安全、安全信息和事件管理(SIEM)、NAC、无线接入点和交换机。FortiGate防火墙仍然是该供应商最受欢迎和最畅销的产品。
In 2018 and 2019, Fortinet introduced new FortiGate models 6000F, 3600E, 3400E, 600E and 400E Series. It also had two major firmware releases with enhancements for the FortiGate firewall, new SD-WAN ASIC, virtual security processors, and centralized management and reporting software. It continues to work toward integration through APIs and security fabric.
在2018年和2019年,Fortinet推出了新的防御模型6000F、3600E、3400E、600E和400E系列。它还发布了两个主要的固件版本,其中增强了防御防火墙、新的SD-WAN ASIC、虚拟安全处理器以及集中管理和报告软件。它继续通过api和安全结构进行集成。
Strengths
• SD-WAN: Fortinet offers integrated SD-WAN capabilities within its E-Series firewalls, which makes it a favorable shortlist candidate for distributed enterprise use cases. It comes with capabilities like application-based routing, especially for SaaS applications like Office 365 that are easy to configure. The vendor also offers features such as multipath automated failover for specific applications based on health performance, latency, jitter and packet loss, which enhance the performance of the applications.
• SD-WAN: Fortinet在其e系列防火墙中提供了集成的SD-WAN功能,这使它成为分布式企业用例的理想候选。它具有基于应用程序的路由等功能,特别是对于易于配置的SaaS应用程序(如Office 365)。该供应商还提供基于健康性能、延迟、抖动和包丢失的特定应用程序的多路径自动故障转移等特性,这些特性增强了应用程序的性能。
• SSL Decryption: This year, Fortinet introduced support for TLS 1.3 in the FortiOS 6.2 release. This feature enhances existing deeper inspection capabilities for the Web Filter profile with flow-based inspection mode enabled and for the SSL/SSH Inspection profile.
• SSL解密:今年,Fortinet在FortiOS 6.2版本中引入了对TLS 1.3的支持。该特性通过启用基于流的检查模式增强了Web筛选器概要文件和SSL/SSH检查概要文件现有的更深层次的检查功能。
• Integration: Fortinet continues to extend integration capabilities using security fabric and APIs with AWS, Azure, Google Cloud Platform and Alibaba, and develops tools to offer automation. Some of the capabilities include security fabric integration using AWS Lambda, and automatically updating dynamic addresses for AWS using Fabric Connectors. The vendor also offers playbooks for integration of Ansible and Terraform modules.
• 集成:Fortinet继续使用安全架构和api与AWS、Azure、谷歌云平台和阿里巴巴进行集成,并开发提供自动化的工具。一些功能包括使用AWS Lambda的安全fabric集成,以及使用fabric连接器为AWS自动更新动态地址。供应商还提供了Ansible和Terraform模块集成剧本。
• Geographic Presence: FortiGate firewalls continue to be visible on Gartner client firewall shortlists in different regions, competing with regional players. Regional players have also citied Fortinet as one of the top three competitors for them locally.
• 地理位置:在不同地区的Gartner客户端防火墙候选名单上,加强防火墙仍然可见,与地区玩家竞争。区域玩家也认为Fortinet是他们在当地的三大竞争对手之一。
• Sales Execution: Fortinet works closely with many MSSPs globally that are offering Fortinet firewalls as hosted services to their clients. The vendor has specific licensing models for its VM-Series appliances specific to MSSPs. FortiManager and FortiAnalyzer also offer multiple multitenancy features that can be extended using APIs.
• 销售执行:Fortinet与全球许多mssp密切合作,为其客户提供Fortinet防火墙托管服务。供应商为其特定于mssp的vm系列设备提供特定的许可模型。FortiManager和FortiAnalyzer还提供了多种可以使用api扩展的多租户特性。
• Licensing: While the majority of Gartner clients generally complain about complex licensing by most enterprise-grade firewall vendors, Fortinet has maintained its simpler licensing by offering bundle-based licensing, which is easier to understand and renew for end users.
• 授权许可:尽管Gartner的大多数客户通常抱怨大多数企业级防火墙供应商提供的复杂授权许可,但Fortinet通过提供基于捆绑的授权许可来保持其更简单的授权许可,这对终端用户来说更容易理解和更新。
Cautions
• Visibility: Despite support for multiple cloud IaaS platforms, FortiGate is not visible on Gartner client shortlists as a preferred firewall on IaaS platforms, compared to prominent competitors that have more visibility in this use case.
• 可见性:尽管支持多种云IaaS平台,但在Gartner客户端候选名单上,FortiGate作为IaaS平台上的首选防火墙是不可见的,相比之下,在这个用例中,一些著名的竞争对手有更多的可见性。
• Product: Although Fortinet offers security fabric and API integration capabilities for integration of its products, it lacks mature direct integration capabilities of its firewalls with other security products in the portfolio for threat correlation.
• 产品:虽然Fortinet提供了用于集成其产品的安全结构和API集成功能,但它缺乏将其防火墙与投资组合中的其他安全产品进行直接集成以进行威胁关联的成熟功能。
• The vendor offers basic visibility into infected hosts and their vulnerabilities through FortiClient as a dashboard widget, but lacks mature direct threat correlation capabilities with FortiGate. FortiManager and FortiManager Cloud lack the management controls of FortiWeb, FortiSIEM and FortiCASB.
• 该供应商通过FortiClient作为一个仪表板小部件提供受感染主机及其漏洞的基本可见性,但缺乏与FortiGate成熟的直接威胁关联功能。FortiManager和FortiManager云缺乏对FortiWeb、FortiSIEM和FortiCASB的管理控制。
• Offering: The vendor has more focus on hardware-based offerings than cloud service offerings. Fortinet lacks cloud-based outbound filtering services such as FWaaS directly to its clients, especially for distributed office and roaming user use cases that prefer cloud-based services rather than hardware appliances.
• 提供:供应商更关注基于硬件的产品,而不是云服务产品。Fortinet缺乏基于云的出站过滤服务,比如直接向客户提供FWaaS,特别是对于喜欢基于云的服务而不是硬件设备的分布式办公和漫游用户用例。
• Customer Feedback: Fortinet clients often cite that the logs offered are not easy to drill through to find an incident and are more complicated compared to other firewall market leaders.
• 客户反馈:Fortinet的客户经常提到,他们提供的日志不容易通过钻取来发现一个事件,而且与其他防火墙市场领导者相比更加复杂。
• Customer Experience: Surveyed clients have reported on the management complexities of the firewall as more and new features are added. This also leads to frequent UI changes, which makes administration complex. Clients have cited that application control is not tightly integrated with the firewall, and creates administration complexity while creating firewall rules.
• 客户体验:被调查的客户报告了防火墙的管理复杂性,因为增加了更多和新的特性。这还会导致频繁的UI更改,从而使管理变得复杂。客户指出,应用程序控制没有与防火墙紧密集成,并且在创建防火墙规则时增加了管理复杂性。
H3C
H3C is headquartered in Beijing and Hangzhou, China. Until 2016, it operated as a subsidiary of Hewlett Packard Enterprise (HPE) and now is a part of Tsinghua Unigroup. It is an infrastructure vendor with a large portfolio, including security products that also cover firewalls, cloud computing products, switches, routers, wireless LAN (WLAN) products and management products.
H3C总部位于中国北京和杭州。直到2016年,它一直是惠普企业(Hewlett Packard Enterprise, HPE)的子公司,现在是清华紫光集团(Tsinghua Unigroup)的一部分。它是一个基础设施供应商,拥有一个庞大的投资组合,包括安全产品,也涵盖防火墙,云计算产品,交换机,路由器,无线局域网(WLAN)产品和管理产品。
H3C continues to introduce different security offerings in its products. The SecPath firewall offers support for UniCloud public IaaS platforms as bring your own license (BYOL) only. The firewalls are primarily shortlisted by clients in China, where the vendor has its largest installed base.
The vendor’s SecPath firewall family comprises 14 physical appliances and virtual firewall models.
H3C继续在其产品中引入不同的安全产品。SecPath防火墙只支持自带许可证(BYOL)的UniCloud公共IaaS平台。这些防火墙主要是由中国的客户入围的,中国的供应商拥有最大的安装基数。供应商的SecPath防火墙系列包括14个物理设备和虚拟防火墙模型。
Recent product news includes the introduction of a new SMB series and performance enhancements.
最近的产品新闻包括一个新的SMB系列的引入和性能增强。
Strengths
• Product Offering: H3C’s firewall offers a separate industrial firewall product line called Industrial Control Security, which includes an industrial control firewall, project monitoring and host security software.
• 产品供应:H3C的防火墙提供一个单独的工业防火墙产品线,称为工业控制安全,其中包括工业控制防火墙,项目监控和主机安全软件。
• Offering (NTA): The vendor offers an NTA platform branded as a security situation awareness system that collects network traffic flow data and other data across the entire network. The product also combines machine learning to offer correlated data and display based on heat maps and other graphic forms. The product can be integrated with the firewall to take policy-based actions.
• 提供(NTA):供应商提供一个NTA平台,作为一个安全情况感知系统,收集整个网络的网络流量数据和其他数据。该产品还结合了机器学习来提供相关数据和基于热图和其他图形形式的显示。该产品可以与防火墙集成以采取基于策略的操作。
• Offering (NAC): The vendor offers a native NAC solution with integration capabilities with its firewall. The NAC solution is called the H3C intelligent Management Center (iMC), and it delivers centralized management capabilities across cloud and data centers, end-user management, campus network, and wireless management.
• 提供(NAC):该供应商提供了一个本机NAC解决方案,具有与其防火墙的集成功能。NAC解决方案称为H3C智能管理中心(iMC),它提供跨云和数据中心、终端用户管理、校园网和无线管理的集中管理功能。
• Product: The centralized Security Service Manager (SSM) extends product management to other H3C products, such as its WAF and load balancer, in addition to firewalls, thus offering centralized management capabilities to H3C customers that have the above-mentioned products from the vendor. SSM also offers management and visibility capabilities into the native controls offered by UniCloud, a Chinese public IaaS vendor.
• 产品:集中安全服务经理(SSM)将产品管理扩展到除防火墙之外的其他H3C产品,如WAF和负载均衡器,从而为拥有上述供应商产品的H3C客户提供集中管理功能。SSM还为中国公共IaaS供应商UniCloud提供的本地控件提供管理和可见性功能。
• Customer Feedback: Surveyed clients have reported ease of management and operation as the vendor’s strengths.
• 客户反馈:被调查的客户报告说管理和操作的简易性是供应商的强项。
Cautions
• Execution: H3C firewalls only offer support for UniCloud as BYOL. They are available as pay as you go only as and NAT gateways. Clients that want to avail themselves of a complete feature set of H3C firewalls on public cloud must use a BYOL model only.
• 执行:H3C防火墙只支持UniCloud as BYOL。它们只能作为
和NAT网关使用。希望在公共云上利用完整的H3C防火墙功能集的客户端必须只使用BYOL模型。
• Market Responsiveness: The vendor lacks integrated SD-WAN capabilities in its firewalls, which is a desirable feature for distributed enterprise connectivity.
• 市场响应性:供应商在其防火墙中缺乏集成的SD-WAN功能,这是分布式企业连接的理想特性。
• Technical Feature: H3C firewalls do not support TLS 1.3-based decryption.
• 技术特性:H3C防火墙不支持基于TLS 1.3的解密。
• Geographic Strategy: The vendor has a presence primarily in China and lacks a presence in other parts of the Asia/Pacific region. Gartner does not see H3C being shortlisted by clients outside China.
• 地理战略:供应商主要在中国有业务,但在亚太地区的其他地区没有业务。Gartner认为,H3C不会被中国以外的客户列入入围名单。
Hillstone Networks山石
Hillstone Networks is headquartered in Suzhou, China, with regional headquarters in Santa Clara, California. The vendor is an established network security player offering perimeter, cloud and server security solutions. Hillstone firewalls are well suited for shortlists in enterprises with hybrid networks, such as on-premises, cloud and virtualized environments, mainly in China, Southeast Asia and Latin America.
山石公司总部设在中国苏州,总部设在美国加利福尼亚州圣克拉拉市。该供应商是一个成熟的网络安全商家,提供周边,云和服务器安全解决方案。Hillstone防火墙非常适合于拥有混合网络的企业的候选名单,比如在中国、东南亚和拉丁美洲的本地、云和虚拟环境。
Hillstone firewalls have dedicated firewall product lines for microsegmentation and public IaaS platforms. Hence, they are favorable candidates for hybrid networks. Primarily shortlisted by clients in China, the vendor has shown a growing installed base in Europe, the Middle East and Africa, and Latin America.
Hillstone防火墙有专门的防火墙产品线,用于微分割和公共IaaS平台。因此,它们是混合网络的良好候选。主要由中国客户入围,该供应商在欧洲、中东、非洲和拉丁美洲的安装基础不断增长。
The vendor offers multiple firewall product lines, namely the E-Series NGFW, T-Series iNGFW and X-Series Data Center Firewall. It also offers CloudEdge (virtual NGFW), CloudHive (microsegmentation) and CloudPano (hosted FWaaS through telcos, in the China market only). CloudEdge offers support for AWS, Azure, Alibaba Cloud, Tencent Cloud and Huawei Cloud. Other security products include IDPS, WAF, application delivery controller, ABG, DLP and DAP (with a few products only available in the Chinese market).
厂商提供多个防火墙产品线,即e系列NGFW、t系列iNGFW、x系列数据中心防火墙。它还提供CloudEdge(虚拟NGFW)、CloudHive(微细分)和CloudPano(通过电信托管FWaaS,仅在中国市场)。云计算为AWS、Azure、阿里巴巴云、腾讯云和华为云提供支持。其他安全产品包括IDPS, WAF, application delivery controller, ABG, DLP, DAP(少数产品仅在中国市场有售)。
In 2018, the vendor introduced two new models: X10800 and CloudEdge VM04. Other product updates include threat detection enhancement and firmware releases.
2018年,该公司推出了两款新机型:X10800和CloudEdge VM04。其他产品更新包括威胁检测增强和固件发布。
Hillstone is one of the few Chinese network security vendors that is gradually expanding into other regions outside China such as Latin America, Southeast Asia, the Middle East and Europe.
Hillstone是为数不多的中国网络安全供应商之一,该公司正逐步扩展到中国以外的其他地区,如拉丁美洲、东南亚、中东和欧洲。
Strengths
• Microsegmentation: Hillstone CloudHive is a dedicated product line that offers mature microsegmentation capabilities with VMware NSX. CloudHive offers features such as live visual mapping, autodiscovery of new virtual networks and threat detection across virtual machines (VMs) centrally.
• 微细分:Hillstone CloudHive是一个专门的产品线,提供成熟的微细分功能与VMware NSX。CloudHive集中提供了诸如实时可视化映射、新虚拟网络的自动发现和跨虚拟机的威胁检测等功能。
• Platform: The vendor offers Hillstone sBDS, its NTA platform, available globally. This platform uses different detection technologies including NTA to perform advanced threat detection and analytics for Hillstone clients. The vendor also offers a SIEM solution called iSource, currently sold only in China.
• 平台:供应商提供Hillstone sBDS,其NTA平台,可在全球使用。该平台使用包括NTA在内的各种检测技术,为Hillstone客户端执行高级威胁检测和分析。该供应商还提供一种名为iSource的SIEM解决方案,目前只在中国销售。
• Offering: The vendor offers behavioral analysis as an additional subscription on its T-Series firewalls. This makes it a favorable shortlist candidate for enterprises looking for additional threat detection capabilities within their firewalls beyond network sandboxing.
• 提供:该供应商提供行为分析作为其t系列防火墙的附加订阅。这使得它成为企业在防火墙中寻找超越网络沙箱的额外威胁检测能力的理想候选。
• Customer Feedback: Surveyed clients have highly rated the feature of the firewalls, stating they are easy to configure and manage between multiple sites.
• 客户反馈:被调查的客户对防火墙的
功能评价很高,表示它们很容易在多个站点之间配置和管理。
Cautions
• SD-WAN: Hillstone firewalls lack SD-WAN capabilities, which are being offered by many competitors today. This makes them less desirable candidates for distributed office connectivity use cases.
• SD-WAN: Hillstone防火墙缺乏当今许多竞争对手提供的SD-WAN功能。这使得它们成为分布式办公室连接用例的不太理想的候选者。
• Product Execution: The vendor offers different product lines of firewall appliances, namely the T-Series, E-Series and X-Series, creating confusion within the end-user base when comparing feature distinctions among them.
• 产品执行:供应商提供不同的防火墙设备产品线,即t系列、e系列和x系列,当比较它们之间的特性区别时,在最终用户群中造成混乱。
• Offering: The vendor does not offer on-premises network sandboxing. This is a requirement for regulated clients that cannot send data off-premises.
• 提供:供应商不提供本地网络沙箱。这是对不能在场外发送数据的受监管客户的要求。
• Feature: Although Hillstone offers partnerships with global and regional EDR vendors, it does not offer a common threat correlation portal to benefit firewall users that are looking for better threat detection capabilities.
• 特性:尽管Hillstone提供与全球和区域EDR供应商的合作关系,但它并没有提供一个通用的威胁相关门户来帮助防火墙用户寻找更好的威胁检测功能。
• Visibility: Despite the vendor claiming expansion outside of China, Hillstone firewalls are rarely seen on client shortlists outside China and Latin America.
• 可见性:尽管供应商声称要在中国以外扩张,但在中国和拉丁美洲以外的候选客户名单上,Hillstone防火墙很少出现。
• Marketing: The vendor lacks strong marketing of its firewalls in the end-user market as it is targeting international markets and competing with global players that have better marketing campaigns. This results in a lack of recognition in the end-user market outside of Asia.
• 营销:该供应商在终端用户市场缺乏强大的防火墙营销,因为它的目标是国际市场,并与拥有更好的营销活动的全球玩家竞争。这导致在亚洲以外的终端用户市场缺乏认知度。
• Product: The vendor offers a basic cloud-based firewall manager that is limited to monitoring only and lacks additional centralized management controls, such as change management and zero-touch provisioning of firewalls.
• 产品:该供应商提供了一个基本的基于云的防火墙管理器,该防火墙管理器仅局限于监视,并且缺乏额外的集中管理控制,如更改管理和防火墙的零接触供应。
Huawei
Huawei is a large infrastructure vendor based in Shenzhen, China. Its firewalls continue to expand their customer base in Southeast Asia, the Middle East and Latin America. They have a strong presence in telcos and are also visible in the infrastructure bundled deals of Huawei.
华为是一家总部位于中国深圳的大型基础设施供应商。其防火墙继续扩大其客户基础,在东南亚,中东和拉丁美洲。他们在电信领域有很强的存在感,在华为的基础设施捆绑交易中也很明显。
Huawei firewalls include the Unified Security Gateway (USG), Eudemon and virtual series. USG is the primary enterprise line, and Eudemon is the model line for carriers and service providers. Agile Controller, eSight and SecoManager are the central management platforms that support the USG line. Other than firewalls, the vendor also sells IDPS, anti- DDoS, SIEM and web application firewall product lines under its security portfolio.
华为防火墙包括统一安全网关(USG)、Eudemon和虚拟系列。USG是主要的企业线,Eudemon是运营商和服务提供商的样板线。敏捷控制器、eSight和SecoManager是支持USG线路的中央管理平台。除了防火墙,该公司还在其安全产品组合下销售IDPS、反DDoS、SIEM和web应用防火墙产品系列。
Huawei firewalls are good candidates for customers already using Huawei products or looking toward consolidation of network and security products from the same vendor, because of integration and ease of centralized management. Huawei offers multiple product models for different firewall deployment use cases. It also offers mature SD-WAN capabilities for distributed office use cases.
对于已经在使用华为产品的客户,或者希望从同一家供应商整合网络和安全产品的客户来说,华为的防火墙是很好的选择,因为它具有集成性,而且易于集中管理。华为为不同的防火墙部署用例提供多种产品模型。它还为分布式办公用例提供成熟的SD-WAN功能。
Product news for this year includes enhancements related to SD-WAN, IDPS and web UI.
今年的产品新闻包括与SD-WAN、IDPS和web UI相关的增强。
Strengths
• Ease of Management: Huawei firewalls have an easy-to-create firewall rule UI. It offers a single UI instance to create firewall policy and apply security policies that is easy to administer. Surveyed clients have also reported it as one of the strengths of the product.
• 易于管理:华为防火墙有一个易于创建的防火墙规则UI。它提供了一个UI实例来创建防火墙策略并应用易于管理的安全策略。接受调查的客户也表示,这是该产品的优势之一。
• Offering: Agile Controller is the vendor’s NAC solution. It is also offered in a cloud version. It has two versions: one is for data center networks, called AC DCN. The other is called AC Campus, for campus or enterprise use. Both versions can be closely integrated with the firewall by a callback feature and offer automation capabilities to segment the network.
• 提供:敏捷控制器是供应商的NAC解决方案。它也有云版本。它有两个版本:一个是用于数据中心网络,称为AC DCN。另一种称为AC校园,供校园或企业使用。这两个版本都可以通过回调特性与防火墙紧密集成,并提供自动划分网络的功能。
• Product: The vendor offers an on-premises centralized manager called SecoManager, which has dedicated policy orchestration features such as policy tuning and a policy simulator. It also offers a visualization feature for new policies to show their impact on traffic.
• 产品:供应商提供了一个名为SecoManager的现场集中管理器,它具有专用的策略编排功能,如策略调优和策略模拟器。它还为新策略提供了可视化特性,以显示它们对流量的影响。
• Feature: Huawei firewalls offer support for TLS 1.3, enabling deeper SSL decryption and traffic inspection capabilities for encrypted traffic.
• 特点:华为防火墙提供对TLS 1.3的支持,为加密流量提供了更深层次的SSL解密和流量检测功能。
• Offering: The vendor offers deception capabilities in its firewall appliances. These are offered in a separate product image that can be mounted on the firewall appliances and managed from within the firewall UI as a separate feature. Although the deception platform offered today is basic, it offers additional threat detection capabilities in the firewalls. It is recommended that clients evaluate the performance impact of running this image on the firewall appliance before enabling it.
• 提供:该供应商在其防火墙设备中提供欺骗功能。它们以单独的产品映像提供,可以挂载在防火墙设备上,并作为单独的功能在防火墙UI中进行管理。虽然今天提供的欺骗平台是基础的,但它在防火墙中提供了额外的威胁检测功能。建议客户端在启用此映像之前评估在防火墙设备上运行此映像的性能影响。
• Integration: Huawei offers direct integration capabilities with its big data analytics SIEM solution, Cybersecurity Intelligence System (CIS). The integration is offered as a built-in option within the firewall UI that can be simply turned on, making it easy to integrate and use in conjunction with Huawei firewalls.
• 集成:华为通过其大数据分析SIEM解决方案、网络安全情报系统(CIS)提供直接集成能力。该集成是作为防火墙用户界面内的一个内置选项提供的,可以简单地打开它,使其易于集成和与华为防火墙一起使用。
Cautions
• Execution: Huawei firewalls lack integration capabilities with third-party security vendors, especially SIEM providers. Surveyed vendors have highlighted this as a drawback of the USG firewalls. Clients face issues in sending the firewall logs to third-party SIEM vendors.
• 执行力:华为防火墙缺乏与第三方安全厂商的集成能力,尤其是与SIEM提供商的集成能力。被调查的供应商强调这是USG防火墙的一个缺点。客户端在向第三方SIEM供应商发送防火墙日志时会遇到问题。
• The vendor also lacks direct integration and correlation capabilities between its firewalls and third-party EDR solutions, and requires a CIS platform for correlation. Hence, it is strongly recommended that clients evaluate the integration capabilities between Huawei firewalls and third-party solutions in their ecosystem as an important shortlisting criterion.
• 该供应商还缺乏其防火墙和第三方EDR解决方案之间的直接集成和关联功能,并且需要一个CIS平台来进行关联。因此,强烈建议客户将评估华为防火墙与第三方解决方案在其生态系统中的集成能力作为重要的评选标准。
• Public Cloud: Despite offering appliance support for multiple public IaaS providers in a BYOL model, the vendor’s offering is not available on any IaaS platforms as pay as you go, while most firewall vendors support pay-as-you-go licensing models for more than one IaaS platform.
• 公共云:尽管在BYOL模型中提供了对多个公共IaaS供应商的设备支持,但供应商的产品在任何IaaS平台上都不可用,即付即付,而大多数防火墙供应商为多个IaaS平台支持即付即付的许可模型。
• Feature: The vendor offers basic centralized cloud management capabilities through its cloud portal. It can only be used to manage limited features on the firewalls, and lacks centralized firmware upgrades and zero-touch provisioning capabilities on a group of firewalls.
• 特性:该供应商通过其云门户提供基本的集中式云管理功能。它只能用于管理防火墙上的有限功能,并且缺乏集中的固件升级和一组防火墙上的零接触供应功能。
• Sales Execution: Huawei firewalls lack a uniform presence within different firewall use cases such as SMBs, perimeters and distributed offices. Gartner still sees most firewall procurement as being part of larger Huawei infrastructure deals most of the time, rather than firewall-only deals.
• 销售执行:华为的防火墙在不同的防火墙用例中缺乏统一的存在,例如smb、外围设备和分布式办公室。Gartner仍然认为,大多数防火墙采购在大多数时候都是华为大型基础设施交易的一部分,而不是只针对防火墙的交易。
• SDN: Huawei firewalls offer support only for the Huawei CloudFabric platform and lack support for other common SDN platforms as offered by major firewall players. This increases the dependency of clients on Huawei’s SDN infrastructure.
• SDN:华为防火墙只支持华为CloudFabric平台,不支持其他主流防火墙厂商提供的通用SDN平台。这增加了客户对华为SDN基础设施的依赖。
• Product Strategy: The vendor lacks a focus on cloud-based services related to firewalls and their users. Most of the features offered by the vendor are appliance-based. Huawei lacks outbound filtering cloud services for roaming users and distributed offices as a SaaS offering.
• 产品策略:供应商缺乏对与防火墙及其用户相关的基于云的服务的关注。供应商提供的大多数功能都是基于应用程序的。华为没有针对漫游用户的出站过滤云服务,也没有作为SaaS提供的分布式办公室服务。
Juniper Networks瞻博网络
Juniper Networks is a network infrastructure vendor headquartered in Sunnyvale, California. It aligns its products with a security focus under the Juniper Connected Security banner, which provides automated and centralized security policy definitions through the Juniper Policy Enforcer engine. This utilizes Juniper switches, routers and firewalls for security profiling and threat detection and enforcement, while integrating directly into the Juniper Sky Enterprise cloud platform. While the SRX firewalls offer a complete set of security features, they are still not very visible on client shortlists.
瞻博网络是一家网络基础设施供应商,总部设在加州森尼韦尔。它将其产品与Juniper Connected security banner下的安全焦点进行了对齐,后者通过Juniper policy Enforcer引擎提供了自动化的集中式安全策略定义。它利用Juniper交换机、路由器和防火墙进行安全分析、威胁检测和实施,同时直接集成到Juniper Sky企业云平台。尽管SRX防火墙提供了一套完整的安全特性,但它们在客户候选名单上仍然不是很明显
Juniper’s broad product portfolio includes a range of network edge and management devices, routers, switches, SDNs and enterprise firewalls (i.e., the SRX Series firewalls). The Virtual SRX firewalls offer support for AWS, Microsoft Cloud and IBM SoftLayer public IaaS platforms, both as BYOL and pay-as-you-go licensing models. The SRX hardware appliance product line has 15 distinct hardware platform models, ranging from 500 Mbps to 2 Tbps.
瞻博网络的广泛产品组合包括一系列的网络边缘和管理设备、路由器、交换机、SDNs和企业防火墙。, SRX系列防火墙)。虚拟SRX防火墙提供了对AWS、Microsoft Cloud和IBM SoftLayer公共IaaS平台的支持,包括BYOL和现收现付许可模型。SRX硬件设备产品线有15个不同的硬件平台型号,从500mbps到2tbps不等。
Recent updates include the introduction of cSRX firewall for container workloads. The vendor also introduced different feature enhancements, including routing and features, Policy Enforcer integration with AWS and Azure, and Nutanix integration with vSRX. The SRX firewall also got FIPS certification.
最近的更新包括为容器工作负载引入了cSRX防火墙。该供应商还引入了不同的功能增强,包括路由和
功能、与AWS和Azure的策略实施器集成以及与vSRX的Nutanix集成。SRX防火墙也获得了FIPS认证。
Strengths
• Product: Juniper’s centralized on-premises manager product, called Junos Space Security Director, offers mature orchestration capabilities as the vendor continues to enhance the product constantly. The product offers mature multitenancy features favorable for MSSPs, such as support for up to 100 simultaneous admin logins, where all of them can simultaneously perform tasks.
• 产品:Juniper的集中式现场管理产品Junos Space Security Director提供成熟的编配功能,厂商不断提升产品性能。该产品提供了对mssp有利的成熟多租户功能,比如支持最多100个同时进行的管理登录,所有这些登录都可以同时执行任务。
• The product offers a policy administration feature straight out of the dashboard. The vendor also offers a firewall rule creation wizard with policy analysis for autoplacement of the new rule, which avoids shadowing. The feature also alerts in cases of duplicate rules.
• 该产品提供了直接从仪表板中获得的策略管理功能。该供应商还提供了一个防火墙规则创建向导,其中包含用于新规则自动放置的策略分析,从而避免了跟踪。该功能还可以在规则重复的情况下发出警报。
• Feature: Juniper extends support for Policy Enforcer, firewall policy builder and its firewall rule creation wizard to AWS and Azure, simplifying the creation of centralized firewall policies for cloud workloads that can otherwise be challenging.
• 特性:Juniper将对策略实施者、防火墙策略构建器及其防火墙规则创建向导的支持扩展到了AWS和Azure,简化了为云工作负载创建集中式防火墙策略的工作,否则这些工作负载将面临挑战。
• Scalability: Juniper SRX firewalls come in multiple models to meet all firewall use cases. The vendor offers one of the highest-performing firewall models — the SRX5000 series — offering throughput of up to 2 Tbps and utilized by telcos primarily.
• 可伸缩性:Juniper SRX防火墙有多种模式,可以满足所有的防火墙用例。该供应商提供了性能最好的防火墙模型之一——SRX5000系列——提供高达2 Tbps的吞吐量,主要用于电信公司。
• Integration: Juniper has a large partner ecosystem to which it has extended API integration. It offers integration capabilities between SRX and NAC vendors like Forescout Technologies, HPE (Aruba), Pulse Secure, and CASBs Netskope and CipherCloud. The NAC integration extends to Juniper switches, enabling the use of Policy Enforcer to quarantine the infected endpoint.
• 集成:Juniper有一个很大的合作伙伴生态系统,它扩展了API集成。它提供SRX和NAC供应商之间的集成功能,如Forescout技术、HPE (Aruba)、Pulse Secure、CASBs Netskope和CipherCloud。NAC集成扩展到Juniper交换机,允许使用策略强制器隔离受感染的端点。
• Product Strategy: Integration with Carbon Black (CB) Response (EDR) is provided, which leverages Juniper Sky ATP TAXII server to retrieve STIX packages of malware discovered by Juniper Sky ATP. CB Response will extract the IOCs it supports and compare them to all the endpoints it manages.
• 产品策略:与Carbon Black (CB) Response (EDR)集成,利用Juniper Sky ATP TAXII服务器检索Juniper Sky ATP发现的STIX恶意包。CB Response将提取它支持的IOCs,并将它们与它管理的所有端点进行比较。
• It provides the ability to identify whether someone else has been infected on the network. CB Response also leverages the Juniper Sky ATP Infected Host API to update the list of infected hosts when it identifies a host as compromised based on different threat feeds.
• 它提供了识别网络上是否有人被感染的功能。CB Response还利用Juniper Sky ATP受感染的主机API根据不同的威胁源识别出受感染的主机来更新受感染主机列表。
Cautions
• Feature: The application control feature of Juniper is still not rated high compared to its competitors. It lacks granularity and offers limited subcontrols for many applications.
• 特点:与竞争对手相比,Juniper的应用控制特点还不是很突出。它缺乏粒度,为许多应用程序提供有限的子控件。
• Product Strategy: The vendor has a primary focus on introducing features on hardware appliances and lacks mature cloud-based service offerings for roaming users and distributed use cases such as a direct FWaaS offering.
• 产品策略:供应商主要关注于在硬件设备上引入特性,缺乏针对漫游用户的成熟的基于云的服务产品和分布式用例,如直接FWaaS产品。
• Offering: Juniper offers multiple different centralized managers with distinct features, including Junos Space Security Director (centralized security manager), Juniper Sky Enterprise and Contrail Service Orchestrator. This requires clients to use multiple manager tools based on their use case. Surveyed clients have also reported multiple nonintegrated managers as a product weakness.
• 提供:Juniper提供多种不同的集中管理功能,包括Junos空间安全总监(集中安全经理)、Juniper Sky企业、Contrail服务协调器。这要求客户端根据他们的用例使用多个管理器工具。接受调查的客户还表示,多名非整合经理是产品的一个弱点。
• Support: Surveyed clients have reported that they often come across firmware-related bugs that are unknown to the vendor, thus creating longer support escalations. Juniper does not offer bug bounty programs.
• 支持:接受调查的客户报告说,他们经常遇到与固件相关的bug,而这些bug是供应商所不知道的,因此会导致更长的支持升级。Juniper不提供bug奖励程序。
• Customer Feedback: Juniper SRX clients have reported that the process of upgrading firmware on the firewalls is not smooth. They have mentioned that the upgrade process forces the reboot of primary and secondary firewalls, and does not failover during upgrade.
• 客户反馈:Juniper SRX客户反映防火墙固件升级过程不顺利。他们提到,升级过程强制重新启动主和次防火墙,并且在升级期间不进行故障转移。
• Visibility: Juniper SRX firewalls are still not very visible on the firewall shortlists of Gartner clients as compared to competitors. They have also been mentioned as one of the most replaced firewalls by the participating vendors in this Magic Quadrant.
• 可见性:与竞争对手相比,Juniper SRX防火墙在Gartner客户的防火墙候选名单上仍然不是很明显。它们还被提到为这个神奇象限中参与厂商最常替换的防火墙之一。
Microsoft微软公司
Microsoft, based in Redmond, Washington, offers Azure, a large IaaS platform. Azure supports third- party partners that provide security controls for their customers; since September 2018, Azure has had its own set of firewall services, Azure Firewall. Currently, Azure Firewall is managed by the Azure portal or command line interface, and central management is available through third parties such as Tufin, AlgoSec and Barracuda. Reporting is offered through Azure Monitor.
总部位于华盛顿州雷德蒙德的微软提供了大型IaaS平台Azure。Azure支持为客户提供安全控制的第三方合作伙伴;从2018年9月开始,Azure就有了自己的一套防火墙服务——Azure防火墙。目前,Azure防火墙由Azure门户或命令行界面管理,而中央管理可以通过Tufin、AlgoSec和Barracuda等第三方进行。报告是通过Azure Monitor提供的。
Also included among Microsoft Azure security offerings are Azure DDoS and Azure WAF (global and regional). The vendor also offers separate connectivity offerings such as Azure Expreoute and .
微软的Azure安全产品还包括Azure DDoS和Azure WAF(全球和地区)。该供应商还提供单独的连接产品,如Azure express路由和*。
Company news includes the launch of Azure Firewall and the continued refinement of Azure security services. During the evaluation period, Microsoft has continued its bold initiative with partners to help secure its cloud while launching various native security services. The vendor continues building out a strong threat intelligence capability that informs all its security offerings.
公司新闻包括Azure防火墙的发布和Azure安全服务的持续改进。在评估期间,微软继续与合作伙伴一起采取大胆举措,在推出各种本地安全服务的同时保护其云计算的安全。供应商继续建立一个强大的威胁情报能力,通知其所有的安全产品。
Azure Firewall is a good candidate for protection in regional Azure clouds for application teams that value agility, automation and autoscaling, with solid native firewalling controls.
对于重视敏捷性、自动化和自动伸缩的应用程序团队来说,Azure防火墙是区域Azure云中的一个很好的保护对象,因为他们有可靠的本地防火墙控制。
Strengths
• Product Execution: Early customers note that Microsoft has taken their input into account, and has implemented feature requests from early trials or has included suggested features in its product roadmap.
• 产品执行:早期客户注意到,微软已经将他们的投入考虑在内,并且已经实现了来自早期试验的特性请求,或者在其产品路线图中包含了建议的特性。
• Pricing: Azure Firewall has a simple pricing model that is easy to consume and utilize. The vendor offers hourly deployment charges and per-GB data processing charges, making the pricing structure simple.
• 定价:Azure防火墙有一个简单的定价模型,很容易使用和利用。供应商提供每小时的部署费用和每gb的数据处理费用,使定价结构更加简单。
• Product Strategy: Azure’s cloud-native firewall helps to simplify the Azure environment, making policy changes, debugging and autoscaling easier than they are with third-party tools. This helps DevOps-oriented customers with ever-changing workloads maintain security with minimal operational friction.
• 产品策略:Azure的云本地防火墙有助于简化Azure环境,使策略更改、调试和自动标校比使用第三方工具更容易。这有助于具有不断变化的工作负载的面向devops的客户以最小的操作摩擦来维护安全性。
• Marketing Strategy: Microsoft does not overpromise on its firewall capabilities. Gartner clients report that the vendor suggests using a strong partner ecosystem to add security in high-security use cases. This helps Azure customers trust that Microsoft will deliver the security it promises from its native firewall offering.
• 营销策略:微软不会对其防火墙功能做过多的承诺。Gartner的客户报告说,供应商建议使用一个强大的合作伙伴生态系统来增加高安全性用例中的安全性。这有助于Azure客户相信,微软将提供它承诺的本地防火墙提供的安全性。
• Capabilities: Microsoft has a robust threat intelligence team that informs its firewall product. Customers like the approach to filtering outbound internet traffic with fully qualified domain name (FQDN) intelligence. Azure firewalls also offer support for service tags and FQDN tags for better rule creation.
• 功能:微软有一个强大的威胁情报团队,通知其防火墙产品。客户喜欢使用完全限定域名(FQDN)智能过滤出站internet流量的方法。Azure防火墙还提供了对服务标记和FQDN标记的支持,以便更好地创建规则。
• Geographic Presence: Microsoft Azure has a good geographic presence globally. As a result, it has better visibility than many other vendors that are available in limited regions.
• 地理位置:微软Azure在全球拥有良好的地理位置。因此,它比在有限地区可用的许多其他供应商具有更好的可视性。
Cautions
• Product: Azure firewall only meets network firewall deployment use case of Microsoft Azure customers.
• 产品:Azure防火墙只满足微软Azure客户的网络防火墙部署用例。
• Offering: Microsoft’s firewall offering lacks IDPS and advanced threat detection capabilities, which are often requirements for security teams choosing firewall platforms. As a result, Azure clients have to use third-party threat detection and IDPS tools.
• 提供:微软的防火墙产品缺乏idp和高级的威胁检测功能,而这通常是安全团队选择防火墙平台的要求。因此,Azure客户端不得不使用第三方威胁检测和IDPS工具。
• Pricing: Microsoft requires a different firewall in each region. Azure customers note that this can lead to much higher costs, and can cause more operational expense with added administration and management complexity, especially considering the lack of a central management console.
• 定价:微软在每个地区都需要不同的防火墙。Azure客户注意到,这可能会导致更高的成本,并增加管理和管理复杂性,从而导致更多的运营成本,特别是考虑到缺乏中央管理控制台。
• Capabilities: Surveyed customers note the need for more predefined Layer 7 protocols and improved logging to ease the auditing process.
• 功能:被调查的客户注意到需要更多预定义的第7层协议和改进的日志记录来简化审计过程。
Palo Alto Networks
Santa Clara-based Palo Alto Networks is a large security vendor with more than 5,800 global employees, shipping firewalls since 2007. In addition to enterprise firewall physical and virtual appliances, the vendor’s products include EDR software, threat intelligence, SaaS security, cloud compliance and policy management tools, and security orchestration, automation, and response (SOAR).
总部位于圣克拉拉的帕洛阿尔托网络公司(Palo Alto Networks)是一家大型安全供应商,在全球拥有5800多名员工,自2007年起开始销售防火墙。除了企业防火墙物理和虚拟设备之外,该供应商的产品还包括EDR软件、威胁情报、SaaS安全、云遵从性和策略管理工具,以及安全编排、自动化和响应(SOAR)。
The vendor has delivered integrations between its offerings as a security operating platform, managing it from its Panorama management console. Palo Alto Networks has made use of its Cortex offering to build out its third-party ecosystem, enabling partners to build applications that interact with the Palo Alto Networks platform.
作为一个安全操作平台,该供应商提供了其产品之间的集成,并通过其全景管理控制台进行管理。帕洛阿尔托网络公司(Palo Alto Networks)利用其提供的皮层构建其第三方生态系统,使合作伙伴能够构建与帕洛阿尔托网络平台交互的应用程序。
Palo Alto Networks firewalls continue to lead the firewall market share, showing strong revenue growth. Its firewalls have the most visibility on firewall shortlists in Gartner client inquiries. Introduction of Prisma Access and the Prisma cloud offering show the vendor’s growing focus on cloud services.
帕洛阿尔托网络防火墙继续引领防火墙市场份额,显示强劲的收入增长。它的防火墙在Gartner客户咨询的防火墙候选名单中最显眼。Prisma Access和Prisma云服务的推出表明了供应商对云服务的日益关注。
Company news includes the acquisition of Twistlock, a container security technology, and PureSec, a serverless security solution. In addition, the vendor has recently repackaged its cloud security solutions under the name Prisma and its offering of solutions for security operations under the name Cortex.
公司新闻包括收购Twistlock,一个容器安全技术,和PureSec,一个无服务器安全解决方案。此外,该供应商最近以Prisma的名称重新打包了其云安全解决方案,并以Cortex的名称提供安全操作解决方案。
During 1H19, Palo Alto Networks released its 9.0 version, introducing DNS Security Service. As part of this release, it also introduced a series of line cards for its PA-7000 line of appliances, in hopes of increasing throughputs with security protections enabled.
在1H19期间,Palo Alto Networks发布了9.0版本,引入了DNS安全服务。作为该版本的一部分,它还为PA-7000系列设备引入了一系列线路卡,希望在启用安全保护的情况下增加吞吐量。
Strengths
• Sales Strategy: Gartner has noted an increasing number of Palo Alto Networks firewalls being bought under the vendor’s ELA contract as part of a larger security platform play. Some Gartner clients express interest in using the Panorama management platform as the orchestration point for the vendor’s integrated solutions. Surveyed customers and resellers value the platform approach.
• 销售策略:Gartner注意到越来越多的帕洛阿尔托网络公司的防火墙是根据供应商的ELA合同购买的,这是一个更大的安全平台的一部分。一些Gartner客户表示有兴趣使用全景管理平台作为供应商集成解决方案的协调点。被调查的客户和经销商重视平台方法。
• Offering: Palo Alto Networks is the first hardware-based firewall vendor offering direct FWaaS as a SaaS model. Its Prisma Access FWaaS offers outbound filtering capabilities. Gartner has seen some positive adoption of the product for branch offices and roaming user use cases.
• 提供:帕洛阿尔托网络公司是第一家以SaaS模式提供直接FWaaS的硬件防火墙供应商。其Prisma访问FWaaS提供出站过滤功能。Gartner已经看到了一些积极采用该产品的分支机构和漫游用户用例。
• Sales Strategy: Customers report that more of their Palo Alto Networks spend is on subscriptions rather than hardware, making security budgeting more predictable. Surveyed customers rated Palo Alto Networks’ firewall as one of the most likely firewalls they were considering renewing without conducting a competitive evaluation.
• 销售策略:据客户反映,他们在帕洛阿尔托网络公司(Palo Alto Networks)的支出更多地是用于订购,而不是硬件,这使得安全预算更容易预测。接受调查的客户认为,在没有进行竞争性评估的情况下,帕洛阿尔托网络公司(Palo Alto Networks)的防火墙最有可能是他们考虑更新的防火墙之一。
• Product Execution: In 1H19, Gartner clients reported improved SSL decryption performance. If this improvement continues, the enhanced capability, plus the line cards introduced for the PA-7000 Series to improve performance, will make Palo Alto Networks more suitable for large-scale data center deployments.
• 产品执行:在1H19中,Gartner客户报告了改进的SSL解密性能。如果这种改进继续下去,增强的功能,以及为PA-7000系列引入的提高性能的线路卡,将使Palo Alto网络更适合大规模数据中心部署。
• Product Strategy: The Twistlock and PureSec acquisitions demonstrate a vision of anticipating customers’ mid- to long-term needs as they construct new workloads using microservices and serverless environments. Palo Alto Networks is building a very broad cloud ecosystem, announcing new public cloud support for Alibaba Cloud and Oracle Cloud, and for private cloud/SDN and hybrid use cases, with support for Cisco Enterprise Network Compute System (ENCS), VMware Cloud for AWS and NSX, and Nutanix.
• 产品策略:Twistlock和PureSec的收购展示了一种愿景,即在客户使用微服务和无服务器环境构建新工作负载时,预测客户的中长期需求。帕洛阿尔托网络公司正在构建一个非常广泛的云生态系统,宣布对阿里巴巴云和甲骨文云、私有云/SDN和混合用例提供新的公共云支持,并支持思科企业网络计算系统(ENCS)、VMware云服务(AWS和NSX)和Nutanix。
• Client Feedback: Surveyed firewall respondents list Palo Alto Networks as the vendor they most often evaluate. This tracks with Gartner client inquiries, as Palo Alto Networks is the vendor most visible on client shortlists.
• 客户反馈:被调查的防火墙受访者将帕洛阿尔托网络列为他们最常评估的供应商。这与高德纳的客户咨询是一致的,因为帕洛阿尔托网络公司是客户名单上最显眼的供应商。
• Customer Experience: Gartner clients have highly rated the vendor’s presales team making the evaluation period smoother. They cite its presales services as being highly professional in terms of offering quality of support during the evaluation period irrespective of the size of the deal — something they indicate other competitors lack.
• 客户体验:Gartner的客户高度评价了供应商的售前团队,使得评估过程更加顺利。他们指出,在评估期间,无论交易规模大小,该公司的售前服务都非常专业,能够提供高质量的支持——这是其他竞争对手所缺乏的。
Cautions
• Pricing: Even with improved price/performance ratios at the branch office, price is frequently cited by Gartner clients as a reason not to select Palo Alto Networks. The chassis-based data center firewalls (PA-7050 and PA-7080) are called out as being very expensive compared to other solutions.
• 定价:即使分公司的价格/性能比率有所提高,Gartner的客户也经常以价格作为不选择Palo Alto Networks的理由。与其他解决方案相比,基于chassis的数据中心防火墙(PA-7050和PA-7080)非常昂贵。
• Product Strategy: As the vendor continues to expand its product portfolio by acquiring early-stage security technologies. Gartner observes that these are sometimes released to customers before reaching maturity, leading to early customer dissatisfaction. Before purchasing these new products, Gartner recommends that clients carefully evaluate the capabilities of new product acquisitions to ensure that they can fulfill their requirements.
• 产品策略:随着供应商通过收购早期安全技术继续扩展其产品组合。Gartner注意到,这些产品有时在达到成熟之前就发布给客户,导致早期客户的不满。在购买这些新产品之前,Gartner建议客户仔细评估购买新产品的能力,以确保他们能够满足自己的需求。
• Execution: Palo Alto Networks came to market with a tightly engineered firewall, which was also evident in early product acquisitions such as Cyvera (endpoint traps) and Morta Security (integrated into WildFire). However, the increasing pace of acquisitions over the past few years has resulted in loosely federated components without the same level of integration seen previously.
• 执行:帕洛阿尔托网络公司(Palo Alto Networks)推出了一个设计严密的防火墙,这在早期的产品收购中也很明显,比如Cyvera(端点陷阱)和Morta Security(集成到WildFire中)。然而,过去几年收购速度的加快导致了松散联合的组件没有以前看到的集成级别。
• This is evident in recent acquisitions such as Evident.io, RedLock, CirroSecure (now Prisma SaaS), Demisto, Secdo and LightCyber which were branded as stand-alone product lines and recently repackaged under the Prisma and Cortex offerings .
• 这一点在近期的收购中表现得很明显。io、RedLock、CirroSecure(现在的Prisma SaaS)、Demisto、Secdo和LightCyber都被标榜为独立的产品线,并在Prisma和Cortex产品下重新包装。
• Product Strategy: Gartner clients and surveyed customers and partners continue to note that early versions after a major software release have bugs and are not production-ready. Very large releases require more time to stabilize.
• 产品策略:Gartner的客户和被调查的客户及合作伙伴继续注意到,在主要软件发布后的早期版本存在bug,还没有准备好投入生产。非常大的版本需要更多的时间来稳定。
• Product Execution: Gartner clients note performance issues within public cloud environments. Some cite the necessity of deploying high-availability (HA) pairs of virtual firewalls in IaaS cloud, thus increasing costs and the solution’s operational footprint, and adding to a less-than-smooth deployment experience on the public cloud.
• 产品执行:Gartner客户注意到公共云环境中的性能问题。一些人认为有必要在IaaS云中部署高可用性(HA)对虚拟防火墙,从而增加了成本和解决方案的操作空间,并增加了在公共云上的部署体验。
• Feature: Palo Alto Networks firewalls lack an integrated SD-WAN feature and offer it through partnerships with third-party vendors. The vendor also lacks a cloud-based management portal offered as a SaaS model.
• 功能:帕洛阿尔托网络防火墙缺乏集成的SD-WAN功能,只能通过与第三方供应商的合作来提供。该供应商还缺少一个作为SaaS模型提供的基于云的管理门户。
• Customer Feedback: Surveyed clients have indicated a decline in the quality of technical support, with the growing number of customers in the vendor’s installed base.
• 客户反馈:接受调查的客户表示,技术支持的质量在下降,而供应商安装的客户数量在增加。
Sangfor深信服
Based in Shenzhen, China, Sangfor is an IT infrastructure and security vendor. It is a regional Chinese vendor with a growing focus on cloud service offerings, including a FWaaS offering, that Chinese competitors lack. It is primarily focused on midsize enterprises and has a major presence in Southeast Asia, with some client base in Europe and the Middle East.
Sangfor总部位于中国深圳,是一家IT基础设施和安全供应商。它是一家区域性的中国供应商,越来越关注云服务产品,包括中国竞争对手所缺乏的FWaaS产品。它主要专注于中型企业,并在东南亚有重要的业务,在欧洲和中东有一些客户。
Its technical support is highly rated by surveyed clients.
其技术支持得到了被调查客户的高度评价。
Its firewall product line is called Sangfor Next Generation Application Firewall (NGAF), available in the form of physical and virtual appliances. The virtual models are available as BYOL on AWS and Alibaba Cloud. Its centralized management, Sangfor Branch Business Center (BBC), is offered as a separate appliance. In addition, Sangfor offers Security Butler, a cloud-based portal offering firewall log monitoring, security analysis and basic incident response Other security solutions include network and application vulnerability management SaaS, SSL *
, WAN optimization (WANO), software-defined infrastructure, and SWG solutions.
其防火墙产品线被称为Sangfor下一代应用防火墙(NGAF),以物理和虚拟设备的形式提供。这些虚拟模型可以在AWS和阿里巴巴云上以BYOL的形式获得。它的集中管理,Sangfor分支商业中心(BBC),作为一个单独的设备提供。此外,Sangfor还提供安全管家,一个基于云的门户网站,提供防火墙日志监控、安全分析和基本事件响应等其他安全解决方案,包括网络和应用程序漏洞管理SaaS、SSL 、WAN优化(WANO)、软件定义等。
Recent product news includes enhancements in threat detection capabilities by integrating the vendor’s sandboxing and threat intelligence services.
最近的产品新闻包括通过集成供应商的沙盒和威胁情报服务来增强威胁检测能力。
Strengths
• Product Strategy: Sangfor offers multiple cloud-based services for clients, including FWaaS (Cloud Eye, a cloud-based network vulnerability scanning tool, and Cloud Shield, a WAF that is only available to the Chinese market); Neural-x, a threat intelligence service; and Security Butler, a threat analysis portal. This makes Sangfor a favorable candidate for distributed office use cases.
• 产品策略:Sangfor为客户提供多种基于云的服务,包括FWaaS(云眼,一款基于云的网络漏洞扫描工具,云盾,一款仅面向中国市场的WAF);威胁情报服务Neural-x;和安全管家,一个威胁分析门户。这使得Sangfor成为分布式办公用例的理想候选。
• Product: The vendor offers a native EDR client. It offers threat intelligence correlation of firewall and EDR on its threat analysis cloud platform, Sangfor Butler, offering firewall users additional threat detection capabilities.
• 产品:供应商提供一个本地的EDR客户端。在威胁分析云平台Sangfor Butler上提供防火墙与EDR的威胁情报关联,为防火墙用户提供额外的威胁检测能力。
• Feature: Sangfor NGAF offers a configuration wizard for security policy deployment and modification, which has been highly rated by surveyed clients. The wizard offers virtual network mapping during a new change request.
• 特性:Sangfor NGAF提供了一个用于安全策略部署和修改的配置向导,该向导得到了调查客户的高度评价。该向导在新的更改请求期间提供虚拟网络映射。
• Client Feedback: Sangfor BBC, its on-premises centralized manager, has been highly rated by clients as an easy-to-use product, making management of multiple firewalls simpler. BBC can also be used to manage many other Sangfor products such as SWG, WANO, SD-WAN and SSL
.The vendor also offers a cloud-based manager, X-Central, with the same capabilities as BBC.
• 客户反馈:Sangfor BBC是其现场集中管理器,它被客户高度评价为易于使用的产品,简化了对多个防火墙的管理。BBC还可以用来管理其他产品,如SWG、WANO、SD-WAN和SSL *。
• Technical Support: The vendor’s technical support is rated high by surveyed customers.
• 技术支持:被调查的客户对供应商的技术支持评价很高。
Cautions
• Sales Execution: Sangfor firewalls are primarily deployed by midsize enterprises and the vendor also focuses its product development around SMB use cases. Sangfor is not very visible within enterprise and data centers in Gartner client inquiries.
• 销售执行:Sangfor防火墙主要由中型企业部署,供应商还将其产品开发重点放在SMB用例上。在企业和数据中心的Gartner客户咨询中,Sangfor并不是很常见。
• Customer Feedback: Surveyed clients have reported the built-in logging and reporting in the Sangfor firewall lacks granularity and the logs are complex to search through, requiring them to purchase a dedicated reporting tool for advanced reporting capabilities. The on-premises dedicated reporting and logging appliance is only available in Chinese.
• 客户反馈:被调查的客户报告说,Sangfor防火墙中内置的日志和报告缺乏粒度,而且日志的搜索很复杂,需要购买专门的报告工具来提供高级报告功能。现场专用的报告和记录设备只有中文版本。
• Presence: Sangfor is a regional vendor with most of its clients based in China. Although it is working toward expanding in other regions of Asia, Europe and the Middle East, Gartner primarily sees it being shortlisted by clients in Southeast Asia.
• 存在感:Sangfor是一家区域供应商,其大部分客户都在中国。尽管Gartner正在努力向亚洲、欧洲和中东的其他地区扩张,但它主要还是被东南亚的客户列入了入围名单。
• Customer Feedback: Surveyed clients have reported that the midsize models of Sangfor firewalls not offering default 10 Gigabit interfaces is a weakness for enterprise customers looking for faster performance.
• 客户反馈:接受调查的客户报告说,中型型号的Sangfor防火墙没有提供默认的10gb接口,这是企业客户寻求更快性能的弱点。
• Product: The vendor only offers support for its native SDN platform, Sangfor HCI. It also offers pay-as-you-go licensing models only for its native Sangfor HCI public IaaS platform and Alibaba Cloud. It is not available as pay as you go on AWS, where it is available as BYOL only.
• 产品:供应商只提供对其本地SDN平台Sangfor HCI的支持。它还提供了现收现付的授权模式,只针对自己的本土品牌——HCI公共IaaS平台和阿里巴巴云。它不像你在AWS上支付的那样可用,在AWS上它只作为BYOL可用。
SonicWall音强网络
SonicWall is based in Milpitas, California, and is a network security player. Today, the vendor offers multiple firewall product lines, branded as TZ Series, NSa Series, SuperMassive Series, NSsp Series and NSv Series. The NSv series supports VMware ESXi, Microsoft Hyper-V, and both BYOL and pay-as-you-go support for Microsoft Azure and AWS.
SonicWall总部位于加利福尼亚州的米尔皮塔斯,是一家网络安全公司。今天,供应商提供多个防火墙产品线,品牌为TZ系列、NSa系列、SuperMassive系列、NSsp系列和NSv系列。NSv系列支持VMware ESXi、Microsoft Hyper-V,以及对Microsoft Azure和AWS的BYOL和即付即用支持。
SonicWall firewalls have their primary client base in midsize enterprises. Although the vendor has high-performing data center appliances, Gartner does not see them in this use case. The vendor has been introducing multiple product-related enhancements for the past three years, to offer a complete set of features. Overall, the visibility of the vendor on firewall shortlists is decreasing.
SonicWall防火墙的主要客户群是中型企业。虽然该供应商有高性能的数据中心设备,但是Gartner在这个用例中没有看到它们。在过去三年中,该供应商一直在引入多个与产品相关的增强功能,以提供完整的功能集。总的来说,供应商在防火墙候选名单上的可见性正在下降。
In addition to firewalls, SonicWall also sells wireless, remote access email security, cloud application security and endpoint security products.
Recent company news includes the introduction of multiple new models in the NSa, NSsp and TZ Series.
除了防火墙,SonicWall还销售无线、远程访问电子邮件安全、云应用安全和终端安全产品。公司最新消息包括在NSa、NSsp和TZ系列中引入多个新模式。
Other recent updates include the introduction of a secure SD-WAN feature, adding zero-touch deployment through cloud management, Cloud App Security, Capture Security Center (CSC) for centralized management of all products, and Analyzer 2.0, which is SonicWall’s flow analytics solution.
其他最近的更新包括引入一个安全的SD-WAN特性,通过云管理添加零接触部署,云应用程序安全,所有产品集中管理的捕获安全中心(CSC),以及分析器2.0,这是SonicWall的流分析解决方案。
Strengths
• Offering: CSC, the vendor’s cloud-based manager, offers a complete set of centralized management for all its products and offers features such as a bulk firmware upgrade and a pushing of rules. This year, SonicWall has also introduced a zero-touch deployment feature integrated within CSC. This service is available in one freemium offering, Management Lite, and three paid subscription packages — Management, Management and Reporting, and Analytics.
• 提供:CSC,供应商的云管理器,为其所有产品提供一套完整的集中管理,并提供批量固件升级和规则推送等功能。今年,SonicWall还在CSC中引入了一个零接触部署特性。该服务提供一个免费增值模式,管理精简,和三个付费订阅包-管理,管理和报告,和分析。
• Product: SonicWall’s on-premises centralized manager, Global Management System (GMS), offers mature management and multitenancy features desired by MSSPs. Like CSC, in addition to managing firewalls, GMS can also manage and report on SonicWall’s Secure Mobile Access and Email Security, integrated SonicWall wireless access points, and WAN acceleration solutions, offering centralized management capabilities for multiple product lines.
• 产品:SonicWall的现场集中管理器,全球管理系统(GMS),提供成熟的管理和多租户的功能,所需的mssp。与CSC一样,除了管理防火墙外,GMS还可以管理和报告SonicWall的安全移动访问和电子邮件安全、集成的SonicWall无线接入点和WAN加速解决方案,为多个产品线提供集中管理功能。
• CASB: SonicWall offers CASB capabilities in the SonicWall Cloud App Security offering. It offers security for SaaS applications such as Office 365 and Google Suite by offering cloud-based email scanning and access controls, and preventing the upload of sensitive or confidential files and data. It also offers role-based policy tools, data classification and loss prevention. This product is integrated with the cloud manager CSC, offering centralized management and visibility and control of SaaS application usage.
• SonicWall在SonicWall云应用安全产品中提供CASB功能。它通过提供基于云的电子邮件扫描和访问控制,以及防止敏感或机密文件和数据的上传,为Office 365和谷歌等SaaS应用程序提供安全保障。它还提供基于角色的政策工具、数据分类和损失预防。该产品与云管理器CSC集成,提供SaaS应用程序使用的集中管理和可见性控制。
• Technical Support: Surveyed clients and resellers have consistently cited direct support for the vendor as high quality and very responsive. Clients have especially reported that support drastically improved after SonicWall spun off Dell.
• 技术支持:被调查的客户和经销商一致认为对供应商的直接支持是高质量和响应性很强的。客户特别报告说,在SonicWall剥离戴尔之后,支持度大幅提高。
Cautions
• Sales: Gartner is seeing declining SonicWall firewall revenue. It was the only UTM vendor with a revenue decline (-3.9%) in 2018. Gartner also doesn’t see it as a favorable shortlist candidate based on client inquiries.
• 销售:Gartner发现SonicWall防火墙的收入在下降。它是2018年唯一收入下降(-3.9%)的UTM供应商。Gartner也不认为它是一个基于客户咨询的良好候选名单。
• Market Responsiveness: The vendor lacks strong market responsiveness as per the demands of clients. It was late in introducing virtual appliances, and in support for public cloud and SD-WAN. Gartner finds that SonicWall has been closing gaps, rather than introducing innovative features. Despite introducing multiple virtual appliances, its firewalls still lack support for SDN platforms, something being offered by the majority of its competitors in the market.
• 市场响应能力:供应商缺乏对客户需求的强烈市场响应能力。它在引入虚拟设备、支持公共云和SD-WAN方面起步较晚。Gartner发现,SonicWall一直在缩小差距,而不是引入创新的功能。尽管引入了多个虚拟设备,但其防火墙仍然缺乏对SDN平台的支持,而市场上的大多数竞争对手都提供了这种支持。
• Product: The vendor lacks an on-premises sandboxing appliance, a desirable feature for highly regulated enterprises that do not want their data to leave the premises, particularly in emerging regions such as the Middle East, Asia and Latin America.
• 产品:该供应商缺少一种现场沙箱设备,这是受到高度管制的企业(尤其是在中东、亚洲和拉丁美洲等新兴地区)所希望的特性,因为这些企业不希望自己的数据离开现场。
• Customer Feedback: Surveyed clients have reported a lack of mature logging as one of the product weaknesses in GMS. They have specifically mentioned the logging details around firewall-rule-administration-related changes, which are not detailed enough. Clients have also highlighted the lack of SAML support for multifactor authentication (MFA) as a product weakness.
• 客户反馈:被调查的客户反映缺乏成熟的日志记录,这是GMS的产品弱点之一。他们特别提到了与防火墙规则管理相关的更改的日志记录细节,这些更改不够详细。客户还指出,SAML缺乏对多因素身份验证(MFA)的支持是产品的一个弱点。
• Product Strategy: The vendor lacks integration capabilities with third-party NAC platforms. This makes SonicWall a less desirable shortlist candidate for enterprises seeking correlation and integration capabilities between their NAC products to disconnect infected hosts.
• 产品策略:供应商缺乏与第三方NAC平台的集成能力。这使得SonicWall成为一个不太理想的候选候选名单,企业寻求他们的NAC产品之间的相关性和集成能力,以断开受感染的主机。
Sophos守护使
Sophos is a network and endpoint security vendor headquartered in Abingdon, U.K. It took over the second-largest UTM vendor market share position in 2018. Sophos continues with its strong firewall and endpoint security integration product strategy. It is visible in SMB use cases, but lacks visibility in enterprise and data center use cases.
Sophos是一家网络和终端安全供应商,总部位于英国阿宾登。该公司在2018年占据了UTM供应商市场的第二大份额。Sophos继续其强大的防火墙和端点安全集成产品策略。它在SMB用例中是可见的,但在企业和数据中心用例中缺乏可见性。
The vendor’s portfolio includes firewalls (the XG Series and SG Series), endpoint security (Sophos Endpoint Protection and Intercept X), mobile security, secure email gateway, email phishing training, secure web gateway, server security, encryption, wireless access point (Sophos APX) and multicloud protection (Sophos Cloud Optix),. Sophos Firewall Manager is the name of the centralized management software, and Sophos Central is the cloud-based centralized management portal for all Sophos security products.
该供应商的产品组合包括防火墙(XG系列和SG系列)、端点安全(Sophos端点保护和拦截X)、移动安全、安全电子邮件网关、电子邮件钓鱼培训、安全web网关、服务器安全、加密、无线接入点(Sophos APX)和多云保护(Sophos Cloud Optix)。Sophos防火墙管理器是集中式管理软件的名称,而Sophos Central是所有Sophos安全产品的基于云的集中式管理门户。
Sophos has 19 XG hardware models and three Remote Ethernet Device (RED) models, which are plug-and-play remote tunneling devices for SD-WAN use cases in remote offices. Sophos also offers support for AWS and Azure, both as pay as you go and BYOL, through its virtual firewalls. It still sells and actively develops both the XG and SG product lines. The range of XG models starts with the XG 86 (3 Gbps throughput) up to the XG 750 (100 Gbps throughput).
Sophos拥有19个XG硬件模型和3个远程以太网设备(RED)模型,它们是用于远程办公室中SD-WAN用例的即插即用远程隧道设备。Sophos也通过它的虚拟防火墙提供AWS和Azure的支持,即你付多少钱,也可以通过BYOL来支付。它仍然销售和积极发展的XG和SG产品线。XG型号的范围从xg86 (3 Gbps吞吐量)到XG 750 (100 Gbps吞吐量)。
This year, Sophos completed a hardware refresh of existing models. The key new features introduced include enhancements to its Synchronized Security system, air gap support, Chrome authentication and a central cloud management portal for XG firewalls and other Sophos products.
今年,Sophos完成了对现有机型的硬件更新。引入的关键新功能包括增强其同步安全系统、支持air gap、Chrome身份验证以及XG防火墙和其他Sophos产品的中央云管理门户。
Strengths
• Innovation: Sophos is one of the few firewall vendors catering to midsize enterprises that can decrypt TLS 1.3 natively instead of forcing a downgrade to TLS 1.2. Sophos acquired Avid Secure in 2019 to provide a new multicloud visibility capability called Sophos Cloud Optix, which helps customers manage cloud security posture management in AWS, Microsoft Azure and Google Cloud. In addition, it added cloud-based management capabilities for its XG firewall line.
• 创新:Sophos是为数不多的能够对TLS 1.3进行本地解密而不是被迫降级到TLS 1.2的防火墙供应商之一。Sophos于2019年收购了Avid Secure,提供了一种新的多云可视化能力,名为Sophos Cloud Optix,它可以帮助客户管理AWS、微软Azure和谷歌云中的云安全态势管理。此外,它还为XG防火墙增加了基于云的管理功能。
• Market Responsiveness: Sophos continues to increase visibility, detection and response capabilities of advanced threats to meet the growing market requirement. It also added a CASB-lite function to its firewalls primarily focused on visibility of SaaS usage use cases.
• 市场响应能力:Sophos不断提高高级威胁的可视性、检测和响应能力,以满足不断增长的市场需求。它还向防火墙添加了一个精简版功能,主要关注SaaS使用情况的可见性。
• Sales Strategy: Sophos has a strong channel strategy with many partners located around the globe and, over the past year, has grown an already sizable and loyal channel base substantially. It conducts regular partner training and information-sharing programs worldwide. Sophos’ presales team receives positive reviews for directly working with clients in regions like India and the Gulf Cooperation Council (GCC), and is often scored highly by customers.
• 销售策略:Sophos拥有强大的渠道策略,在全球有很多合作伙伴,在过去的一年中,Sophos已经拥有了相当大的忠实的渠道基础。它在全球范围内开展定期的合作伙伴培训和信息共享项目。Sophos的售前团队因为直接与印度和海湾合作委员会(GCC)等地区的客户合作而受到好评,客户对他们的评价也很高。
• Product: Sophos has strong ransomware detection capabilities and constantly works toward improving them. It shares threat- and health-related intelligence between endpoints and firewalls using the Synchronized Security feature to correlate and identify compromised systems, enabling firewalls to automatically isolate them to prevent the movement of ransomware. Also, technologies like exploit-based detection and CryptoGuard to detect ransomware attacks in real time on Sophos’ endpoint Intercept X product have made ransomware detection stronger.
• 产品:Sophos拥有强大的勒索软件检测能力,并在不断改进。它在端点和防火墙之间共享与威胁和健康相关的情报,使用同步安全特性关联和识别受危害的系统,使防火墙能够自动隔离它们,防止勒索软件的移动。此外,基于利用的检测和加密卫士等技术可以实时检测Sophos的端点截获X产品上的勒索软件*
,这使得勒索软件检测功能更加强大。
• Customer Experience: Customers surveyed cite strong presales support and ease of implementation as key differentiators in choosing Sophos for network firewalling. An intuitive management interface and tight integration with Sophos products are also cited frequently as key strengths of the product.
• 客户体验:被调查的客户表示,在选择Sophos进行网络防火墙时,强大的售前支持和易于实现是关键的区别。直观的管理界面和与Sophos产品的紧密集成也是该产品的主要优势。
Cautions
• Product Strategy: Sophos’ product strategy is more focused on midsize enterprises and currently fails to meet some enterprise deployment use cases, including providing high-throughput appliances.
• 产品策略:Sophos的产品策略更侧重于中型企业,目前无法满足一些企业部署用例,包括提供高吞吐量的设备。
• Sophos continues to pursue a strategy of integration with its own products in lieu of third-party support for items such as CASB and endpoint protection platforms. In addition, there is no third-party NAC integration with the firewall to support more advanced enterprise response capabilities when an NAC solution detects a compromised endpoint.
• Sophos继续追求与自身产品的集成,以替代对CASB和端点保护平台等产品的第三方支持。此外,当NAC解决方案检测到损坏的端点时,没有与防火墙集成的第三方NAC来支持更高级的企业响应功能。
• Market Segmentation: Sophos maintains most of its presence in small to midsize enterprises, which are heavily centralized to one site or a few locations. Resellers report a lack of brand awareness around Sophos, and Gartner rarely sees Sophos show up on client shortlists, especially in larger enterprises.
• 市场细分:Sophos的大部分业务集中在中小型企业,这些企业集中在一个或几个地点。经销商反映Sophos缺乏品牌意识,Gartner也很少看到Sophos出现在客户候选名单上,尤其是在大型企业中。
• Customer Experience: Gartner clients frequently cite the firewall and endpoint (Intercept X) integration capability as a primary reason to shortlist Sophos firewalls as opposed to any other firewall feature the vendor offers. Gartner clients purchasing Sophos firewalls beyond the mentioned primary use case must evaluate other features and third-party endpoint protection platform (EPP) integration capabilities offered by the product before shortlisting the vendor.
• 客户体验:Gartner的客户经常将防火墙和端点(Intercept X)集成能力列为入围Sophos防火墙的主要原因,而不是供应商提供的任何其他防火墙功能。除了上述主要用例外,购买Sophos防火墙的Gartner客户必须评估该产品提供的其他特性和第三方端点保护平台(EPP)集成功能,然后才能挑选出供应商。
• Gartner clients have reported issues with virtual IaaS versions of Sophos, especially in HA scenarios, and have highlighted that the basic support subscription is not sufficient to help with public IaaS deployment issues, requiring them to upgrade to premium support to get desirable support.
• Gartner的客户已经报告了Sophos的虚拟IaaS版本的问题,特别是在HA场景中,并强调了基本的支持订阅不足以帮助解决公共IaaS部署问题,要求他们升级到高级支持以获得所需的支持。
• Product: Sophos firewalls lack certifications that are important to enterprises with heavy regulations such as Common Criteria EAL4. Sophos firewalls also lack integration with third-party EDR tools, and offer integration only with Sophos’ endpoint product, Intercept X. Features like Synchronized Security only work with Sophos’ endpoint product. As a result, enterprise customers utilizing other commercial EDR vendors will not be able to utilize and share endpoint-related threat intelligence with their firewalls.
• 产品:Sophos防火墙缺乏认证,而这些认证对于法规严格的企业非常重要,比如通用标准EAL4。Sophos防火墙也缺乏与第三方EDR工具的集成,只提供与Sophos端点产品Intercept x的集成。因此,利用其他商业EDR供应商的企业客户将无法利用及与防火墙共享与端点相关的威胁情报。
• Offering: Sophos still lags behind its competitors in cloud-based security offerings such as FWaaS, DL, and integration with third-party CASBs to support more advanced CASB use cases.
• 提供:Sophos在基于云的安全产品方面仍然落后于竞争对手,比如FWaaS、DL,以及与第三方CASB的集成,以支持更高级的CASB用例。
Stormshield暴风盾
Stormshield is a credible shortlist contender for European organizations, especially local government agencies or enterprises working with local government agencies and looking for a vendor that works to continuously lower total cost of ownership (TCO) of hardware through software updates. Stormshield largely serves customers in a few countries in Western Europe; however, it recently closed its U.K. office in anticipation of Brexit.
Stormshield是欧洲组织,特别是地方政府机构或与地方政府机构合作的企业,通过软件更新不断降低硬件总拥有成本(TCO)的可靠候选名单。Stormshield主要服务于西欧一些国家的客户;然而,该公司最近关闭了英国办事处,原因是预期英国将退欧。
Stormshield operates as an independent subsidy of Airbus CyberSecurity, based in Paris. Its product portfolio combines firewall (Stormshield Network Security [SNS]) and endpoint solutions (Stormshield Endpoint Security [SES] and Stormshield Data Security [SDS]).
Stormshield是总部位于巴黎的空中客车公司网络安全的独立补贴。其产品组合包括防火墙(Stormshield Network Security [SNS])和终端解决方案(Stormshield endpoint Security [SES]和Stormshield Data Security [SDS])。
SNS firewalls are available as physical and virtual appliances and in popular private and public cloud platforms, including VMware, AWS and Microsoft Azure. Centralized management (Stormshield Management Center [SMC]) and reporting (Stormshield Visibility Center [SVC]) are available as software appliances.
SNS防火墙可以是物理和虚拟设备,也可以是流行的私有和公共云平台,包括VMware、AWS和Microsoft Azure。集中管理(Stormshield management Center [SMC])和报告(Stormshield Visibility Center [SVC])作为软件设备提供。
Stormshield offers its SNS firewall appliances ranging from the SN160 model (1GB of throughput) through the SN6100 (140GB of throughput). Stormshield provides industrial protocol protection on all firewalls and also offers a ruggedized version for field use, the SNi40.
Stormshield提供其SNS防火墙设备,范围从SN160型号(1GB吞吐量)到SN6100 (140GB吞吐量)。Stormshield在所有防火墙上提供工业协议保护,同时还提供了一个用于战场的加固版本,即SNi40。
Stormshield released a free public version of its Breach Fighter sandbox in 2019 and new virtualized appliances called Elastic Virtual Appliances, including a pay-as-you-go program for MSSPs and cloud providers.
Stormshield在2019年发布了一个免费的公共版本的攻破战士沙盒,以及新的被称为弹性虚拟设备的虚拟设备,包括为mssp和云提供商提供的随用随付的程序。
Strengths
• Customer Experience: Customers surveyed cite ease of implementation, configuration and upgradability as key strengths of the product. Stormshield is cited as having a strong TCO compared to other firewall vendors because of its easy licensing and upgrade sales strategy.
• 客户体验:接受调查的客户认为产品的主要优点是易于实现、配置和升级。Stormshield被认为是一个强大的TCO相比,其他防火墙供应商,因为它容易的授权和升级销售战略。
• Product: Advanced threat detection, IDPS and other features of the product focus on the protection of industrial IoT (IIoT) across all product lines, which is unique in this market. With the addition of the public Breach Fighter sandbox, clients can test the efficacy of the sandbox to detect malicious files unique to their environment before attaching the sandbox to their firewall. In addition, it has JavaScript Content Disarm and Reconstruction features as part of its offering when filtering web content.
• 产品:先进的威胁检测、IDPS等产品特性,专注于工业物联网(IIoT)全线产品的防护,在市场上独辟蹊径。通过添加公共*斗士沙箱,客户端可以在将沙箱附加到防火墙之前测试沙箱检测其环境特有的恶意文件的有效性。此外,在过滤web内容时,它还提供了JavaScript内容解除和重构功能。
• Sales Execution: Stormshield is growing its firewall revenue at an above-average rate compared to other small vendors in this Magic Quadrant. It continues to expand into other verticals outside its primary focus.
• 销售执行:与这个神奇象限中的其他小厂商相比,Stormshield防火墙的收入正在以高于平均水平的速度增长。它继续扩展到其他垂直领域以外的主要焦点。
• Vertical Strategy: Stormshield focuses sales and support in certain verticals, such as manufacturing, energy, government, defense, critical communication and transportation. This gives Stormshield a strong understanding and support of industries and country-specific issues across Europe.
• 垂直战略:Stormshield专注于某些垂直领域的销售和支持,如制造业、能源、政府、国防、关键通信和交通。这使Stormshield对整个欧洲的行业和国家具体问题有了深刻的理解和支持。
• Operations: Stormshield maintains its investment in nationwide and regional certifications to better serve European local government agencies and enterprises that work with them. Clients with a heavy presence in France, Germany and other European countries that may need a firewall with embedded SD-WAN support should consider Stormshield on their shortlists for evaluation.
• 运营:Stormshield继续在全国和地区认证上进行投资,以更好地服务于欧洲地方政府机构和与其合作的企业。在法国、德国和其他欧洲国家有大量用户的客户可能需要嵌入SD-WAN支持的防火墙,他们应该考虑将Stormshield列入评估候选名单。
Cautions
• Market Responsiveness: Stormshield continues to lag in cloud features such as a lack of an FWaaS offering or a cloud-based firewall management console. Despite offering a cloud-based sandbox, it has very low attach rates from customers. The recently introduced Elastic Virtual Appliance (EVA) virtual firewall product line lacks autoscaling in IaaS environments.
• 市场响应能力:Stormshield在云特性方面仍然落后,比如缺少FWaaS或基于云的防火墙管理控制台。尽管提供了基于云的沙箱,但它的客户附加率非常低。最近推出的弹性虚拟设备(EVA)虚拟防火墙产品线在IaaS环境中缺乏自动缩放功能。
• Sales Execution: Despite growth in revenue and a desired focus to expand to EMEA and the Asia/Pacific region, Stormshield remains one of the smallest firewall vendors by revenue in this research. It has a minimal to no presence in the Americas, the Middle East, Africa and the Asia/Pacific region.
• 销售执行:尽管收入在增长,并希望重点扩展到EMEA和亚太地区,但Stormshield仍然是本研究中收入最小的防火墙供应商之一。它在美洲、中东、非洲和亚太地区几乎没有存在。
• Product: While Stormshield completely relies on its in-house IDPS threat intelligence team for signature development, the size of the team is relatively smaller than most other competitors. At present, the vendor also lacks support for TLS 1.3. The management console interface appears less sophisticated than other consoles on the market.
• 产品:虽然Stormshield完全依靠其内部的IDPS威胁情报团队进行签名开发,但该团队的规模相对于其他大多数竞争对手而言较小。目前,供应商也缺乏对TLS 1.3的支持。管理控制台界面看起来没有市场上其他控制台那么复杂。
• Geographic Strategy: Stormshield continues to focus its resources in Europe with limited sales channels and support for the rest of the world. Gartner recommends that clients carefully evaluate Stormshield’s ability to support an organization outside of its primary service areas, as technical support and languages supported within the management console are limited.
• 地理战略:Stormshield继续把资源集中在欧洲,有限的销售渠道和对世界其他地区的支持。Gartner建议客户仔细评估Stormshield在其主要服务领域之外支持组织的能力,因为管理控制台支持的技术支持和语言是有限的。
• Customer Experience: Customers surveyed report a higher-than-average hardware failure rate compared to other vendors in the market and a significant number of issues that impact availability. In addition, customers cite challenges with depth and availability of technical documentation, which lead to reliance on vendor training and support.
• 客户体验:接受调查的客户反映,与市场上的其他供应商相比,硬件故障率高于平均水平,并且存在大量影响可用性的问题。此外,客户提到了技术文档的深度和可用性方面的挑战,这导致依赖于供应商的培训和支持。
Venustech 启明星辰
Venustech is headquartered in Beijing, China. Venusense is a good firewall candidate for Venustech customers in China that are looking for a good local vendor with strong regional support in China and Japan, as well as a cost-effective firewall offering. The vendor is also a favorable shortlist candidate in China, where clients prefer security products from the same vendor because of its large product portfolio.
公司总部位于中国北京。Venusense是中国Venustech客户的一个很好的防火墙候选,他们正在寻找一个在中国和日本有强大区域支持的本地供应商,以及一个性价比高的防火墙产品。该供应商在中国也是一个良好的候选候选名单,在那里,客户更喜欢来自同一供应商的安全产品,因为其庞大的产品组合。
Venustech sells multiple firewall product lines, namely Venusense Unified Threat Management, Venusense Firewall (FW) and Venusense Next-Generation Firewall (NGFW). It also sells a dedicated industrial firewall product line, Venusense Industrial Firewall (IFW). Other than firewalls, the vendor sells WAF, IDPS, vulnerability scanner, *
, USM (SIEM), APT, ADM (anti-DDos) and physical security products. It also sells FlowEye, its firewall policy management and NTA solution.
Venustech销售多条防火墙产品线,分别是:Venusense统一威胁管理、Venusense防火墙(FW)、Venusense下一代防火墙(NGFW)。它还销售专用的工业防火墙产品线,Venusense工业防火墙(IFW)。除了防火墙,该供应商还销售WAF、IDPS、漏洞扫描器、、USM (SIEM)、APT、ADM(反ddos)和物理安全产品。它还出售FlowEye、防火墙策略管理和NTA解决方案。
This year, the vendor introduced cloud protection based on the VenusEye Threat Intelligence Center and a high-level firewall model with 720GB throughput.
今年,该公司推出了基于VenusEye威胁情报中心的云保护,以及具有720GB吞吐量的高级防火墙模型。
Strengths
• Centralized Firewall Policy Management: Venustech FlowEye is the vendor’s firewall policy management and NTA solution. The product can perform centralized firewall policy management beyond Venustech firewalls, extending support to all leading global and regional firewall players such as Fortinet, Check Point Software Technologies, Palo Alto Networks, Juniper Networks, Cisco and H3C.
• 集中式防火墙策略管理:Venustech FlowEye是供应商的防火墙策略管理和NTA解决方案。该产品可以执行超越Venustech防火墙的集中式防火墙策略管理,支持所有领先的全球和地区防火墙厂商,如Fortinet、Check Point Software Technologies、Palo Alto Networks、Juniper Networks、Cisco和H3C。
• Some of the other key features offered by this product are configuration comparison, firewall migration and virtual network mapping. This helps large Venustech firewall users and MSSPs to fine-tune their policies along with centrally managing other firewall brands.
• 该产品提供的其他一些关键功能包括配置比较、防火墙迁移和虚拟网络映射。这有助于大型的Venustech防火墙用户和mssp调整他们的策略,并集中管理其他防火墙品牌。
• Offering (NTA): Venusense FlowEye collects raw traffic and flow records (for example, NetFlow, Sflow and IPFIX) to analyze network traffic. It performs abnormal behavior detection through a variety of abnormal traffic, including Trojan channel detection, ARP spoofing detection, network scanning behavior detection, worm detection and DDoS attack detection. It comes as a separate appliance.
• 提供(NTA): Venusense FlowEye收集原始的流量和流量记录(例如NetFlow、Sflow和IPFIX)来分析网络流量。它通过各种异常流量进行异常行为检测,包括
通道检测、ARP欺骗检测、网络扫描行为检测、蠕虫检测和DDoS检测。它作为一个单独的设备出现。
• Product: Venustech has a dedicated industrial firewall product line with different models. Venusense IFW supports the in-depth filtering based on Modbus/TCP, Modbus/RTU, nIEC104, OPC and Ethernet/IP. Beyond basic firewall features, the IFW also offers support for industrial IPS, industrial
, and flow self-learning for supervisory control and data acquisition system (SCADA), distributed control system (DCS), programmable control system (PCS), and programmable logic controller (PLC) protocols and applications.
• 产品:Venustech拥有一条不同型号的工业防火墙专用产品线。Venusense IFW支持基于Modbus/TCP、Modbus/RTU、nIEC104、OPC、以太网/IP的深度过滤。除了基本的防火墙功能外,IFW还支持工业ip、工业*和用于监控和数据采集系统(SCADA)、分布式控制系统(DCS)、可编程控制系统(PCS)、可编程逻辑控制器(PLC)协议和应用程序的流自学习。
• Product Strategy: The vendor has a threat intelligence (TI) correlation platform that is a separate product, called VenusEye Threat Intelligence platform. This platform correlates TI from different resources and products of VenusEye, and offers centralized correlation and threat scoring based on the built-in templates.
• 产品策略:供应商有一个威胁情报(TI)相关平台,是一个单独的产品,称为VenusEye威胁情报平台。该平台将VenusEye的不同资源和产品的TI进行关联,并提供基于内置模板的集中关联和威胁评分。
• This product has a direct integration with the Venustech firewall from within the administration UI, which makes it easy to use for firewall users that require additional threat intelligence.
• 该产品在管理UI中与Venustech防火墙直接集成,这使得需要额外威胁情报的防火墙用户很容易使用。
• Customer Feedback: Surveyed vendors have rated ease of use and management of Venustech firewalls as high.
• 客户反馈:被调查的供应商认为Venustech防火墙的易用性和管理能力很高。
Cautions
• Public Cloud: Venustech firewalls lack support for pay-as-you-go licensing for public IaaS platforms, while the majority of firewall vendors offer it. The vendor currently only supports BYOL for Alibaba Cloud and Tencent Cloud.
• 公共云:Venustech防火墙对公共IaaS平台的现收现付许可缺乏支持,而大多数防火墙供应商都提供这种许可。该供应商目前只支持阿里巴巴云和腾讯云的BYOL。
• Offering: The vendor only offers an on-premises sandboxing appliance and lacks cloud-based sandboxing services, which most competitors offer as an add-on subscription.
• 提供:该供应商只提供一个本地沙盒设备,并且没有基于云的沙盒服务,而大多数竞争对手提供的是附加订阅。
• Offering: Venustech lacks integration capabilities with EDR vendors and does not offer its own EDR client. Some clients prefer additional threat intelligence and correlation capabilities between their firewall and endpoint for advanced threat detection capabilities.
• 提供:Venustech缺乏与EDR供应商的集成功能,也没有提供自己的EDR客户端。一些客户更喜欢在他们的防火墙和端点之间附加的威胁情报和相关功能,以获得高级的威胁检测功能。
• Customer Feedback: Surveyed clients have reported the built-in firewall reporting feature as basic and requiring additional products such as an SIEM or a TI center subscription for better detailed reporting.
• 客户反馈:被调查的客户报告说,内置的防火墙报告功能是基本的,需要额外的产品,如SIEM或TI center订阅,以获得更详细的报告。
• Geographic Presence: Venustech primarily sells its products in China and is not seen as a preferred shortlist candidate outside of that country; however, the vendor is trying to expand in Southeast Asia.
• 地理位置:Venustech主要在中国销售产品,在中国以外地区不被视为首选的候选名单;然而,供应商正试图在东南亚扩张。
WatchGuard沃奇卫士
WatchGuard is a network security vendor with headquarters in Seattle, Washington. Its firewalls have a large SMB client base. The vendor focuses on simplified firewall administration and management. It offers mature malware detection features, compared to other SMB-focused vendors.
WatchGuard’s firewall product line (Firebox) includes physical and virtual appliances.
WatchGuard是一家网络安全供应商,总部位于华盛顿西雅图。它的防火墙拥有大量的SMB客户端。供应商关注于简化的防火墙管理和管理。与其他专注于smb的供应商相比,它提供了成熟的恶意软件检测功能。WatchGuard的防火墙产品线(Firebox)包括物理和虚拟设备。
Firewall models are also available on AWS and Microsoft Azure. Its management suite includes three components: the recently released WatchGuard Cloud, WatchGuard Dimension and WatchGuard System Manager (WSM). WatchGuard Dimension and WatchGuard Cloud are primarily focused on monitoring and reporting.
防火墙模型也可以在AWS和Microsoft Azure上使用。它的管理套件包括三个组件:最近发布的WatchGuard云、WatchGuard维度和WatchGuard系统管理器(WSM)。WatchGuard维度和WatchGuard云主要关注监视和报告。
WatchGuard Dimension is available as a virtual instance on-premises or deployed into an IaaS instance, whereas WatchGuard Cloud is delivered as a service. WSM is centralized management software for Firebox appliances and is available only installed on a Windows server. WatchGuard’s portfolio also includes wireless access points with integrated security features such as DNS protection and MFA.
WatchGuard维度可以作为本地的虚拟实例或部署到IaaS实例中,而WatchGuard云是作为服务交付的。WSM是用于Firebox设备的集中管理软件,只能安装在Windows服务器上。WatchGuard的产品组合还包括具有综合安全功能(如DNS保护和MFA)的无线接入点。
WatchGuard offers a range of appliances, from a low-end Firebox T15 model (400 Mbps maximum throughput) up to the Firebox M5600 model (60 Gbps maximum throughput).
WatchGuard提供一系列设备,从低端的Firebox T15模型(最大吞吐量为400mbps)到Firebox M5600模型(最大吞吐量为60gbps)。
In 2019, in addition to WatchGuard Cloud, WatchGuard launched a zero-touch SD-WAN offering and DNSWatch, a recursive DNS service aimed at adding additional web protection to its product lines. The vendor launched IntelligentAV, which adds Cylance as AI-based antivirus protection to supplement the existing Bitdefender antivirus engine. The vendor also released the 12.4 version of its Fireware firmware, adding native TLS 1.3 decryption support.
在2019年,除了WatchGuard云服务外,WatchGuard还推出了零触控的td - wan服务和DNSWatch递归DNS服务,旨在为其产品线增加额外的网络保护。厂商推出了intelligent entav,其中增加了Cylance作为基于ai的防病毒保护,以补充现有的Bitdefender防病毒引擎。该供应商还发布了12.4版本的防火墙固件,增加了本地TLS 1.3解密支持。
Strengths
• Customer Experience: WatchGuard enjoys higher-than-average scores from Gartner clients surveyed for this research, with high marks for ease of deployment, service and support, as well as for quality of product features.
• 客户体验:WatchGuard在Gartner客户的调查中得分高于平均值,在部署的便捷性、服务和支持以及产品特性的质量方面得分很高。
• Product: WatchGuard is one of the few vendors catering to the midsize enterprise that can decrypt TLS 1.3 natively, offering deeper traffic inspection of encrypted traffic.
• 产品:WatchGuard是为数不多的能够原生解密TLS 1.3的中型企业供应商之一,提供对加密流量的更深入的流量检查。
• Offering: The addition of DNSWatch allows companies to add recursive DNS-level protection from a single vendor without having to deploy additional hardware or services. The vendor offers dual scan from Cylance as part of its Intelligent AV subscription and Threat Detection and Response (TDR), its threat correlation platform. It offers an approach to endpoint security that supports multiple third-party endpoint antivirus vendors, allowing for correlation and response with their firewalls from the cloud.
• 提供:DNSWatch的加入使得公司无需部署额外的硬件或服务就可以从单个供应商那里获得递归的dns级别的保护。供应商提供来自Cylance的双重扫描,作为其智能反病毒订阅和威胁检测与响应(TDR)的一部分,这是其威胁相关平台。它提供了一种端点安全方法,支持多个第三方端点防病毒供应商,允许与来自云的防火墙进行关联和响应。
• Product Strategy: WatchGuard continues to be focused on SMBs and provides features specific to the midsize market. New feature additions like SD-WAN and enhancements in *
are an example of the same.
• 产品策略:WatchGuard继续专注于中小型企业,并提供特定于中型市场的功能。类似SD-WAN的新特性和***中的增强就是一个例子。
• Customer Feedback: WatchGuard customers have reported relatively lower performance impacts when enabling multiple features as a strength. As a result, the vendor has high attach rates for many of its additional firewall offerings, including cloud sandboxing, IDPS, URL filtering and threat intelligence.
• 客户反馈:WatchGuard客户报告说,在将多个功能作为优点启用时,性能影响相对较低。因此,该供应商的许多附加防火墙产品的附加率很高,包括云沙盒、IDPS、URL过滤和威胁情报。
Cautions
• Marketing Execution: WatchGuard is not frequently cited on customer shortlists for evaluation compared to its competitors and has become much less visible in Gartner client inquiries. WatchGuard is not visible on Asia/Pacific region’s clients’ firewall shortlists.
• 营销执行:与竞争对手相比,WatchGuard不常出现在客户评估候选名单中,而且在Gartner客户咨询中也不太显眼。WatchGuard在亚太地区客户的防火墙候选名单中不可见。
• Market Segmentation: WatchGuard has a full line of appliances supporting very small to medium-high throughput needs, as well as support for virtual and IaaS environments. The vendor has a major presence in SMBs, and lacks a presence in enterprise and data center firewall and public IaaS deployment use cases.
• 市场细分:WatchGuard拥有一整套设备,支持非常小到中到高的吞吐量需求,以及对虚拟环境和IaaS环境的支持。该供应商主要在中小型企业中存在,而在企业和数据中心防火墙和公共IaaS部署用例中则不存在。
• Product: At present, the cloud-based manager offered by WatchGuard primarily offers reporting and visibility features. It also has another management interface, the WatchGuard Dimension offering, with similar limited functionality. WSM, which is available on-premises only, offers mature management capabilities. Customers surveyed for this research expressed concerns about having multiple management consoles.
• 产品:目前,WatchGuard提供的基于云的管理器主要提供报告和可见性功能。它还有另一个管理接口,即WatchGuard维度,具有类似的有限功能。WSM只在现场提供,提供成熟的管理能力。在这项研究中接受调查的客户对拥有多个管理控制台表示了担忧。
• Product: WatchGuard provides some lightweight DLP capabilities, but does not support ICAP for integration with enterprise DLP solutions. The product also lacks support for some key features desired by enterprise-grade customers, such as an open API, integration with NAC and SDN support.
• 产品:WatchGuard提供一些轻量级DLP功能,但不支持ICAP与企业DLP解决方案集成。该产品还不支持企业级客户需要的一些关键特性,如开放API、与NAC和SDN的集成支持。
• Feature: The WatchGuard firewall IDPS offering uses a single OEM partner for a signature set with no in-house team focused on writing signatures. In addition, it has no ability to add or customize signatures, does not include the ability to fail open, and lacks behavior analysis.
• 特性:WatchGuard防火墙IDPS提供的签名集使用单个OEM合作伙伴,没有内部团队专门编写签名。此外,它没有添加或自定义签名的能力,不包括失败打开的能力,并且缺乏行为分析。
• Offering: WatchGuard does not have a FWaaS offering for extending branch and mobile worker protections, and only offers a partnership with a single CASB vendor instead of owning or integrating with additional third-party CASB vendors.
• 提供:WatchGuard没有FWaaS提供的扩展分支和移动工人保护,只提供与单个CASB供应商的合作,而不是拥有或集成其他第三方CASB供应商。
Vendors Added and Dropped
供应商添加和删除
We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor’s appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.
随着市场的变化,我们对魔力象限的纳入标准进行审查和调整。作为这些调整的结果,任何魔力象限中的供应商组合都可能随时间而改变。一个供应商出现在魔力象限一年而不是下一年并不一定意味着我们改变了对该供应商的看法。它可能反映了市场的变化,因此也反映了评估标准的变化,或者反映了供应商的关注点的变化。
Added
• F5: F5 was part of the Magic Quadrant for Enterprise Firewalls, but was dropped in 2016 because of the vendor’s lack of focus in enhancing security features in its product. This year, Gartner has once again included the vendor because of our modified definition of network firewalls and the visibility of AFM (the firewall module) in F5 deals.
• F5: F5是企业防火墙的魔力象限的一部分,但在2016年被放弃,因为供应商在增强其产品的安全特性方面缺乏重点。今年,由于我们修改了网络防火墙的定义以及F5协议中AFM(防火墙模块)的可见性,Gartner再次将该供应商包括在内。
• Microsoft: With the increasing adoption of public clouds, public IaaS vendors are introducing native firewall capabilities in their offerings. With Microsoft Azure being one of the most visible IaaS providers in client inquiries this year, Gartner has evaluated the vendor.
• 微软:随着越来越多地采用公共云,公共IaaS供应商在他们的产品中引入了本地防火墙功能。随着微软Azure成为今年客户咨询中最引人注目的IaaS供应商之一,Gartner对该供应商进行了评估。
• Venustech: The Chinese security player has been added to this research. While Venustech was already part of the Magic Quadrant for UTM, it also meets the inclusion criteria for this year’s enterprise firewall Magic Quadrant.
• 中国的安全球员已经加入了这个研究。虽然Venustech已经是UTM魔力象限的一部分,但它也符合今年企业防火墙魔力象限的入选标准。
Dropped
Because of the change in inclusion criteria, the following vendor has been dropped as it no longer meets it:
由于包含标准的更改,以下供应商已被删除,因为它不再符合该标准:
• Ahnlab: Headquartered in South Korea, AhnLab is a regional security vendor offering network security, an endpoint security product and security consulting services primarily in South Korea.
• Ahnlab:总部位于韩国,是一家区域安全供应商,主要在韩国提供网络安全、终端安全产品和安全咨询服务。
Inclusion and Exclusion Criteria
纳入和排除标准

The inclusion criteria represent the specific attributes that Gartner analysts believe are necessary for inclusion in this research. Vendors that provide network firewall functions that meet the market definition and description were considered for this research under the following conditions:
纳入标准代表了Gartner分析师认为在本研究中需要纳入的特定属性。提供符合市场定义和描述的网络防火墙功能的供应商在以下条件下被考虑作为本研究的对象:
• Gartner analysts have assessed that the company can effectively compete in the network firewall market.
• Gartner的分析师认为,该公司能够有效地在网络防火墙市场上竞争。
• Gartner has determined that the vendor is a significant player in the market, due to market presence, competitive visibility or technology innovation.
• Gartner已经确定,由于市场存在、竞争的可见性或技术创新,该供应商是市场中的重要参与者。
• The company demonstrates a competitive presence in enterprises and sales for enterprise and/or cloud networks.
• 该公司在企业和销售企业和/或云网络方面表现出了竞争力。
• The vendor meets the firewall revenue criteria of $30 million in 2018. In the case of IaaS vendors, at least 50% of the installed base should be using the native firewall controls they offer.
• 该供应商在2018年达到了防火墙3000万美元的收入标准。对于IaaS供应商,至少50%的安装基础应该使用他们提供的本地防火墙控制。
• The vendor must demonstrate minimum signs of global presence:
o Gartner received strong evidence that more than 10% of its customer base is outside its home region.
o 供应商必须证明最小全球存在的迹象:Gartner收到强有力的证据表明,超过10%的客户基础是本土以外的地区。
o The vendor can provide at least three references outside its home region.
o 供应商可以在其所在地区之外提供至少三个参考。
• The provider offers 24/7 direct support, including phone support (in some cases, this is an add-on, rather than being included in the base service).
• 供应商提供24/7的直接支持,包括电话支持(在某些情况下,这是一个附加组件,而不是包括在基本服务中)。
• Vendors appearing in Gartner client inquiries, their competitive visibility, their client references and their local brand visibility are considered to determine inclusion.
• 供应商出现在Gartner客户咨询,他们的竞争知名度,他们的客户参考和他们的本地品牌知名度被认为是确定列入。
The vendor must provide evidence to support meeting the above inclusion requirements.
供应商必须提供证据支持满足上述包含要求
Vendors to Watch最应关注厂商

Amazon Web Services: AWS is headquartered in Seattle, The native firewall controls in AWS are offered as Security Groups and Network Access Control Lists (ACLs). Its other security offerings include AWS Web Application Firewall, AWS Shield, AWS Firewall Manager, Amazon GuardDuty, Amazon Inspector and Amazon Macie.
Amazon Web Services: AWS总部位于西雅图,AWS中的本地防火墙控件作为安全组和网络访问控制列表(ACLs)提供。它的其他安全产品包括AWS Web应用防火墙、AWS Shield、AWS防火墙管理器、Amazon GuardDuty、Amazon Inspector和Amazon Macie。
VMware: VMware’s service-defined firewall is tuned for east-west and internal traffic flows. This distributed software architecture includes a stateful Layer 7 firewall that runs in the hypervisor. It provides visibility and control (including access control policies based on Layer 4 through Layer 7 attributes, AppID and user ID) for virtualized, bare metal, container and public cloud workloads with a single object-based policy framework and manager.
VMware: VMware的服务定义防火墙针对东西和内部通信流进行了调优。这种分布式软件体系结构包括一个运行在管理程序中的有状态的第7层防火墙。它通过一个单一的基于对象的策略框架和管理器,为虚拟化、裸金属、容器和公共云工作负载提供可见性和控制(包括基于第4层到第7层属性、AppID和用户ID的访问控制策略)。
Evaluation Criteria评估标准
Ability to Execute执行力
Product or Service: This includes service and customer satisfaction in network firewall deployments. Execution considers factors related to getting products sold, installed, supported and in users’ hands.
产品或服务:这包括网络防火墙部署中的服务和客户满意度。执行考虑与产品的销售、安装、支持和用户手中相关的因素。
Strong execution means that a company has demonstrated to Gartner analysts that its products are successfully and continually deployed in enterprises and/or cloud environments, and that the company wins a large percentage in competition with other vendors.
强大的执行力意味着一家公司已经向Gartner分析师证明,它的产品能够成功地、持续地部署在企业和/或云环境中,而且该公司在与其他供应商的竞争中赢得了很大的份额。
Companies that execute strongly generate pervasive awareness and loyalty among Gartner clients, and also generate a steady stream of inquiries to Gartner analysts. Execution is not primarily about company size or market share, although those factors can affect a vendor’s ability to execute. Sales are a factor; however, winning in competitive environments through innovation and quality of product and service is more important than revenue.
执行力强的公司会在Gartner的客户中产生普遍的认知度和忠诚度,也会向Gartner的分析师产生源源不断的咨询。执行主要与公司规模或市场份额无关,尽管这些因素会影响供应商的执行能力。销售是一个因素;然而,通过创新和产品及服务质量在竞争环境中取胜比收入更重要。
Key features are weighted heavily, such as foundation firewall functions, console quality, low latency and secondary product capabilities (logging, event management, compliance, rule optimization and workflow).
关键特性的权重很大,比如基础防火墙功能、控制台质量、低延迟和次要产品功能(日志、事件管理、遵从性、规则优化和工作流)。
Having a low rate of vulnerabilities in the firewall is important. The logistical capabilities for managing appliance delivery or enabling firewall functions for additional workloads in cloud environments, product service and port density matter. Support is rated on the quality, breadth and value of offerings through the specific lens of enterprise/cloud needs.
在防火墙中有一个低的漏洞率是很重要的。管理设备交付或为云环境中的额外工作负载启用防火墙功能的后勤能力、产品服务和端口密度很重要。支持是通过企业/云需求的特定镜头来评估产品的质量、广度和价值的。
Overall Viability: This includes overall financial health, prospects for continuing operations, company history, and demonstrated commitment in the firewall and security markets.
整体生存能力:包括整体财务状况、持续经营的前景、公司历史,以及在防火墙和安全市场上表现出的承诺。
Growth of the customer base and revenue derived from sales are also considered. All vendors are required to disclose comparable market data, such as firewall revenue, competitive wins versus key competitors (which are compared with Gartner data on such competition held by our clients), and devices or instances in deployment. The number of firewalls shipped or the market share is not the key measure of execution.
客户基础的增长和来自销售的收入也被考虑在内。所有供应商都必须披露可比较的市场数据,如防火墙收入、与主要竞争对手的竞争胜利(与客户所持的Gartner数据进行比较)、设备或部署中的实例。防火墙的数量或市场份额不是衡量执行的关键。
Rather, we consider the use of these firewalls to protect the key business systems of enterprise clients and those being considered on competitive shortlists.
相反,我们考虑使用这些防火墙来保护企业客户的关键业务系统和那些被列入有竞争力的候选名单的系统。
Sales Execution/Pricing: We evaluate the company’s pricing, deal size, installed base and, in the case of cloud vendors, the number of customers using native firewall controls this includes the strength of the vendor’s sales and distribution operations.
销售执行/定价:我们评估公司的定价、交易规模、安装基础,对于云供应商,使用本地防火墙控制的客户数量包括供应商的销售和分销业务的实力。
Presales and post-sales support is evaluated. Pricing is compared in terms of a typical enterprise-class deployment, and includes the cost of all hardware, support, maintenance and installation.
评估售前和售后支持。根据典型的企业级部署比较定价,包括所有硬件、支持、维护和安装的成本。
Low pricing will not guarantee high execution or client interest. Buyers want good results more than they want bargains, and think in terms of value over sheer low cost.
低价并不能保证高执行力和客户利益。买家想要的是好的结果,而不是便宜货,他们考虑的是价值而不是纯粹的低成本。
Market Responsiveness/Record: This evaluates the vendor’s ability to respond to changes in the threat environment, and to present solutions that meet customer protection needs, rather than packaging up fear, uncertainty and doubt.
市场反应/记录:评估供应商应对威胁环境变化的能力,并提供满足客户保护需求的解决方案,而不是打包恐惧、不确定性和怀疑。
This criterion also considers the provider’s history of responsiveness to changes in demand for new features and form factors in the firewall market, and how enterprises deploy network security. This criterion will also cover the capability of the vendor in securing hybrid networks and/or cloud networks because of their rapid adoption.
该标准还考虑了供应商对防火墙市场中新特性和形式因素的需求变化的响应历史,以及企业如何部署网络安全。这个标准还将包括供应商在保护混合网络和/或云网络方面的能力,因为它们的快速采用。
Marketing Execution: Competitive visibility is a key factor; it includes which vendors are most commonly considered to have top competitive solutions during the RFP and selection process, and which are considered top threats by the others. In addition to buyer and analyst feedback, this ranking looks at which vendors consider the others to be direct competitive threats, such as by driving the market on innovative features co-packaged within the firewall, or by offering innovative pricing or support offerings.
营销执行:竞争的可见性是一个关键因素;它包括了在RFP和选择过程中,哪些供应商通常被认为是最具竞争力的解决方案,以及哪些供应商被其他供应商认为是最具威胁的。除了买方和分析师的反馈之外,这个排名还考察了哪些供应商认为其他供应商是直接的竞争威胁,比如通过在防火墙内共同打包的创新功能推动市场,或者通过提供创新的定价或支持产品。
Unacceptable device or software failure rates, vulnerabilities, poor performance, and a product’s inability to survive to the end of a typical firewall life span are assessed accordingly. Significant weighting is given to delivering new platforms for scalable performance in order to maintain investment, and to the range of models to support various deployment architectures.
不可接受的设备或软件故障率、漏洞、糟糕的性能,以及产品在典型的防火墙生命周期结束时的生存能力,都将进行相应的评估。为了维护投资,交付可伸缩性能的新平台和支持各种部署体系结构的模型的范围得到了重要的重视。
Customer Experience: This includes products and services and/or programs that enable customers to achieve anticipated results with the products evaluated. Specifically, this includes quality supplier/buyer interactions, technical support and/or account support.
客户体验:包括产品、服务和/或程序,使客户能够通过评估的产品达到预期的结果。具体来说,这包括质量供应商/买家的互动,技术支持和/或客户支持。
Quality and responsiveness of the escalation process and transparency are important. This may also include ancillary tools, customer support programs, availability of user groups, service-level agreements, etc. The greatest factor in these categories is customer satisfaction throughout the sales and product life cycle. Also important is ease of use, overall throughput across different deployment scenarios and how the firewall fares under attack conditions.
升级过程的质量和反应能力以及透明度非常重要。这可能还包括辅助工具、客户支持程序、用户组的可用性、服务水平协议等。这些类别中最大的因素是贯穿销售和产品生命周期的客户满意度。同样重要的是易用性、跨不同部署场景的总体吞吐量以及防火墙在*条件下的表现。
Operations: The ability of the organization to meet goals and commitments. Factors include quality of the organizational structure, skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently. This also includes management experience and track record, and the depth of staff experience — specifically in the security marketplace.
运营:组织实现目标和承诺的能力。因素包括组织结构的质量、技能、经验、程序、系统和其他工具,使组织能够有效和高效地运作。这还包括管理经验和业绩记录,以及员工经验的深度——特别是在安全市场方面。
Gartner analysts also monitor repeated release delays, frequent changes in strategic directions and how recent organizational changes might influence the effectiveness of the organization.
Gartner的分析师还监控重复的发布延迟、战略方向的频繁变更以及最近的组织变更如何影响组织的有效性。
Table 1: Ability to Execute Evaluation Criteria执行评估标准的能力
Enlarge Table扩大表

Evaluation Criteria评估标准 Weighting
Product or Service产品或服务
High
• Overall Viability总体存活率 Medium
Sales Execution/Pricing销售执行/定价 Medium
Market Responsiveness/Record市场响应能力/记录 High
Marketing Execution市场营销执行 Medium
Customer Experience客户体验 High
Operations Medium
Source: Gartner (September 2019)
Completeness of Vision
Market Understanding: This is the ability to understand customer needs and translate them into products and services. Vendors must show a clear vision of their market — listen, understand customer demands, and can shape or enhance market changes with their added vision. This includes providing a track record of delivering on innovation that precedes customer demand, rather than an “us, too” roadmap.
市场理解:这是理解客户需求并将其转化为产品和服务的能力。供应商必须对他们的市场有一个清晰的愿景——倾听,理解客户的需求,并通过他们的附加愿景来塑造或增强市场变化。这包括提供在客户需求之前交付创新的记录,而不是一个“我们也是”的路线图。
We also evaluate the vendor’s overall understanding of and commitment to the security and network security markets. Gartner makes this assessment subjectively by several means, including interaction with vendors in briefings and feedback from Gartner customers on information they receive concerning roadmaps. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor, and against future trends identified in Gartner research.
我们也评估供应商对安全和网络安全市场的整体理解和承诺。Gartner通过几种方式进行主观评估,包括与供应商进行简报交流,以及从Gartner客户那里得到关于路线图的信息反馈。对现有供应商的市场业绩进行了每年一次的审查,以对照针对每个供应商的具体建议,并对照Gartner研究中确定的未来趋势。
Vendors cannot merely state aggressive future goals; they must put plans in place, show that they are following their plans and modify those plans as they forecast how market directions will change.
供应商不能仅仅陈述激进的未来目标;他们必须制定计划,表明他们正在遵循计划,并根据市场方向的变化对计划进行修改。
Understanding and delivering on network firewall realities and needs is important, and having a viable and progressive roadmap and continuing delivery of innovative new features are weighted very highly. The new capabilities are expected to be integrated to achieve correlation improvement and functional improvement.
理解和交付网络防火墙的现实和需求是很重要的,有一个可行的和渐进的路线图和不断交付创新的新功能是非常重要的。预期新功能将被集成以实现相关改进和功能改进。
Gartner makes this assessment subjectively by several means, including interaction with vendors in briefings and feedback from Gartner clients on information they receive concerning roadmaps. Incumbent vendor market performance is reviewed yearly against specific recommendations that have been made to each vendor, and against future trends identified in Gartner research.
Gartner通过几种方式进行主观评估,包括与供应商进行简报交流,以及从Gartner客户那里得到关于路线图的信息反馈。根据对每个供应商的具体建议和Gartner研究中确定的未来趋势,对现有供应商的市场业绩进行年度审查。
Marketing Strategy: This assesses clear, differentiated messaging consistently communicated internally, and externalized through social media, advertising, customer programs and positioning statements.
Sales Strategy: This includes preproduction and post product support, value for pricing, and clear explanations and recommendations for detecting events, including zero-day events and other advanced threats.
营销策略:评估清晰、差异化的信息传递,并通过社交媒体、广告、客户计划和定位陈述持续地传达出去。销售策略:这包括生产前和产品后的支持、定价的价值,以及检测事件(包括零日事件和其他高级威胁)的清晰说明和建议。
Building loyalty through credibility with a full-time network firewall staff demonstrates the ability to assess the next generation of requirements. Vendors need to address the network security and/or cloud workload buying center correctly, and they must do so in a technically direct manner, rather than selling just fear or next-generation hype. Channel and third-party security product ecosystem strategies matter insofar as they are focused on network security.
通过全职网络防火墙员工的信誉来建立忠诚证明了评估下一代需求的能力。供应商需要正确地解决网络安全和/或云工作负载购买中心的问题,而且他们必须以一种技术上直接的方式来做到这一点,而不是仅仅销售恐惧或下一代炒作。渠道和第三方安全产品生态系统战略是关系到网络安全的。
Offering (Product) Strategy: This criterion focuses on a vendor’s product roadmap, current features, network firewall feature integration and enhancement, virtualization and performance. Integration with other security components is also weighted, as well as product integration with other IT systems.
提供(产品)策略:该标准关注供应商的产品路线图、当前特性、网络防火墙特性集成和增强、虚拟化和性能。与其他安全组件的集成以及与其他IT系统的产品集成也很重要。
Innovation, such as introducing practical new forms of intelligence to which the firewall can apply policy, is highly rated. An articulated, viable strategy for addressing the challenges in SDN deployments is important, as is evidence of execution within cloud and virtualized environments.
创新,比如引入实用的新形式的智能,防火墙可以将其应用到政策中,得到了高度评价。解决SDN部署中的挑战的一个清晰的、可行的策略很重要,这也是在云环境和虚拟化环境中执行的证据。
Business Model: This includes the process and success rate for developing new features and innovation. It also includes R&D spending.
Vertical/Industry Strategy: This includes the ability and commitment to service geographies and vertical markets.
商业模式:这包括开发新特性和创新的过程和成功率。它还包括研发支出。垂直/行业战略:这包括服务地理位置和垂直市场的能力和承诺。
Innovation: This includes R&D and quality differentiators, such as:
创新:这包括研发和质量差异,如:
• Performance, which includes low latency, new firewall mechanisms and achieving high throughput and low appliance latency.
• 性能,包括低延迟、新的防火墙机制和实现高吞吐量和低设备延迟。
• Firewall virtualization and securing virtualized environments. This includes public and private cloud environments.
• 防火墙虚拟化和保护虚拟化环境。这包括公共和私有云环境。
• Integration with other security products. 与其他安全产品的集成。
• Management interface and clarity of reporting — that is, the more a product mirrors the workflow of the enterprise/cloud operation scenario, the better the vision.
• 管理界面和清晰的报告——也就是说,一个产品越能反映企业/云操作场景的工作流程,它的前景就越好。
• “Giving back time” to firewall administrators by innovating to make complex tasks easier, rather than adding more alerts and complexity.
Products that are not intuitive in deployment, or operations that are difficult to configure or have limited reporting, are scored accordingly. Solving customer problems is a key element of this criterion. Reducing the rule base, offering interproduct support and leading competitors on features are foremost.
通过创新使复杂的任务变得更容易,而不是增加更多的警告和复杂性,“给防火墙管理员时间”。部署不直观的产品、难以配置的操作或报告有限的操作将得到相应的分数。解决客户问题是这一标准的关键要素。减少规则基础、提供产品间支持和在功能上领先的竞争对手是最重要的。
Geographic Strategy: This is the vendor’s strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the “home” or native geography, either directly or through partners, channels and subsidiaries, as appropriate for that geography and market.
地理战略:这是供应商的战略,目的是将资源、技能和产品直接或通过合作伙伴、渠道和子公司(视地区和市场情况而定),以满足“本地”或本地地理之外的特定地理需求。
Table 2: Completeness of Vision Evaluation Criteria视觉评价标准的完备性
Enlarge Table

Evaluation Criteria Weighting
Market Understanding High
Marketing Strategy Medium
Sales Strategy Medium
Offering (Product) Strategy High
Business Model Medium
Vertical/Industry Strategy Not Rated
Innovation High
Geographic Strategy Medium
Source: Gartner (September 2019)
Quadrant Descriptions象限描述
Leaders
The Leaders quadrant contains vendors that build products that fulfill enterprise requirements around firewalls. These requirements include a wide range of models, support for virtualization and virtual LANs, and a management and reporting capability that is designed for complex and high-volume environments, such as multitier administration and rule/policy minimization. These vendors have led the market with innovation. They are quicker to respond to the end-user market.
领导者象限包含构建满足企业防火墙需求的产品的供应商。这些需求包括广泛的模型、对虚拟化和虚拟局域网的支持,以及针对复杂和高容量环境(如多层管理和规则/策略最小化)设计的管理和报告功能。这些供应商以创新引领了市场。他们对最终用户市场的反应更快。
They meet all the firewall deployment use cases. They have a large market share. Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats, meet the requirement of evolving hybrid networks including public and private cloud, provide expert capability rather than treat the firewall as a commodity, and have a good track record of avoiding vulnerabilities in their security products.
它们满足所有防火墙部署用例。他们占有很大的市场份额。供应商在这个象限铅市场提供新功能,保护客户从新兴威胁,满足不断发展的混合网络的要求包括公共和私有云,提供专家的能力而不是把防火墙作为一种商品,和有一个好的记录避免漏洞的安全产品。
Common characteristics include handling the highest throughput with minimal performance loss, offering options for hardware acceleration, support for private and public cloud platforms, and offering form factors that protect enterprises as they move to new infrastructure form factors.
常见的特性包括以最小的性能损失处理最高的吞吐量、提供硬件加速选项、支持私有和公共云平台,以及提供在企业转移到新的基础设施形式因素时保护它们的形式因素。
Challengers
The Challengers quadrant contains vendors that have achieved a sound customer base, but they are not consistently leading with differentiated next-generation capabilities. Many Challengers have not fully matured their firewall capability — or they have other security products that are successful in the enterprise and are counting on the relationship, rather than the product, to win deals.
挑战者象限包含的供应商已经获得了良好的客户基础,但他们并不是始终领先的差异化下一代能力。许多挑战者还没有完全成熟他们的防火墙能力——或者他们有其他安全产品在企业中很成功,并且依靠关系而不是产品来赢得交易。
Challengers’ products are often well priced, and, because of their strength in execution, these vendors can offer economical security product bundles that others cannot. Many Challengers hold themselves back from becoming Leaders because they choose to place security or firewall products at a lower priority in their overall product sets. Firewall market Challengers will often have significant market share, but trail smaller market share leaders in the release of features.
挑战者的产品通常定价合理,而且由于它们在执行方面的优势,这些供应商可以提供其他人无法提供的经济安全产品包。许多挑战者不愿成为领导者,因为他们选择将安全或防火墙产品放在整个产品集中的较低优先级。防火墙市场挑战者通常会占有相当大的市场份额,但在功能发布方面却落后于市场份额较小的领先者。
Visionaries远见者
Visionaries lead in innovation, but are limited to one or two firewall deployment use case. They have the right designs and features, but they lack the sales base, strategy or financial means to compete consistently with Leaders and Challengers.
有远见的人引领创新,但仅限于一个或两个防火墙部署用例。他们有正确的设计和功能,但他们缺乏销售基础、战略或财务手段来与领导者和挑战者持续竞争。
Sometimes it is a conscious decision of the vendor to only focus on limited firewall use cases rather than all of them. Most Visionaries’ products have good NGFW capabilities, but lack in performance capabilities and support networks.
有时供应商有意识地决定只关注有限的防火墙用例,而不是全部。大多数有远见的产品都有很好的NGFW功能,但是缺乏性能和支持网络。
The vendors in this quadrant show strong vision and market leading innovation in use cases such as automated east-west micro segmentation in public cloud and SDN environments, and innovative threat detection automation capabilities.
这个象限的供应商在用例方面显示了强大的远见和市场领先的创新,比如在公共云和SDN环境中自动的东西微区隔,以及创新的威胁检测自动化功能。
Niche Players特定领域者
Most vendors in the Niche Players quadrant have their prime installation base or are prominent in a particular use case, such as data centers or telos, distributed enterprises, SMBs, and public IaaS. Some of these vendors that offer a firewall as a module with their other services/components consciously focus on a particular use case.
特定领域者象限中的大多数供应商都有自己的主要安装基础,或者在特定的用例中非常突出,比如数据中心或telos、分布式企业、smb和公共IaaS。有些供应商将防火墙作为模块与其他服务/组件一起提供,它们有意识地将重点放在特定的用例上。
Vendors in this quadrant lack in execution because of a limited client base and do not show innovation. Some of these vendors are confined to particular regions and are not present in other regions.
这个象限的供应商缺乏执行力,因为客户基础有限,没有表现出创新。其中一些供应商仅限于特定地区,在其他地区不存在。
Context
Starting this year, Gartner has consolidated the Magic Quadrants for UTM and Enterprise Firewalls into a single Magic Quadrant for Network Firewalls, because of the same vendors offering firewalls both for SMBs and enterprises in both the Magic Quadrants.
从今年开始,Gartner已经将UTM和企业防火墙的魔力象限合并到一个网络防火墙的魔力象限中,因为在这两个象限中都有相同的供应商为中小企业和企业提供防火墙。
Gartner also observed that the vendors claiming to be focused on enterprise only use cases also kept adding multiple functions to their firewalls. Both the SMB and enterprise requirements continue to overlap, with similar requirements of activating multiple features, better performance, better advanced threat detection techniques and to some extent, consolidation toward a single vendor for other security needs.
Gartner还注意到,那些声称只关注企业用例的供应商也不断地向他们的防火墙添加多种功能。SMB和企业需求继续重叠,类似的需求包括激活多个特性、更好的性能、更好的高级威胁检测技术,以及在某种程度上,为了其他安全需求而向单个供应商进行整合。
Market Overview市场概述
In 2018, worldwide market firewall revenue rose by 15.9% in 2018 (compared to 17.5% in 2017 and 15.2% in 2016). While the firewall vendors continue to offer multiple features within their firewalls, the overall subscription cost is now higher.
2018年,全球防火墙收入增长15.9%(2017年为17.5%,2016年为15.2%)。虽然防火墙供应商继续在他们的防火墙内提供多种功能,但现在总的订阅成本更高了
While firewall vendors are offering built-in features within their firewall products, they are also offering services and products that work in conjunction with firewalls, such as CASB and EDR, which are gradually gaining in popularity.
当防火墙供应商在他们的防火墙产品中提供内置特性时,他们也提供与防火墙协同工作的服务和产品,如CASB和EDR,它们正逐渐受到欢迎。
Within this, the SMB multifunctional firewalls market grew 10.1% in 2018, with SD-WAN adoption being a strong driver. Gartner also observed interest among clients in various cloud-based outbound filtering services offered by firewall vendors for distributed office and roaming employee use cases.
This year, Gartner firewall inquiries displayed a growing focus on:
在此背景下,SMB多功能防火墙市场在2018年增长了10.1%,而采用SD-WAN是一个强大的驱动因素。Gartner还发现,客户对防火墙供应商为分布式办公和漫游员工用例提供的各种基于云的出站过滤服务很感兴趣。今年,高德纳防火墙调查显示出越来越多的关注:
• Support for public IaaS platforms and related features支持公共IaaS平台和相关功能
• Cloud service offerings提供云服务
• SD-WAN
• Advanced threat detection features
Hence, besides the other features mentioned in the evaluation criteria for this Magic Quadrant, Gartner has highly rated the vendors in these additional features and services, considering the keen interest shown by Gartner clients.
高级威胁检测功能
因此,除了其他功能评估标准中提到的魔力象限,Gartner高度评价了供应商在这些附加功能和服务,考虑Gartner客户所表现出的浓厚兴趣。
This year, we have not seen any new major features introduced by the majority of firewall vendors. Most vendors have introduced feature enhancements for:
今年,我们还没有看到大多数防火墙厂商引入任何新的主要特性。大多数供应商已经为以下方面引入了特性增强:
• Threat detection
• Centralized management and orchestration集中管理和业务流程
• Support for better TLS version支持更好的TLS版本
• SD-WAN
• Performance
With growing adoption of hybrid multicloud environments, more enterprises will rely on their traditional firewall players for network security controls as an additional layer of protection beyond native cloud controls.
The major highlights of the results received from the surveyed firewall reference customers this year are:
随着混合多云环境的日益普及,越来越多的企业将依赖传统的防火墙来进行网络安全控制,作为本地云控制之外的另一层保护。调查所得的防火墙参考客户今年的主要调查结果如下:
• IDPS, application control and URL filtering continue to remain the top three security features being used, in addition to pure firewall functionality. This year, we have also seen *
s as one of the top security features being used by customers, beyond the top three mentioned.
• 除了纯粹的防火墙功能外,IDPS、应用程序控制和URL过滤仍然是使用的前三大安全特性。今年,我们还看到***是客户使用最多的安全特性之一,超过了前面提到的前三名。
• As per the survey, this year Gartner also saw the growth in adoption of CASB and EDR offered by firewall vendors. We are also observing small growth in firewall deals with additional products such as CASB and EDR licenses included.
• 根据调查,今年Gartner也看到了防火墙供应商提供的CASB和EDR的增长。我们也注意到防火墙在处理附加产品如CASB和EDR许可方面的小的增长。
• Eighty-nine percent of surveyed clients agreed that, if given the option, they would prefer the consolidation of advanced features like NTA, EDR, network sandboxing, UEBA and deception features on their firewalls, as opposed to using them as separate, stand-alone platforms.
• 89%的受访客户同意,如果可以选择,他们更喜欢在防火墙上整合高级功能,比如NTA、EDR、网络沙箱、UEBA和欺骗功能,而不是将它们作为独立的平台来使用。
• As per the inquiries received by Gartner firewall analysts, we are observing that clients are keen to shortlist the vendors based on the different technologies they offer to deal with advanced threats, beyond IDPS, anti-malware and sandboxing. Gartner has also observed vendors like Palo Alto Networks and Cisco promoting their EDR clients for better correlation of threats between firewalls and endpoints.
• 根据Gartner防火墙分析师的调查,我们注意到客户热衷于根据他们提供的不同技术来挑选供应商,以应对高级威胁,而不仅仅是IDPS、反恶意软件和沙箱。Gartner还注意到,像Palo Alto Networks和Cisco这样的供应商正在推广他们的EDR客户端,以便更好地关联防火墙和端点之间的威胁。
• While we see some adoption on the part of these clients in the midsize segment, enterprise-grade customers still prefer to use stand-alone EDR vendors. Among surveyed clients, 64% citied that they are using a stand-alone EDR product. Firewall vendors are offering ELA deals to clients to sell multiple products and service deals.
• 虽然我们看到这些客户部分采用了中型部分,但企业级客户仍然更喜欢使用独立的EDR供应商。在接受调查的客户中,64%的人表示他们正在使用独立的EDR产品。防火墙供应商向客户提供ELA协议,以销售多种产品和服务协议。
• Fifty percent of surveyed clients highlighted that they are using public IaaS today. While 22% of them stated they are using native firewall controls offered by IaaS providers, 19% stated that they use their existing on-premises firewall to protect the cloud, and the remaining 9% highlighted that they use a third-party vendor for the same.
• 50%的被调查客户强调他们现在使用公共IaaS。22%的受访者表示他们使用IaaS供应商提供的本地防火墙控制,19%的受访者表示他们使用现有的内部防火墙来保护云,剩下的9%强调他们使用第三方供应商来做同样的事情。
• Gartner analysts are receiving a growing number of firewall selection inquiries for which the level of support for IaaS platforms offered by the firewall vendor is an important selection criterion, even if the client is not using public cloud today.
• Gartner的分析师们收到了越来越多的关于防火墙选择的咨询,对于这些咨询,防火墙供应商提供的IaaS平台的支持水平是一个重要的选择标准,即使客户今天没有使用公共云。
• There has been growth in the firewall usage use case on the public cloud. Despite the majority of firewall vendors offering BYOL and pay-as-you-go models for Tier 1 IaaS providers, they currently lack centralized management capabilities to manage the firewall rules and native IaaS controls. As a result, clients should consider dedicated tools as NSPM, such as Tufin, AlgoSec, FireMon and Skybox Security, to manage their hybrid network security controls.
• 在公共云上使用防火墙用例一直在增长。尽管大多数防火墙供应商为第1层IaaS供应商提供BYOL和即付即用模型,但它们目前缺乏管理防火墙规则和本地IaaS控制的集中管理功能。因此,客户应该考虑使用NSPM等专用工具来管理他们的混合网络安全控制,比如Tufin、AlgoSec、FireMon和Skybox Security。
Although some firewall vendors do have a dedicated offering for public clouds, they are not yet integrated with a firewall centralized manager. Some sample offerings in this space are:
尽管一些防火墙厂商确实为公共云提供了专门的产品,但它们还没有与防火墙集中管理器集成。这方面的一些例子是:
• Check Point Software Technologies CloudGuard Dome9
• CP软件技术公司CloudGuard Dome9
• Cisco Stealthwatch Cloud and Cisco Tetration
• Fortinet Security Fabric Fortinet的安全结构
• Juniper Networks Junos Space Security Director
• Palo Alto Networks Prisma Cloud帕洛阿尔托网络Prisma云
Gartner clients have reported issues with the deployment of firewalls on the public cloud not being smooth, but are being helped by the technical support team of the vendor. Broadly speaking, most firewall vendors have been slow in offering mature controls and support for public IaaS providers to meet end-user demands:
Gartner的客户已经报告了在公共云上部署防火墙不顺利的问题,但是得到了供应商的技术支持团队的帮助。一般来说,大多数防火墙供应商在为公共IaaS供应商提供成熟的控制和支持以满足终端用户需求方面进展缓慢:
• Among the total surveyed clients, 23% stated that they use API integration capabilities offered by their firewall vendor with other security products in their network. While Gartner recommends that clients integrate the security solutions for better automation and correlation capabilities, API integration has not been easy for most enterprises. As a result, it is more confined to large enterprises and data center deployments.
• 在所有被调查的客户中,23%表示他们将防火墙供应商提供的API集成功能与网络中的其他安全产品一起使用。虽然Gartner建议客户端集成安全解决方案以获得更好的自动化和相关功能,但对大多数企业来说,API集成并不容易。因此,它更局限于大型企业和数据中心的部署。
The FWaaS market is still not gaining much traction because of meeting only the branch office egress traffic use case. It is not capable of meeting the following use cases:
由于只满足分支机构的流量用例,FWaaS市场仍然没有获得很大的吸引力。它不能满足以下用例:
• Internal segmentation内部分节
• Throughput requirements for larger sites
• 较大站点的吞吐量要求
• Performance issues where internet bandwidth is an issue
• 性能问题,其中internet带宽是一个问题
Gartner has seen some traction with the GlobalProtect FWaaS offered by Palo Alto Networks among the vendor’s existing client base for the branch office egress traffic use case. A few other independent FWaaS vendors in this space are:
Gartner已经看到了由Palo Alto Networks提供的GlobalProtect FWaaS在供应商现有的客户基础上对分支机构出口流量用例的吸引力。在这个领域的其他几个独立的FWaaS供应商是:
• Cato Networks
• Digital Shield
• OPAQ
• Versa
• Zscaler
The ongoing and escalating geopolitical trade conflicts in the global market are likely to impact the supply chain needed to build and deliver hardware including security appliances such as network firewalls.
全球市场上不断升级的地缘政治贸易冲突,可能会影响构建和交付硬件所需的供应链,包括网络防火墙等安全设备。
This will expose many Chinese vendors to this risk. It is highly recommended that clients pay close attention to these global developments and their impact on the supply chain disruptions before finalizing shortlisting them outside China.
这将使许多中国供应商面临这种风险。强烈建议客户密切关注这些全球动态及其对供应链中断的影响,然后再最终确定在中国以外的候选名单。
Evaluation Criteria Definitions
评估标准定义
Ability to Execute
Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
产品/服务:供应商为特定市场提供的核心产品和服务。这包括当前的产品/服务能力、质量、特性集、技能等,无论是本地提供的还是通过OEM协议/合作伙伴提供的,如市场定义中定义的和子标准中详细描述的。
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
总体生存能力:包括一个可行性评估的整体组织的财务健康状况、金融和实际业务的成功,以及各个业务单元的可能性将继续投资于产品,将继续提供产品,推进艺术的状态在组织内的产品组合。
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
销售执行/定价:供应商在所有售前活动中的能力和支持它们的结构。这包括交易管理、定价和谈判、售前支持以及销售渠道的整体有效性。
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
市场反应/记录:随着机会的发展、竞争对手的行动、客户需求的变化和市场动态的变化,有能力做出反应、改变方向、保持灵活性并取得竞争成功。此标准还考虑供应商的响应历史。
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
营销执行:为传递组织信息以影响市场、推广品牌和业务、提高产品的认知度、在购买者心中建立产品/品牌和组织的积极识别而设计的方案的清晰度、质量、创造性和有效性。这种“思想分享”可以通过宣传、促销活动、思想领导力、口碑和销售活动的结合来推动。
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
客户体验:关系、产品和服务/程序,使客户能够成功与产品评估。具体来说,这包括客户获得技术支持或客户支持的方式。这还包括辅助工具、客户支持程序(及其质量)、用户组的可用性、服务水平协议等等。
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.
运营:组织实现其目标和承诺的能力。因素包括组织结构的质量,包括技能、经验、程序、系统和其他工具,使组织能够在持续的基础上有效和高效地运作。
Completeness of Vision前瞻性
Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
市场理解:供应商理解买家的需求并将其转化为产品和服务的能力。具有高度远见的供应商能够倾听并理解买家的需求,并通过他们的远见来塑造或增强这些需求。
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
营销策略:通过网站、广告、客户计划和定位陈述,清晰、差异化的信息始终在整个组织内传达,并外部化。销售战略:销售产品的战略,使用适当的网络,直接和间接销售,营销,服务,通信子公司,扩大范围和深度的市场影响,技能,专业知识,技术,服务和客户基础。
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
提供(产品)策略:供应商的产品开发和交付方法,强调差异、功能、方法和功能集,因为它们映射到当前和未来的需求。业务模型:供应商的基本业务主张的合理性和逻辑性。
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
垂直/行业战略:供应商的战略,指导资源,技能和产品,以满足个别细分市场的特定需求,包括垂直市场。
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
创新:为了投资、合并、防御或先发制人的目的,对资源、专业知识或资本进行直接、相关、互补和协同的布局。
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.
地理战略:供应商的战略,指导资源、技能和产品,以满足“本土”或本地地理之外的特定地理需求,直接或通过合作伙伴、渠道和子公司(视地区和市场情况而定)。