Sponsored By

Demand for NGFWs and other security appliances remains high.

Edward Gately

November 16, 2021

20 Slides

Demand remains high for all security appliances, but especially for next-generation firewall (NGFW). It’s the linchpin of most enterprise buyers’ network security strategies.

CF Signature Series StampThat’s according to the Omdia Cybersecurity Network Security Appliances & Software Market Tracker – 2Q21 Analysis. Worldwide network security appliance and software revenue for the second quarter of 2021 was $2.83 billion. That’s up nearly 2% quarter over quarter and nearly 11% year over year.

A traditional firewall typically provides inspection of incoming and outgoing network traffic. However, NGFW security includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

According to Mordor Intelligence, the global NGFW market was worth $2.8 billion in 2020 and should exceed $5.5 billion by 2026. As more electronic devices become interconnected, the IoT trend is increasing. This has given rise to the protection of network infrastructure.

Our latest CF List focuses on NGFW security. Analysts with Omdia, S&P Global Market Intelligence and Forrester weighed in on NGFW market trends and what it takes to be a successful provider.

Biggest Firewall Shifts

Eric Hanselman is chief analyst with 451 Research, part of S&P Global Market Intelligence.

S&P Global Intelligence's Eric Hanselman

451 Research’s Eric Hanselman

“The biggest shift in firewalls is the ability to operate across multiple platforms and in different forms,” he said. “All of the major vendors have the ability to extend across on-premises and cloudy environments. The differentiating points are around management capabilities and the level of operational simplicity for hybrid deployments. With the pandemic-driven shift to greater levels of remote work, remote access is receiving much more attention. And branch office-friendly capabilities, such as SD WAN functionality, have become requirements, rather than options.”

Enhanced security is driven by the ability to integrate greater levels of context, Hanselman said.

“NGFWs were originally differentiated by their ability to bring application context into security management,” he said. “Today, the ability to integrate real-time threat feeds for things like DNS reputation and the extent of identity integration are the keys to building context to defend against ransomware and more sophisticated attackers. Expanding the capabilities of evaluating network-transferred files with enhanced sandboxing is also an area where vendors are looking to differentiate themselves.”

More Requirements

Eric Parizo is principal analyst of Omdia’s cybersecurity operations intelligence service. He said even with distributed IT environments, the death of the traditional enterprise perimeter “has been greatly overhyped.”

Omdia's Eric Parizo

Omdia’s Eric Parizo

“Organizations still need to inspect inbound traffic (and, ideally, outbound traffic, too) at the network perimeter, as well as maintain detailed network traffic policies and the ability to apply controls,” he said. “NGFWs remain perfectly suited to perform all of these functions.”

Not long ago, NGFW was all about the ability to inspect level 7 or application traffic, including encrypted traffic, as well as employ all the other services such as anti-malware, intrusion prevention system (IPS) and more at line speed, Parizo said.

“But now it’s about more than performance,” he said. “It’s about being able to deliver these solutions in all settings, data centers, edge networks, branch offices and event hybrid cloud/east-west environments with consistent capabilities, single-pane-of-glass management, and unified policy, regardless of form factor.”

When it comes to the most effective NGFW, it’s all about accomplishing that tricky balancing act, Parizo said.

“[That’s] identifying anomalous (and thereby likely malicious) traffic that should be interrupted, but not disrupting unusual, but necessary business traffic,” he said. “The more bad traffic an enterprise can prevent at the network perimeter, wherever that may be, the less bad activity it has to detect and respond to after the threat actors get inside. The NGFW is equally important in this way from both tactical and strategic perspectives.”

New Terminology

David Holmes is senior analyst at Forrester.

Forrester's David Holmes

Forrester’s David Holmes

“We’re moving away from the term NGFW as that term is now 13 years old,” he said. “We refer to them as just enterprise firewalls because regardless of the name, this is what the modern enterprise should be using.”

An enterprise firewall is a layer 7 firewall, capable of decrypting traffic at scale, identifying users and applications, applying policy to both, and providing inline inspection and analysis for all, Holmes said.

We’ve compiled a list, in alphabetical order, of 20 top NGFW providers. It’s based on analysts’ feedback and recent news reports. The list is by no means complete. It includes a mix of well-known providers as well as lesser-known ones making strides in NGFW.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like