Fun and Excitement on the Next Generation Firewall Front

The Next Generation Firewall (NGFW) market place  is getting a little more exciting these days.  NSS Labs  has released their NGFW Comparative Analysis 2012.  It’s available on their website for $3,500, pre coupon!

Key Findings of the   NSS  NGFW Comparative Analysis 2012  Report

1. Few NGFWs are ready for “prime time”: Only 50% of the NFGWs tested scored over 90% in security effectiveness vs. 75% of major IPS vendors in the dedicated IPS group.
2. Convenient configurations mean less protection: NSS Labs research shows that IPS features in NGFWs are seldom tuned and the devices are often deployed using vendors’ default or recommended policy settings, creating significant gaps in coverage between NGFWs and dedicated firewall and IPS devices.
3. Vendor claims are often exaggerated: Of the eight  products tested, five performed well below vendors’ throughput claims.  Maximum connection rates were lower than preferred in all products tested - revealing a major concern; NGFWs must improve performance before they are ready for large enterprise deployments

This Comparative Analysis Report  2012 consists of five sections, covering the following topics in-depth: Security Value Map (SVM), Security, Performance, Management,   and Total cost of ownership (TCO).  

Tested Products

•     Barracuda F-900
•     Check Point 12600
•     DELL SonicWALL SuperMassive E10800
•     Fortinet FortiGate 3140B
•     Juniper Networks SRX 3600
•     Palo Alto Networks PA-5020
•     Sourcefire 8250
•     Stonesoft FW-1301

Only two products were positioned in the Leaders portion of the December 2011 Gartner Magic Quadrant for the “Enterprise Network Firewall”.   Gartner takes great care to explain that products in other portions of the Magic Quadrant  can be best for a given customer.

NGFW Events  over the Last Several Months

In early July, Dell SonicWALL announced that their NGFW appliance was the first   to receive NGFW certification. SonicWall was a top performer on the NSS Next Generation Firewall Security Value Map.

https://www.icsalabs.com/press-release/dell-sonicwall-receives-first-next-generation-firewall-evaluation-icsa-labs

In early October, Barracuda Networks  raised $130 million from Sequoia Capital and Francisco Partners.  The proceeds will help them   with  expansion and provide cash to founders and early employees. 

“They’ve done a wonderful job of putting together a value proposition and creating a solution that’s often a 10th the cost” of traditional products, said Jim Goetz, a partner at Sequoia and a Barracuda director.  Initial Public Offering (IPO) in the offing?  Barracuda has a base of 150,000 customers.  They won SearchSecurity's Readers' Choice Bronze Award for Best of Web Application Firewalls 2012 in mid October (this is different from their NGFW solutions).  Barracuda topped both Fortinet and Juniper on the   NSS 2012 "Next Generation Firewall Security Value Map". This was released during RSA San Francisco.

.

In early October, Check Point issued a press release stating that IDC Data in the latest IDC Worldwide Q2 2012 Security Appliance Tracker, that they lead the global market with 20.9% Firewall and UTM appliance revenue share.  They also stated that they are the leader in Firewall and UTM factory revenue in US with  a 22.1% share and Western Europe with a  29.8% share.

Fortinet rolled out their Fortinet second generation FortiASIC-SoC2 this week.  Groundbreaking performance!  Double the processing capacity!  They also rolled out their new Fortinet FortiOS 5.0 operating system.  Enabling more security!  Additional intelligence to fight advanced threats and secure BYOD (Bring your own Device) environments!  On the    "Next Generation Firewall Security Value Map",   Fortinet had  great Block Rate but a high Price per Protected Mbps.   

The rumor mill has Juniper Networks reportedly considering putting itself   up for sale.  Early names floating around as acquirers, EMC (this one is being panned), Brocade, and Arista.  Nonetheless, the stocked jumped 11% because of the rumors. 

http://www.networkworld.com/news/2012/101812-juniper-sale-update-263504.html?t51hb&hpg1=mp

A Juniper Networks patent suit is slowly working its way through the system, with a trial date set for February 2013.  There are a handful of patents being contested.  Palo Alto Networks founders Nir Zuk and Yuming Mao left Juniper to start Palo Alto Networks.  Juniper Networks was outperformed by everyone on the "Value Map".

Channelnomics has a nice summary about Juniper Networks, Palo Alto Networks suit  at http://channelnomics.com/2012/10/19/patent-list-grows-slow-juniper-palo-alto-suit/

 

Palo Alto Networks has been as high as $73 this year since closing at around $51 when they went public. They closed at $62 on October 19.

Look for lots of spin to take place with the  NSS  Comparative Analysis report over the next couple of months.  It's a comprehensive document. 

Becoming Learned on  the NGFW

Sourcefire is making NSS’s evaluation of their product available at https://info.sourcefire.com/2012NSSLabsNGFW.html

It’s several months old, but an additional nice source of information is the  NSS “2012 Next Generation Firewall Security Value Map”, released by NSS Labs during RSA San Francisco.  http://o-www.sonicwall.com/us/en/14233.html , which graphs Block Rate versus Price per Protected Mbps.

Want to learn more about evaluating NGFWs?  NSS has a relatively neutral document “What do You Need to Know about Next Generation Firewalls” at https://www.nsslabs.com/can-next-generation-firewalls-stand-heat

Learn about “Next Generation Firewalls for Dummies” and get a subtle push for the Palo Alto Network NGFW solution at http://connect.paloaltonetworks.com/ngfw-4dummies-EN

A Fortinet 2011 take on “Next-Generation Security for Enterprise Networks” is available at http://www.fortinet.com/next_generation_security_for_enteprise_networks.html