Fun and Excitement on the Next Generation Firewall Front

The Next Generation Firewall (NGFW) market place  is getting a little more exciting these days.  NSS Labs  has released their NGFW Comparative Analysis 2012.  It’s available on their website for $3,500, pre coupon!

Key Findings of the   NSS  NGFW Comparative Analysis 2012  Report

1. Few NGFWs are ready for “prime time”: Only 50% of the NFGWs tested scored over 90% in security effectiveness vs. 75% of major IPS vendors in the dedicated IPS group.
2. Convenient configurations mean less protection: NSS Labs research shows that IPS features in NGFWs are seldom tuned and the devices are often deployed using vendors’ default or recommended policy settings, creating significant gaps in coverage between NGFWs and dedicated firewall and IPS devices.
3. Vendor claims are often exaggerated: Of the eight  products tested, five performed well below vendors’ throughput claims.  Maximum connection rates were lower than preferred in all products tested - revealing a major concern; NGFWs must improve performance before they are ready for large enterprise deployments

This Comparative Analysis Report  2012 consists of five sections, covering the following topics in-depth: Security Value Map (SVM), Security, Performance, Management,   and Total cost of ownership (TCO).  

Tested Products

•     Barracuda F-900
•     Check Point 12600
•     DELL SonicWALL SuperMassive E10800
•     Fortinet FortiGate 3140B
•     Juniper Networks SRX 3600
•     Palo Alto Networks PA-5020
•     Sourcefire 8250
•     Stonesoft FW-1301

Only two products were positioned in the Leaders portion of the December 2011 Gartner Magic Quadrant for the “Enterprise Network Firewall”.   Gartner takes great care to explain that products in other portions of the Magic Quadrant  can be best for a given customer.

NGFW Events  over the Last Several Months

In early July, Dell SonicWALL announced that their NGFW appliance was the first   to receive NGFW certification. SonicWall was a top performer on the NSS Next Generation Firewall Security Value Map.

https://www.icsalabs.com/press-release/dell-sonicwall-receives-first-next-generation-firewall-evaluation-icsa-labs

In early October, Barracuda Networks  raised $130 million from Sequoia Capital and Francisco Partners.  The proceeds will help them   with  expansion and provide cash to founders and early employees. 

“They’ve done a wonderful job of putting together a value proposition and creating a solution that’s often a 10th the cost” of traditional products, said Jim Goetz, a partner at Sequoia and a Barracuda director.  Initial Public Offering (IPO) in the offing?  Barracuda has a base of 150,000 customers.  They won SearchSecurity's Readers' Choice Bronze Award for Best of Web Application Firewalls 2012 in mid October (this is different from their NGFW solutions).  Barracuda topped both Fortinet and Juniper on the   NSS 2012 "Next Generation Firewall Security Value Map". This was released during RSA San Francisco.

.

In early October, Check Point issued a press release stating that IDC Data in the latest IDC Worldwide Q2 2012 Security Appliance Tracker, that they lead the global market with 20.9% Firewall and UTM appliance revenue share.  They also stated that they are the leader in Firewall and UTM factory revenue in US with  a 22.1% share and Western Europe with a  29.8% share.

Fortinet rolled out their Fortinet second generation FortiASIC-SoC2 this week.  Groundbreaking performance!  Double the processing capacity!  They also rolled out their new Fortinet FortiOS 5.0 operating system.  Enabling more security!  Additional intelligence to fight advanced threats and secure BYOD (Bring your own Device) environments!  On the    "Next Generation Firewall Security Value Map",   Fortinet had  great Block Rate but a high Price per Protected Mbps.   

The rumor mill has Juniper Networks reportedly considering putting itself   up for sale.  Early names floating around as acquirers, EMC (this one is being panned), Brocade, and Arista.  Nonetheless, the stocked jumped 11% because of the rumors. 

http://www.networkworld.com/news/2012/101812-juniper-sale-update-263504.html?t51hb&hpg1=mp

A Juniper Networks patent suit is slowly working its way through the system, with a trial date set for February 2013.  There are a handful of patents being contested.  Palo Alto Networks founders Nir Zuk and Yuming Mao left Juniper to start Palo Alto Networks.  Juniper Networks was outperformed by everyone on the "Value Map".

Channelnomics has a nice summary about Juniper Networks, Palo Alto Networks suit  at http://channelnomics.com/2012/10/19/patent-list-grows-slow-juniper-palo-alto-suit/

 

Palo Alto Networks has been as high as $73 this year since closing at around $51 when they went public. They closed at $62 on October 19.

Look for lots of spin to take place with the  NSS  Comparative Analysis report over the next couple of months.  It's a comprehensive document. 

Becoming Learned on  the NGFW

Sourcefire is making NSS’s evaluation of their product available at https://info.sourcefire.com/2012NSSLabsNGFW.html

It’s several months old, but an additional nice source of information is the  NSS “2012 Next Generation Firewall Security Value Map”, released by NSS Labs during RSA San Francisco.  http://o-www.sonicwall.com/us/en/14233.html , which graphs Block Rate versus Price per Protected Mbps.

Want to learn more about evaluating NGFWs?  NSS has a relatively neutral document “What do You Need to Know about Next Generation Firewalls” at https://www.nsslabs.com/can-next-generation-firewalls-stand-heat

Learn about “Next Generation Firewalls for Dummies” and get a subtle push for the Palo Alto Network NGFW solution at http://connect.paloaltonetworks.com/ngfw-4dummies-EN

A Fortinet 2011 take on “Next-Generation Security for Enterprise Networks” is available at http://www.fortinet.com/next_generation_security_for_enteprise_networks.html

Dell to Acquire SonicWALL

Dell announced today their intention to acquire SonicWALL from equity investor firm Thoma Bravo. Thoma Bravo had take SonicWALL private in 2010. They have also recently had purchased secure web gateway company Blue Coat Systems and taken it private. This acquisition, according to Dell, will enable them to offer customers a broader range of enterprise offerings. SonicWALL revenues for the last 12 months were about $260 million. www.sonicwall.com

“Dell’s distribution, reach, and brand are well-recognized across the industry. This transaction aligns well with Dell’s mid-market design focus and allows us to accelerate growth of our flagship SuperMassive Next-Generation Firewall solutions with Large Enterprise customers,” said Matt Medeiros, president and CEO, SonicWALL. “Additionally, SonicWALL is recognized as a leading security solutions provider for small and medium businesses through our UTM solutions. Dell’s phenomenal breadth and reach into small and midsize companies provides a significant opportunity to expand our customer base.”

Before being taken private by Thoma Bravo, SonicWall’s strengths were in serving the SMB marketplace with advanced network security and data protection solutions. They have expanded their portfolio to include Next-Generation Firewalls (NGFW), providing these in a form factors scalable to the enterprise.

SonicWALL and Palo Alto Networks were the top performers in a recent NSS Labs analysis, the “2012 Next Generation Firewall Security Value Map™” (NGFW). The value map illustrates Block Rate versus Price per Protected Mbps. The SonicWall SuperMassive E10800 and the Palo Alto Networks PA-5020 NGFWs were the “winners”.

http://kensek.blogspot.com/2012/03/sonicwall-palo-alto-networks-top.html

Effect on Product Development for SonicWALL - To the extent Dell leaves the development team intact to do their own thing, disruptions should be minimal.

Effect on the SonicWALL brand - No one has said whether the company name SonicWALL will be going away, yet. . Nothing has been said as to whether Dell will use the McAfee/Intel model of having the company be a wholly owned subsidiary of Dell.

Other products SonicWALL brings to Dell - Besides firewalls, NGFWs, and Unified Threat Management (UTM) solutions, secure remote access, email security, backup and recovery, and policy, and management and reporting. Dell is acquiring a nice set of security solutions.

Effect on the SonicWALL channels - SonicWALL has 15,000 resellers providing global coverage. Dell plans to “take the very best of the SonicWALL channel programs” (sounds like a reduction…..) and combine it with Dell’s PartnerDirect program. Dell’s existing PartnerDirect members will be able to sell SonicWALL solutions.

SonicWALL was a public company until 2010, when Thoma Bravo acquired it for $717 million. Investors and analysts are estimating the purchase price to be between $1 billion and $1.5 billion. Healthy return by Thoma Bravo for a 2-year investment! Dell will be funding the deal with cash.

It would be interesting to hear what they’re saying about this at Palo Alto Networks, Check Point Software Technology, Barracuda Networks, and Juniper Networks. IMHO, the Palo Alto Networks IPO (Initial Public Offering) valuation may drop by a bit.

http://content.dell.com/us/en/corp/d/secure/2012-03-13-dell-sonicwall-acquisition.aspx

March 20 - Palo Alto Networks IPO Preparations Start to Heat Up

March 20 Addendum

Palo Alto Networks will seek to raise about $250 million in an initial public offering this year that would value the Internet security company at about $1.5 billion, said a person with direct knowledge of the situation.

The company chose Goldman Sachs Group Inc., Morgan Stanley, Credit Suisse Group AG and Citigroup Inc. as its underwriters and will submit an S-1 filing in a couple of weeks.

http://www.bloomberg.com/news/2012-03-19/palo-alto-networks-said-to-file-250-million-ipo-in-weeks-1-.html

Nothing in the press yet as to what quarter the IPO will take place. Some more conversations will take place at Check Point and Juniper, most likely. Palo Alto Networks coined the phrase Next Generation Firewall (NGFW), though other companies rightfully can say that they offer the same functionality. SonicWall and Fortinet, for example. S-1's make interesting reading as companies have to start letting the investment community look more deeply into the company's financial workings, and view (the copious) risks that the company has identified.

Original Post

Palo Alto Networks has supposedly hired Morgan Stanley, Goldman Sachs, and Citigroup to lead its (IPO) initial public offering, which is expected this year. The IPO market is definitely heating up. Palo Alto Networks received a recommended rating in NSS Labs’ latest firewall report. Palo Alto Networks was also recognized as a leader along with Check Point Software Technologies in the Gartner 2011 Magic Quadrant for Enterprise Network Firewalls. You can go to the Palo Alto Networks site to register for and download both the Gartner and the NSS Labs reports. Pundits will probably be coming up with a valuation in the coming weeks.

Strengths Gartner Mentioned Include

· Highly effectively application identification, application categorization, and ease of confguration

· Performed is as advertised in specification sheets (now that’s a novel idea ;))

A Few of The Cautions

· Lacks Common Criteria EAL-4+ for Information Technology Security Evaluation for the firewall

· Limited number of models when compared with competitors

· Some confusion with respect to selling into the secure web gateway (SWG) marketplace

http://www.paloaltonetworks.com/cam/gartner/index.php

NSS Labs 2 page analysis, the “2012 Next Generation Firewall Security Value Map™” was released during RSA San Francisco 2012. The value map illustrates Block Rate versus Price per Protected Mbps. The SonicWall SuperMassive E10800 and the Palo Alto Networks PA-5020 NGFWs were the “winners”, far up in the right hand corner. http://www.paloaltonetworks.com/cam/nss-labs/2012-svm.php

and http://kensek.blogspot.com/2012/03/sonicwall-palo-alto-networks-top.html

What would Palo Alto Networks valuation be in an IPO? You may want to look at the “ratios” from companies like Check Point Software Technologies, Juniper Networks, and Cisco and back calculate for some estimates as to its value during an IPO. Estimated revenues for PAN - $700 million.

Fun times for Founder and CTO Nir Zuk, principal engineer at Check Point Software Technologies and one of the developers of stateful inspection technology, and the rest of the Palo Alto Networks management team as this IPO moves forward.

http://www.reuters.com/article/2012/03/08/paloaltonetworks-ipo-idUSL2E8E88P820120308