|About|News|Products|Prices|Solutions|Support|Registration|Services|Jobs|Contacts|Home|
|About|News|Products|Prices|Solutions|Support|Registration|Services|Jobs|Contacts|Home|
PHION and other enterprise firewalls comparison
- Barracuda networks UTM products ;
- Cyberoam UTM and firewall products ;
Enterprise firewalls and gateways - vendor strengths and weaknesses
Astaro
Strengths
* Astaro's leverage and integration of a wide range
of open-source components provide an attractive price point.
* It focuses on the requirements of enterprise
customers. * Its Novell relationship feeds its
pipeline.
Cautions
* Astaro has limited visibility outside of Europe,
the Middle East and Africa (EMEA) and outside of its Novell
channel.
* Its UTM focus is less a match for enterprises and
better for SMBs. Astaro is short on enterprise features.
* Astaro has broad capabilities (such as e-mail security features) that often exceed enterprise needs.
Note: During 2011 year, Astaro was bought by Sophos Antivirus company,
so there will be change from Avira used in Astaro UTM to Sophos
antivirus, and ClamAV will remain as was. Astaro Essential
firewall is free of charge for any company. Astaro has home
version of firewall, Astaro Security Gateway HE (home edition)
which is free for home users. Astaro has also software
only versions, which is better when many users, and run on dual
core or Xeon cpu machines. Astaro hi availability versions
- passive/passive or active/active firewalls.
Check Point Software Technologies
Strengths
* Check Point Software Technologies is a well-known
pure-play security company with a well-entrenched installed base
and channel partners.
* Check Point is primarily a software provider, with
a broad range of third-party platform providers, led by companies
such as Nokia and Crossbeam Systems. SecurePlatform can be loaded
onto off-the-shelf servers, and Check Point has a new appliance
for midsize businesses.
* It has a strong field of product options, such as
VSX for virtualized firewalling and its Eventia security
information and event management (SIEM) product.
* Check Point has a strong and mature management
interface with the ability to handle complex DMZ deployments and
large numbers of devices.
* The vendor recently added a stand-alone IPS
product in IPS-1. Although it is not an on-the-firewall option,
it is a good competitive move. This technology was based on the
NFR acquisition (see "NFR Deal Will Bring Check Point Into IPS
Market").
Cautions
* Although Check Point has lowered prices on models
aimed at small businesses, enterprise prices are high. Products
may be expensive for enterprises with low-end requirements or
static networks/users.
* The SmartDefense deep inspection option needs an
update; however, Gartner expects Check Point to provide
competitive IPS capabilities using the acquired NFR technology.
* Check Point is overly secretive about its road map
and longer-term strategies, leaving its customers guessing.
* Dealing with the platform provider as a middleman
can be frustrating. Service complaints about Check Point from
Gartner customers are more common than from users of competing
products.
Cisco
Strengths
* Cisco offers a single invoice, high discounts and
a vendor relationship for "all-Cisco" networks, and it has a
large market share.
* Adaptive Security Appliance (ASA) is a good
replacement for PIX, and an add-in IPS module can replace a
stand-alone IPS.
* Cisco offers a wide choice in platforms, with ASA,
Firewall Services Module blade for Catalyst switches and
Integrated Services Router.
* The vendor has strong channels, broad geographic
support and the availability of other security products, such as
the Cisco Security Agent; its Monitoring, Analysis and Response
System SIEM; and IPS products.
Cautions
* Cisco firewall products are selected more often
when security offerings are added to Cisco's infrastructure,
rather than when there is a shortlist with competing firewall
appliances.
* The vendor's management and consoles are not as rich as competing offerings.
* Like most competitors, Cisco offers limited integration between the firewall and the IPS.
* Future feature improvements for Cisco's enterprise
firewall products are an unknown, which can provide openings for
competitors after the initial successes of its ASA product.
Fortinet
Strengths
* Fortinet has increased its wins against market leaders.
* It has good performance from purpose-built
hardware and a wide model range, including bladed appliances for
large enterprise and carriers, as well as SMB and branch-office
solutions.
* Fortinet is price-competitive, especially with multiple virtual domains.
* It offers ease of deployment.
* Specialized cpu (asic based), which is good for VPN processing.
Cautions
* Like most competing enterprise firewalls, Fortinet does not have a mature NGFW.
* It has experienced anecdotal support and delivery pains resulting from growing at a fast rate.
* Marketing using UTM and antivirus firewall labels undervalues its enterprise offerings.
* Fortinet has limited support by MSSPs outside the Asia/Pacific region.
Juniper Networks
Strengths
* Juniper Networks has a strong enterprise option in
Juniper Secure Services Gateway for high-end, purpose-built appliances.
* It has a good branch-office firewall and
recognizes that enterprises want the same vendor for central and
branch deployments.
* It has good networking support for routing, protocol support and port composition.
* Juniper has strong NAC integration across firewalls and the rest of its product line.
* Customers report good support from Juniper.
Cautions
* As a network infrastructure vendor rather than a
pure-play security vendor, Juniper faces heavy competition from
Cisco networks, where buying any Juniper equipment can be
resisted as a Cisco network equipment replacement.
* Like most competitors, integration between IPS and the firewall is limited.
* Juniper is generally high priced and often allows competitors an opening on price alone.
NETASQ
Strengths
* NETASQ has a good mix of advanced features in comparison to competitors in class.
* It is focused on the requirements of enterprise customers and provides good channel support.
Cautions
* The vendor has a narrow international base, with almost all its deployments in EMEA.
* Its UTM focus is less a match for enterprises and better for SMBs.
phion
* Designed for enterprises, phion is a good alternative to established large competitors.
* Enterprise customers have well-established local support in German-speaking countries and Eastern Europe.
* The vendor has an MSSP-friendly design.
* It has developed NGFW capabilities, although with a limited IPS signature set.
Cautions
* It has a narrow international base, with most deployments in EMEA.
* The vendor has limited market visibility for its Netfence firewall.
* Its product family includes Web optimization
controller capabilities that may divert resources from main network
security areas, but it is not really a caution, because you can take
more powerfull device with stringer cpu/more ram, and you have
additional functionality. Web optimization controller feature has
no other vendor, so it is clear feature of future developments of
enterprize firewalls.
Note: now is part of Barracuda networks .
Secure Computing
Strengths
* Secure Computing has increased its market
visibility, product set and potential for execution after its
CipherTrust acquisition (see "CipherTrust Buy a Bold but Challenging
Move for Secure Computing").
* It offers strong features for government, military and other "security first" requirements.
* The vendor's integration of reputation services
across network, Web and e-mail security product lines provides strong
cross-selling opportunity.
* It has a reputation of producing secure products,
having greatly improved support and being a well-established firewall
player.
Cautions
* Secure Computing is slow to innovate and respond to the wider firewall market from its established base.
* It has low market visibility against market
leaders as a result of positioning itself as a second-line firewall and
as an alternative to stateful inspection firewalls.
SonicWALL
Strengths
* SonicWALL's competitive prices have resulted in good solutions for wide remote-office deployments and SMBs.
* It has the reputation and track record of strong channel support.
* The vendor's aggressive acquisitions provide rapid
technology refresh, such as its recent Aventail Secure Sockets Layer
VPN acquisition.
* It has shipped a large number of appliances.
Cautions
* SonicWALL's product focus has been on SMBs. Its
products are not competitive in most enterprises. "Enterprise" has
really meant "midsize companies" in SonicWALL's product portfolio.
* Its acquisitions can divert attention and resources from the main network security market.
Stonesoft
* Enterprise focus makes StoneGate firewalls distinct from most European competitors, which focus on SMBs.
* It has a StoneGate firewall version for IBM zSeries mainframes.
* Stonesoft provides support for clustering and high
availability for the few enterprises that do not provide for this in
the infrastructure outside the firewall.
* It has a robust performance and feature set relative to company
resources.
Cautions
* Stonesoft has limited market visibility outside of EMEA.
* Its company size is small relative to competitors in the enterprise market.
* It's missing a few features that bigger competitors have, such as Layer 2-mode support.
WatchGuard Technologies
* WatchGuard Technologies' competitive prices
have resulted in good solutions for wide remote-office deployments.
* After taking the company private, its new
management team is well-focused on the core competence of servicing the
SMB market.
Cautions
* WatchGuard is in a rebuilding mode. Gartner
expects continued product focus on SMB products because its current
firewall offerings are not enterprise-class.
If you have big project, want free of charge consulting on your network
infrastructure, or are interested in Phion products, or to
have more details concerning
technical parameters and scalability please see the website or ask sales@matrix.lt .
Copyright MATRIX, UAB, 2008 - 2012