Network Firewalls, Network Access Control , Security Operations

Palo Alto, Fortinet, Check Point Top Firewall Forrester Wave

Fortinet, Check Point Enter Leaders Segment While Cisco Falls in Latest Rankings
Palo Alto, Fortinet, Check Point Top Firewall Forrester Wave

A surging Fortinet and Check Point have joined perennial stalwart Palo Alto Networks atop the Forrester Wave Enterprise Firewalls 2022 report, while Cisco slipped to the strong performers category.

See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware

"The COVID-19 pandemic turned security pros’ attention from securing the network to securing the remote workforce," Forrester Senior Analysts David Holmes and Carlos Rivera wrote. "Enterprise firewall vendors reported significant growth in the past year, even though the employees who left the perimeter en masse two years ago have yet to return."

Forrester's enterprise firewall leaderboard now belongs solely to pure-play cybersecurity vendors, with all three leaders having at least 15 years of experience in developing and deploying firewalls. The focus Palo Alto Networks, Fortinet and Check Point bring to cybersecurity stands in contrast to Cisco, where security accounted for just 7.2% of the networking giant's $51.6 billion in sales for the fiscal year ended July 31.

Palo Alto Networks, Check Point Software and Fortinet took the gold, silver and bronze, respectively, for the strength of their current enterprise firewall offering. That's a dramatic change from August 2020 when Cisco, Check Point and Palo Alto took the gold, silver and bronze, respectively.

The strategy category also saw ranking shifts, with Fortinet catapulting from sixth in 2020 to second this year, Sophos jumping from fifth to third despite the weakness of Sophos' current offering, which kept the company in the strong performers category. Palo Alto Networks retained the top spot for enterprise firewall strategy, while Check Point slipped from second in 2020 to fourth this year.

Forrester's rankings are generally reflected in their market share, with Palo Alto Networks, Cisco, Fortinet and Check Point controlling 19%, 16%, 14% and 9%, respectively, of the security appliance market as of spring 2021, according to Statista.

"Firewall vendors retooled their portfolios to apply artificial intelligence, vendor-delivered services and partner service for network security," Forrester wrote. "The vendors built platforms friendly to MSPs and MSSPs that, with the help of the vendors' services, can use human brains to close the loop after attackers get past the firewalls."

Forrester urged firewall vendors to demonstrate efficacy beyond signature matching, deliver required capabilities within customer budgets and address the skills gap through managed services. Several enterprise firewall vendors are fielding data science teams to deploy deep learning or expert-generated analytics to proactively detect malicious content, rather than taking a reactive posture, Forrester says (see: Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant).

"The need to have the right security solution is crucial to security architecture and to overall network health and performance," Forrester wrote. "Organizations looking to deploy new appliances in their enterprise or data centers need solutions that can support varying architectural needs, conditions and requirements."

Outside of the leaders, here's how Forrester sees the enterprise firewall market:

  • Strong Performers: Sophos, Cisco, Juniper Networks, SonicWall;
  • Contenders: Barracuda Networks, WatchGuard, Forcepoint.

Forrester classified Huawei as a strong enterprise firewall performer in the August 2020 wave, but the controversial Chinese company wasn't even considered as part of the wave this time around.

How the Enterprise Firewall Leaders Climbed Their Way to the Top

Company Name Acquisition Amount Date
Check Point Software Spectral Not Disclosed February 2022
Check Point Software Avanan $227M September 2021
Check Point Software ForceNock Not Disclosed January 2019
Fortinet None N/A N/A
Palo Alto Networks Gamma Networks $20M August 2021
Palo Alto Networks CloudGenix $420M April 2020
Palo Alto Networks Zingbox $75M September 2019

Palo Alto Leverages AI, ML to Stop Attacks in Real Time

Palo Alto Networks has extended advanced URL filtering across its threat prevention portfolio and security services to stop phishing and web-based threats and protect against zero-day attacks, says Anand Oswal, senior vice president of network security products. The company wants to harness artificial intelligence and machine learning to stop attacks in line and in real time, according to Oswal.

Oswal says the company introduced its first machine learning-powered firewalls two years ago, which pushed ML coding into the network security stack to stop variations of existing malware, and then eight months ago started infusing deep learning into its network security technology. Meanwhile, AI can validate the health of network security tools by ensuring there's sufficient bandwidth and memory (see: Nikesh Arora on the Palo Alto Networks Growth Strategy).

"Customers are looking to consolidate their infrastructure on best-of-breed platforms," Oswal tells Information Security Media Group. "So we have to be best of breed."

Forrester said Palo Alto Networks customers complain about the company's subscription costs and licensing practices, and say it is the only firewall vendor that still charges for basic SD-WAN capabilities. Oswal says customers have the choice of procuring the company's technology through enterprise agreements, as part of a service bundle or on an a la carte basis, with Palo Alto taking pride in the service it provides.

"The traditional way of doing services with signatures and databases has lower costs, but they're not as effective," Oswal says. "When you have something that is more advanced, that has some additional costs."

Fortinet Extends Firewall Protection to SASE, Container Environments

Fortinet has expanded its zero trust network access application gateway so that users can verify their device posture without having to purchase an additional tool, says Vice President of Products Nirav Shah. The company has doubled down on its AL and ML-powered services to accelerate analysis and ensure customers are getting the full device and security posture benefits from FortiGate firewalls.

Shah says Fortinet has worked to make its FortiOS operating system available in a container or as part of a SASE architecture to ensure users and apps have the same level of protection no matter where they reside. The company has long offered its firewall as either a hardware appliance or a virtual machine in the public cloud, and he says the investment in SASE will help secure remote- and container-based users (see: Ken Xie on Why Fortinet Is Leaning Into SD-WAN, OT Security).

"It's always been about solving customers' problems and making operations simple for them while providing best-in-class security," Shah tells Information Security Media Group. "Bringing networking and security together means Fortinet customers get a return on investment way faster than people working with any other vendor."

Forrester says Fortinet customers found the company's usability and policy creation to be merely average. Shah says the company tends to get very positive feedback around usability since it hasn't stitched acquisitions together and strives to have both usability and workflow by intuitive regardless of form factor. The company will address use cases where customers want to see improvement, Shah says.

"We have cutting-edge technology and we will continue to expand our security services to make sure we are stopping threats by both preventing and detecting within seconds," Shah says.

Check Point Brings Deep Learning to DNS and Phishing Prevention

Check Point Software has leveraged deep learning to more effectively prevent advanced DNS, phishing and IoT-based attacks, says Vice President of Product Management Eyal Manor. Deep learning has allowed Check Point to analyze in real time the domains users are visiting while minimizing false positives and incorporating a large number of parameters without any training needed, Manor says.

A huge range of phishing attacks are targeted at specific people and triggered at a particular time, with Check Point's Quantum security gateways inserting JavaScript that runs on the webpage in real time, he says. And even though clients have gotten better at finding IoT devices, he says autonomous zero trust access profiles should be built for each device to determine which protocols are allowed or blocked (see: Check Point CEO Gil Shwed on Why Prevention Beats Detection).

"We spent the past two years since the previous Forrester report assessing the gaps to understand what we can do better to improve ourselves," Manor tells Information Security Media Group. "We want to catch gaps on one hand and become more innovative on the other hand."

Forrester criticized Check Point for being the last of the firewall vendors to offer integrated SD-WAN to customers and found the company might have turned a corner on customer support issues. Check Point will soon announce SD-WAN capabilities that are embedded and integrated into the firm's Quantum Spark gateways, which will autonomously clean up security policies and route traffic to the best places.

"We're behind in SD-WAN," Manor says. "But we're not here to close the gaps. We're here to do it better."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.