Comodo Firewall is the best free firewall. Free firewall. Review of the seven best

If you used personal computer in the 90s, they probably believed that firewalls were needed for organizations, but not for ordinary users. It took the ZoneAlarm team several years to convince consumers of the need for reliable network protection using a firewall. ZoneAlarm Free Firewall has been developing all this time, and its interface has been transformed. The product remains an excellent choice for users who want more features than Windows' built-in security offers.

The program installs instantly and starts working immediately. The main window is made in gray, green and blue tones and contains three large panels: Antivirus, Firewall and Identity & Data. The antivirus panel is grayed out - it is assumed that the user can use the solution with any preferred antivirus, for example, the free AVG AntiVirus Free or Panda Free Antivirus. When installing the product, you can optionally choose to install ZoneAlarm Free Antivirus + Firewall 2017.

Protection against hacker attacks

ZoneAlarm has not received any major changes since its previous release, which means it is still effective in countering network attacks. During testing, port scans and other types of web attacks were carried out, but the product reliably fended them off. ZoneAlarm successfully transferred all system ports to hidden mode, making them invisible to attacks coming from the Internet.

ZoneAlarm invented the concept of a firewall protection mechanism against direct targeted attacks. During testing, it was not possible to terminate program processes or interact in any way with Windows services- in all attempts the message “Access denied” was displayed. It also failed to disable protection by manipulating the system registry.

Intrusion prevention is a feature that is associated with firewall technologies, but this is not entirely true. When attacking a test system using 30 exploits generated by the CORE Impact tool, ZoneAlarm did not react at all. However, the attacks were not able to compromise the security of the system because security patches were installed in a timely manner.

By comparison, Symantec Norton AntiVirus Basic blocked two-thirds of exploits at the network level, ensuring they couldn't reach the target system. Kaspersky Internet Security performed well in this test - the product blocked about half of the exploits.

ZoneAlarm assigns networks to the Public Zone or Trusted Zone. By default, the security level is raised to the maximum level when connecting to a public network. The user will be able to connect to the network, but other devices on the network will not be able to communicate with the user's device. Installed in the trusted zone intermediate level security, it becomes possible to exchange files and send documents for printing.

Application Control

The built-in firewall in Windows is effective at blocking external attacks. The main reason for choosing a third-party firewall is to gain application control functionality, which helps prevent unwanted applications from using the network and Internet.

IN earlier versions ZoneAlarm, the user had to decide for himself which programs could access the Internet. Numerous pop-up queries confused users. Allow or block? Who knows! In recent years, the company has added a cloud database of famous applications. ZoneAlarm can now automatically set the appropriate network permissions for almost any program you use.

If you look into the settings in detail, you will find a slider that sets the security level for application control. Available values: off (off), minimum (Min), average (Med) and maximum (Max). The default level is set to medium - in this mode, ZoneAlarm does not screen all programs. The product detected an attempt to access the Internet from a custom browser and automatically allowed access.

When the maximum security level was set, ZoneAlarm began to respond to all unknown programs and display a request to allow or block access. This mode security had other noticeable effects. Thus, the behavioral analysis component OSFirewall switched to an enhanced mode of operation and notified about a wide range of actions that may indicate malicious activity, but may also be signs of a safe program.

When trying to install 20 old PCMag utilities, ZoneAlarm generated at least one alert for each application. One of the installed utilities caused four warnings to be displayed. A similar feature in Comodo Firewall 8 generated even more warnings.

Personal data protection

On the Data Protection (Identity & Data) page in ZoneAlarm you will find additional ways strengthening security. To begin with, you can activate cloud storage backup copies 5 GB capacity, offered by ZoneAlarm's partner, IDrive. The same storage can be obtained directly from IDrive.

Another ZoneAlarm partner, Identity Guard, offers a free one-year subscription to personal data protection. After registering and entering data, the service warns about various events, for example, data verification or potential account takeover. You can access the Data Theft Help Desk.

Identity Lock offers a completely different approach to protecting personal data. The user simply adds confidential data to a special safe. ZoneAlarm allows you to save 15 different types of data, in particular numbers credit cards, online store passwords, and even your mother’s maiden name. It is also possible to use a different category.

For each object, you can set one-way encryption, otherwise the data will be at risk. You should also leave data protection options for the Internet and email activated.

If you set the Identity Lock protection level to high, the function will block data transfer from your computer until you visit a web resource that you personally define as trusted. Personal information is replaced with asterisks. In medium security mode, Identity Lock displays a warning and suggests blocking the transfer. During testing, there were cases where data was sent despite attempts to block the transmission. Additionally, Identity Lock cannot protect data transferred to secure HTTPS protocol sites.

Easy win

Previously, there was fierce competition in the third-party firewall segment, but systematic improvements to the Windows Firewall have eased this competition. Paid firewalls found themselves in a particularly disadvantageous position, the need for which dropped sharply with the advent of free and effective system protection.

ZoneAlarm remains PCMag's Editors' Choice in the third-party firewall category. The product shares the title with Comodo Firewall 8, which, however, has not been updated for quite some time. If you want advanced firewall protection, then feel free to choose these solutions.

ZoneAlarm Free Firewall 2017 review:

Advantages

• hides all system ports to prevent external attacks;
• control of Internet access from applications;
• successfully resists direct targeted attacks;
• includes cloud backup feature and other additional tools.

Flaws

• there is no protection against exploits;
• OSFirewall technology flags both malicious and safe programs, if the settings are set to maximum security.

Overall rating

Anyone who has ever thought about the question “which firewall to choose?” has probably encountered the magic square Gartner(a well-known analytical agency).

At the end of June 2017 Another market report has been released Unified Threat Management (UTM) - Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) and in July 2017 Enterprise Firewalls - Magic Quadrant for Enterprise Network Firewalls. If you are interested in finding out who was among the leaders, how the situation has changed over the past year and what trends are observed, then welcome to the cat...

UTM Market:

Let me remind you that according to Gartner’s definition:

“Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus) and messaging security (anti-spam, mail AV). ”

That is, platforms fall under this definition network security, aimed at small companies (Small) and slightly larger companies (Midsize) (under small companies (Small and Midsize Business), Gartner considers companies with employees from 100 to 1000 people). UTM solutions usually contain today's typical firewall functionality, an intrusion prevention system (IPS), a VPN gateway, a web traffic filtering system (URL filtering, streaming antivirus system for web traffic), and a mail traffic filtering system (filtering spam messages and an anti-virus system for mail traffic), and of course we cannot forget about the basic routing system and support for various WAN technologies.

It’s interesting that, judging by Gartner’s predictions, the firewall market by 2020 will will remain in approximately the same condition as it is now. In 2022 according to Gartner's predictions, solutions of the class will begin to come into use in SMB Firewall as a Service (FWaaS), i.e. cloud firewalls where client traffic will be tunneled, and the share of new installations in the SMB market will be more than 50%, compared to the current share of 10%. Besides, 2022 25% of SMB users will use their Internet firewall as a monitoring tool and intermediate broker to provide inventory and control the use of SaaS resources, as a means of managing mobile devices or a means of ensuring security policies on end user devices (currently less than 2% of users use this functionality on firewalls). FWaaS solutions will be more popular for distributed branch structures, this decision 10% of new installations will use it, up from less than 1% today.

Since UTM solutions are aimed at relatively small companies (by Gartner's standards), it is clear that having received all the functionality from one box, the end customer will one way or another be content with compromises in terms of performance, network security efficiency and functionality, but for such customers it is also it is important that the solution is easy to manage (control via a browser as an example), the solution administrator can be trained faster due to simplified management, that the solution contains built-in tools for at least basic reporting, for some customers the availability of localized software and documentation is also important.

Gartner believes that the needs of SMB customers and Enterprise customers are very different in terms of Enterprise's needs for the ability to implement more complex management policies, advanced capabilities in implementing network security. For example, Enterprise customers with a distributed branch structure often have branches that can be the same size as an entire SMB company. However, the criteria for choosing equipment for a branch are, as a rule, dictated by the choice of equipment at the head office (usually equipment from the same vendor that is used in the head office is selected for branches, i.e. Low End Enterprise class equipment), since the customer needs to have confidence in ensuring equipment compatibility, and in addition, such customers often use a single management console to ensure manageability of the branch network (where there may not be specialists in the corresponding profile) from the head office. In addition, the economic component is also important; a corporate customer can receive additional discounts for “volume” from manufacturers of internetworking solutions, including solutions for branch networks. For these reasons, Gartner considers solutions for distributed branch structures of Enterprise customers in the solution squares for the Enterprise segment (NGFW/Enterprise Firewall, IPS, WAF, etc.).

Separately, Gartner identifies customers with a distributed network of highly autonomous offices (a typical example is a retail network, where the total number of employees can be more than 1000 people), who, like a typical SMB customer, have rather limited budgets, a very large number of remote sites and usually a small IT/IS staff. Some UTM vendors even specifically focus on solutions for such customers more than for traditional SMB.

UTM as of June 2017:

And here’s what happened a year ago, in August 2016:

The list of UTM market leaders includes the same familiar faces - Fortinet, Check Point, Sophos. Moreover, the situation is gradually heating up - the positions of the leaders are gradually moving closer to each other. Juniper has moved from pursuers to niche players. SonicWall has improved its position a little.
What does Gartner think about the market leaders in the UTM segment individually:

A representative of the UTM market leaders, the SMB solution is represented by an enterprise-class firewall (Enterprise), which is quite easy to manage and has an intuitive graphical interface (GUI).

Headquarters are located in Tel Aviv (Israel) and San Carlos (USA). Check Point is a network security-focused vendor with more than 1,300 R&D employees. The product portfolio includes SMB and Enterprise class firewalls (Security Gateway), a specialized solution for protecting endpoints (Sandblast Agent), a solution for protecting mobile devices (Sandblast Mobile) and virtual firewalls (vSEC for private and public clouds). The current line of SMB class firewalls includes the 700, 1400, 3100, 3200, 5100, 5200, 5400, 5600 families, all devices were introduced in 2016/2017.

3. Sophos:

He is a representative of UTM market leaders. It continues to increase its market share due to ease of use, good functionality of the Security component, and successful integration with its own endpoint protection solution. A frequent guest on SMB customer shortlists, as well as for distributed networks of autonomous offices.

Headquartered in Abingdon (UK), it employs more than 3,000 employees worldwide. The product portfolio contains a mixture of network security and endpoint protection solutions. The Sophos XG line of firewalls contains 19 models and was last updated in the 4th quarter of 2016; the portfolio also includes the outdated Sophos SG line. Sophos UTM solutions are available as virtual applications with integration with IaaS platforms - AWS and Azure. Endpoint security solutions include Sophos Endpoint and Intercept X. The integration solution between Sophos UTM and Sophos Endpoint is called Sophos Synchronized Security. The vendor's portfolio also includes solutions for protecting mobile devices and providing data encryption.

Enterprise Firewall Market:

In 2011 Gartner has introduced a new definition to the Enterprise Firewall market – Next Generation Firewall (NGFW):

“Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.”

Back then it was an innovation, around which there was a lot of controversy. Several years have passed, a lot of water has passed under the bridge, and now in 2017. Gartner no longer considers this to be any special advantage, but simply states the fact that all the leading players in this market have long acquired this functionality, and are now differentiating themselves from other vendors in terms of functionality.

According to Gartner forecasts, by 2020. virtualized Enterprise class firewalls will occupy up to 10% of the market compared to 5% currently. By the end of 2020 25% of firewalls sold will include integration by cloud brokers of connection security cloud services (Cloud Access Security Broker, CASB), integrated via the corresponding APIs. By 2020 50% of new firewall installations will use outbound TLS inspection, up from less than 10% currently.

According to Gartner, the Enterprise Firewall market consists mainly of solutions for protecting corporate networks (Enterprise Networks). The products included in these solutions can be deployed as a single firewall, or in larger and more complex scenarios, including branch networks, Multitiered DMZs, and traditional “large” data center firewall deployment scenarios. and also include the ability to use virtual firewalls in the data center. Customers must also have the opportunity to deploy solutions within the public cloud infrastructures of Amazon Web Services (AWS), Microsoft Azure, and the vendor must have support in its roadmap Google Cloud within the next 12 months. Products must be able to be managed with highly scalable (and granular) management tools, have advanced reporting capabilities, and have a wide range of solutions for the network perimeter, data center, branch network, and deployment in virtualization infrastructure and public cloud. All vendors in this market segment must support fine-grained definition and control of applications and users. The functionality of Next Generation Firewall is no longer an advantage, but a necessity. So Gartner crosses out the term it coined, since this functionality is considered quite common and absolutely necessary in the Enterprise Firewall market. Essentially, Gartner considers NGFW and Enterprise Firewall to be synonymous. Manufacturers operating in this market focus and build a sales strategy and technical support for large companies (Enterprises), and the functionality they develop is also focused on solving the problems of large companies (Enterprises).

Gartner says its research shows NGFWs are continuing the trend of replacing stand-alone IPS devices at the network edge, although some customers say they will continue to use dedicated Next Generation IPS (NGIPS) devices in a Best of Breed strategy. Many enterprise customers are interested in cloud-based Malware detection solutions as a cheaper alternative to standalone established solutions sandbox class ( Sandboxing Solutions).

Unlike the UTM market, the enterprise firewall market does not imply that NGFW solutions must contain all network protection functionality. Instead, Gartner sees the need for enterprise firewalls to specialize specifically in NGFW functionality. For example, enterprise branch firewalls require support for a high degree of blocking granularity network traffic, which should be included in the product base, an integrated service approach to processing network traffic is required, product management should be highly integrated, and not look like a hastily compiled compilation of different engines in one product. The level of protection and ease of configuration of enterprise-class firewalls for branch networks should not be inferior to solutions for the head office.

In 2017 Gartner Focuses on TLS Session Termination Solutions to Enable Verification outgoing traffic for threats such as malicious code downloads and botnet management. In some ways, the ability to inspect outgoing TLS traffic brings NGFW closer to lightweight DLP solutions, since decryption and subsequent inspection of outgoing TLS traffic makes it possible to ensure that sensitive data is not sent outside. However, some customers using this opportunity, may notice a significant performance hit when this feature is enabled due to the high overhead of TLS decryption.

Some advanced customers are planning, and some are already leveraging the capabilities provided by the Software Defined Networking (SDN) paradigm and leveraging micro-segmentation capabilities in a virtualized data center. These customers are looking at vendors with support for various SDN solutions, as well as their plans for further development towards SDN. Solution vendors are incorporating increasingly automated approaches to firewall policy orchestration to deliver the flexibility and business benefits that the SDN paradigm promises.

Let's now look at the current situation with the Gartner market square Enterprise Firewall as of July 2017:

And here’s what happened a year ago, in May 2016:

The list of long-time leaders in the Enterprise Firewall market includes Palo Alto Networks and Check Point. This year, Gartner moved Fortinet from Challengers to Leaders. Passions are heating up - the positions of the leaders in this segment are also approaching each other. Cisco was not able to take the lead this year either, remaining in the pursuers. But what surprises is Huawei, which, among the niche players, was quite confidently placed in the pursuer section.

What does Gartner think about the Enterprise Firewall market leaders individually:

1. Palo Alto Networks:

It is one of the leaders in the Enterprise Firewall market, also a pure Security vendor, based in Santa Clara (USA, California), with a staff of more than 4,000 employees. Produces firewalls since 2007, in 2016. revenues exceeded $1.4 billion. The portfolio of solutions includes Enterprise-class firewalls in physical and virtualized versions, endpoint protection solutions (Traps and GlobalProtect), collection, aggregation, correlation solutions, real-time threat analytics to support defensive measures (Threat Intelligence , AutoFocus), security solutions for SaaS (Aperture). The manufacturer is actively working on integrating solutions into a unified network security platform.

Palo Alto Networks recently released version 8 operating system PAN-OS with improvements for WildFire and Panorama, new SaaS security functionality, user credential protection. A firewall model was also released entry level PA-220, mid-range devices PA-800 Series, the PA 5000 Series line of firewalls (new models 5240, 5250, 5260), which has been produced since 2011, has also been updated.

He is a representative of the Enterprise Firewall market leaders. The product portfolio for the Enterprise market contains a large number of solutions, including NGFW firewalls and endpoint protection solutions, cloud and mobile network security solutions. Check Point's flagship products are enterprise security gateways (Enterprise Network Security Gateways include the 5000, 15000, 23000, 44000 and 64000 families). Cloud Security is provided through a vSEC solution for private and public clouds, and there is also a SandBlast Cloud solution for SaaS applications. Endpoint security solutions include SandBlast Agent and mobile security solutions Check Point Capsule and SandBlast Mobile. Also released is the SandBlast Cloud solution for scanning email traffic in Microsoft Office 365. In 2016 models 15400 and 15600 became available for large corporate customers, as well as 23500 and 23800 for data centers.

Recently, the new Hi-End platforms 44000 and 64000 were introduced, vSEC for Google Cloud was released, and new version R80.10 software includes improvements to the management console, improved performance, and SandBlast Anti-Ransomware, which provides protection against ransomware-class malware. Also introduced is the new Check Point Infinity network security architecture, which integrates the security of networks, clouds and mobile users.

Check Point has also been expanded cloud solution protection against Malware, which can be integrated before SaaS email services. Check Point offers numerous software blades that expand the capabilities of the firewall, including advanced protection against malware - Advanced Mailware Protection (Threat Emulation and Threat Extraction), Threat Intelligence services - ThreatCloud IntelliStore and Anti-Bot. Check Point supports its firewalls in the Amazon Web Services (AWS) and Microsoft Azure public clouds, and integration solutions with SDN solutions from VMWare NSX and Cisco Application Centric Infrastructure (ACI) are available.

A Check Point solution should be on the short list of enterprise customers for whom price sensitivity is not as important as the granularity of network security functionality, coupled with high-quality centralized management for complex networks. It is also a good candidate for customers using hybrid networks consisting of on-premise equipment, virtualized data centers and clouds.

Only registered users can participate in the survey. , Please.

As soon as they don't write the English word " firewall"in the Russian version - firewall, firewall, firewall, firewall, firewall, firewall, firewall, firewall... Also, instead of "firewall" the name "firewall" is sometimes used.

What is a firewall? In English, “firewall” has the original meaning of “fire wall”, which was supposed to protect the building from the spread of fire. The German word "brandmauer" has exactly the same meaning. There is no single-word analogue of this term in the Russian language; the most rooted analogue of “firewall” in Russian is “firewall” (option - firewall). Just as a fire wall should block the spread of fire, a computer firewall should block various types of unwanted intrusions into your computer through computer network. Nowadays, a firewall is a necessary element of network security, including the security of a user connected to the Internet (which was already discussed in the review article on Internet user security). In order to filter and control network traffic, there are a variety of tools - both hardware and software. However, in this article we will pay attention to exactly what should protect an ordinary user connected to the Internet, and such a tool is usually personal firewall- regular computer program, which is installed on a separate computer and protects it without the help of any additional equipment. Let's give a short overview of the most common and reliable firewalls.

Today, a personal firewall is an almost mandatory element of computer software connected to the Internet. Without it, the probability of unauthorized penetration of your computer, viruses, Trojans, and theft of confidential information is not only high, but close to 100%, and, most likely, you will not have to wait long for such penetration. Built-in Windows firewall has very limited capabilities and therefore it makes sense to immediately disable it by installing more advanced protection. In this regard, the task of choosing a firewall for your computer is very important.

Which personal firewall should you choose? Today there are many well-known, proven products, among which you can find free ones (and most paid ones have a 30-day free period). It should be noted that at present there is already a strong tendency associated with the development of programs for comprehensive computer protection, i.e. those that perform regular firewall functions, blocking unauthorized access to your computer from the outside, and protect against spam, warn about suspicious sites, fighting viruses and Trojans, etc. This comprehensive protection package, released by one manufacturer, is the optimal choice.

Of course, the most important parameter is the reliability of the firewall, the degree of protection provided and the ability to repel various attacks and threats. But this parameter is not the only one worth paying attention to. Also important is the ease of use of the firewall, ease of setting parameters, performance requirements and the degree to which computer resources are loaded during operation.

Outpost Security Suite Russian company Agnitum is one of the most famous firewalls ( for a long time took first place in the ranking). Outpost Security Suite is a comprehensive solution that includes protection against viruses, Trojans, spyware, application control, spam protection, blocking unwanted advertising, protection from visiting unwanted sites, etc. One of the best and most reliable solutions. There are both free and paid versions, somewhat limited in settings options.

Privatefirewall- a comprehensive PC protection solution developed by an American company (actively collaborating with Russian programmers). Privatefirewall provides protection against various types of threats, but cannot independently disinfect an infected computer, so it is recommended to use it in conjunction with anti-virus software. There is no Russian version yet.

Kaspersky Internet Security- a solution for comprehensive computer protection from the leader in the field of anti-virus software development - Kaspersky Lab. According to tests and user reviews, it provides reliable protection in many respects (one of the best in both firewall and antivirus ratings). At the same time, Kaspersky Internet Security is quite easy to use and configure compared to most analogues. In addition to the traditional modules for programs of this kind, it includes additional functions, such as anti-phishing, parental controls, etc. In my assessment, Kaspersky Internet Security is best choice for most (especially “non-advanced”) users.

SpyShelter Firewall- a fairly simple and convenient solution for protection home computer, developed by a Polish company. Does not contain its own antivirus module, can scan suspicious files through the Internet service Virus Total. There is a Russian version.

Still not clear which firewall to choose? Ask a question at .

Few people think about setting up a Firewall until they encounter problems with the security of their Windows 10 computer, laptop or tablet. You can be smart and download the best free Firewall for Windows 10 before problems arise and set everything up perfectly. In this article, we will tell you about the best firewalls, create a rating, and you can decide for yourself which option suits you best.

What is Firewall

Firewall rating for Windows 10

Windows 10 Firewall Control

Comodo Firewall

Kaspersky Anti-Virus

Most others also include a firewall; you don’t have to limit yourself to the three options we’ve given in this article. But there are situations when it is necessary to disable the Firewall; you will learn more about this in the following video:

• Useful programs for Windows 10

Anyone who has ever thought about the question “which firewall to choose?” has probably encountered the magic square Gartner(a well-known analytical agency).

At the end of June 2017 Another market report has been released Unified Threat Management (UTM) - Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) and in July 2017 Enterprise Firewalls - Magic Quadrant for Enterprise Network Firewalls. If you are interested in finding out who was among the leaders, how the situation has changed over the past year and what trends are observed, then welcome to the cat...

UTM Market:

Let me remind you that according to Gartner’s definition:

“Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus) and messaging security (anti-spam, mail AV). ”

That is, this definition includes network security platforms aimed at small companies (Small) and slightly larger companies (Midsize) (Gartner considers small companies (Small and Midsize Business) to be companies with 100 to 1000 employees). UTM solutions usually contain today's typical firewall functionality, an intrusion prevention system (IPS), a VPN gateway, a web traffic filtering system (URL filtering, streaming antivirus system for web traffic), and a mail traffic filtering system (filtering spam messages and an anti-virus system for mail traffic), and of course we cannot forget about the basic routing system and support for various WAN technologies.

It’s interesting that, judging by Gartner’s predictions, the firewall market by 2020 will will remain in approximately the same condition as it is now. In 2022 according to Gartner's predictions, solutions of the class will begin to come into use in SMB Firewall as a Service (FWaaS), i.e. cloud firewalls where client traffic will be tunneled, and the share of new installations in the SMB market will be more than 50%, compared to the current share of 10%. Besides, 2022 25% of SMB users will use their firewall as a monitoring tool and intermediate broker to provide inventory and control the use of SaaS resources, as a means of managing mobile devices, or as a means of enforcing security policies on end user devices (currently less than 2% of users use this functionality on firewalls). FWaaS solutions will also become more popular for distributed branch structures, with 10% of new installations using this solution compared to less than 1% today.

Since UTM solutions are aimed at relatively small companies (by Gartner's standards), it is clear that having received all the functionality from one box, the end customer will one way or another be content with compromises in terms of performance, network security efficiency and functionality, but for such customers it is also it is important that the solution is easy to manage (control via a browser as an example), the solution administrator can be trained faster due to simplified management, that the solution contains built-in tools for at least basic reporting, for some customers the availability of localized software and documentation is also important.

Gartner believes that the needs of SMB customers and Enterprise customers are very different in terms of Enterprise's needs for the ability to implement more complex management policies, advanced capabilities in implementing network security. For example, Enterprise customers with a distributed branch structure often have branches that can be the same size as an entire SMB company. However, the criteria for choosing equipment for a branch are, as a rule, dictated by the choice of equipment at the head office (usually equipment from the same vendor that is used in the head office is selected for branches, i.e. Low End Enterprise class equipment), since the customer needs to have confidence in ensuring equipment compatibility, and in addition, such customers often use a single management console to ensure manageability of the branch network (where there may not be specialists in the corresponding profile) from the head office. In addition, the economic component is also important; a corporate customer can receive additional discounts for “volume” from manufacturers of internetworking solutions, including solutions for branch networks. For these reasons, Gartner considers solutions for distributed branch structures of Enterprise customers in the solution squares for the Enterprise segment (NGFW/Enterprise Firewall, IPS, WAF, etc.).

Separately, Gartner identifies customers with a distributed network of highly autonomous offices (a typical example is a retail network, where the total number of employees can be more than 1000 people), who, like a typical SMB customer, have rather limited budgets, a very large number of remote sites and usually a small IT/IS staff. Some UTM vendors even specifically focus on solutions for such customers more than for traditional SMB.

UTM as of June 2017:

And here’s what happened a year ago, in August 2016:

The list of UTM market leaders includes the same familiar faces - Fortinet, Check Point, Sophos. Moreover, the situation is gradually heating up - the positions of the leaders are gradually moving closer to each other. Juniper has moved from pursuers to niche players. SonicWall has improved its position a little.
What does Gartner think about the market leaders in the UTM segment individually:

A representative of the UTM market leaders, the SMB solution is represented by an enterprise-class firewall (Enterprise), which is quite easy to manage and has an intuitive graphical interface (GUI).

Headquarters are located in Tel Aviv (Israel) and San Carlos (USA). Check Point is a network security-focused vendor with more than 1,300 R&D employees. The product portfolio includes SMB and Enterprise class firewalls (Security Gateway), a specialized solution for protecting endpoints (Sandblast Agent), a solution for protecting mobile devices (Sandblast Mobile) and virtual firewalls (vSEC for private and public clouds). The current line of SMB class firewalls includes the 700, 1400, 3100, 3200, 5100, 5200, 5400, 5600 families, all devices were introduced in 2016/2017.

3. Sophos:

He is a representative of UTM market leaders. It continues to increase its market share due to ease of use, good functionality of the Security component, and successful integration with its own endpoint protection solution. A frequent guest on SMB customer shortlists, as well as for distributed networks of autonomous offices.

Headquartered in Abingdon (UK), it employs more than 3,000 employees worldwide. The product portfolio contains a mixture of network security and endpoint protection solutions. The Sophos XG line of firewalls contains 19 models and was last updated in the 4th quarter of 2016; the portfolio also includes the outdated Sophos SG line. Sophos UTM solutions are available as virtual applications with integration with IaaS platforms - AWS and Azure. Endpoint security solutions include Sophos Endpoint and Intercept X. The integration solution between Sophos UTM and Sophos Endpoint is called Sophos Synchronized Security. The vendor's portfolio also includes solutions for protecting mobile devices and providing data encryption.

Enterprise Firewall Market:

In 2011 Gartner has introduced a new definition to the Enterprise Firewall market – Next Generation Firewall (NGFW):

“Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.”

Back then it was an innovation, around which there was a lot of controversy. Several years have passed, a lot of water has passed under the bridge, and now in 2017. Gartner no longer considers this to be any special advantage, but simply states the fact that all the leading players in this market have long acquired this functionality, and are now differentiating themselves from other vendors in terms of functionality.

According to Gartner forecasts, by 2020. virtualized Enterprise class firewalls will occupy up to 10% of the market compared to 5% currently. By the end of 2020 25% of firewalls sold will include integration by cloud brokers of security connections to cloud services ( Cloud Access Security Broker, CASB), integrated via the corresponding APIs. By 2020 50% of new firewall installations will use outbound TLS inspection, up from less than 10% currently.

According to Gartner, the Enterprise Firewall market consists mainly of solutions for protecting corporate networks (Enterprise Networks). The products included in these solutions can be deployed as a single firewall, or in larger and more complex scenarios, including branch networks, Multitiered DMZs, and traditional “large” data center firewall deployment scenarios. and also include the ability to use virtual firewalls in the data center. Customers must also have the opportunity to deploy solutions within the public cloud infrastructures of Amazon Web Services (AWS), Microsoft Azure, and the vendor must have Google Cloud support in its roadmap within the next 12 months. Products must be able to be managed with highly scalable (and granular) management tools, have advanced reporting capabilities, and have a wide range of solutions for the network perimeter, data center, branch network, and deployment in virtualization infrastructure and public cloud. All vendors in this market segment must support fine-grained definition and control of applications and users. The functionality of Next Generation Firewall is no longer an advantage, but a necessity. So Gartner crosses out the term it coined, since this functionality is considered quite common and absolutely necessary in the Enterprise Firewall market. Essentially, Gartner considers NGFW and Enterprise Firewall to be synonymous. Manufacturers operating in this market focus and build a sales strategy and technical support for large companies (Enterprises), and the functionality they develop is also focused on solving the problems of large companies (Enterprises).

Gartner says its research shows NGFWs are continuing the trend of replacing stand-alone IPS devices at the network edge, although some customers say they will continue to use dedicated Next Generation IPS (NGIPS) devices in a Best of Breed strategy. Many enterprise customers are interested in cloud-based Malware detection solutions as a cheaper alternative to separately installed sandbox solutions ( Sandboxing Solutions).

Unlike the UTM market, the enterprise firewall market does not imply that NGFW solutions must contain all network protection functionality. Instead, Gartner sees the need for enterprise firewalls to specialize specifically in NGFW functionality. For example, Enterprise-class branch firewalls require support for a high degree of granularity in blocking network traffic, which must be included in the product base, an integrated service approach to processing network traffic is required, product management must be highly integrated, and not look like a hastily compiled compilation of different engines in one product . The level of protection and ease of configuration of enterprise-class firewalls for branch networks should not be inferior to solutions for the head office.

In 2017 Gartner focuses on TLS session termination solutions to ensure outbound traffic is inspected for threats such as malicious code downloads and botnet management. In some ways, the ability to inspect outgoing TLS traffic brings NGFW closer to lightweight DLP solutions, since decryption and subsequent inspection of outgoing TLS traffic makes it possible to ensure that sensitive data is not sent outside. However, some customers using this feature may experience a significant performance hit when enabling this feature due to the high overhead of TLS decryption.

Some advanced customers are planning, and some are already leveraging the capabilities provided by the Software Defined Networking (SDN) paradigm and leveraging micro-segmentation capabilities in a virtualized data center. These customers are looking at vendors with support for various SDN solutions, as well as their plans for further development in the direction of SDN. Solution vendors are incorporating increasingly automated approaches to firewall policy orchestration to deliver the flexibility and business benefits that the SDN paradigm promises.

Let's now look at the current situation with the Gartner market square Enterprise Firewall as of July 2017:

And here’s what happened a year ago, in May 2016:

The list of long-time leaders in the Enterprise Firewall market includes Palo Alto Networks and Check Point. This year, Gartner moved Fortinet from Challengers to Leaders. Passions are heating up - the positions of the leaders in this segment are also approaching each other. Cisco was not able to take the lead this year either, remaining in the pursuers. But what surprises is Huawei, which, among the niche players, was quite confidently placed in the pursuer section.

What does Gartner think about the Enterprise Firewall market leaders individually:

1. Palo Alto Networks:

It is one of the leaders in the Enterprise Firewall market, also a pure Security vendor, based in Santa Clara (USA, California), with a staff of more than 4,000 employees. Produces firewalls since 2007, in 2016. revenues exceeded $1.4 billion. The portfolio of solutions includes Enterprise-class firewalls in physical and virtualized versions, endpoint protection solutions (Traps and GlobalProtect), collection, aggregation, correlation solutions, real-time threat analytics to support defensive measures (Threat Intelligence , AutoFocus), security solutions for SaaS (Aperture). The manufacturer is actively working on integrating solutions into a unified network security platform.

Palo Alto Networks recently released version 8 of the PAN-OS operating system with improvements for WildFire and Panorama, new SaaS security functionality, and user credential protection. An entry-level firewall model PA-220, a mid-range device PA-800 Series was also released, and the line of firewalls PA 5000 Series (new models 5240, 5250, 5260), which has been produced since 2011, was also updated.

He is a representative of the Enterprise Firewall market leaders. The product portfolio for the Enterprise market contains a large number of solutions, including NGFW firewalls and endpoint protection solutions, cloud and mobile network security solutions. Check Point's flagship products are enterprise security gateways (Enterprise Network Security Gateways include the 5000, 15000, 23000, 44000 and 64000 families). Cloud security is provided through a vSEC solution for private and public clouds, and there is also a SandBlast Cloud solution for SaaS applications. Endpoint security solutions include SandBlast Agent and mobile security solutions Check Point Capsule and SandBlast Mobile. The SandBlast Cloud solution for scanning email traffic in Microsoft Office 365 was also released. In 2016. models 15400 and 15600 became available for large corporate customers, as well as 23500 and 23800 for data centers.

Recently, the new Hi-End platforms 44000 and 64000 were introduced, vSEC was released for Google Cloud, and a new software version R80.10 was released with improvements to the management console, improved performance and SandBlast Anti-Ransomware, which provides protection against ransomware-class malware. Also introduced is the new Check Point Infinity network security architecture, which integrates the security of networks, clouds and mobile users.

Check Point has also expanded its cloud-based anti-Malware solution, which can be integrated in front of SaaS email services. Check Point offers numerous software blades that expand the capabilities of the firewall, including advanced protection against malware - Advanced Mailware Protection (Threat Emulation and Threat Extraction), Threat Intelligence services - ThreatCloud IntelliStore and Anti-Bot. Check Point supports its firewalls in the Amazon Web Services (AWS) and Microsoft Azure public clouds, and integration solutions with SDN solutions from VMWare NSX and Cisco Application Centric Infrastructure (ACI) are available.

Check Point's solution should be on the short list of enterprise customers for whom cost sensitivity is less important than granular network security functionality coupled with high-quality centralized management for complex networks. It is also a good candidate for customers using hybrid networks consisting of on-premise equipment, virtualized data centers and clouds.

Only registered users can participate in the survey. Please sign in.