On the heels of its controversial statement that traditional intrusion-detection systems are a market failure and a waste of time, Gartner once again is stirring up the waters. This time, firewalls are the target.
In its latest firewall-analysis report entitled "Magic Quadrant for Enterprise Firewalls," which ranks the beautiful and the ugly in the eyes of Gartner, the consultancy comes right out and declares that "network-level firewalls have been commoditized" and "Gartner believes that firewalls must provide a wider range of intrusion-prevention capabilities, or face extinction."
Extinction?
While "traditonal" firewall vendors such as Check Point and Cisco are showing some signs of waking up and adapting their products to this new-world model, according to Gartner, some vendors with firewall products, including Symantec, BorderWare Technologies, SonicWall and CyberGuard, can practically be written off as firewall has-beens.
Will the players in the next-generation firewalls for which Gartner is longing really be the likes of TippingPoint Technologies and Network Associates, which bought IntruVert to gain a foothold? Or maybe NetContinuum, NetScreen Technologies or Fortinet? Not that most of these vendors have sold a lot of gear, mind you, because they haven't. But according to Gartner, "the established market share leaders will not necessarily dominate" and we're starting all over: "the enterprise firewall market is immature again."
Immature? Question is, does anyone really believe that traditional firewalls are going the way of the dinosaur? Or that firewalls oriented toward detecting and blocking attacks are the next step on the evolutionary path? Let me know what you think at emessmer@nww.com.
In the meantime, here's Check Point's response to the Gartner report, by Greg Smith, Director of Product Marketing:
At a high level, Check Point agrees with Gartner's established criteria for leadership in the firewall market - items such as track record of success, financial strength, partnership/distribution capability, and functional capabilities of products. We also agree with their newly-added criterion: "To be considered a challenger, visionary or leader, a vendor must combine network-level and application-level firewall capabilities in an integrated product." However, we disagree with Gartner's assessment that there are no current leaders in the enterprise firewall category today.
Check Point is the ONLY vendor meeting ALL of these criteria. Check Point Next Generation with Application Intelligence, available now, integrates both network and application level protection into the firewall, and uses deep packet inspection and integrated access control to provide comprehensive attack protection for both networks and applications. Check Point believes this is the best approach to meeting the demands of a threat model that is changing to include more application-level threats.
Gartner Firewall Magic Quadrant author Richard Stiennon has publicly supported this viewpoint. In a press release promoting his May 30 report titled "Hype Cycle for Information Security 2003", he states: "Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled. Functionality is moving into firewalls, which will perform deep packet inspection for content and malicious traffic blocking, as well as antivirus activities."
we have difficulty to see why Cisco is mentioned as doing a deep application level inspection (although it is said to be stateful inspection) when it does only focus on securing the network connectivity! cisco has made the firewall as a commodity, supposingly for the network security, but it is far from convincing security officers of being the choice for professionals.
Posted by: Assad Haddad on June 30, 2003 04:31 PM
From a security operations perspective, firewall commoditization isn't that alarming if at all. If you have your generic firewall set up correctly it is just one piece in your defense in depth strategy you expect things to get through and you plan, harden, monitor, etc in response, once the firewall starts replacing multiple components in your defense in depth you start creating single points of failure which is what these fancy firewalls would become bloated with functionality, new holes are bound to emerge...Just because something becomes a commodity doesn't mean its out of date and not useful. In my experience simple beats fancy when it comes to security.
Posted by: Will T Massey on August 25, 2003 04:02 PMPost a comment
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
