国庆长假期间,Gartner发布了

企业级网络防火墙魔力象限

(Magic Quadrant for Enterprise Network Firewalls)

这是一次“两极分化”的格局,牛B者(Leaders)和苦B者(Niche Players)扎堆,挑战者象限和远见者象限都各只有1家公司。与2017版相比,没有新入者,也没有出局者。我们可以认为这个市场,相对成熟稳定,“四巨头”的格局已经形成,我们可以参考下来自IDC的销售数字

这里统计的是security appliance(安全网关),可以认为以防火墙为主,思科和Paloalto数据很接近,FT和CP数据很接近。

但是从增长率看,C、PA、FT强势,CP非常疲软(1.8%),排名第五的Symantec更是负增长(-2%)。整个大市场的增长率是17%!

接下来,我们摘录Garnter的这份报告里对防火墙市场和技术趋势的一些观点吧

1、市场容量,持续增长:2017企业级防火墙市场容量为113.2亿美金,同比增长13%,G记预测2018年增长率为8%,而到2022年,市场容量将达到145亿美金。so,Gartner认为:“防火墙将死”的言论被夸大了。

2、NGFW为王:企业级防火墙将是NGFW的天下,两年内,传统防火墙会被NGFW洗牌完成。

3、UTM不是企业级客户的选择:Gartner将企业级客户分为三大类(a型:技术驱动业务型,b型:准技术驱动型;c型:非技术驱动型),即便是C类客户,对UTM的选择,都只是作为“廉价”防火墙来使用,so,UTM的目标市场,还是面向smb,而非enterprise。在这类需要“超级”多合一功能的场景,有些功能NGFW尚未兼顾。

4、流量解密是“故事”?:虽然企业目前对加密流量的检查有刚需(到2019年,80%的企业web流量将被加密传输),然而,基于防火墙进行SSL/TLS解密,效果并不令人满意。

5、虚拟防火墙,“宣传”拉着“需求”跑:虽然随着云计算/IaaS的推广,对虚拟化环境的支持需求开始增长(SDN啊,自动化啊,东西流量监测啊,等等,貌似刚需),似乎虚拟防火墙需求旺盛,但Gartner坦言,尚未看到一个虚拟化防火墙供应商成为主流(比如a记和v记),从市场数据看,虚拟防火墙的销售额远远低于整个市场容量的5%。

6.FW as a Service,听您吩咐:基于Cloud模式按需交付的防火墙服务,这部分需求增长迅速但是基数很小。主要目标客户还是小型分支office或者移动用户,他们在追逐SDWAN的同时,也会希望更多的安全功能。

这届象限,共有4个中国厂商入选

优劣势点评,懒得翻译了

大家自己欣赏吧

Strengths

  • Marketing and Sales Execution: Huawei’s firewall sales greatly outgrew the overall enterprise firewall market during the evaluation period, demonstrating new perceived value.

  • Geographic Strategy: Huawei has developed a strong channel in EMEA, and is focusing a significant part of its growth plans on the Middle East and Latin America, which are its two fastest-growing regions.

  • Product Execution: Huawei is executing on its roadmap, particularly around public cloud use cases. Surveyed Huawei stakeholders cite application control as a particularly strong feature.

  • Portfolio Strategy: Customers with networks based primarily on Huawei infrastructure products include Huawei firewalls on their shortlists. Huawei customers still like that the firewalls are well-integrated with their infrastructure components.

  • Product Strategy: Surveyed customers and partners like that Huawei provides good throughput for a low price. Throughput/performance was a consistently listed reason for consideration.

Cautions

  • Product Strategy: Huawei does not release new capabilities as fast as its leading competitors. The vendor spends considerable focus on building features for service providers. Gartner enterprise clients that want first-to-market security capabilities do not often consider Huawei USG as a shortlist candidate.

  • Product Execution: Huawei users continue to comment that they would like enhanced reporting and a better GUI, and that configuration through the GUI could be made easier.

  • Marketing Execution: Huawei continues to have limited competitive visibility outside the Asia/Pacific region and EMEA, although Latin American awareness is growing. The vendor consistently takes meaningful steps to address concerns about relying on technology developed in China; however, this concern continues to be a security sales challenge in some markets, especially North America.

  • Customer Experience: Some customers outside of the Asia/Pacific region note perceived lack of local support as a negative, especially when they need help resolving issues with the technology.

Strengths

  • Product Strategy: CloudHive and CloudEdge (with support for multivendor public clouds) aid hybrid enterprises in their quest to move to a single vendor, helping to reduce the management complexity many hybrid network customers experience. Hillstone’s recent VMware NSX certification helps complete this story.

  • Features: Customers and partners like Hillstone’s strong networking features such as granular quality of service (QoS) and advanced high availability and clustering. Users have rated Hillstone’s abnormal behavior detection network traffic analysis feature as one of the product’s strengths. They also appreciate the Insight screen with the kill chain map, as it shows the exact status of every attack.

  • Public Clouds: Hillstone’s virtual CloudEdge firewalls support all the major regional local cloud platforms in China, including carrier cloud (China Unicom, China Telecom and China Mobile), Jindong Cloud, Huawei Cloud, AliCloud and other global public clouds like AWS and Azure. Hillstone also provides CloudEdge for network function virtualization (NFV) to support customer NFV efforts.

  • Segmentation: Hillstone CloudHive offers a microsegmentation solution for virtual VMware networks along with CloudEdge virtual firewalls for networks in the cloud. This offering makes Hillstone a strong vendor for cloud security use cases.

Cautions

  • Marketing Execution: Surveyed partners have indicated that Hillstone still lacks brand recognition outside China. Now that Hillstone has built out its partner list in several non-China regions, Gartner believes the vendor needs to focus more on strong marketing in those regions, where there are multiple strong firewall vendors with strong marketing.

  • Customer experience: Hillstone customers note that documentation for new features could be clearer, and the user interface and reporting need improvement.

  • Product Strategy: Dividing the firewall product line into E-Series (NGFW) and T-Series (intelligent NGFW [iNGFW]) is confusing to prospects deciding which to evaluate.

  • Product Execution: Hillstone only offers cloud-based network sandboxing and does not offer it as a separate appliance on its price list. Gartner has observed that many enterprises with large data centers that want to build a private cloud for scanning their traffic against advanced malware seek an on-premises network sandboxing appliance, as opposed to a cloud service. This will lead such enterprises to select a different vendor, as Hillstone does not offer this.

Strengths

  • Portfolio: New H3C has a large portfolio of products and offerings. It offers a range of solutions for data centers, cloud infrastructure and big data. Product offerings include servers, storage products, security products, networking and software. This gives an advantage to end users that want to maintain a single vendor relationship for their broad range of infrastructure products.

  • Security Architecture: The vendor offers H3C SecCenter Management Center for centrally managing the security devices on a network. It includes the function modules IPS Manager, UTM Manager, Firewall Manager and intelligent Traffic Analysis System (iTAS). This gives an advantage to existing customers, providing centralized management of a variety of devices.

  • Offering: New H3C Group also offers H3C SecBlade FW modules, which can be used on H3C switches (S5800, S7500E, S9500E or S12500) and routers (SR6600 and SR8800). These SecBlade FW modules help customers extend network security capabilities within their existing H3C switches and routers.

  • Customer Experience: Virtualization is a strong capability in the New H3C Group firewall, enabled by the Intelligent Flow Forwarding (IFF) and Security ONE Platform (SOP) features of the SecPath M9000 Multi Service Security Gateway Series. The IFF feature is designed to implement distributed traffic flow and the SOP feature offers a virtual firewall function using container-based virtualization technology.

  • Capabilities: Since New H3C Group is a large infrastructure vendor, it has invested a large amount to develop a high-end testing center and lab with enhanced testing capabilities. This shows commitment from the vendor to deliver reliable products and services to the market.

Cautions

  • Product Strategy: New H3C Group’s firewall offerings and feature enhancements are still more focused on carrier and large data center use cases that operate in highly virtualized environments. This has led to a lack of focus on meeting all enterprise firewall use cases, especially perimeter security for enterprises.

  • Features: The vendor’s firewalls lack an advanced malware network sandboxing feature, which is offered by a most firewall vendors, including those in China. This leaves customers needing to select a separate vendor for advanced malware capabilities, as opposed to having those capabilities as an add-on feature of their existing firewalls. New H3C does not offer any CASB integration and lacks SaaS monitoring and management features, which increasingly are sought by enterprises with growing adoption of SaaS applications.

  • Marketing Execution: The vendor’s firewalls lack recognition and brand value among enterprises in its local market. During this evaluation period, regional vendors did not list it as a leading competitor, whereas two other Chinese vendors were mentioned.

  • Geographic Strategy: Unlike some in-country competitors, New H3C Group is unknown outside of China.

Strengths

  • Organization: Sangfor is a large company, with sizable R&D focused on enterprise firewall and its threat research team.

  • Technical Architecture: Customers like that it is easy to integrate the firewall with the vendor’s cloud-based web proxy.

  • Feature: Sangfor provides strong security analytics dashboards, displaying the main attack phases and leveraging a multiple-analytics-engine approach to offer vulnerability, user and even some level of business context. Customers praise Sangfor’s ability to quickly grasp the whole situation and security posture of their environments.

  • Product Execution: Customers give a good score to the hardware and software update quality. They also cite the clear reports and visualization as very helpful when deploying the solution.

  • Support: Surveyedcustomers and resellers give a good score to Sangfor’s support, especially for the vendor’s ability to answer in a timely and detailed manner.

Cautions

  • Geographic Strategy: Sangfor’s firewalls are visible to Gartner only in the Asia/Pacific region. Sangfor technical support is mostly centralized from the Malaysian call center, with two other call centers in mainland China. The vendor provides support in English, but not in other European or South American languages.

  • Market Segmentation: Sangfor sells primarily to midsize enterprises and is more rarely seen in very large organizations.

  • Product Execution: Sangfor firewalls have not participated in any recent independent testing proving the efficacy of the IPS engine and resistance to evasion attempts. Sangfor does not offer firewall models with integrated Wi-Fi, unlike many of its midmarket competitors. It also lacks inexpensive appliances for the smaller branches.

  • Features: Surveyed customers would like to see a more responsive UI. The cloud sandboxing emulation is limited to Windows operating systems. The vendor’s firewall appliances lag dedicated hardware acceleration for SSL decryption.

  • Technical Architecture: Sangfor NGAF lacks integration with IaaS platforms. It is not yet available on the AWS Marketplace, Microsoft Azure or the English language version of the Alibaba Cloud Marketplace. Because of partial IPv6 support, Sangfor firewalls might not integrate well in dual-stack environments.

最后,盘点一下国内的NGFW供应商

天融信、山石网科、启明星辰、网御星云、绿盟科技、安恒信息、蓝盾、华为、软云神州、杭州迪普、华清信安、东软、上讯信息、利谱、深信服、360企业安全、卫士通、新华三、锐捷、交大捷普、信安世纪、任子行、上海纽盾、金电网安、亚信安全、北京擎企、君众甲匠、优炫、海峡信息、安信华、博智软件、中科曙光、中科网威、江民科技、东华网智、安码科技、点点星光、华域数安、中新网安、山东确信、有云信息…

真可谓,血海乱战,哈哈

格局已定?不存在滴

如有遗漏,欢迎留言补充

声明:本文来自特大号,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。