Windows comes with a built-in firewall, but you can get advanced third-party protection for free. Then you ask, why pay for ZoneAlarm PRO Firewall 2017? There is one simple reason - the free version can be used for non-commercial purposes, so to use the product in a business environment, you will have to purchase a paid edition. In addition, this version offers premium technical support, enhanced control over firewall settings and new effective protection against phishing.
The annual ZoneAlarm PRO Firewall 2017 license costs $ 39.95 - that's the price you can buy a standalone antivirus. Moreover, the same price can be purchased with Check Point ZoneAlarm PRO Antivirus + Firewall. If you don't have stationary anti-virus protection, then this comprehensive product may be the best solution. Keep in mind that when you buy multiple licenses, the cost drops. For example, 5 annual licenses are available for $ 59.95.
With the exception of anti-phishing protection, which is provided by the browser extension, the main set of features of the paid version does not differ from the capabilities of the free ZoneAlarm firewall. However, there are differences when considering additional security tools. There are three large panels in the main window of the program: Antivirus protection and firewall (Antivirus & Firewall), Web protection and privacy (Web & Privacy) and Data protection (Mobility & Data). Each panel represents 3 to 4 components, many of which are grayed out and inactive. For example, in the web protection and privacy panel, parental control, protection against keyloggers and spam filter are unavailable. The fully featured ZoneAlarm Extreme Security 2017 solution uses the same interface template, but all features are enabled.
Common functions
ZoneAlarm PRO Firewall 2017 includes all the features of the free ZoneAlarm Free Antivirus + 2017. For a detailed acquaintance with the functions of a free firewall, read its review on our website, and here we will only briefly list the capabilities of the product.
The ZoneAlarm firewall does an excellent job of putting system ports in stealth mode to protect against external attacks and control of application access to the network. The component uses an extensive database to automatically grant permissions for famous programs and for making decisions on unknown applications... If you install maximum level protection, the firewall will notify the user about attempts to access the Internet from outside unknown programs and will rely on the user's decision.
However, in the mode maximum safety OSFirewall's behavioral analysis component generates a large number of false positives. On the other hand, a similar component in Comodo Firewall 8 gave even more false positives when tested with an identical set of samples.
ZoneAlarm does not attempt to block exploits at the network level in either the free or paid version. However, none of the test attacks were able to compromise the security of the system. Moreover, it was not possible to find a programmatic way to disable firewall protection.
ZoneAlarm users get 5 gigabytes of cloud storage for backups from the company's partner, IDrive, and credit monitoring from another partner, Identity Guard. Built-in Identity Lock prevents unauthorized transfer of user data.
One of the differences between the products can be noticed when you select the Technical Support option from the help menu. In the free version, selecting this option would open a page containing links to community forums, knowledge base articles, and installation help. In the paid version, a premium support page opens with the message: “A Certified Professional can help you right now! Our experts will connect to your computer and fix the problem as soon as possible. ”
Advanced firewall
The firewall in the free version is called Basic Firewall, while in paid PRO version includes Advanced Firewall or Advanced Firewall. While the free version allows changes to the settings for the trusted zone and the public zone, the paid edition offers granular control over the network events that are allowed in each zone. If you are a beginner, you shouldn't change these settings. Only advanced users can safely manually configure network rules firewall.
Software control has received some additional functions. You can optionally enable Advanced Application Control, Advanced Interaction Control and Component Control. Be aware that enabling these modules will increase the number of toast alerts.
The main purpose of the advanced monitoring tools is to detect malicious programs that try to disguise themselves as legitimate programs or otherwise evade firewall protection. However, ZoneAlarm can notify you about the activity of trusted programs, so you need to analyze the situation in detail before blocking access. If you suspect that your knowledge is not enough to make a correct decision, it is better not to enable these functions.
Real-time anti-phishing protection
ZoneAlarm has a long history of anti-phishing protection. V previous years anti-phishing was supplied as part of the licensed toolbox. Free product users had to accept the installation of the toolbar, which automatically changed the browser home page and search system default. The toolbar was dropped from the product line last year. Anti-phishing protection is now back, but only available to users of the paid version.
If a Trojan needs to deceive an antivirus for a successful attack, then for a phishing attack it is enough to deceive a user who, without suspecting anything, enters his personal data into a fake website. Fraudulent sites often include copies of financial sites, email services, and even online games... If you enter your username and password, an attacker can take over your account.
It is very important to note that nothing will happen if you do not enter data. A phishing attack is not a hidden download where a computer can become infected without the user's knowledge. ZoneAlarm does not check sites for phishing signs until you select the login or password field. At this point, the product starts scanning the page content. ZoneAlarm does not waste time checking for the presence of a resource in blacklists and does not perform heuristic analysis on all visited sites. This innovative solution that can be borrowed by other vendors.
ZoneAlarm has been tested on five test systems... One was protected by ZoneAlarm, the other by Symantec Norton AntiVirus Basic, and three more relied on content filter protection from Chrome, Firefox and Internet Explorer.
V this test Were used sites that were presented as fraudulent, that have not yet been analyzed and have not been added to blacklists. Typically, these sites are less than a few hours old. Since the set of sites is different for each trial, the difference in detection rate is used for the assessment.
At all small number of the tested products were able to outperform the protection of Chrome or Internet Explorer. Only a few were able to bypass Norton. The leader was Kaspersky Anti-Virus, which was able to detect 4 percent more threats than Norton. ZoneAlarm was also among better solutions and seemed to have the same detection rate as Norton and bypassed all three browser protections.
However, there is one drawback. This phishing protection extension is available only for Chrome. Until all major browsers are supported, the extension will not be able to protect all users
Great solution for advanced users
ZoneAlarm PRO Firewall 2017 review:
Dignity
- extended firewall;
- hiding system ports from external attacks;
- control of application access to the network;
- unique protection against phishing in real time;
- successfully resists direct attacks;
- cloudy backup storage and other useful additional functions.
Flaws
- there is no protection against exploits;
- certain knowledge and skills are required to work with a firewall;
- phishing protection only works in Chrome;
- Behavioral Analysis Component OSFirewall generates false positives in maximum security mode.
The majority of users, when deciding the issue of computer security, limit themselves to installing a commercial or, at the same time, believing that this is quite enough for "one hundred percent" protection. However, this is not quite true.
The Internet is full of dangers, and in most cases, it is through the network that the computer penetrates malicious applications, and then, nestled, they themselves begin to transfer personal data of an unsuspecting user to the network, or use a computer to spread spam or as a proxy server.
Therefore, it is so important that a good firewall or, as they say, a firewall is installed on each computer in addition to. In that small overview we bring to your attention seven best free firewalls: Ashampoo Firewall Free, PC Tools Firewall Plus, Emsisoft Online Armor Free, ZoneAlarm Free Firewall, Filseclab Personal Firewall Professional Edition, Outpost Firewall Free and Comodo Firewall. It's up to you to choose.
Ashampoo Firewall Free
First on our list is free product Ashampoo Firewall Free. Like most programs developed by the company, this firewall has a convenient and colorful interface with support for the Russian language and a built-in wizard.
To use the program, you must go through a simple registration procedure on the manufacturer's website. In this case, a free code will be sent to the user's mailbox, which can be used to register the Ashampoo Firewall.
Immediately after installation, the wizard will offer to configure the program by choosing one of two modes: “Simplified” and “Expert”. In most cases, it is recommended to use expert mode.
The program has five main modules or sections. In the "Rules" section, you can configure connection parameters for programs using the Internet. The “Statistics” and “Journal” modules are purely informative. Here you can view data about all connections and events.
The "Configuration" module is intended for internal settings of the firewall itself. The Utilities section contains four additional tools, namely a process manager, a utility for clearing your browsing history, and a pop-up blocker.
Ashampoo Firewall Free works like this: when an application for which there are no established rules tries to establish a connection, the firewall notifies the user about this, offering to create a new rule for this program, that is, to allow or block its access to the network.
If you disable this function (learning mode), the dialog will not be shown, and all applications for which no rules have been set will be blocked automatically. You can also use the "Block all" option. In this case, the firewall will block all connections without exception.
PC Tools Firewall Plus
Next, we advise you to pay attention to the excellent firewall called PC Tools Firewall Plus. Simple, free, with support for the Russian language, this firewall is one of the most reliable and effective, according to numerous user reviews. PC Tools Firewall Plus protects the system from unauthorized data transmission by Trojans, keyloggers and other malicious programs, and also prevents them from penetrating your computer.
It also supports flexible management of network traffic, creating your own rules, protecting settings with a password, hiding the presence of a PC on the network. The program is easy to install, does not require registration and system reboot as in the case of Ashampoo Firewall.
Connection parameters are configured in manual mode... It is advisable to do this immediately after installing the program, since by default PC Tools Firewall Plus marks some applications as unverified and therefore may partially block their work. The firewall user interface has six main sections.
The Applications module is intended for managing programs and creating rules for them. You can make a list of checked ports and IP addresses in the "Profiles" section, and if you want to analyze network traffic, you can switch to the "Operation" section. V general settings you can adjust the level of protection, configure filtering, full screen mode, and set a password to protect the PC Tools Firewall Plus itself.
Emsisoft Online Armor Free
The third place on our list is occupied by free firewall from Emsisoft GmbH under the name Online Armor Free. The program has a fairly impressive set of protection tools against all kinds of network threats, as well as blocking malware that uses the Internet. Online Armor Free includes four main protection modules: firewall, web filter, proactive protection and anti-keylogger.
Firewall and web filter provide reliable protection from information leakage from the user's computer, and also suppress attempts of unauthorized access to the system by malicious scripts.
The proactive protection module allows you to control the behavior of programs and, if necessary, restrict their activities.
Online Armor Free automatically scans the system for potentially dangerous applications and marks them accordingly. The firewall uses updated online databases to determine the security level of applications installed on the system.
Online Armor Free has a fairly simple and user-friendly interface with Russian language support. The main menu is located on the left side of the working window, on the right side the program status, the date of the last database update, as well as the latest news from the developer's website are displayed. Online Armor Free supports creating rules for programs, controlling ports and devices, creating lists of ignored domains, controlling autorun suspicious applications, as well as control of authority to change the HOSTS file.
Also, the firewall features include protection against spam, keyloggers, blocking cookies, site classification and protection against forced change of the home page address. Internet browsers Explorer, Opera and Firefox. From additional opportunities applications include support for virtual desktops, subnet scanning, as well as disabling HIPS and setting a password on the GUI.
ZoneAlarm Free Firewall
If the lack of the Russian language does not bother you, you can pay attention to the ZoneAlarm Free Firewall - a very peculiar firewall in terms of design, designed to protect PCs when working in global and local networks.
The application has a lightweight interface with a minimum of settings. Supports control of user programs (access list), tracking Internet traffic, checking email attachments, detailed logging, blocking pop-up windows and advertising banners.
In addition, the program implements the function of controlling cookies, so that you can restrict the transmission confidential information to the websites you browse. The user can set the level of protection independently. You can download the ZoneAlarm web installer for free from the developer's website.
During the installation of the package, in addition to the firewall, a number of tools are also installed additional protection- Web Identity Protections (web lock), Identity Protections (personal identification) and Online Backup ( backup). After installing the firewall, a computer restart is required.
Filseclab Personal Firewall Professional Edition
Filseclab Personal Firewall Professional Edition is another free, convenient and very simple firewall. The program supports creating individual rules for programs using a step-by-step wizard, filtering network access, viewing connections in real time, maintaining logs, and monitoring traffic. Filseclab Personal Firewall reacts to attempts by “dubious” or new applications to open a connection with a pop-up window prompting you to create an appropriate rule.
The program uses three main security levels, each of which is marked with a corresponding color: green, yellow and red. In addition, for each level, it is possible to create personal rules. Filseclab Personal Firewall has a fairly simple interface divided into seven sections.
The "Status" section displays the traffic volume and the number of transmitted packets; “Monitor” displays the listening ports and application connections.
In the Rules section, you can set rules for a specific application or domain.
The rest of the sections are for informational purposes only. There is no Russian language in Filseclab Personal.
Outpost Firewall Free
The next firewall, Outpost Firewall Free, is perhaps one of the simplest and most undemanding firewalls to the system. In this respect, it is akin to the standard Windows firewall, which, as a rule, is constantly present in the system, does nothing :).
Outpost Firewall is a fairly easy-to-use program designed to protect against external intrusions, as well as unauthorized data transfer by applications installed on the user's computer. Unlike other firewalls, Outpost Firewall Free requires almost no preliminary configuration.
The application supports monitoring of all incoming and outgoing connections, tracking software activity in real time, expandability using plug-ins. In the event of a threat or network activity of “dubious” programs, Outpost Firewall will notify the user about this by suggesting to allow or block the application that has declared itself.
Outpost Firewall Free has a very simple user interface that is not burdened with unnecessary features. Unfortunately, there is no Russian language.
However, this is not so important - the program is simple enough that even a novice user can figure it out. A few settings allow, if necessary, to adjust the level of protection (up to complete blocking of connections), as well as create exception rules for various programs and services.
Comodo Firewall
And finally, we suggest you briefly familiarize yourself with another free firewall Comodo Firewall. This powerful, feature-rich program with an impressive set of tools comes bundled with Comodo Antivirus, Comodo Defense and the Dragon web browser, but can also be installed separately.
The firewall provides complete protection against hacker attacks, Trojans, malicious scripts, keyloggers and other types of Internet threats. The application supports monitoring of incoming and outgoing traffic, working with ports, hiding a computer on the network, controlling software and driver updates
Additional functions of the firewall include maintaining a detailed log of events, integration into Windows Security Center, fast switching between modes (from the system tray), protecting the system during startup, detecting unrecognized files, viewing active processes and launching applications in a special sandbox (Sandbox).
With such a solid set of tools, Comodo Firewall has a simple Russian-language interface focused on the inexperienced in network settings user. All the tools and functions of the application are distributed among four modules, with a corresponding description for each option.
Plus, the program is equipped with a system of interactive dialogs (pop-up windows), written in an extremely simple and understandable language for a novice user.
Outcome
Choosing a good firewall can seem like a daunting task. And to make this work easier, let me give you some free tips. First, when choosing a firewall, pay attention to the opinion of experienced users and software testers. As a rule, a really good firewall leaves a lot of positive feedback.
Secondly, a good firewall should not enter into unreasonable conflicts with system drivers, popular applications and antiviruses, as well as be able to work with the Windows Security Center.
Updatable databases are also highly desirable. In addition, a good firewall cannot be disabled so easily from the Task Manager (this can be done with Filseclab Personal Firewall).
Thirdly, the firewall should not slow down the system in any way. For example, in this regard, the ZoneAlarm firewall is seriously inferior, since it is quite demanding on system resources and can slow down the work of a weak machine.
Also, before the final choice, it is advisable to test the firewall using a special program 2ip Firewall Tester. Everything else, such as the presence of the Russian language, user-friendliness of the interface, external design, is of secondary importance.
In fact, they are the same thing. Firewall and firewall is a software or hardware system that checks data entering the Internet or a network, and, depending on the settings, blocks it or allows it to enter the computer.
The firewall is more dynamic in configuration plans and more functional. The firewall, on the other hand, is easier to use and contains fewer settings.
Why do we need a firewall / firewall?
- Monitor applications using ports (if the application is modified by viruses or Trojans installed as plugins, the application's network activity is blocked);
- There is a learning mode in the firewall, when the first time the program accesses network resources the user is asked how to deal with the program (usually of the form "always deny, deny once, always allow, allow once, create a rule");
- Software exceptions are added to the firewall;
- Mixed filtering mode (in which everything incoming from the Internet is monitored through ports).
When installing the firewall, we disable the native Windows firewall and vice versa - this is done to avoid a conflict between them.
If you are in doubt with the choice ...
If you have a very valuable information, which contains passwords for bank accounts, Internet wallets, etc. or your computer is involved in currency and financial transactions, then you can rest assured that you need a firewall. If your computer is designed for home use, then the built-in standard Windows firewall is enough for you (unless of course you are using Windows XP and below).If you are interested in firewalls ...
I bring to your attention three firewalls that should interest you- COMODO Firewall Free
- ZoneAlarm Free
- Outpost Security Free
Why exactly these firewalls?
These firewalls are free because some modules are missing. Of course they have a PRO version, but you have to buy this version. Surely some of the vases will immediately go looking for these firewalls in the torrent to find them with a tablet.If you are looking for firewall data in a torrent, then look only for keys. Not keygens or cracks, but keys. Because most keygens and crackers contain viruses. By quacking the firewall, you will simply build a kind of hacker's passage to your personal data.
My personal opinion is that if you want to install a firewall, then install COMODO. This firewall is quite capable of competing with paid versions other firewalls. Also in COMODO there is a Russian interface language (which you will agree very well). This firewall has a built-in sandbox that allows you to run a program, even with a virus, without harming your computer. Therefore, if you do not want to spend money and risk the security of your personal information by placing cracks or keygens, put COMODO Firewall Free. If you decide to buy a PRO version of the firewall, then Agnitum Outpost Firewall Pro is your choice.
Firewall rating July 2013.
In July 2013, a firewall rating was carried out. This rating is not often carried out, in contrast to the rating of antiviruses. In the July test, 21 programs of the Internet Security class and a firewall took part. The tests were carried out on a clean computer with the latest updates preinstalled at that time on Windows 7 x86.What did the firewall test include?
- Checking the protection of processes from termination.
- Protection against standard internal attacks.
- Testing protection against non-standard leaks.
- Testing protection against non-standard kernel mode penetration techniques.
- Basic level of complexity (56 attack variants): checking the protection of processes from termination (41 attack variants) and protection against standard internal attacks (15 attack variants).
- Increased level of complexity (8 attack options): testing protection against non-standard leaks (3 attack options) and testing protection against non-standard techniques for penetrating into the kernel mode (5 attack options).
Firewall rating table for July 2013.
The best results in the test were shown by the Comodo and Bitdefender firewalls, which scored 100% points at maximum settings.
Why keep the regular firewall?
I personally choose regular firewall built into Windows. If you have Windows XP or less, then it is best to install a firewall.- It's very comfortable. As they say, everything is always at hand.
- The firewall has a minimum of settings that a regular user can handle.
- The security it creates suits me perfectly.
How do I enable Firewall?
What have we included?
Well, naturally, it's clear that Turning on Windows Firewall means we have turned on firewall protection. But blocking all incoming connections - this means that we have enabled maximum protection security that closes all ports. If you leave the checkbox on “Notify me when windows firewall blocks a new program”, blocking messages will pop up.Attention! If you are working on a local network, then it is possible that the network between computers will disappear. If this happens, then uncheck the "Block all incoming connections" box.
Faced a serious problem. Young Windows was good, but had great amount dangerous vulnerabilities, due to which hackers could easily enter the system. The only way out of the situation was to develop a separate software that would follow network activity and suppressed unwanted traffic.
Microsoft has developed its own firewall and integrated it into Windows. Today this application is known to us as Windows Firewall. unfortunately, the built-in firewall is not very reliable. To maintain network security, your computer still needs third party applications... Here are the best free firewalls that will provide you with this safety.
ZoneAlarm Free Firewall
ZoneAlarm Free Firewall is one of the oldest and most famous firewalls. Its first version was released back in 2000, and the most recent - in January 2017. The firewall can hide open ports, detect suspicious traffic and disable malware. Also, ZoneAlarm Free Firewall regularly communicates with the DefenseNet server itself, from where it gets information about the most pressing threats. The firewall is able to protect the user's PC when working through public Wi-Fi points. The only drawback of ZoneAlarm Free Firewall is that it can interfere with other network security programs.
Comodo Firewall
If you do not like firewalls annoying with too frequent notifications, you should pay attention to Comodo Firewall ... This program is pretty "silent" and does not bother the user over trifles. Meanwhile, Comodo Firewall is quite reliable. A firewall monitors your network and matches system and application data with a huge list of dangerous files. At the moment, this list contains information on more than 2 million threats. It is replenished daily.
PeerBlock
While many firewalls try to provide comprehensive protection, PeerBlock serves only one purpose. This firewall blocks access to your computer from known dangerous addresses. This is a great choice if you want to protect your privacy from infringement. ad networks, surveillance software, government or private anti-piracy organizations, and other Internet scoundrels. PeerBlock automatically updates the list of potentially dangerous addresses, but you can also change it manually.
TinyWall
TinyWall - Lightweight and silent firewall that does not annoy the user with pop-ups and notifications. Essentially, TinyWall can be thought of as a plugin that enhances the built-in Windows Firewall. The program is perfect for beginners, since there are no complicated settings in it.
OpenDNS
OpenDNS is not a downloadable firewall, but an internet service that provides public and secure DNS servers for everyone. You just need to specify the correct data in the settings of your router so that all your traffic goes through these servers. This is very convenient for users in whose home network there are many devices connected to the Internet, especially smart home gadgets.
Anti NetCut3
If you often have to use public wifi, firewall Anti NetCut3 can help you protect your system when connected to a compromised point. This program is designed with the sole purpose of keeping track of a specific network connection... All you have to do is specify which adapter to monitor. It could be Wi-Fi adapter if you are connecting over the air, or LAN card if you access the Internet via cable.
Anyone who has ever thought about the question "which firewall to choose?" Gartner(a well-known analytical agency).
At the end of June 2017. the next report on the state of the market was released Unified Threat Management (UTM) - Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) and in July 2017. Enterprise Firewalls - Magic Quadrant for Enterprise Network Firewalls... If you are interested to know who was among the leaders, how the situation has changed over the past year and what trends are observed, then welcome under the cat ...
UTM Market:
Let me remind you that by definition Gartner:
“Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall / intrusion prevention system (IPS) / virtual private network, secure Web gateway security (URL filtering, Web antivirus) and messaging security (anti-spam, mail AV). "
That is, network security platforms targeted at small companies (Small) and slightly larger companies (Midsize) fall under this definition (under small companies (Small and Midsize Business), Gartner counts companies with 100 to 1,000 employees). UTM solutions usually contain today's typical firewall functionality, intrusion prevention systems (IPS), VPN gateway, web traffic filtering (URL filtering, streaming antivirus system for web traffic), as well as a mail traffic filtering system (filtering spam messages and an anti-virus system for mail traffic), and of course we must not forget about the basic routing system and support for various WAN technologies.
It is interesting that, judging by the predictions of Gartner, the market for firewalls until 2020. will remain in about the same state as now. In 2022. according to the predictions of Gartner, class solutions will begin to enter into everyday life in SMB Firewall as a Service (FWaaS), i.e. cloud firewalls, where client traffic will be tunneled, and the share of new installations on the SMB market will be more than 50%, compared to the current share of 10%. In addition, 2022. 25% of SMB segment users will use their firewall as a monitoring tool and an intermediary broker to provide inventory and control of the use of SaaS resources, as a tool for managing mobile devices or enforcing security policies on end-user devices (currently, less than 2% of users use this functionality on firewalls). FWaaS solutions will be more popular for distributed branch structures, this decision will use 10% of new installations, up from less than 1% today.
Insofar as UTM solutions focused on relatively small companies (by the standards of Gartner), it is clear that having received all the functionality out of one box, the end customer will somehow be content with compromises in terms of performance, network security efficiency and functionality, but for such customers it is also important that the solution was easy to manage (management through a browser as an example), the solution administrator could be trained faster due to the simplified management, so that the solution contains at least basic reporting tools built-in, for some customers it is also important to have localized software and documentation.
Gartner believes that the needs of SMB customers and Enterprise customers are very different in terms of Enterprise needs for the ability to implement more sophisticated management policies, advanced network security capabilities. For example, Enterprise customers with a distributed branch structure often have branches that can be the same size as the entire SMB segment. However, the criteria for choosing equipment for a branch, as a rule, are dictated by the choice of equipment at the head office (usually the branches are selected equipment from the same vendor that is used in the head office, i.e. Low End Enterprise-class equipment), since the customer needs to have confidence in ensuring compatibility of equipment, and in addition, these customers often use a single management console to ensure the manageability of the branch network (where there may not be appropriate specialists) from the head office. In addition, the economic component is also important, a corporate customer can receive additional discounts for "volume" from manufacturers of internetwork solutions, including solutions for a branch network. For these reasons, Gartner considers solutions for distributed branch structures of Enterprise customers in squares of solutions for the Enterprise segment (NGFW / Enterprise Firewall, IPS, WAF, etc.).
Separately, Gartner singles out customers with a distributed network of highly autonomous offices (a typical example is a retail network, where the total number of employees can be more than 1000 people), who, like a typical SMB customer, have rather limited budgets, a very large number of remote sites, and usually small IT / cybersecurity staff. Some UTM vendors even specifically focus on solutions for these customers more than traditional SMB.
UTM as of June 2017:
But what happened a year ago, in August 2016:
The list of UTM market leaders still includes the same familiar faces - Fortinet, Check point, Sophos. Moreover, the situation is gradually heating up - the positions of the leaders are gradually being pulled up to each other. Juniper got out of niche players into pursuers, pulled up its position a little SonicWall.
What does Gartner think about the leaders of the UTM-segment market separately:
It is a representative of the UTM market leaders, SMB solution is represented by an enterprise-class firewall (Enterprise), which is quite easy to manage and has an intuitive graphical interface (GUI).
The headquarters are located in Tel Aviv (Israel) and San Carlos (USA). Check Point is a network security vendor with over 1,300 R&D employees. The product portfolio includes SMB and Enterprise class firewalls (Security Gateway), a dedicated endpoint security solution (Sandblast Agent), a mobile device security solution (Sandblast Mobile), and virtual firewalls (vSEC for private and public clouds). The current line of SMB class firewalls includes families 700, 1400, 3100, 3200, 5100, 5200, 5400, 5600, all devices were introduced in 2016/2017.
3. Sophos:
He is a representative of the UTM market leaders. It continues to increase its market share due to its ease of use, good functionality of the Security component, and successful integration with its own endpoint protection solution. A frequent visitor to the shortlists of an SMB customer, as well as for distributed networks of autonomous offices.
The headquarters is located in Abingdon (Great Britain) and employs more than 3000 employees worldwide. The product portfolio contains a mixture of network security solutions and endpoint protection solutions. The Sophos XG line of firewalls contains 19 models and was last updated in the 4th quarter of 2016, as well as the outdated Sophos SG line in the portfolio. Sophos UTM solutions are available as virtual applications with integration with IaaS platforms - AWS and Azure. Endpoint security solutions include Sophos Endpoint and Intercept X. The integration solution between Sophos UTM and Sophos Endpoint is called Sophos Synchronized Security. The vendor's portfolio also includes solutions for protecting mobile devices and ensuring data encryption.
Enterprise Firewall Market:
In 2011. Gartner has introduced a new definition for the Enterprise Firewall market - Next Generation Firewall (NGFW):
“Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port / protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated. "
Then it was an innovation, around which there was a lot of controversy. Several years have passed, a lot of water has flowed under the bridge, and now in 2017. Gartner no longer considers this to be any special advantage, but simply states the fact that all the leading players in this market have acquired this functionality for a long time, and now they differentiate themselves from other vendors in terms of functionality.
According to Gartner forecasts by 2020. Enterprise-class virtualized firewalls will occupy up to 10% of the market, up from 5% at the moment. By the end of 2020. 25% of firewalls sold will include cloud integration security brokers to connect to cloud services ( Cloud Access Security Broker, CASB), integrated by the corresponding API. By 2020 50% of new firewall installations will use outbound TLS inspection, up from less than 10% currently.
According to Gartner, the Enterprise Firewall market consists primarily of solutions for protecting corporate networks (Enterprise Networks). The products included in these solutions can be deployed as a single firewall, as well as in large and more complex scenarios, including branch networks, multi-layer demilitarized zones (Multitiered DMZs), in traditional deployment scenarios in the form of a "large" firewall in the data center, and also include the ability to use virtual firewalls in the data center. Customers must also be able to deploy solutions inside public cloud infrastructures Amazon Web Services (AWS), Microsoft Azure, and the vendor must also have support in their roadmap Google cloud within the next 12 months. Products must be able to be managed with highly scalable (and granular) management tools, have a strong reporting system, and have a wide range of solutions for the network edge, data center, branch network and deployment in virtualization infrastructure and public cloud. All vendors in a given market segment must support fine-tuning and control of applications and users. The functionality of Next Generation Firewall is no longer an advantage, but a necessity. So Gartner crosses out the term she invented, because given functionality is considered quite common and absolutely necessary in the Enterprise Firewall market. Essentially, Gartner considers NGFW and Enterprise Firewall synonymous. Manufacturers working in this market focus and build a sales strategy and technical support for large companies (Enterprises), and the functionality they develop is also focused on solving the problems of large companies (Enterprise).
Gartner says its research shows NGFWs are gradually continuing the trend of replacing standalone IPS devices at the network perimeter, although some customers say they will continue to use dedicated Next Generation IPS (NGIPS) devices in a Best of Breed strategy. Many enterprise customers are interested in cloud-based Malware detection solutions as a cheaper alternative to stand-alone sandbox solutions ( Sandboxing Solutions).
Unlike the UTM market, the corporate firewall market does not imply that NGFW solutions should contain all the functionality to protect the network. Instead, Gartner sees in enterprise firewalls the need to specialize specifically in NGFW functionality. For example, enterprise class branch firewalls require support for a high blocking granularity. network traffic, which should go in the product base, an integrated service approach to processing network traffic is required, product management should be highly integrated, and not look like a hastily compilation of different engines into one product. The level of protection and ease of configuration of enterprise-class firewalls for branch networks should not be inferior to solutions for the head office.
In 2017. Gartner has a strong focus on TLS session termination solutions to ensure outbound traffic is scanned for threats such as downloads malicious code, botnet management. In a way, the ability to inspect outgoing TLS traffic brings NGFW closer to DLP solutions in a lightweight version, since decryption and subsequent inspection of outgoing TLS traffic allows you to make sure that sensitive data is not sent out. However, some customers using this feature may experience significant performance degradation when activating this feature due to the high cost of decrypting TLS.
Some progressive customers are planning, and some are already taking advantage of the Software Defined Networking (SDN) paradigm and leveraging micro-segmentation capabilities in a virtualized data center. These customers are looking at vendors with support for various SDN solutions, as well as their plans for further development in the direction of SDN. Solution vendors are incorporating increasingly automated approaches to orchestrating firewall policies to provide the flexibility and business benefits that the SDN paradigm promises.
Now let's look at the current situation with the Gartner market square. Enterprise Firewall as of July 2017:
But what happened a year ago, in May 2016:
The list of long-standing leaders of the Enterprise Firewall market is Palo Alto Networks, Check Point. This year, Gartner moved Fortinet from Challengers to the Leadership category as well. Passions are heating up - the positions of the leaders in this segment are also getting closer to each other. Cisco was unable to become a leader this year either, remaining in pursuit. But Huawei is surprising, which of the niche players was quite confidently placed in the section of the pursuers.
What does Gartner think about the leaders of the Enterprise Firewall market separately:
1. Palo Alto Networks:
It is one of the leaders in the Enterprise Firewall market, and is also a pure Security vendor, based in Santa Clara (USA, California), with over 4,000 employees. Produces firewalls since 2007, in 2016. revenues exceeded $ 1.4 billion.The solution portfolio includes enterprise-class firewalls in physical and virtualized executions, solutions for protecting end nodes (Traps and GlobalProtect), solutions for collecting, aggregating, correlating, real-time threat analytics to support defensive measures (Threat Intelligence , AutoFocus), SaaS security solutions (Aperture). The manufacturer is actively working on integrating solutions into a unified network security platform.
Palo Alto Networks recently released version 8 of the PAN-OS operating system with enhancements for WildFire and Panorama, new SaaS security functionality, and user credential protection. The PA-220 entry-level firewall, the PA-800 Series mid-range device was also released, and the PA 5000 Series firewall line (new models 5240, 5250, 5260), which has been released since 2011, has also been updated.
Representative of the Enterprise Firewall market leaders. The portfolio of products for the Enterprise market contains a large number of solutions, including NGFW firewalls and solutions for endpoint protection, cloud and mobile solutions network security. Check Point's flagship products are Enterprise Security Gateways (Enterprise Network Security Gateways include the 5000, 15000, 23000, 44000, and 64000 families). Cloud security is provided through the vSEC solution for private and public clouds, there is also a SandBlast Cloud solution for SaaS applications. Endpoint security solutions include SandBlast Agent and mobile security solutions - Check Point Capsule and SandBlast Mobile. Also released SandBlast Cloud solution for scanning mail traffic in Microsoft Office 365. In 2016. become available models 15400 and 15600 for large corporate customers, as well as 23500 and 23800 for data centers.
New Hi-End platforms 44000 and 64000 were recently introduced, vSEC for Google Cloud released, and also came out a new version R80.10 software with enhancements for the management console, improved performance and SandBlast Anti-Ransomware, which provides protection against malicious software of the Ransomware class. Also introduced is the new Check Point Infinity network security architecture that integrates the security of networks, clouds and mobile users.
Check Point has also expanded its cloud-based Malware protection solution that can be integrated in front of SaaS email services. Check Point offers numerous software blades that extend firewall capabilities, including Advanced Mailware Protection (Threat Emulation and Threat Extraction), Threat Intelligence Services - ThreatCloud IntelliStore, and Anti-Bot. Check Point supports its firewalls in the public clouds of Amazon Web Services (AWS) and Microsoft Azure; integration solutions are available with SDN solutions from VMWare NSX and Cisco Application Centric Infrastructure (ACI).
Check Point's solution should be shortlisted by an enterprise customer for whom price sensitivity is not as important as granularity of network security functionality, coupled with high-quality centralized management for complex networks... It is also a good candidate for customers using hybrid networks of on-premise hardware, virtualized data centers, and clouds.
