Magic Quadrant for Unified Threat Management 2015

 

Published: 27 August 2015
Analyst(s): Jeremy D'Hoinne, Adam Hils, Greg Young, Rajpreet Kaur
Unified threat management devices provide small and midsize businesses with multiple network security functions in a single appliance. SMB buyers should carefully evaluate UTMs' performance when numerous security functions are enabled, and UTMs' ability to handle new SMB practices.Strategic Planning Assumptions Replacement of UTM by cloud options will remain at less than 5% through 2016; however, by then, most UTM devices will leverage cloud-assisted security or management features.
By 2018, 30% of SMBs will use mobility management capabilities from their UTM platforms to enforce distinctive policies — up from 10% today.

 

Aker Security Solutions

Based in Brazil, Aker Security Solutions is a network security vendor. Its portfolio has included UTM solutions (Aker Firewall UTM) since 1997, as well as secure Web gateway and secure email gateway. Aker Firewall UTM is composed of 14 models, with two models with wireless capabilities, all refreshed in 2013. Its single virtual appliance model can also run on VMware, Citrix XenServer and Microsoft Hyper-V.

In the past months, Aker has upgraded its IPS signature base, added Internet Message Access Protocol over SSL (IMAPS) support and a VPN client for iOS and Android through OpenVPN integration. It also now offers an option to support multiple users on a Windows Terminal server or Citrix workstation.

Aker is assessed as a Niche Player, because it operates mostly in Brazil and does not compete yet internationally. Aker Firewall UTM is a good shortlist candidate for small and midsize organizations in Brazil.

 

Strengths

? Aker Firewall UTM provides a comprehensive set of UTM features, including application control, a variety of VPN options and link load balancing, wireless security, Secure Sockets Layer (SSL) VPN, and two choices each for an antivirus engine.

? Aker's clients and its channel partners cite ease of use, the vendor's local presence in Brazil, and the quality of its support as reason to select the vendor's UTM.

? Aker is one of the few vendors that provide graphical user interface (GUI), documentation and support in Portuguese, in addition to English.

Cautions

? Aker does not appear in UTM evaluations outside of Brazil yet.

? Aker has a smaller development team for its UTM, and therefore is slower to release new features than many of its international competitors. Gartner believes that this is noticeable in upper-midmarket organization selections.

? Aker's UTM lacks network sandboxing and fine-grained role definition for centralized management, and does not provide a Web-based SSL VPN for remote users (using a Java applet is required). Some clients report that management console and reporting look dated.

? Aker does not provide an embedded Web interface that the smaller organizations appreciate. Instead, Aker's UTM always requires the installation of a management software component (Aker Control Center).

Barracuda Networks

Based in Campbell, California, Barracuda Networks is a large vendor providing network security, backup and infrastructure solutions, including Web and email security, Web application firewall, application delivery controllers and data backup. In February 2013, Barracuda released a new product line, the Barracuda Firewall (X series), to complement Barracuda NG Firewall (F series), its incumbent range of firewalls, which are oriented toward larger enterprises' needs. Barracuda Firewall is composed of seven models, including two with wireless capabilities, but is still not available as a virtual appliance. It embeds a Web interface, designed for simpler use cases, and can be managed in the Barracuda Cloud Control portal.

In 2014, the vendor introduced Barracuda Security Suite, a single integrated server that offers fullfeatured versions of Barracuda Firewall, Barracuda Spam Firewall and Barracuda Web Filter. The vendor also recently released application-based link-load balancing and customized block pages for its Web proxy.

Barracuda is assessed as a Niche Player mainly because of the limited reach for its UTM product line outside of the EMEA region. The Barracuda Firewall series is a good shortlist candidate for North American and European SMBs that already use other Barracuda products, have stringent budget constraints or prize ease of deployment as a primary requirement.

Strengths

? Barracuda has strong market share among SMBs, and customers benefit from good global sales and support presence. Barracuda has greatly increased partner training and certification for the Barracuda X Series in North America and Europe.

? Surveyed partners and customers consistently cite knowledgeable, responsive customer support as a clear differentiator from competitors.

? Gartner clients report that they like Barracuda's simple licensing, and that unlike many competitors, the price for software options is reasonable. Barracuda Cloud Control is included at no additional charge.

? Barracuda Networks offers a 30-day refund plan and a replacement program that includes a free new appliance every four years, keeping the average appliance life at below four years.

Cautions

? The Barracuda X Series partners and customers cite the need for more advanced features, including higher quality application and identity control. Its cloud-based sandboxing feature is currently available for Web traffic only.

? The Barracuda X Series has not been scrutinized by any major third-party testing labs and has a limited number of certifications.

Gartner believes that, while Barracuda has correctly assessed that SMB and enterprises have different needs, its two firewall lines still have more overlaps than differences, which complicates the work of its channel and can confuse SMB buyers.

Check Point Software Technologies

Check Point Software Technologies, headquartered in Tel Aviv, Israel, and with operations worldwide, is a large pure-play security company and, according to Gartner, has the largest enterprise firewall market share. Its SMB product line is mostly across the 600, 1100, 2000 and 4000 lines of appliances. UTM can also be delivered via the cloud-based Capsule Cloud service, as a virtual appliance in the Check Point Security Gateway Virtual Edition, or on Amazon Web Services (AWS), Microsoft Azure and OpenStack. Fundamental to Check Point security gateway offerings is the set of software options referred to as Software Blades, which can be grouped together in bundles. SMBs often choose more blades than enterprises would.

Recent features includes mobile security features (Check Point Capsule), software-based performance improvement for traffic processing, improved coverage of industrial control system (ICS) protocols and a new threat mitigation software blade, Threat Extraction, which uses content reconstruction to remove suspected malicious content during transit.

Check Point is rated as a Leader because of its continued presence on SMB customer shortlists, its geographic coverage and its ability to beat competition based on its unique features. Check Point is a good choice for SMB organizations that do not consider low price as the most important criterion.

Strengths

? Check Point's reporting and management console is consistently very highly rated by midsize companies that need to handle any complexity. The different support levels and options provide a good variety of options and prices.

? Check Point's UTM solutions benefit from its enterprise-level security features, such as ThreatCloud and Anti-Bot software options, in addition to the strong IPS module, which are all backed up by Check Point's large threat research team.

? Check Point provides a strong set of options to protect against custom malware with its sandboxing subscription (Threat Emulation Cloud Service), a variety of threat intelligence feeds (ThreatCloud IntelliStore) and a recently released feature that can automatically remove suspected harmful content from downloaded file (Threat Extraction).

? Check Point UTM integrates with the vendor's cloud-based security service for mobile and remote users, providing a unified security policy for mobile and corporate users.

? Check Point's strong investment and persistent strategy to address SMB clients translates into a good execution on its UTM roadmap.

Gartner clients often cite price as the primary reason for not selecting Check Point solutions; however, this caution will not apply where best-of-breed features are sought foremost.

? Gartner sees Check Point mostly selling to its existing client base; however, Check Point has increased emphasis on its SMB value-added reseller (VAR) support program since the last edition of this Magic Quadrant.

? Check Point offers many Software Blades and keeps adding new ones. It has made good progress in simplifying the sales offering with bundles, but resellers and clients report that they find it difficult to assess the overall performance impact of enabling more than a few options simultaneously.

? Check Point changes in legacy SMB branding strategy could cause some confusion in the market; however, this will diminish if the current strategy is maintained.

Cisco

Cisco, based in San Jose, California, has a complete access-layer product offering across wired and wireless, making it the largest network infrastructure provider. The vendor also owns a broad security portfolio, including secure email gateway, secure Web gateway, stand-alone IPS, enterprise firewall and UTM.

Since its acquisition of Sourcefire in 2013, Cisco is gradually integrating Sourcefire's IPS into its existing product lines. Cisco's strategy for SMBs mainly relies on its cloud-managed Meraki MX appliances, although they also offer the ASA 5500-X Series (five models) for small and midsize companies.

Recent product news includes further integration of Sourcefire IPS into the Cisco ASA product line. Cisco also offers Meraki UTM models with 802.11ac wireless capabilities, GeoIP blocking and policy-based routing.

Cisco is assessed as a Challenger because it has solid presence in midmarket organizations, but has yet to provide a harmonious vision for all the UTM use cases. Cisco is a good choice for its existing customers and a good shortlist contender for distributed organizations.

Strengths

? Cisco's brand and market presence are strong assets when targeting SMB clients that want minimal complexity in their infrastructure and a simple procurement process.

? Cisco has recently introduced new ASA X Series models. The vendors' efforts to further integrate the management of Sourcefire IPS on the ASA platform enhance its ability to answer the stringent security needs of midmarket organizations looking for consolidated firewall and IPS modules.

Cisco Meraki MX cloud-based centralized management offers a unified view of all Meraki UTM, wireless AP, switching and MDM products through the cloud.

Cautions

? Cisco Meraki MX lacks email security, cloud-based sandboxing, SSL VPN for remote users and SSL decryption for HTTP. These functions are available in many competitive UTMs.

? The Meraki MX product line does not fully address all the use cases for SMB network security needs, and the management consoles for Cisco ASA X and Cisco Meraki are totally separate. This dual product-line offering available to SMB clients from Cisco might create complexity for some clients using Cisco ASA on the core network, but considering Meraki MX for distributed offices.

? Cisco does not generate many inquiries from SMB clients for its Meraki MX offering.

Dell

Dell, with headquarters in Round Rock, Texas, is a leading computer manufacturer that has diversified its activity in infrastructure and security. Its UTM portfolio is branded Dell SonicWALL and includes 12 models. Dell SonicWALL is composed of two product lines that are sold to the SMB market: the SonicWALL TZ Series for the smallest businesses, refreshed in 2015; and the

SonicWALL Network Security Appliance (NSA) Series for small and midsize companies, with models released in 2013 and 2015. The Dell product portfolio includes firewall appliances targeting large enterprises (SuperMassive), and wireless access points (Dell SonicPoint) that can be managed from the Dell SonicWALL UTM console. Dell also provides other network security solutions, such as SSL VPN and email security gateway.

Dell recently refreshed its Dell SonicWALL line for small organizations with eleven new TZ products, notably adding 802.11ac wireless and SSL decryption. It has also added support for its most recent wireless access point (Dell SonicPoint).

Dell is a Challenger in this Magic Quadrant mainly because of its comprehensive portfolio and the ability for customers of Dell's other product lines to leverage existing partnerships with the vendor. Dell is a good shortlist candidate for SMBs, especially for current Dell customers.

Strengths

? Dell's global presence and brand facilitates cross-selling of security solutions, especially for SMB organizations that prefer to minimize their number of software and hardware providers.

? Clients like the product robustness and the comprehensive set of features. The application visibility module contains a large database and can provide good visibility over the usage of SaaS applications.

? Dell SonicWALL has a larger R&D team dedicated to UTM than many of the UTM vendors cited in this report, including a large in-house security lab that creates all its IPS signatures.

Dell SonicWALL lacks sandboxing and embedded custom reporting. Aggregated multifirewall reporting is available using SonicWALL Analyzer reporting, as a paid option per firewall.

? Gartner has observed that the competition continues to aggressively chase Dell SonicWALL's channel partners. Competition between channel partners and Dell's direct sales approach is frequently cited as the reason why Dell's partners have moved to another vendor.

? While Dell's visibility in UTM shortlist remains high, Gartner has observed an increased number of UTM selections where Dell SonicWALL was the incumbent solution, but not the preferred vendor for the product upgrade.

? Gartner clients cite issues with the management console and report that the antivirus catch rate can vary.

Fortinet

Fortinet is a large security vendor with headquarters in Sunnyvale, California. It offers almost 40 different UTM appliance models (FortiGate) aimed at the small and midsize market, including wireless, DSL and Power over Ethernet (PoE) versions. FortiGate is also available as a virtual appliance, with five models that are priced based on CPU core count. On-premises centralized management (FortiManager) and reporting (FortiAnalyzer) solutions complement the UTM offering. The comprehensive security product portfolio, composed of tokens and host agents (FortiClient), is designed to appeal to VARs and managed security service providers (MSSPs) as the route to sales.

Fortinet's roadmap continues to be driven by regular hardware and software updates, with 11 new FortiGate appliances in 2014 and six models so far in 2015. Fortinet also simplified FortiGate deployment with new configuration wizards, enhanced FortiGate's integration with the cloud sandbox, and introduced new FortiView dashboards in order to improve event monitoring.

Fortinet is assessed as a Leader because it set the bar for the UTM market in terms of performance and price, and often is the first vendor to add new modules to further expand UTM feature set. Fortinet is a good candidate for all UTM use cases.

Strengths

? Fortinet continues to be the most highly visible UTM provider among Gartner clients. It also owns the largest market share, growing faster than the market average, and has the largest base of certified channel partners for UTM technology.

? Fortinet has a very large R&D team and support centers across all regions. Gartner continues to view Fortinet as setting the cadence in the UTM market, driving its competitors to react.

? Fortinet was one of the first vendors to integrate file sandboxing capabilities, and it is backed up by the large FortiGuard Labs threat research team. The vendor has announced more than 3,000 customers using file sandboxing, while most of its competitors remain silent about customer adoption.

Fortinet provides an aggressive price/performance proposition, which is often a decisive factor for budget-constrained SMBs. Its UTM bundle in a single SKU is a predictable, easy way for SMB security buyers to get multiple safeguards.

? The combination of wireless access point management, Wi-Fi analytics, high port density and Power over Ethernet (PoE), along with the availability of price-competitive UTM appliances (and a variety of other security products), appeals to small businesses looking for more than a security gateway and to distributed retail organizations.

Cautions

? The frequent hardware and software updates make it more difficult to maintain a consistent level of expertise across Fortinet's widely distributed channel, which sometimes causes discrepancies in presales and support quality.

? Gartner clients report issues related to Fortinet UTM regarding the usability of the FortiManager centralized management, and to lower-than-expected performance when enabling security features.

? Fortinet customers have reported difficulty in obtaining easy, responsive support from the Fortinet ecosystem.

Hillstone Networks

Hillstone Networks is a pure network security player, with headquarters in Beijing and operations in Sunnyvale, California. Its UTM portfolio includes 15 hardware models released in 2009 and the most recent models introduced in 2014 (E series). Two virtual appliances are also available.

Hillstone has recently improved its Internet Protocol version 6 (IPv6) compatibility and its application control module. It also supports SSL traffic decryption and has released a VPN client for iOS and Android. Also, the company is currently offering an upgrade path for its older firewalls to its Hillstone Unified Intelligent Firewall, which delivers anomaly detection and reputation scoring for hosts and networks. The vendor continues to develop its channel in Asia/Pacific (APAC) and Latin America.

Hillstone is a Niche Player because it primarily sells its UTM to Chinese SMB organizations. Hillstone is a good shortlist candidate for SMB organizations in the APAC region.

Strengths

? Hillstone's UTM includes host reputation and network monitoring features that can help detect infected hosts.

? Clients give good scores to the vendor's UTM performance, the flexibility of its quality of service (QoS) engine and the quality of support provided in China.

? Hillstone Networks' security features appeal to security-conscious midsize organizations.

Hillstone primarily targets the large enterprise market. It serves SMB organizations, but its roadmap is biased toward larger organization needs.

? Hillstone does not offer network sandboxing. It also lacks anti-spam and other email security features that some organizations still require.

? Hillstone clients report that they would like to see better activity reporting and improved Web filtering.

? Hillstone is not visible in UTM competitive shortlists outside of China. Its international channel is a developing effort, and prospective clients should verify the local availability of technically savvy partners.

Huawei

Huawei is a large network infrastructure supplier headquartered in Shenzhen, China. In 2009,

Huawei launched its Unified Security Gateway (USG) product line to address the Enterprise and the SMB markets. The line now includes more than 25 models, including a large number of appliances with wireless capabilities. Centralized management software is available. Large UTM appliances can run several UTM software instances, but the vendor does not provide virtual UTM appliances to run on the top of leading hypervisors.

Recent updates include four new hardware models (for sale in China only), as well as improved application control and performance.

Huawei is rated as a Niche Player because it predominantly sells its UTM to its existing clients. Huawei's UTM is a good contender for SMBs in China and for its current large-enterprise customers in other countries.

Strengths

? Clients often cite good prices, especially for support service, as a decisive factor in selecting Huawei's solutions.

? Huawei customers like the ease of installation, facilitated by a helpful installation wizard.

? Huawei has a large number of clients using IPv6. All firewall networking functions and UTM features are fully functional in IPv6.

Cautions

? Though its 2014 percentage of sales outside of APAC grew slightly in 2014, Huawei sells a majority of its UTM in this region and struggles to grow market share outside of it. SMB customers in other regions should first assess the level of commitment of Huawei's local channel partners to the SMB market.


Like most infrastructure vendors, Huawei's leverage is in its existing customer base of large enterprises and carriers. This focus on larger markets might divert development priorities away from SMB needs.

? Huawei partners mention that the Huawei central management GUI is too technical and difficult to use. Huawei also lags behind most of its competitors when it comes to email security.

Juniper Networks

Juniper Networks is a network infrastructure vendor based in Sunnyvale, California. It has a broad portfolio that covers network and security solutions. Its UTM offering (SRX Series) includes 13 models and relies on the Junos OS, which is the common platform for network and security appliances in Juniper's portfolio. Other product lines can support UTM capabilities (SSG Series and ISG Series), and two virtual appliances are available.

In 2014, Juniper introduced the Spotlight Secure threat intelligence platform, SSL Forward Proxy for AppSecure, central management support for SRX UTM, and integrated reporting and logging in Security Director. Juniper integrated UTM in its vSRX, allowing customers to use its virtual firewall appliances as virtual UTMs with a utility pricing model. During the same period, Juniper sold off its NAC and mobility solutions. Juniper has lost considerable market share against rivals during 2014, with its market share decreasing by 35%.

Juniper is evaluated as Challenger because it has good presence on SMB shortlists when stateful firewall, VPN and IPS are the primary needs, but does not displace leaders on UTM deals based on its features or vision for the SMB market. Juniper UTM is a good choice for existing Juniper customers. Other SMB customers should first verify the experience of their local channel with Juniper security solutions for an SMB use case.

Strengths

? UTM buyers that already use Juniper technology can leverage their existing relationship with the vendor to get a lower price and quickly learn how to manage its UTM.

? Juniper has a broad range of hardware appliances to support a wide variety of scalability and performance requirements.

? Juniper's understanding of diverse customer environments makes it a good choice for complex network infrastructure or when support is a critical component of the purchase decision.

? Juniper customers and partners express satisfaction with the quality and timeliness of Juniper's support.

Cautions

Juniper rarely appears on Gartner SMB customer shortlists for UTM when more than firewall, VPN and IPS is required.

Juniper appears to be focusing its security product development efforts on high-end enterprise data centers and carriers, not on the SMB audience. Juniper did not release a new model of its UTM hardware appliance in 2014.

? Juniper does not have a dedicated cloud-based malware detection sandbox, causing SMB customers to either go without one or to deploy alternative sandbox solutions from other vendors, thereby increasing costs and adding another management console.

Rohde & Schwarz (gateprotect)

Germany-based Rohde & Schwarz (gateprotect) is a pure-play security vendor. Gateprotect was founded in 2002 and acquired by the large German electronics group, Rohde & Schwarz, in 2014. Rohde & Schwarz also acquired a small enterprise firewall company called Adyton Systems, now part of the gateprotect portfolio. Gateprotect's UTM portfolio includes nine appliances. Virtual appliances and centralized management are also available. Gateprotect's management interface (eGUI) implements a graphical (icon-based) visualization of the network topology as a way to simplify the configuration of the security policy.

Gateprotect recently added a reverse proxy and minor improvements to its eGUI software.

Gateprotect is assessed as a Niche Player because most of its UTM wins are in Europe, and its

UTM appeals mainly to lower-midsize businesses. Gateprotect is a good shortlist candidate for SMBs in Germany and small organizations in EMEA countries when certified gateprotect channel partners are available.

Strengths

? Clients and channel partners give positive ratings to vendor support and ease of use, especially for lower-midsize organizations. Clients also provide positive comments on production performance that matches what is advertised on the datasheets.

? Gateprotect markets its German R&D and "no backdoor" policy as competitive advantages against its U.S.-based competitors. This appeals to a portion of the EMEA market, especially in small government agencies.

? Gateprotect operates as an independent entity, but now benefits from Rohde & Schwarz's sales and support channel, which should increase gateprotect's ability to reach and support UTM clients outside of Europe.

Cautions

? Gateprotect is growing at a slower pace than the market. The vendor roadmap execution has been impacted negatively by the acquisition and the merger of Adyton and gateprotect technologies, with only a few new features released in the last 24 months.

? Gateprotect does not offer network sandboxing and lacks IPv6 support. It also lags behind its competition in the number of activity reports it can offer.

Most of gateprotect's UTM sales come from the small and lower-midsize organizations in Europe, with its largest installed base in Germany. Its brand awareness and channels in other countries are still more limited. Clients interested in gateprotect UTM should first verify the vendor's local presence and the channel's experience with the solution.

Sophos

Based in Boston, Massachusetts, and Oxford, U.K., Sophos is a large security vendor that initially provided endpoint security before adding network and mobile security solutions to its portfolio. After its acquisition of Cyberoam Technologies, the Sophos UTM portfolio includes 29 models from its Sophos (SG Series) and Cyberoam (CR Series) brands. Sophos UTM is also available as a virtual appliance. It also offers its three models of remote Ethernet device (RED) appliances for small branches that are centrally managed using a Sophos UTM.

Sophos recently announced a large UTM product line refresh with 14 new SG models and six new CR models. New features include email encryption, user quotas for Web browsing and a unified reporting solution (Sophos iView). In July 2015, the vendor went public on London Stock Exchange.

Sophos is assessed as a Leader because, despite the efforts created by the integration of Cyberoam, it continues to grow its market share based on features and customer trust in its UTM roadmap. Sophos is a good UTM shortlist contender for SMBs, especially in Europe and APAC regions.

Strengths

? Sophos' SG UTM series' ease of use consistently rates high. The interface contains general guidance on what each feature does, which is useful for SMB operators, who are not all security experts.

? Sophos channel support is rated high. Support for Cyberoam products is easily available through chat, email and phone, and is active in providing presales support for quick resolution.

? Sophos has good endpoint integration, allowing the firewall to push wireless and VPN policies for mobile devices, and can also restrict access to wireless networks for noncompliant mobile devices.

? Sophos SG UTM series support is available in a variety of European languages, and its local presales and support presence receives positive scores from Gartner customers.

Cautions

? Gartner believes that Sophos' dual-line UTM products and expected rationalization may be confusing to existing customers looking for a product upgrade in the next 12 months.

Except for the reporting solutions, there has not been any significant integration between the two product lines since the acquisition of Cyberoam. Gartner believes that managing two UTM product lines is a significant burden for the vendor and channel sales, presales and support teams.

Since the acquisition of Cyberoam, Sophos has expanded outside of Germany and the U.K. with increased visibility in Southeast Asia and the Middle East, but the vendor continues to be more concentrated regionally and still has lower visibility in North American shortlists than its direct competitors.

Stormshield

France-based Stormshield is a subsidiary of Airbus Defence and Space, and is the result of an operational merger between two French firewall vendors in 2013 (Arkoon and Netasq). In addition to firewalls and UTM, the vendor provides endpoint and data security solutions. Its UTM product line (Stormshield Network Security) comprises 10 appliances and seven virtual appliances. It is also available on AWS and recently released a Microsoft Azure version. Stormshield developed its own IPS, which is enabled in the default UTM configuration.

Recent changes include a new appliance targeting upper-midsize organizations (SN910) and its Stormshield Network Security 2.0 rollout, with improved policy-based routing, performance optimization, and OpenStack/KVM/HyperV support.

Stormshield is evaluated as a Niche Player for the UTM market because most of its sales come from a limited number of European countries. Stormshield is a good UTM contender for SMBs in Europe, and has some presence in the Middle East and Asia. Regions outside of Europe should first monitor the availability and experience of the local channel.

Strengths

? Stormshield has a simple service offering with two main bundles: a low-cost bundle and a premium bundle that includes Kaspersky Anti-Virus and vulnerability detection modules.

? Customers and partners cite ease of deployment, IPS design and throughput, and support quality as differentiators.

? Customers and partners based in Europe often report that they select Stormshield because it is a European vendor. The vendor has recently added German-language support on its management console.

Cautions

? Despite longtime efforts, Stormshield does not have significant market share outside of France. Europe is a much more fragmented market than North America or other regions with large countries, and as such, it requires strong investment for each new targeted country outside of the vendor's home market.

? Stormshield partners surveyed by Gartner mention overall brand presence and marketing execution as an area for potential improvement. They note that Stormshield could do a more consistent job of describing its product line and its performance and security advantages.

Stormshield does not offer cloud-based sandboxing or appliances with integrated wireless. Its Web management console integrates limited real-time event monitoring.

WatchGuard

Seattle-based WatchGuard is a privately held network security vendor. Established almost 20 years ago, WatchGuard has been a well-established player in the UTM market. It provides UTM, secure email gateways and remote manageable wireless APs. The UTM product lines (XTM and Firebox) include 23 physical appliances, including appliances with embedded wireless capabilities, and two virtual offerings: one for virtual UTM (XTMv), and another combining secure Web gateway, email security and data loss prevention (XCSv).

WatchGuard has a cloud-based reporting and monitoring solution (WatchGuard Dimension). WatchGuard APT Blocker is a full-featured, cloud-based network sandbox available as a subscription for all appliances. Recent changes include the release of Dimension 2.0 and five new Firebox appliances, targeting small and lower-midsize organizations.

WatchGuard is evaluated as a Visionary because of its ability to quickly respond to emerging needs from midmarket organizations with new software options. WatchGuard is a good shortlist candidate for SMB organizations in any geographic location in need of a broad set of features or currently relying on an MSSP for managing and monitoring their UTM.

Strengths

? WatchGuard provides cloud-based sandboxing (APT Blocker), and reports are directly integrated in its centralized dashboard cloud service (WatchGuard Dimension).

? WatchGuard's customers and resellers report that WatchGuard has a full portfolio of UTM and related features, combined with a reasonable price and a pricelist without complexity, and includes clear trade-up options.

? WatchGuard has demonstrated a strong Ability to Execute on its roadmap, leveraging its platform modularity to quickly add new modules.

? The WatchGuard Dimension reporting tool includes an interactive heat map view (FireWatch) that is useful for quickly identifying network issues created by a specific user or application. Since the last edition of this Magic Quadrant, this has been the most-mentioned feature by Gartner clients considering WatchGuard.

Cautions

? Gartner SMB clients do not often mention WatchGuard as already considered for their UTM selections.

Gartner believes that WatchGuard's shifts in campaign and strategy have made it difficult for buyers to identify consistent differentiators in the WatchGuard offerings. However,

Watchguard's recent refocus on both the UTM market and delivery of Dimension has allowed for recognition to increase.

Gartner data indicates the WatchGuard UTM market share stagnated 2014.

? The vendor's product strategy is significantly influenced by the use case of distributed organizations.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or

MarketScope may change over time. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.

Added

? No new vendors were added for 2015.

Dropped

? Clavister was dropped because it did not meet Gartner's inclusion criteria for this Magic Quadrant.

? Cyberoam was dropped because it was acquired by Sophos.

 

Hours

Monday - Friday
8.00am - 17.00pm

Location

Lombardy Business Park,
C/o Cole & Graham (Lynwood) Roads,
Shere,
0042, South Africa

Phone

tel. +27 12 8410480
fax: +27 12 841 0488

Connect with us

twitterTwitter
facebookFacebook