Firewalls, we all have one. It’s a well-established market, full of vendors with mature stacks of technology. Firewalls do a number of things, like blocking traffic, intrusion prevention, VPNs, and controlling traffic inbound and out. They’ve been doing it forever, so there’s probably not a lot more to learn, right?
Well, no. If you think the enterprise firewall market is staying still and not worth a deeper look, you may be missing out.
In the last few months, I’ve done more work in the firewall and connectivity space than I had for a long time. What I discovered was that firewall vendors are delivering some game-changing innovations in their solutions. Not that this should be a huge surprise—the reality is our organizations have changed significantly in recent years, driving new demands and, of course, new risks. This has made innovation necessary. And these innovations are more than cool new features or new “nerd knobs” to tweak. They are changes that can, in turn, help drive innovation in the way organizations operate and deliver IT services, supporting improved security and business transformation.
What Changed?
Simply put, it’s the cloud. The cloud has changed much of the way we do all our computing tasks, and we do them now at cloud scale. Enterprise firewalls are no different. Responding to today’s threats requires that sort of scale, not only for the ability to gather vast amounts of telemetry but also for what it allows us to do. Cloud compute enables security vendors to work through this telemetry to provide analytics and intelligence that we can’t get any other way. Vendors are using this cloud intelligence to enhance firewall security offerings. Solutions are being integrated with cloud intelligence platforms to offer rapid, accurate threat detection and response across areas like domain name system (DNS) security and zero-day vulnerability detection, and to provide enhanced defense against DDoS and other attacks.
Connectivity and Access
The modernization of communications is something many enterprises are considering. Low-cost, high-speed internet access is driving companies to move away from inflexible and expensive traditional WAN connections. Access demands have also changed, with traditional VPNs lacking scale and often offering a poor user experience.
This has spurred major changes from vendors, including the addition of software-defined wide area networks (SD-WAN) and zero-trust network access (ZTNA) to leading solutions.
- SD-WAN allows organizations to move away from restrictive WAN technologies that are tied to a specific communications provider and instead overlay an SD-WAN across many different types of connections from multiple providers. This enhances performance, increases flexibility, and helps reduce costs.
- ZTNA has become a priority for many companies that are looking to enhance the experience and improve the security of remote access. ZTNA provides a more granular set of controls, and its cloud-native design offers better performance and scale than traditional virtual private networks (VPNs). Furthermore, the zero-trust model–which continually evaluates access requests, rather than implicitly trusting a user because their access is via a VPN–is essential for today’s businesses looking to tackle advanced security threats.
The Move to Cloud-Based Security
One of the biggest changes in the firewall market is the move to secure access service edge (SASE). SASE brings a cloud-native approach to dealing with the security, connectivity, and access capabilities traditionally provided by enterprise firewalls, endowing them with the scale and capabilities the cloud provides. All of the major firewall providers see SASE as fundamental to their strategy going forward. To be clear, this doesn’t mean they are going to de-emphasize their firewalls, but they are all increasingly integrating them with these large-scale, cloud-based security solutions.
This is a big win for the enterprise, as it gives them the opportunity to add cloud benefits directly to their firewall strategy today. Moreover, for those considering SASE adoption, it provides a smooth on-ramp that lets them plan for and migrate to SASE architecture in the future.
What’s the Future of Enterprise Firewalls?
Does this mean that firewalls are going away? Absolutely not. Firewalls will continue to be needed by small businesses and huge enterprises—by any organization that needs 100s of Gbps throughput for their data center. But it is also clear that the additional capabilities modern enterprise firewalls can deliver bring great opportunities for organizations to transform their security and communications operations to provide better performance, tighter security, and lower costs.
With all this said, let’s not forget that new firewall projects are complex and difficult, and come with the risk of disruption. But don’t let this keep you from at least reviewing the space because it is full of innovation that can help businesses transform with a host of new capabilities that provide the security needed in the modern world. So, now is as good a time as any to take another look at your firewall strategy.
Next Steps
To learn more, take a look at GigaOm’s enterprise firewall Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.
- GigaOm Key Criteria for Evaluating Enterprise Firewall Solutions
- GigaOm Radar for Enterprise Firewalls
If you’re not yet a GigaOm subscriber, you can access the research using a free trial.
Read More
Paul Stringfellow