How do Cisco’s ASA Next-Generation Firewalls stack-up against the competition?April 9, 2013 Leave your thoughts
According to a recent Forbes article, ‘Palo Alto Networks are blowing up network security’ (in a good way – don’t panic), leaving industry competitors such as Checkpoint Software, Juniper Networks and Cisco Systems scrambling for a slice of the ‘next generation firewall’ pie.
Seemingly late-to-the-party, Cisco have recently added to their popular ASA network firewall portfolio with the 5500-X Series, which combines many of the successful ‘stateful’ firewall features with what Cisco call a “comprehensive suite of next generation features”. Among these new features are cloud and software base security services such as Application Visibility Control (AVC), Web Security Essentials (WSE) and intrusion prevention (IPS).
Some might argue that this addition to Cisco’s network security offering is somewhat overdue, what with the combination of ever-more sophisticated online threats appearing alongside a cascade of potentially troublesome web 2.0 technologies and cloud applications. These of course, come at a time when many organisations are, willingly or not, overseeing a shift towards a predominately BYOD driven workforce, leading to less control over devices and their applications.
However, this is not to suggest that the mighty Cisco cannot muscle in to take at least some of the glory. After all, familiarity and customer loyalty are two things they have in spades over current front-runners and relative network security newbies, Palo Alto Networks.
Gartner states that by 2016 over 60% of firewalls sold will fall within the ‘next-generation’ bracket, and in recent times Palo Alto have been leading the way – shadowed by their main challengers, Checkpoint firewalls.
It is in this ‘race’ that the plot begins to thicken, as there is certainly more to it than first meets the eye. Any profit or market share driven rivalry between the two companies is given added zing by the fact that Palo Alto co-founder, Nir Zuk, is a former (somewhat disgruntled) Checkpoint engineer, and one who unashamedly revels in any opportunity to ‘out-do’ his former employees. Taunting his opposition, Mr Zuk was recently quoted as having said: “Competitors’ products with NGFW application-layer controls can only be considered “lipstick on a pig”.” This is a guy who is more than confident in his product, and who are we to disagree with him…?
So, with Palo Alto and Checkpoint leading the charge, and Cisco calling to arms, who else is in the game and are they worth a punt?
Gartner’s ‘magic quadrant’ positions Fortinet, Juniper and Intel-owned McAfee, alongside Cisco, as the most likely challengers to Palo Alto and CheckPoint -each with their own particular strengths and weaknesses.
Most notably, Cisco’s aforementioned sizable market share and indeed their reputation, could well prove to be an unassailable advantage. Boasting established worldwide channels for sales and support, as well as the ease of integration into existing Cisco networks, anything ‘the remaining three’ can offer just may not be enough.