GigaOm Radar for Enterprise Firewalls v4

Firewalls have been a staple of network security for decades, sitting at the perimeter of an organization's network and using stateful filters to decide which connections to allow in and out of the network. However, modern organizations operate in a profoundly different landscape. The perimeter is no longer easy to define; organizations are more diverse, users are spread out geographically, infrastructure is deployed across multiple locations, connectivity offerings change, bandwidth capabilities continue to grow, and, of course, security threats to the business are more complex than ever. 

All of this makes an enterprise firewall a requirement for just about all organizations. However, selecting an appropriate solution can be difficult. Firewalls operate at the network layer, which influences how they are evaluated, requiring an additional focus on performance, flexibility, and scalability, as well as on core features. 

Many organizations already have established solutions, and investing in new firewall technology can be disruptive and complex, especially in larger organizations. But change is almost inevitable as business requirements evolve, especially in connectivity. Organizations are moving toward software-defined wide area networks (SD-WANs) and zero-trust network access (ZTNA) and are increasingly adopting cloud services. Organizations thus need to continually evaluate their security strategy to ensure their solutions meet evolving infrastructure demands. Solutions must not only maintain a high level of perimeter security but also enable greater flexibility and productivity, while supporting efforts to drive modernization and innovation.

Today, enterprise firewalls must be multifunctional to deal with the range of potential threats. They should be flexible and support both on-prem and cloud deployments. They should apply intelligence, leveraging analytics and threat information, potentially augmented by AI/ML, to enable rapid identification and mitigation of threats. They should support newer connectivity types (such as SD-WAN) and additional security models (such as ZTNA) to ensure secure connections. Moreover, firewalls are increasingly seen as part of a broader cloud-based security drive toward the secure service edge, with technologies such as secure service edge (SSE) and secure access service edge (SASE). 

The increasing adoption of cloud services is reflected in the solutions from the leading vendors in this space. The majority of well-known, established vendors are integrating SSE and SASE into their offerings as extensions of their firewall solutions, while maintaining full next-generation firewall capabilities in those solutions, as well as the ability for these firewalls to be fully standalone, with no requirement to be part of a border SASE platform. This demarcation is important, and we have used it in this report as part of our inclusion criteria. Only vendors whose enterprise firewall capabilities are available as a fully standalone offering were considered in this market assessment. 

To help prospective customers find the best fit for their use case and business requirements, we assess how well enterprise firewall solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

• Small-to-medium business (SMB): In this category, we assess solutions on their ability to meet the needs of organizations ranging from small businesses to midsize companies. Here, ease of use and deployment are more important than extensive management functionality and feature sets.

• Large enterprise: Here, offerings are assessed on their ability to support large and business-critical projects. Optimal solutions in this category have a strong focus on flexibility, performance, scalability, and the ability to effectively integrate into existing environments.

• Public sector/federal: While the infrastructure of these environments is likely to be similar to those of SMBs and enterprises, these organizations typically have some constraints, especially around needing suppliers to meet specific requirements laid out in buying and supply frameworks. Solutions must therefore be able to meet such framework demands.

• Managed service provider (MSP): Increasingly, organizations across all IT disciplines are looking to managed services to augment in-house capabilities. Here, we assess vendors on how effective they are in supporting MSPs, both technically and commercially.

In addition, we recognize the following deployment models:

• On-prem appliance (hardware or virtual): The solutions are available as an appliance to be installed within the customer’s own data center environment. These appliances can be either physical devices or installable as prebuilt virtual appliances such as a VMware open virtual appliance (OVA).

• Cloud native/cloud image (available in the cloud marketplace or deployable as an image): With these solutions, the firewall engine is deployed and supported as a public cloud-based service. The main components can be deployed either as a cloud-native service or as a public cloud image, usually (although not exclusively) available from a cloud provider’s marketplace. In these instances, they are not shared and are specific to a single customer.

• SaaS (as part of secure access service edge [SASE] is acceptable): These solutions are available only in the cloud and are designed, deployed, and managed by the vendor. The advantages of this type of solution are its simplicity, ease and speed of scaling, and flexible licensing models. Vendors increasingly use SASE as a way of delivering security, including offering a firewall as a service (FWaaS). However, to be included in this report, those solutions must be available as a standalone option.

• Software only: These solutions are installable software applications and can be deployed on standard hardware and operating systems. They can be installed in the customer’s data center or cloud tenant. They are not shared and are specific to a single customer.

• Vendor-delivered managed service: In this case, the firewall is fully managed by the vendor (not by a vendor MSP partner), who handles all management, support, and service. The service is deployed within the customer environment, on-prem or in the cloud, and it is not shared and is for a single customer only.

Table 1. Vendor Positioning: Target Market and Deployment Model

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1). 

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Threat prevention

• Application awareness and control

• Logging and reporting

• VPN support

• Central management

• Standalone firewall

Tables 2, 3, and 4 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

• Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating an enterprise firewall solution

• Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months 

• Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization

These decision criteria are summarized below.

Key Features

• Performance and throughput: Because enterprise firewalls remain, at their core, network devices, they must deliver sufficient throughput and performance to meet organizational demands. The ability to scale to meet growing needs is essential, whether within a single device or across a vendor’s product portfolio. Customers need a solution that can support evolving needs and protect their technology investments.

• SASE integration: The shift in security from on-box and at the edge into the cloud, delivered as an as-a-service offering, reflects a broader industry trend. Customers are seeing the flexibility and scale that cloud-based security and software-defined networking provide to the modern distributed organization. They are now looking for firewalls to provide perimeter security and to be part of a SASE deployment or to serve as a gateway to SASE services.

• Management automation: As infrastructure becomes more complex, the likelihood that enterprises will require multiple firewalls of different types increases. Therefore, leading solutions must offer strong central management and orchestration capabilities to ensure consistent security policy deployment and efficient management. 

• Zero-trust networking: Trust is at the heart of modern security approaches. We no longer rely on implicit trust based on a single location or logon. Today, security tools must continually reevaluate access to systems, networks, and data. Firewalls can be an essential part of this by enabling continuous assessment of connections to ensure they remain trusted.

• Identity-based inspection and control: Effective perimeter security requires a person-centric view of traffic and behavior. Solutions should thus be able to integrate with identity platforms and use this information to enable both granular control and detailed insight on traffic on a per-user basis.

• AI-enhanced operations: AI use in cybersecurity continues to evolve. When it comes to firewalls, AI improves threat detection and mitigation and increases operational efficiency, reducing the effort required to manage a firewall and its extended security estate. Areas such as policy recommendations, log analysis, and incident triage can all benefit from effective AI assistance. Firewall vendors should consider how they can implement effective AI to help customers drive operational efficiency.

• Threat analytics: Securing today’s enterprise is complex, with many security signals to evaluate. Keeping abreast of these signals and determining what to prioritize and what actions to take is challenging. Firewall solutions must therefore aggregate multiple threat indicators and use them in analytics models to prioritize threats and remediation steps, ensuring enterprise security.

Table 2. Key Features Comparison

Emerging Features

• OT security: The continued expansion of operational technology (OT) and IoT networks presents new security challenges for organizations. While network segmentation can help, vendors that deliver specific OT security features bring added value. These features may include support for specific protocols such as Modbus, DNP3, OPC-UA, and MQTT, as well as anomaly detection. Additionally, solutions that can integrate with OT management platforms and provide industrial control system (ICS) support, including supervisory control and data acquisition (SCADA) protocol support, may offer additional value.

• Microsegmentation: As organizations adopt hybrid cloud and zero-trust architectures, microsegmentation plays a key role by limiting lateral movement of threats, reducing attack surfaces, and enforcing least-privilege policies. This is transforming enterprise security by enabling granular, workload-level access controls within networks rather than just at perimeters, making it essential for protecting increasingly distributed and dynamic IT environments.

• Post-quantum cryptography readiness: As organizations prepare for quantum threats, next-generation firewalls must support quantum-resistant algorithms for VPN tunnels, transport layer security (TLS) inspection, and encrypted traffic analysis. Early integration ensures firewalls remain effective gatekeepers, protecting sensitive data against future quantum-enabled decryption of today's captured traffic.

Table 3. Emerging Features Comparison

Business Criteria

• Flexibility: Customer environments vary and are constantly changing. Security tools must be flexible, offering different deployment models and adoption techniques and being able to meet a broad range of customer needs. 

• Scalability: As businesses grow and demands change, firewalls must be able to grow with them. Customers should be able to scale the solution, either within the same hardware or via the vendor’s range of solutions.

• Ease of management: IT security is already complex. Easing the management burden, especially in cybersecurity, should be an essential part of any vendor’s efforts. Solutions must provide centralized administration and reporting, automate repetitive tasks, and offer accompanying services such as support, training, and proactive account management. 

• Cost transparency: Any business that’s considering adopting a new technology or solution must understand the full cost of that investment. This includes not only the price of a license or service but also adoption and running costs. Vendors that can show cost efficiency will appeal to customers.  

• Ecosystem: Ecosystem refers to a vendor’s own portfolio and to the range of channels, partnerships, and third-party solutions that may collaborate with the vendor. A robust ecosystem can ease deployment, extend functionality, and provide greater flexibility for users. 

• Interoperability: Enterprise firewalls cannot be effective in a silo. Solutions must therefore integrate with the tools customers already use, including other security tools such as endpoint detection and response (EDR) and operational tools such as service desk systems and SIEM solutions. 

Table 4. Business Criteria Comparison

The GigaOm Radar plots vendor solutions across a series of concentric rings, with those positioned closer to the center being judged as having the most complete solution. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s expected evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Enterprise Firewalls

As you can see in Figure 1, the firewall market is dominated by well-established vendors with strong, well-known solutions, with the vast majority of vendors in this report placed in the Maturity hemisphere of the chart. Vendors that are innovators are those who have either recently been acquired, which can result in more rapid changes to existing portfolios, or have released new products, which may lead to the need for more change than some competitive offerings.  

As with any well-established market, the enterprise firewall sector is dominated mainly by Platform Play vendors. These vendors offer broad solution portfolios that can meet the feature and performance requirements of customers of all sizes. They also provide supplementary services alongside their firewall solutions, including Secure Access Service Edge (SASE), Extended Detection and Response (XDR), and Network Detection and Response (NDR), as well as other security tools. Feature Play vendors, by contrast, primarily focus on specific markets, especially the SMB and MSP markets. In some cases, they produce only firewall solutions, with little focus on supplementary technologies. Buyers in either the SMB or MSP markets or those requiring only firewall technology should assess these vendors as part of their market review.

Our chart shows a strong range of Leaders and Challengers, both of which are important to ensure that leading vendors continue to develop their solutions and demonstrate market innovation. This pressure on industry leaders to continue developing their solutions to meet new challenges is supported by our report, as all of our outperforming vendors are also Leaders. These vendors continue to show rapid innovation in areas such as AI for operations and analytics and in delivering more identity-focused, context-driven security enforcement. They are also advancing development in emerging areas, including post-quantum encryption and microsegmentation. The defining factors for Leaders include performance, identity-based controls, and management automation. How Leaders execute in those areas is the primary differentiator between Leaders and Challengers.

There have also been some changes in vendors in this year's report. Some have been removed due to a change in our criteria, specifically those whose firewall products cannot be delivered as standalone offerings and are only available as part of a SASE platform. There are also several additions of vendors, showing that although the market is mature, there is still room for new solutions. 

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

Arista: NG Firewall

Solution Overview
Arista is a provider of cloud networking solutions, focused on delivering high-performance, scalable, and secure infrastructure for modern data-driven enterprises. 

Arista’s NG Firewall is designed specifically for organizations with limited IT resources and budgets. It is available via multiple deployment options, including hardware, cloud, and virtual appliances, and multiple models, including a high-end device capable of supporting around 10 Gbps of throughput and about 3,000 users. NG Firewall is part of Arista’s Edge Threat Management (ETM) portfolio, a suite comprising both firewalls and the ETM Dashboard, which allows network administrators or MSPs to remotely view appliance status, bandwidth utilization, and network traffic summaries. It supports on-box management via a browser-based interface that also offers real-time reporting and database-driven insights.

The solution provides strong core functionality, including intrusion prevention, secure sockets layer (SSL) inspection, content filtering, advanced threat protection (ATP), and VPN connectivity supporting IPsec, OpenVPN, and WireGuard protocols.

Arista is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Arista scored well on a number of decision criteria, including:

• Management automation: ETM Dashboard provides centralized management with configuration templates, policy sync, and zero-touch provisioning, covering multiple appliances from a single console. 

• SASE integration: Arista offers a full SASE solution through VeloCloud, which provides SD-WAN with zero-touch provisioning, dynamic path selection, and WAN optimization. FWaaS is available in the cloud. The NG firewall provides an integration point for this SASE offering.

• Identity-based inspection and control: NG Firewall provides active directory (AD) and Entra ID integration via Directory Connector. This enables group-based policy support, allowing customers to apply control policies based on group membership. 

Opportunities
Arista has room for improvement in a few decision criteria, including:

• Performance and throughput: Arista offers a range of performance options within the NG Firewall portfolio. However, its highest-end devices offer only sub-10 Gbe maximum throughput. While this will suit smaller customers, Arista should explore higher-performance hardware to provide competitive offerings for larger enterprises and meet higher throughput demands. 

• AI-enhanced operations: Arista uses AI/ML to support its threat detection and prevention capabilities. However, there is currently no AI-powered operations assistance. While Arista NDR has AI capabilities, these are not replicated in the NG Firewall admin experience. Customers increasingly find value in AI assistance to improve admin efficiency and to drive operations efficiency. 

• Threat analytics: Arista offers a level of analytics with support for firewall log assessments. It also provides additional threat intelligence and IP reputation analysis. However, it currently lacks more advanced capabilities, such as alert prioritization, behavioral analytics, and automated threat response. Some of this can be achieved via SIEM integrations. Threat analytics is an important part of an organization’s proactive cybersecurity approach. Bringing more proactive analytics to the NG Firewall platform natively would benefit customers. 

Purchase Considerations
Arista NG Firewall is offered through a hardware-plus-software model, with subscription-based licensing for advanced security services. Pricing is available on the company website, as is the option to buy directly from Arista. Special pricing is available for public sector organizations, nonprofits, nongovernmental organizations (NGOs), and educational institutions.

Professional services are available via Arista and its partner ecosystem, including design, deployment, and optimization support. Training resources are provided through Arista Academy and online documentation.

The solution is targeted at organizations with limited resources or budgets, as well as MSPs. Performance constraints would make it less attractive to large enterprises.

Use Cases
NG Firewall addresses the needs of smaller organizations with limited technical resources. It provides a strong centralized management platform that helps organizations manage multiple sites. Arista’s broader portfolio also makes NG Firewall a good gateway for those looking for a potential single-vendor solution to address broader cybersecurity challenges.

Barracuda Networks: SecureEdge

Solution Overview
Barracuda Networks is a cybersecurity company with a portfolio that secures email, data, applications, and networks against complex threats. It offers a broad range of firewalls purchasable as standalone devices or as part of its SASE platform, as well as a managed extended detection and response (XDR) service to strengthen cyber resilience.

Barracuda SecureEdge, the evolution of its network security portfolio, is available as hardware, virtual, and cloud‑native appliances to protect distributed infrastructure. Barracuda Networks continues to maintain its CloudGen Firewall range; both deliver comprehensive next-generation firewall (NGFW) capabilities, including application control, intrusion prevention, web filtering, and advanced threat protection (ATP). SecureEdge appliances combine SD‑WAN with intelligent traffic management to build resilient networks and act as enforcement points for secure internet access and ZTNA. Identity and device context can be combined for per‑resource authentication and policy, with support for direct breakout from SD-WAN to services such as Microsoft 365.

Barracuda Networks is delivering new capabilities within SecureEdge, which include AI-based content inspection, a cloud service provided as part of the BarracudaONE platform, transparently integrated into SecureEdge FWaaS, and an SSE‑only SecureEdge Access (FWaaS) option that eliminates the need to procure firewall hardware. The vendor also has plans to deliver native data loss prevention (DLP) for safe AI usage and deeper XDR integration for identity and behavioral policy, alongside continued expansion of APIs for automation and integration.

Barracuda Networks is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Barracuda Networks scored well on a number of decision criteria, including:

• Zero-trust networking: SecureEdge provides a built-in ZTNA solution that grants access to applications only after user identity verification and device posture checks. This is implemented via a SecureEdge Access client (agent) that ensures, for example, a device has up-to-date endpoint protection before allowing it to connect. Zero-trust service presentation is provided directly from the firewall, removing the need for additional tools and simplifying operations and delivery. For deployments into existing environments, a lightweight and easy-to-deploy ZTNA connector agent is available for the most popular platforms.

• SASE integration: The shift to SASE is a priority for many enterprises, and Barracuda Networks excels in this evolving space. SecureEdge appliances integrate seamlessly into the Barracuda SecureEdge SASE platform, operating as standalone security devices or on-ramps to the SASE service. This full integration enables the automation of tasks, such as securely presenting on-prem applications to ZTNA users and dynamically routing traffic between the cloud and applications.

• Threat analytics: Barracuda Networks uses AI-powered security to help organizations address sophisticated threats. Its AI-driven advanced content analysis, anomaly detection, and natural language processing recognize malicious activity and identify anomalies in user behavior. The continuous learning aspect of AI ensures adaptability to the evolving threat landscape, refining and improving detection efficacy over time. The dynamic, self-learning nature of the AI minimizes false positives and enhances overall security by preclassifying IPs, URLs, code artifacts, and networks, helping to deliver proactive threat management. 

Opportunities
Barracuda Networks has room for improvement in a few decision criteria, including:

• Performance and throughput: Barracuda Networks is focused primarily on SMBs, and this focus is reflected in the limited scalability of its devices. The vendor offers a good range of devices for its target market; however, its top-end device supports a maximum throughput of 40 Gbps, which may not satisfy larger data center use cases. To address this, Barracuda could invest in more performant hardware, although this would need to be coupled with an extension of its business focus to larger customers rather than building boxes not aimed at its current target market. 

• AI-enhanced operations: Barracuda’s current AI offering is largely behind the scenes. It underpins threat detection and analytics (for example, ATP verdict sharing and telemetry correlation). Customers are eager to use AI in other areas, especially in analyst-facing tools that can streamline operations and automate repetitive tasks. Barracuda has these elements on its roadmap, and if delivered, they will enhance the efficiency of its platform. 

• Management automation: While the solution offers some policy-driven automation, it currently lacks the ability to build more complex automations, either natively or via integration with external tools, due to a lack of published APIs in its SecureEdge platform. However, expansion of APIs for automation and integration is on Barracuda’s roadmap and successfully delivering this will support integration with external orchestration tools and help Barracuda Networks become a more core part of day-to-day security operations. 

Purchase Considerations
Barracuda Networks provides detailed guidance regarding licensing on its website, although it does not publish pricing. Licensing is based on one SKU for the appliance (hardware or virtual) and one SKU for the subscription term, including all SD-WAN and security functions covering firmware updates, intrusion prevention system (IPS), ATP, security, application control, and web‑filter updates, including direct support by Barracuda Networks. For MSPs, a monthly consumption model with no upfront costs is available.

Barracuda Networks  provides extensive online training and deployment checklists to support proficient IT teams. SecureEdge site devices offer wizard‑driven zero‑touch deployment and are typically customer- or partner-deployable without professional services. Professional services are primarily delivered through Barracuda Networks’s partner ecosystem, with vendor services available on request 

While scalable to large enterprises, Barracuda Networks’ primary focus remains SMBs and MSPs.

Use Cases
Barracuda SecureEdge is designed for SMBs and MSPs and can scale to larger enterprises. The range of solutions and SASE integration is useful for organizations looking to adopt SASE technology. Its automation capabilities help enhance security and reliability in distributed environments, and it works well in sectors such as retail. Its as-a-service consumption models for MSPs provide them with a strong potential partner for delivering both firewall and SASE-based MSP services. 

Check Point: Quantum Firewall

Solution Overview
Check Point provides cybersecurity solutions to global corporate enterprises and governments. Its core solutions include Check Point Harmony, Check Point CloudGuard, and Check Point Quantum, which encompass physical firewall appliances and the Maestro Hyperscale firewall solution.

Check Point’s Quantum portfolio offers a broad range of enterprise firewall appliances designed for environments from branch offices to large data centers. The Quantum architecture supports high throughput and high‑density network interface card (NIC) configurations, while its Maestro technology enables large‑scale clustering. At the high end, Quantum firewalls deliver up to 1.4 Tbps of throughput, including 635 Gbps with full threat prevention enabled.

Recent platform developments have added AI-assisted operations and policy optimization features (AI Copilot, Policy Insights, Policy Auditor, AIOps) to streamline triage, compliance, and remediation. The updated Unified Identity Management integrates with Microsoft Intune, Defender, and Harmony endpoints to help centralize identity-based enforcement.

Software updates have also enhanced performance, with threat-prevention throughput increasing by 20 to 25% and a Green feature reducing power consumption during low-load conditions. Traffic inspection is improved with accelerated HTTPS inspection, and Check Point has already incorporated post-quantum cryptography support. Additionally, Check Point has focused on offering better microsegmentation support through its Illumio partnership. Check Point continues to grow its solution portfolio via acquisitions, which include external risk management (Cyberint), threat exposure management (Veriti), and GenAI security (Lakera). 

Check Point is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Check Point scored well on a number of decision criteria, including:

• Performance and throughput: Check Point Quantum Firewall provides high-performance, power-efficient solutions, all of which are modular, with high-powered silicon-based capabilities. Check Point offers solutions tailored for SMBs, large data centers, and SASE environments. Additionally, its Maestro hyperscale solution enables security expansion in line with organizational growth, with support for up to 1 Tbps of inspected throughput. Check Point also supports up to 100 GbE interfaces on current appliances, with 400 GbE interface support planned on its near-term roadmap. 

• Threat analytics: All of Check Point’s security solutions integrate into its Threatcloud AI predictive analytics platform. Threatcloud AI provides automated threat protection and response data into its Quantum firewall platforms, further enhanced by integration with its XDR platform. Additionally, Check Point’s professional support service helps to identify gaps in firewall policies and works with users to apply appropriate remediation.

• Management automation: Check Point’s single management stack continues to improve with AI-driven enhancements, including Policy Auditor and Policy Insights, to help identify policy gaps and guide improvements. Its AI copilot automates activities, allowing operations teams to ask natural language queries to create efficient policies and remediation automation. This builds on its Infinity Playblocks—automated response workflows for handling threats and risks. It can drive automation with a number of third-party systems, with more than 20 integrations already available to customers. The solution can also use telemetry from its ThreatCloud threat intelligence platform to identify new risks and direct automated responses across its security stack based on this intelligence.

Check Point was classified as an Outperformer given its continued rapid development of its platform. This is coupled with a strong roadmap and a focus on emerging areas such as OT security and post-quantum cryptography support. 

Opportunities
Check Point has room for improvement in a few decision criteria, including:

• Identity-based inspection and control: Check Point integrates with leading IAM solutions such as Azure AD, Okta, and Ping Identity, enabling users and groups from these platforms to be incorporated into policy definitions. Authenticated identities are shared across enforcement points for seamless single sign-on (SSO) and consistent security. However, the solution lacks dynamic enforcement features, which are increasingly demanded by organizations that view static policies as insufficient for modern security needs. Adding these would improve Check Point's identity-based controls. 

• SASE integration: Check Point does offer a comprehensive SASE solution with its Harmony platform. However, this is a separate product suite from the Quantum firewall, meaning Quantum does not serve as a dedicated extension of the SASE fabric within customer environments. That said, Quantum can act as a gateway to the SASE environment. Check Point could further enhance this, increasing management and service integration between Harmony and Quantum to ensure seamless SASE integration. 

• AI-enhanced operations: Check Point uses AI broadly across its platform, in areas such as enhanced threat detection, behavioral analytics, automated responses, investigation, and policy creation. It also adds GenAI Protect capabilities through its acquisition of Lakera, providing application and AI runtime security. This provides instant, unified visibility into all shadow and sanctioned GenAI usage across multiple channels. While the company has started well in areas such as its AI-driven policy auditor, it should build more extensively on this by extending its AI assistant more broadly into the Harmony platform, further enhancing the efficiency and efficacy of firewall operations.

Purchase Considerations
Check Point offers appliance-plus-subscription pricing, with options ranging from upfront purchase (with annual support) to subscription terms and pay-as-you-go consumption via managed service providers. Quantum firewalls are licensed per appliance hardware plus security services; each includes first-year threat prevention and SandBlast sandboxing, as well as optional add-on packages such as Next Generation Firewall and Threat Prevention.

The vendor’s broad partner ecosystem supports supply and deployment. Check Point also offers a full suite of professional services, including initial assessment and design through professional integration, on-site installation and training, and  incident response.

Check Point solutions are suitable for SMBs, MSPs, and large enterprises.

Use Cases
Check Point’s Quantum firewalls provide a highly scalable platform that secures on‑prem and hybrid networks against advanced cyberattacks. For organizations managing hybrid workforces, Quantum supports secure remote access and enforces zero trust policies to reduce the risk of credential misuse and endpoint compromise. For businesses accelerating cloud adoption, integrations with CloudGuard ensure consistent protection across public, private, and SaaS environments, helping maintain compliance and prevent data breaches. In sectors where lateral movement and internal threats are concerns, the new partnership with Illumio enables microsegmentation strategies that limit breach impact and support zero trust architectures.

Cisco: Secure Firewall

Solution Overview
Cisco offers a comprehensive range of enterprise IT services, including networking, software, and security solutions. Its enterprise firewall is Cisco Secure Firewall, which provides a wide range of security capabilities, including SSE, network access control, and SIEM and SOAR. Its firewall solution also offers free integration with Cisco's XDR platform for enhanced threat detection and remediation.

Cisco Secure Firewall comprises a broad range of physical devices suitable for SMBs, high-performance data centers, and service providers. The solution can also be deployed in private and public clouds, as well as in a cloud-native Kubernetes form. There's also a ruggedized version, the ISA3000, for OT environments. 

Secure Firewall solutions are managed through Cisco's Secure Firewall Management Center and Security Cloud Control. The Secure Firewall Management Center can be deployed on-prem, in private and public cloud environments, and via major cloud marketplaces. It provides centralized policy management and reporting, integrates with other Cisco tools, and offers AI-driven policy recommendations to drive operational efficiencies.

Integration with Cisco's XDR offering is free, enabling firewall customers to leverage that platform to accelerate threat detection and improve orchestration and remediation. Cisco Secure Firewall also integrates with Talos, Cisco's threat intelligence feed, providing up-to-minute threat protection that can quickly reduce risks across the firewall estate. Cisco's SnortML engine offers ML-based zero-day attack detection, and its Encrypted Visibility Engine (EVE) identifies threats within encrypted data packets without decryption. 

Cisco is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Cisco scored well on a number of decision criteria, including:

• Threat analytics: Cisco recently enhanced its intrusion detection system/intrusion prevention system (IDS/IPS) capabilities by upgrading to the SnortML engine, improving the firewall's ability to detect and block zero-day attacks. The upgrade also includes EVE, which uses machine learning to identify malicious traffic without decryption. Cisco Secure Firewall integrates with Talos, providing real-time threat intelligence to quickly mitigate risks. Cisco Firewall’s analytics are further enhanced by integration with Cisco’s Secure Analytics, which can feed behavioral and dynamic information into Cisco's firewalls. However, customers should be aware that Secure Analytics is an additional service and not included with a firewall purchase.

• Performance and throughput: Cisco offers a broad portfolio of solutions suitable for SMBs through large enterprises. Its new 6170 series provides 600 Gbps of throughput, with only a small 10 to 15% drop-off when the intrusion prevention system (IPS) is fully enabled. Cisco Mesh technology enables these devices to be clustered together for further scale.

• AI-enhanced operations: Cisco has made good investments here with the addition of its AI Assistant for Security. This assistance includes policy identification and reporting, as well as the ability to ask the AI to update or create new rules based on this reporting. The solution can also augment troubleshooting, detect issues, and recommend resolution steps. Its policy analysis and the optimization features built into the AI Assistant can find duplicates and suggest a course of action to help with policy hygiene. 

Opportunities
Cisco has room for improvement in a few decision criteria, including:

• Identity-based inspection and control: Cisco can use identity group tags to apply policies flexibly, but to take advantage of more advanced behavior-based controls, customers must integrate with Cisco’s Identity Services Engine. This product gathers telemetry from across the enterprise security stack to make advanced decisions that enforce policy, manage endpoints, and deliver trusted access. However, it is a separate product, and customers will need to purchase and deploy it as an additional element. Making this part of the Secure Firewall solution would help reduce both commercial and technical complexity. 

• Zero trust networking: Cisco’s ZTNA capabilities require integration with Cisco’s SSE service rather than being available as a native part of the Secure Firewall solution set. Making this a core part of the Secure Firewall solution would help reduce commercial and technical complexity for the customer. 

• SASE integration: Cisco integrates Secure Firewall with its own SASE offering via Cisco Umbrella and SD-WAN. It supports zero-touch provisioning, dynamic path selection, and WAN optimization. However, there is an opportunity for Cisco to explore a more open approach, allowing customers to use different SASE and SSE offerings while retaining their Cisco firewall estate and all of its capabilities. 

Purchase Considerations
Cisco provides details on licensing and support models for its firewalls on its website. Firewalls can be purchased as appliances or licensed as a service when consumed in the cloud. Additional services, such as the Cisco User Protection Zero Trust solution, can be licensed separately alongside device support for the firewall.

Cisco's portfolio is comprehensive, and there can be some complexity in bundling all the relevant pieces of the solution required to meet an organization's needs. With an extensive ecosystem and its own professional services organization, Cisco can provide a range of support and training services to aid deployment, train operations teams, and drive adoption.

Cisco offers a broad range of solutions that support SMBs, MSPs, and large enterprises. 

Use Cases
With a significant range of capabilities, Cisco's firewall solutions can meet the needs of a broad range of customers. It offers notable features for those planning to drive zero trust projects, with an array of new capabilities. Its simplified SD-WAN management will prove useful for those looking to evolve their traditional WAN infrastructure. 

Clavister: Next Generation Firewalls

Solution Overview
Clavister is a Swedish cybersecurity vendor specializing in network security solutions for enterprises, service providers, and critical infrastructure. Its NGFW portfolio is designed to deliver robust protection across physical, virtual, and cloud environments.

Clavister offers three tiers of firewall solutions: NetWall, NetShield, and CyberArmour. NetShield targets high-capacity environments, while CyberArmour is tailored for military applications. Its NGFW portfolio supports flexible deployment across a wide range of environments, including hardware appliances from desktop models to large data center systems, as well as virtual instances for cloud and cloud-native deployment, with capabilities designed to secure vehicles and tactical communications. The platform provides full unified threat management (UTM) capabilities, including application visibility and control with deep packet inspection, intrusion prevention, content filtering, VPN capabilities (IPsec and SSL), and botnet protection with IP reputation services. The firewalls run the cOS operating system, with Clavister NetWall and CyberArmour running cOS Core software, while Clavister NetShield runs the high-performance software cOS Stream. The solution also supports SD-WAN functionality, enabling secure and optimized connectivity for distributed networks.

Clavister InControl, available with all licensing plans, provides centralized management, including zero-touch deployment, shared policy sets, and scheduled firmware updates. 

Clavister is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the enterprise firewall Radar chart.

Strengths
Clavister scored well on a number of decision criteria, including:

• Performance and throughput: Clavister’s hardware range has a top raw throughput of up to 400 Gbps in its virtual firewalls and NetShield 9400. CyberArmour is also an interesting performance option for those needing extra-robust firewall deployments that can meet the most extreme conditions. 

• Threat analytics: The solution provides a single-pane-of-glass console with sophisticated algorithms that deliver real-time insights, vulnerability identification, risk prioritization, and tailored security recommendations. Deep application awareness across more than 4,500 applications enables granular logging and visibility. Combined with AI-powered threat detection and IP reputation services, this provides a solid analytics foundation.

• Management automation: The InControl centralized management console, included with all Clavister NetWall and NetShield licensing plans, simplifies the management of Clavister firewalls. Its interface streamlines operations with features such as zero-touch deployment, shared policy sets, and scheduled firmware updates. It also provides tools for configuration, troubleshooting, firewall backups, and remote access. 

Opportunities
Clavister has room for improvement in a few decision criteria, including:

• Zero trust networking: Clavister's OneConnect SSL VPN provides ZTNA-like features, including RBAC, OpenID Connect integration for both strong authentication and SSO, and some device posture checks (on Windows devices). There is an opportunity to build on this to deliver more comprehensive ZTNA with features such as per-application access control, continuous trust verification, and comprehensive device posture as an access condition. ZTNA-type solutions are increasingly common and in demand among modern customers, so this is an area Clavister will need to address to remain competitive. 

• AI-Enhanced operations: While Clavister offers AI capabilities for threat detection through its AI-powered firewall engine and pattern‑based anomaly detection (PASAD) technology, there is no evidence of AI-based tools in the administrative console to assist with day-to-day operations. More customers are recognizing the value of AI that can summarize logs, prioritize alerts, recommend policies, and validate configurations. To stay competitive, Clavister will need to invest in these capabilities so customers can manage their environments more efficiently.

• Identity-based inspection and control: Clavister provides integration with core enterprise directories, including Active Directory, Entra ID, and Google Workspace, along with group-based policy enforcement and user identity awareness, which identifies users in traffic. However, the company could improve on this by expanding native integrations with third-party identity providers such as Okta and Ping and by introducing adaptive, risk-based policies that respond dynamically to user behavior and threat signals. This would help customers improve their identity-based access control, providing a more dynamic and responsive experience for its users. 

Purchase Considerations
Clavister offers flexible licensing models, including perpetual and subscription-based options for hardware and virtual deployments. Pricing details are typically obtained through authorized partners. Its pricing model encompasses firewall cost plus subscription support, which is available at Essential, Enhanced, and Premium levels.

Professional services are available for design, deployment, and optimization, and there are online and on-site training programs.

Clavister targets a broad market, including SMBs, MSPs, and large enterprises, with specific solutions for critical infrastructure and public sector organizations.

Use Cases
Clavister provides a broad range of solutions to meet numerous use cases. CyberArmour is specifically designed for those who need the most physically hardened appliances and is targeted at military applications. It also has a strong presence in government, energy and utilities, and telecom, making it a viable option for those markets. The solution’s flexible deployment options will be helpful to those with diverse infrastructure across on-prem, virtual appliance, and cloud deployments. 

Forcepoint: Network Security Platform 

Solution Overview
Forcepoint is a cybersecurity company focused on simplifying security for global businesses and governments. It provides secure, trusted environments for organizations and their employees.

Forcepoint Network Security Platform is an enterprise firewall and SD-WAN solution available as a physical appliance, virtual machine, or cloud-delivered deployment. It provides multilayered network protection, including real-time IPS, advanced threat prevention, deep packet inspection, and encrypted traffic analysis to block evolving threats.

The integrated SD-WAN intelligently steers traffic across multiple link types, using Forcepoint’s Multi-Link technology for resilient, lossless connectivity even under poor network conditions. Critical traffic is automatically prioritized, and paths adjust based on real-time link quality.

For scalability and uptime, up to 16 firewall nodes can cluster in active-active mode, ensuring high availability and even in-service upgrades. Deployments are centrally managed via the Security Management Center (SMC). Historically, the SMC has been self-hosted, but Forcepoint is now beginning the move to a cloud-based SMC service. Zero-touch provisioning enables rapid rollout of new devices across distributed sites. 

The platform’s Endpoint Context Agent gathers user and device context to enable zero- trust access policies. Coupled with a secure access client, it can now provide a full ZTNA solution for identity- and posture-based access.

Forcepoint is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Forcepoint scored well on a number of decision criteria, including:

• Zero trust networking: Forcepoint offers a native ZTNA solution that is tightly integrated with its firewall. Its Endpoint Context Agent (ECA) works with the Secure Access Client to give the firewall visibility beyond an IP address, including user identity, device health (such as OS version, antivirus status, and firewall status), and details about the application process initiating the connection. Administrators can create policies that use this context—for example, “Allow this service only if the user is in group X and their OS patches are current.” This enables granular access control, effectively segmenting the network on a per‑user and per‑application basis.

• Performance and throughput: Forcepoint offers a robust range of firewall solutions designed for organizations of all sizes. While its highest-tier model doesn't match the extreme performance of the most powerful options on the market, it remains modular and scalable, with 66 interfaces and 600 Mbps of throughput.

• SASE integration: Forcepoint Network Security Platform can be deployed as a gateway at the public cloud or network edge, supporting service chaining and traffic steering to Forcepoint Cloud or a third-party SASE solution. The solution supports robust SD-WAN features, as well as Forcepoint Cloud Remote Browser Isolation (RBI), CASB, and sandboxing solutions. 

Opportunities
Forcepoint has room for improvement in a few decision criteria, including:

• AI-enhanced operations: Forcepoint currently uses AI/ML in some cloud services, but AI assistants are not a prominent part of the administration experience. This is increasingly a demand of customer operations teams. AI assistants are on the vendor’s roadmap, and adding them to the platform would significantly improve operational efficiency and be welcomed by customers.

• Management automation: While the solution’s SD-WAN Orchestrator offers comprehensive automation for SD-WAN, the capabilities are not as extensive across overall management. And though the solution can automate responses, much of this relies on APIs or script-triggering. Customers, however, increasingly prefer built-in orchestration tools for creating complex automations, rather than relying on this more manual approach, which can be cumbersome. 

• Identity-based inspection and control: Forcepoint recognizes the solution could be enhanced. It is working to extend the identity-based telemetry it uses as part of its ZTNA capabilities, which will help improve the efficacy and dynamism of access controls. 

Purchase Considerations
The Forcepoint SMC uses an annual subscription model based on the number of managed NGFW engines. Each security engine (firewall appliance or instance) is licensed per device, with support renewed annually. The vendor retains some perpetual license offerings, but these are for government agencies only. Optional Feature Packs (for example, advanced URL filtering and sandboxing) are available as add-on subscriptions to extend functionality. Pricing is typically obtained through its reseller channel. 

Expert deployment services are available. They are recommended for very large or complex deployments (for example, those with more than 500 devices) to ensure optimal configuration and tuning. A migration tool is provided at no additional cost to automate the importing of existing firewall policies and objects, easing transitions from legacy systems. Forcepoint offers a range of training options for customers (available virtually) at certified training centers or on-site.

Forcepoint focuses its solutions on mid-market and enterprise organizations.

Use Cases
The Forcepoint Network Security Platform is designed to address the operational and security challenges faced by organizations with distributed infrastructures. It enables secure, high-performance connectivity among branch offices, data centers, and cloud environments, ensuring business continuity and consistent policy enforcement across all locations. It helps reduce operational complexity, maintain high availability, and protect against sophisticated cyberthreats. Its support for seamless hardware refreshes, dynamic VPN overlays, and resilient multi-ISP connectivity using Multi-Link technology makes it particularly well suited for enterprises seeking to modernize their network security while maintaining uptime.

Fortinet: FortiGate Next Generation Firewall*

Solution Overview
Fortinet is a well-established cybersecurity company with an ever-growing portfolio of security solutions, including Network Security, Enterprise Networking, Operational Technology, and Security Operations, as well as its well-regarded FortiGate firewall solutions.

FortiGate Next-Generation Firewall is built on patented Fortinet ASICs to accelerate security and networking performance. Its firewalls are backed by FortiGuard AI-powered security services that integrate advanced capabilities, including DLP, attack surface security, application controls, domain name system (DNS) security, and OT security services. FortiGate also integrates inline AI threat prevention and predictive analytics through FortiAI and FortiAnalyzer, helping reduce detection and response times.

FortiGate firewalls scale from solutions for small businesses to the high-performance 7121F solution, capable of 1.9 Tbps of raw throughput. FortiGate devices are available as physical, virtual, and cloud-native FWaaS solutions, all of which run the FortiOS operating system, allowing administrators to centralize policy deployment and provide comprehensive insight into risk and performance across the entire deployed infrastructure. The same applies to Fortinet's other security tools, such as SD-WAN, SASE, and ZTNA. All are managed via FortiManager, which is available as a physical or virtual appliance or as a SaaS solution. 

Fortinet is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Fortinet scored well on a number of decision criteria, including:

• Performance and throughput: Fortinet's comprehensive range of FortiGate appliances delivers high-performance security with throughput ranging from 5 Gbps to 1.9 Tbps. Its portfolio includes models with 4 to 140 ports, supporting speeds up to 400 GbE. For enhanced reliability and scalability, FortiGate appliances offer high availability with active-active node clustering. Additionally, virtual domain support enables logical segmentation and multinode deployment, optimizing load distribution and redundancy.

• SASE integration: The unified FortiOS architecture across FortiGate, FortiSASE, and FortiClient enables convergence of networking and security. FortiGate is both a fully featured NGFW and a gateway to FortiSASE. Fortinet offers a single-vendor SASE with unified management via FortiManager. It also offers WAN optimization built into Secure SD-WAN and integration with FortiSASE for remote users. 

• Identity-based inspection and control: Fortinet Security Fabric’s single integrated approach enables FortiGate policies to adapt dynamically to the presence and status of connected devices. For instance, the FABRIC_DEVICE dynamic address group automatically includes all Fortinet devices within the Security Fabric, allowing policies to adjust as devices join or leave the network. User IDs can be used to deliver identity-enabled enforcement, providing more comprehensive checks before granting access. Its extensive integrations include support for a number of IDPs to accommodate a broad range of identity sources.

Fortinet was classified as an Outperformer given its continued rapid development, as well as strong support for emerging technologies such as OT security and microsegmentation. 

Opportunities
Fortinet has room for improvement in a few decision criteria, including:

• AI-enhanced operations: Fortinet’s platform does offer strong AI capabilities. FortiAI provides generative AI assistance across the Security Fabric, offering natural language interfaces for security operations. The only limiting factor is that these capabilities are available only in its cloud-based management platform. Bringing this to on-box or local FortiManager platforms would help with feature parity and allow customers not using cloud management platforms to enhance operational efficiency via an AI assistant.

• Threat analytics: FortiGuard Labs provides extensive threat intelligence, including more than 100 billion daily web queries, more than 4 million global sensors, and human-validated intelligence to support a more proactive security posture for its customers. However, this still requires an additional tool, FortiAnalyzer. Adding this directly into the FortiGate ecosystem would help users with adoption and reduce the need for additional tools, even from the same portfolio. 

• Post-quantum cryptography readiness: Currently, Fortinet is delivering active post-quantum cryptography (PQC) research and pilot support and has hybrid TLS on its roadmap. Continuing this work and bringing active PQC capabilities into the FortiGate platform will be essential as the security threat posed by quantum computing becomes more of a reality.

Purchase Considerations
Fortinet does not publicly disclose pricing on its website, but information is available through its extensive partner network. FortiGate network firewalls can be acquired as standalone appliances or through subscriptions tailored for virtual and cloud environments. Simplified bundles are available, combining FortiGate firewalls with FortiGuard AI-powered security services and FortiCare premium support.

For complex environments or large-scale projects, Fortinet offers professional services, including consulting, project management, implementation, and training. Supplementary services, such as incident response, penetration testing, and attack surface assessments, are also available.

Fortinet’s broad portfolio provides solutions suitable for SMB, MSPs, and large enterprises.

Use Cases
Fortinet's broad portfolio addresses a wide range of customer use cases, including branch protection and optimizing network performance across distributed branch edges with integrated SD-WAN capabilities at no additional cost. Fortinet also offers solutions designed to meet the stringent security demands of large campuses, featuring robust deep packet and SSL traffic inspection (via the integrated FortiGuard IPS Service), web filtering, and DNS filtering. It also provides scalable solutions suitable for data center perimeter protection.

GFI Software: KerioControl

Solution Overview
GFI Software provides enterprise IT solutions to SMBs, large enterprises, and MSPs. KerioControl is its NGFW and UTM solution.

KerioControl’s UTM capabilities include firewall, intrusion prevention, VPN, and web filtering in a single platform. It is available as a hardware appliance, virtual machine, or public cloud image, providing deployment flexibility for small and midsize businesses.

Designed for ease of use, KerioControl offers a solid set of core capabilities, making it a suitable option for SMBs and those with limited or less-experienced IT staff. The solution includes ShieldMatrix Zero-Day Threat Prevention for proactive defense against unknown threats and supports multiple VPN options including IKEv2 and OpenVPN alongside the traditional Kerio VPN solution.

Centralized management of multiple KerioControl devices is facilitated through GFI AppManager, providing a single pane of glass for managing all GFI Software products. The recently introduced AppManager AI assistant offers real-time, context-specific guidance on system configurations, metric analysis, and log interpretation.

Recent updates include enhanced VPN performance, improved SSL inspection capabilities, and expanded support for cloud-based deployments. In addition, KerioControl now offers more advanced traffic shaping and quality of service (QoS) features, enabling better optimization for VoIP and critical applications.

GFI Software is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the enterprise firewall Radar chart.

Strengths
GFI Software scored well on a number of decision criteria, including:

• AI-enhanced operations: GFI Software's AI-powered assistant, GFI AppManager AI, provides real-time, context-specific guidance and advice on system configurations, metric analysis, and log interpretation. This interactive tool simplifies the interpretation of complex metrics and logs, streamlining user experience and operations.

• Threat analytics: GFI RADAR collects and analyzes data from firewall logs and external sources, applying behavioral analytics, AI/ML, and threat intelligence to enhance security policies. It includes human validation for accuracy and supports predictive analytics for automated mitigation and dynamic policy adaptation. It also uses third-party intelligence feeds from Shield Matrix, which utilizes a global fleet of traps and honeypots that report back to the Kerio control network in real time about the newest threats.

• Management automation: GFI AppManager AI provides centralized management of multiple firewalls. It offers real-time status monitoring and configuration management, including firewall traffic rules and IPS settings, and supports multitenant capabilities for managed service providers or organizations with multiple locations. 

Opportunities
GFI Software has room for improvement in a few decision criteria, including:

• Performance and throughput: While GFI Software offers a reasonable range of KerioControl devices for its primary target market of SMBs, these devices do not scale to the throughput levels required by larger enterprises. Its high-end NG720 appliance supports 9 Gbps throughput. However, GFI’s software-based deployment option allows enterprises to build custom solutions to meet higher performance demands.

• Identity-based inspection and control: While KerioControl offers IDP integration with AD and LDAP, it lacks broader integrations and does not support telemetry such as device identity to help with broader contextual analysis of identity and access. Increasingly, customers want access controls to be based on additional context, such as identity and device information. GFI Software recognizes this and has it as a roadmap item. 

• Zero-trust networking:  KerioControl offers robust native capabilities, including identity-based controls, network segmentation, and device telemetry analysis to enhance understanding of user and device behavior, and this contextual information supports risk mitigation through features such as DLP, phishing protection, and malware blocking. However, the solution lacks a dedicated ZTNA offering and instead provides ZTNA-type capabilities. Zero trust is an important part of modern security, and GFI Software should look to improve its capabilities to meet evolving needs. 

Purchase Considerations
GFI does not publicly disclose pricing on its website and sells exclusively through its partner channel. It operates on a subscription-based licensing model with 1- to 5-year terms. Licensing options include a per-hardware box, per-user licensing (fixed amount of users per year), and an MSP "pay-as-you-go” model based on the number of secured devices. Add-on software components, such as antivirus, IPS, and its zero-day AI-driven threat prevention (Shield Matrix) feature, are available separately, as are hardware and software maintenance options.

KerioControl's relatively simple deployment and effective management console can reduce the need for extensive professional services. The solution supports plug-and-play deployment on supported hardware with its own operating system, and the company provides extended documentation and technical support. SMB customers lacking the necessary in-house expertise will likely require support from GFI’s channel partners, who provide professional services when needed.

This solution is suitable for SMBs and MSPs, but its sub-10 Gbps maximum throughput will limit its use in large enterprises.

Use Cases
KerioControl is an all-in-one security solution. It is particularly suited for organizations that require secure remote access via VPN, granular web filtering, and bandwidth control. The solution supports hybrid work scenarios by providing secure connectivity for remote users and enforcing policies based on user identity. It helps with compliance and access control in regulated environments through activity logging and user-based policies, and it offers simplified network security ideal for those with limited or inexperienced IT teams. The software-only deployment option is beneficial for organizations looking to build custom firewall appliances.

Hillstone Networks*

Solution Overview
Hillstone Networks is a leading cybersecurity provider, offering comprehensive protection for workloads across the edge, cloud, and applications for enterprises and service providers.

Its firewall portfolio includes two primary lines: the A-Series, which provides a comprehensive feature set for SMB and enterprise customers with NGFW capabilities based on a hardware architecture that offers application-layer performance, and the X-Series, a multitenant firewall designed for service providers and large enterprise data centers. The X-Series scales to 3.5 Tbps of raw throughput and supports 1,000 virtual firewall systems for multitenant operations

Hillstone Network's CloudEdge solution delivers virtual firewall capabilities deployable on-prem as a virtual appliance, supporting major hypervisors and private cloud platforms. Firewall management can be scaled with dedicated server solutions. The on-prem Hillstone Security Manager (HSM) offers centralized management across Hillstone Network's product range. It now also incorporates AI-driven policy recommendations and automated compliance checks, reducing operational overhead. CloudView, its cloud-based security management and analytics platform, provides real-time centralized monitoring of multiple devices, traffic and threat analytics, real-time alarms, comprehensive reporting, and log retention. Moreover, it now offers predictive analytics and anomaly detection for multicloud deployments, improving visibility and proactive threat management. Zero-trust capabilities have been expanded across both the A-Series and X-Series, enabling identity-based segmentation and adaptive access controls.

Hillstone Networks also offers iSource, an XDR platform that integrates security data and can automatically orchestrate cohesive security responses across multiple security products and platforms, including its firewall range and select third-party offerings. 

Hillstone Networks is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Hillstone Networks scored well on a number of decision criteria, including:

• Performance and throughput: Hillstone Networks offers a broad range of solutions catering to both SMB and enterprise needs. The A-Series scales from appliances suitable for small offices, including models with integrated Wi-Fi, to larger enterprise deployments. For organizations requiring data center or large multitenant platforms, the X-Series modular data center firewalls provide high scalability, with a maximum throughput of 3.5 Tbps and support for 1,000 virtual firewall instances. 

• Threat analytics: iSource XDR and its Breach Detection System (BDS) provide comprehensive threat analytics. iSource XDR offers a data-driven, AI-powered extended detection and response platform, and BDS provides NDR with ML-based analysis and cyber kill-chain mapping. It also supports automated security orchestration with templated and custom playbooks, using MITRE ATT&CK framework mapping for threat analysis.

• Management automation: HSM provides comprehensive centralized management. It supports SD-WAN orchestration, ZTNA policy distribution, and unified device management. It can manage up to 3000 devices and also offers REST APIs for integration with external orchestration tools. 

Opportunities
Hillstone Networks has room for improvement in a few decision criteria, including:

• Zero trust networking: Hillstone’s ZTNA approach leverages existing NGFW infrastructure rather than employing separate cloud-delivered services. This approach is cost efficient but may lack the global cloud point-of-presence (PoP) support that cloud-native ZTNA vendors can provide. This is a consequence of the vendor's current lack of a SASE offering, which limits its ability to provide fully flexible services such as ZTNA in the way some of its competitors can. 

• SASE integration: The vendor does provide SD-WAN support and includes capabilities such as application-aware path selection and zero-touch provisioning. However, it lacks SSE security capabilities. Increasingly, customers are looking at their firewalls as an onramp to these cloud security capabilities, which offer new features and greater scale. Hillstone Network must find ways to address this to help its customers tackle this challenge. 

• AI-enhanced operations: Hillstone Networks' current AI features focus on threat detection and policy optimization. However, the vendor lacks the GenAI assistant capabilities that have become increasingly popular. Customers using its iSource XDR would benefit from increased AI assistant support; however, this is not native to the firewall. Finding ways to extend these capabilities for firewall-only customers would be a welcome addition, helping customers adopt AI-driven operational efficiency. 

Purchase Considerations
Hillstone Networks does not publish pricing or licensing details on its website, but it does follow a standard model: firewalls are acquired as either a hardware or service purchase, followed by the addition of appropriate software service subscriptions and support packages. CloudView and iSource XDR remain optional add-ons. 

Hillstone Networks offers a comprehensive range of professional and training services to assist customers with design, deployment, and operational training. Its broad range will be suitable for both SMBs and large enterprises, with its multitenant options ideal for MSPs. 

Use Cases
Hillstone Networks provides a broad portfolio of solutions that address use cases from small businesses to large data center requirements. It can support customers needing multiterabit high-end performance, service providers, and organizations requiring large-scale logical firewall segmentation. The availability of ancillary solutions, such as XDR, network threat prevention, and application protection, makes Hillstone Networks a suitable option for organizations seeking a single-vendor solution.

HPE Juniper Networking: SRX

Solution Overview
HPE Juniper Networking is a global provider of IT networking, software, SaaS, and network security products, primarily serving large businesses, including enterprise, cloud, and large-scale network operators. Its enterprise firewalls are based on the SRX product line.

SRX firewalls are available in physical, virtual (vSRX), and containerized (cSRX) form factors, all powered by Junos OS for consistent operations across the HPE Juniper Networking ecosystem. SRX solutions offer high scalability, with the 5800 line achieving a maximum throughput of 3.36 Tbps in its expandable chassis. Security Director, its SaaS-based management platform, provides unified policy orchestration, logging, and analytics across all SRX deployments. Zero-touch provisioning and API-driven automation simplify deployment at scale. Security Director Intelligence now leverages AI/ML to analyze logs, events, and flow data for network-based threats and provides automated policy recommendations based on learned traffic flows.

SRX integrates advanced security services, including IPS/IDS, AppSec, web filtering, AI-Predictive Threat Prevention, and ATP Cloud for malware, DNS security, and encrypted traffic inspection. Emerging capabilities include dynamic policy automation, AI-driven threat detection, and generative AI dashboards for visibility into AI application usage. HPE Juniper Networking Secure Edge extends SRX into FWaaS and SASE environments, enabling ZTNA and SD-WAN assurance.

HPE Juniper Networking has invested significantly in AI and analytics across its platform, notably with the MIST AI platform, which brings intelligence and automation to its product range. All SRX firewalls integrate with HPE Juniper Networking Advanced Threat Protection, providing AI-powered security against malware, IP traffic, and DNS attacks. 

HPE Juniper Networking is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
HPE Juniper Networking scored well on a number of decision criteria, including:

• Performance and throughput: HPE Juniper Networking offers a highly scalable firewall portfolio, headlined by the SRX5800 chassis, which delivers up to 3.36 Tbps of NGFW performance and supports up to 338 million concurrent connections. Its firewalls are available in various form factors, including containerized options for protecting modern environments.

• Management automation: The vendor’s firewalls support an effective orchestration layer natively through Security Director Cloud and via open APIs for third-party integrations, delivering automation for alerts, configuration, and policy management. Security Director Cloud enables unified policy definition across SRX devices and SASE components and provides automated workflows for threat alerts and remediation actions. It also provides zero-touch provisioning and template-based configuration for rapid deployment, as well as dynamic policy updates driven by identity, application, and threat intelligence.

• SASE integration: SRX Firewall is a fully featured firewall that also offers a gateway to SASE services. SRX Firewall has native SD-WAN services, enabling secure, flexible, and efficient WAN management for branch, campus, and distributed enterprise environments. It also integrates seamlessly with HPE Networks SASE/FWaaS and Security Director Cloud, enabling customers to extend unified security policies and visibility across on-prem, cloud, and remote environments. The firewall acts as both a standalone security enforcement point and a gateway to broader SASE services.

HPE Juniper Networking was classified as an Outperformer due to its continued rapid development of new capabilities. This includes strong performance in emerging areas such as OT Security, microsegmentation, and post-quantum cryptography readiness. 

Opportunities
HPE Juniper Networking has room for improvement in a few decision criteria, including:

• Zero-trust networking: While HPE Juniper Networking offers ZTNA functionality, it is not natively integrated into the firewall solution. Instead, it is delivered through its SSE service, which may require customer integration efforts and additional service costs. Bringing this natively into the SRX line would help reduce this complexity and make ZTNA more readily available to its customers. 

• Identity-based inspection and control: The SRX Firewall leverages user identity to deploy granular policies, monitor usage patterns, and strengthen threat detection. It can integrate with external directories (AD, LDAP, RADIUS, SAML) and its own cloud identity services. However, it lacks granular behavior-based controls, and the controls it does have are policy-based rather than more dynamic, behavior-based controls. Extending these capabilities to offer a more dynamic, identity-based control plane would help customers meet their needs for more identity-based and dynamic access controls. 

• AI-enhanced operations: Though the vendor currently leverages AI for threat detection and analytics, including anomaly detection, malware identification, and predictive threat prevention, the solution lacks AI-driven capabilities within the admin console, such as automated policy recommendations, log analysis, or incident triage. While some of this can be achieved via orchestration from its management platform, customers increasingly demand AI assistants to help operations teams improve efficiency and efficacy. Introducing AI assistants in the SRX platform would provide welcome operational support. 

Purchase Considerations
HPE Juniper Networking supports both subscription-based and perpetual licensing models with per-device licensing. Advanced Security feature sets follow a three-tier model of Standard, Advanced, and Premium available across physical SRX, vSRX, and cSRX deployments. Subscription licenses are offered in 1-, 3-, and 5-year terms with embedded support. The HPE Juniper Networking Flex model allows customers to purchase a pool of software licenses applicable across their Juniper deployments. 

The company offers a range of professional services and training to support customer adoption, including SRX Deployment Service packages for complex scenarios and a certified partner ecosystem.

HPE Juniper Networking’s firewalls scale from small offices to global data centers, with compact models serving branch sites and high-end systems delivering carrier-grade performance for service providers. 

Use Cases
SRX firewalls address hybrid enterprise environments by delivering unified security across physical, virtual, and cloud-native deployments. This simplifies compliance and reduces operational complexity for organizations adopting multicloud strategies. For high-performance data centers and service providers, SRX offers carrier-grade throughput and hardware acceleration, ensuring security without compromising performance. SRX supports zero-trust initiatives through AI-powered threat prevention, dynamic policy automation, and adaptive access controls. For customers planning a future transition to SSE and SASE, Security Director provides a valuable tool to facilitate this evolution while supporting hybrid environments across on-prem, cloud, and remote locations.

Palo Alto Networks

Solution Overview
Palo Alto Networks is a leading cybersecurity company specializing in next-generation firewalls, threat prevention, and cloud security. As a global IT provider, it offers networking, security, and managed services.

Its enterprise firewall range is built on the PAN-OS operating system and is available in hardware, virtual, cloud-native, and containerized formats (for Kubernetes workloads). The Prisma SASE platform also incorporates PAN-OS. This consistent operating system across the entire range ensures uniform management and capabilities.

Palo Alto Networks offers a highly scalable range, from small deployments to the high-end PA-7500, capable of 1.5 Tbps of throughput. While the firewalls were traditionally managed via the Panorama appliance, customers can now leverage the cloud-based Strata Cloud Manager platform, which offers enhanced analytics, proactive management, and AI-driven operational streamlining. Palo Alto Networks’ firewalls can also function as Prisma Access Hubs, integrating with the Prisma SASE offering and providing a migration path to SASE.

Palo Alto Networks’ firewalls integrate with its cloud-delivered security services, embedding advanced functionalities such as threat prevention, DNS security, DLP, and IoT security. This ensures rapid mitigation of newly detected threats across all Palo Alto Networks firewall and SASE deployments.

Firewalls are purchased as devices, with optional add-on licenses for additional services, including a separate license for the Strata Cloud Manager platform.

Palo Alto Networks is positioned as a Leader and Outperformer in the Maturity/Platform Play Quadrant of the enterprise firewall Radar chart. 

Strengths
Palo Alto Networks scored well on a number of decision criteria, including:

• Performance and throughput: Palo Alto Networks offers a highly scalable firewall range. Its high-end devices boast a maximum throughput of 1.5 Tbps and support 440 million connections. The high-end solutions are chassis-based, supporting a wide range of modules and connectivity options. 

• Threat analytics: Threat intelligence is a key strength of Palo Alto Networks. Its Unit 42 threat intelligence is seamlessly integrated across all firewall solutions, from physical devices to SASE. This cloud-delivered suite of security services enables rapid threat detection, with Palo Alto Networks claiming that the first customer to encounter a zero-day attack will be the only one. The Strata platform further enhances this service, providing additional analytics and dashboards for operations staff.

• SASE integration: Palo Alto Networks Prisma Access provides full SASE capabilities integrated with its NGFW. It delivers seamless integration and management of the NGFW within its Prisma SASE cloud. The Prisma SASE cloud is a comprehensive solution that provides extensive SD-WAN and security capabilities. 

Palo Alto Networks was classified as an Outperformer for its continued rapid delivery of new capabilities to the market. It also demonstrates leadership in emerging areas such as OT security and post-quantum cryptography readiness.

Opportunities
Palo Alto Networks has room for improvement in a few decision criteria, including:

• Management automation: Palo Alto Networks offers two management platforms. Panorama is its traditional comprehensive on-prem solution, which provides some policy-based automation but relies on third-party tools for more complex orchestration. Strata, its newer cloud-based management platform, is constantly evolving with new features, including AI-based management, best practice assessments, and native orchestration capabilities. Customers should be aware of some current feature disparities between the two platforms and choose the one that best meets their needs. Closing these gaps to deliver a single, consistent management platform for its customers would be desirable. 

• Zero-trust networking: The vendor does provide full ZTNA capabilities, including continuous trust verification and unified DLP. However, the ZTNA solution requires a separate subscription to the Prisma Access platform. Including ZTNA capabilities natively in the firewall stack would remove some commercial and technical complexity for its customers. 

• AI-enhanced operations: Palo Alto Networks delivers high-fidelity security through its Precision AI system, which is natively embedded across its firewall solutions. Precision AI integrates machine learning and deep learning directly into the firewall stack to enable inline prevention of unknown, zero-day attacks in real time. However, its Strata Copilot (a generative AI assistant) is available only in the Strata Cloud Manager to simplify management tasks and is not a native component of the firewall solution. While this is not an issue for customers invested in the full stack, Palo Alto Networks could provide some AI assistant capabilities to firewall-only customers to aid operations and help drive efficiency. 

Purchase Considerations
Palo Alto Networks’ firewalls are available in multiple form factors and can be purchased or subscribed to, particularly for cloud deployments. The company offers a range of additional licenses for services such as Strata Cloud Manager, SD-WAN, IoT Security, and GlobalProtect VPN. FWaaS is also available via its Palo Alto Networks Prisma Access platform.

Palo Alto Networks offers a range of support options and professional services to assist with deployment and design.

While Palo Alto Networks offers solutions suitable for even the smallest customers, it is not typically the first vendor considered in that sector.

Use Cases
Palo Alto Networks provides a wide range of solutions that can address most use cases. The scalability of these solutions makes it well-suited for organizations requiring strong data center performance, and integration with Palo Alto Networks' SASE platform provides a smooth transition path for those considering SASE adoption. The Strata platform offers valuable insights for data centers with experienced security operations center (SOC) staff.

SonicWall

Solution Overview
SonicWall is a cybersecurity vendor delivering advanced solutions for network, endpoint, and cloud security.

Its NGFW portfolio is designed to protect organizations of all sizes, from SMBs to large enterprises, through a unified platform that spans physical, virtual, and cloud environments. The solution combines hardware appliances—for example, the TZ Series, Network Security Appliance (NSa) Series, and Network Security Services Platform (NSsp) Series—and virtual firewalls, all operating on SonicOS and providing integrated security services. Its high-end NS firewalls include 100 GbE and SFP+ ports for flexible connectivity. Management is centralized through SonicWall Unified Management, a cloud-native SaaS console that simplifies policy enforcement across distributed networks while providing misconfiguration guidance and deployment-wide threat analysis. SonicWall has also introduced SAMI, an AI assistant integrated into the platform, enabling natural language queries for firewall and user traffic analytics, task automation (including firmware upgrades), and best-practices guidance.

The firewall platform includes multilayered threat prevention capabilities such as ATP sandboxing, real-time deep memory inspection, and patented Reassembly‑Free Deep Packet Inspection (RFDPI) technology for encrypted traffic inspection without performance loss. Zero-touch deployment accelerates rollout for branch offices and hybrid environments. Credential Auditor has also been introduced to identify compromised credentials and enforce access restrictions, improving insider risk management. 

SonicWall is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
SonicWall scored well on a number of decision criteria, including:

• SASE integration: SonicWall allows customers to deploy its firewalls as fully featured security appliances and as gateways to its SASE services, all under the SonicWall Unified Management platform. The SonicWall firewall serves as a secure on-ramp to Cloud Secure Edge (CSE). SonicWall firewalls retain local traffic inspection and threat prevention capabilities at the edge. Security assessment and enforcement can be performed on the device (for latency-sensitive or internal traffic) and in the cloud (for roaming users or SaaS access), offering flexible hybrid enforcement rather than offloading all protection to the SASE layer. 

• Zero trust networking: SonicWall approaches zero trust by combining on-device capabilities (identity and device posture awareness) with CSE for ZTNA. On the firewall, SonicWall has extensive identity integration (including AD, Entra ID, and Okta) and coordinates with endpoint protection (its Capture Client product) to obtain device health signals. SonicWall’s CSE provides clientless ZTNA for remote access, tightly integrated with the firewalls, ensuring that whether a user is local or remote, least-privilege rules are applied consistently.

• Threat analytics: SonicWall's security management tool provides valuable insights and proactive guidance across the entire SonicWall ecosystem. Although it doesn't appear to integrate with external threat intelligence platforms, its ATP service offers robust, proactive security analytics, including execution analytics and sandboxing.

Opportunities
SonicWall has room for improvement in a few decision criteria, including:

• Performance and throughput: SonicWall offers a number of strong solutions, particularly for the SMB market. However, its top-line performance of 105 Gbps will be limiting for larger customers. SonicWall provides a compelling solution, but it will need to explore devices with higher throughput to compete in the large-enterprise firewall market.

• Identity-based inspection and control: SonicWall firewalls are designed to deliver user-aware security, allowing policies, analytics, and threat detection to be applied based on the user's identity, not just their IP address or device. This identity-based approach enhances visibility, policy precision, and overall risk mitigation. While this is a solid approach, it lacks behavioral analytics to provide a more context-rich and dynamic way to enable identity-based control. 

Purchase Considerations
Firewalls can be purchased as standalone solutions (hardware with a subscription support license) or as fully subscription-based services, depending on the specific firewall model. SonicWall has also expanded its consumption models to include FlexSpend credit-based pricing. Customers can choose service tiers such as Advanced Protection or Managed Protection, with terms ranging from one to five years. SonicProtect subscriptions allow service continuity when upgrading hardware mid-term. Customers should also note that when deploying high availability (HA), only one license is required for high-availability pairs, reducing operational overhead.

SonicWall also provides a complimentary embedded warranty from Cysurance for up to $200,000 for its firewall customers. Warranty programs now extend from $100,000 to $1 million in coverage, with managed security services packages including cyber insurance options and partnerships with SOC and MDR providers. This warranty is included with Advanced Protection and Managed Protection services.

SonicWall’s portfolio supports SMB, MSP, and enterprise customers. 

Use Cases
SonicWall firewalls address key enterprise challenges by simplifying security for distributed environments, hybrid clouds, and remote workforces. The Secure SD-Branch solution integrates NGFWs, SD-WAN, secure Wi-Fi, and endpoint security under a unified management console, reducing complexity for multisite deployments. Integration with SonicWall’s SSE and ZTNA capabilities enables granular, identity-based access for remote and on-prem resources, replacing traditional VPNs with a more secure model. New identity risk features, such as Credential Auditor, strengthen insider threat mitigation by blocking access when compromised credentials are detected. 

Sophos: Sophos Firewall

Solution Overview
Sophos offers a broad range of security solutions encompassing endpoints, networks, and security operations, suitable for both SMBs and midsize enterprises.

Sophos Firewall provides next-generation firewall capabilities through its XGS Series, available in hardware, virtual, and cloud form factors. The range scales from small-business deployments to midsize enterprises, with the most powerful model offering 190 Gbps of raw throughput. Performance is optimized through the Xstream FastPath Acceleration architecture, which offloads several operations to a dedicated engine, freeing resources for deep packet inspection. Firewalls offer integrated SD-WAN capabilities, including performance SLA link detection, enhanced routing with failover and fallback mechanisms, and real-time monitoring and logging. Sophos Firewall offers direct integration of its NDR Essentials, providing multiple Sophos NDR models to detect threats on the network without impacting firewall performance. Sophos Central serves as the unified cloud-based management console for all Sophos products, enabling zero-touch deployment, centralized policy control, and SD-WAN orchestration.

Sophos Firewall integrates natively with Sophos MDR and XDR, enabling Active Threat Response (ATR). ATR allows threat indicators from Sophos MDR analysts, customer XDR teams, or third-party feeds to be pushed directly to the firewall, which then automatically blocks related traffic without manual rule creation. All Sophos firewalls now function as ZTNA gateways with its integrated zero trust capabilities, supporting zero-touch deployment across all form factors. Sophos also adheres to CISA’s Secure by Design initiative, integrating product security capabilities like automated hotfixes of known vulnerabilities and Firewall Health Check to ensure optimally configured firewalls. Additionally, Sophos offers Synchronized Security, which automatically isolates compromised endpoints, and its GenAI-powered Sophos Assistant for guided configuration workflows.

Sophos is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Sophos scored well on a number of decision criteria, including:

• Zero trust networking: Sophos offers flexible ZTNA deployment, available either through the Sophos ZTNA gateway on Sophos Firewall or as a service via the Sophos Cloud. Regardless of the chosen deployment model, Sophos ZTNA is managed through Sophos Central. Licensed per user, it is a separate SKU from Sophos Firewall (though three free ZTNA user licenses are included per firewall to facilitate the transition from VPN to ZTNA).

• Threat analytics: Sophos leverages its synchronized security strategy for automated threat detection and response and proactive, automated firewall updates. ATR allows threat indicators from Sophos managed detection and response (MDR) analysts, customers’ extended detection and response (XDR) SOC, or third-party feeds to be pushed directly to the firewall, which then automatically blocks related traffic without manual rule creation, enabling rapid response to new threats. Policy updates can be pushed to all devices without requiring rule changes, minimizing risk. The platform also integrates with Sophos Labs for zero-day protection and includes cloud sandboxing to detect additional zero-day threats. 

• AI-enhanced operations: Sophos uses AI across its platform. Sophos Firewall's ATR functionality supports sophisticated threat identification using AI (leveraged by the SophosLabs and X-Ops teams) or via AI-produced threat intel from third-party feeds. This has been further augmented with Sophos NDR’s AI/ML, recently ported to Sophos Firewall. Importantly, Sophos operationalizes this through its GenAI-based in-product assistant, which provides contextual guidance, explains security concepts, and steers user workflows to help administrators avoid configuration errors.

Opportunities
Sophos has room for improvement in a few decision criteria, including:

• SASE integration: While Sophos provides strong SD-WAN capabilities, it currently lacks an SSE extension to support SASE offerings. Its firewalls can act as gateways to third-party SASE platforms but are not fully managed parts of those platforms. Sophos plans to address this with the February 2026 launch of Sophos Workspace Protection, which will offer Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and ZTNA via a secure enterprise browser integrated with Sophos’ on-prem products. Done well, this will fill a gap and enable Sophos to provide SASE services for its customers. 

• Management automation: Sophos management is largely policy-based. While some dynamic policy capabilities are offered, it lacks the ability to build more dynamic and complex orchestrations. Providing more intelligent and comprehensive orchestration capabilities across its own tools and potentially with third-party integrations would significantly benefit customers who are increasingly looking to centralize orchestration capabilities and provide an integrated security automation approach. 

• Performance and throughput: Sophos offers a good range of products for SMB and mid-market customers. However, enterprise-level scalability is not as extensive as some high-end competitors. The top-of-the-line XGS scales to 190 Gbps. Still, it provides a strong portfolio for its target markets, with solutions ranging from small businesses to high-performance deployments. They also offer specialized solutions, such as the SD-RED remote edge solution. However, to increase its viability for larger enterprises, it will need to consider higher-throughput devices.

Purchase Considerations
Sophos publishes details of its licensing and support models on its website. It offers a base license for its firewall solutions covering NAT, routing, VPN, SD-WAN, and core firewalling. Additional protection bundles (Xstream Protection or Standard Protection) are available that include advanced threat prevention, NDR Essentials (Xstream-only), orchestration, and reporting.

Sophos offers a virtual installer for product evaluation and trial, including a 30-day free trial. Targeting the SMB and distributed edge markets, the company aims to simplify initial deployment and configuration, reducing the need for professional services and specialized training. Professional services, training modules, and free migration tools are offered for customers migrating from competitor firewalls or requiring advanced configurations. Migration tools and a help desk support transitions from legacy environments.

Sophos solutions are suitable for SMB, MSP, and some large enterprises. Large enterprise customers should note that Sophos Firewall may not be appropriate for use cases requiring throughput exceeding 200 Gbps.

Use Cases
Sophos offers a robust set of capabilities for various use cases within its target market. This includes organizations seeking automated threat response, leveraging the firewall's integration with endpoint, NDR, XDR, and MDR tools to automatically respond to threats identified at the firewall, endpoint, or by security analysts. Sophos's capabilities are also well-suited for customers exploring modern networking technologies like SD-WAN and ZTNA. As of February 2026, Sophos will also address comprehensive workspace protection needs for organizations managing distributed workforces that access private applications, SaaS platforms, and web-based resources, with integrated browser isolation, data loss controls, email monitoring, and SaaS application usage monitoring. Customers looking for vendors committed to Secure by Design will find features like active monitoring and patching of Sophos’s products appealing.

Stormshield: SN Series

Solution Overview
Stormshield is a European cybersecurity vendor specializing in trusted network security solutions. The Stormshield Network Security (SNS) firewall range delivers next-generation protection across physical, virtual, and cloud environments.

The SN Series operates as both physical and virtual appliances, with cloud deployment options available through Amazon Web Services (AWS), Azure, and sovereign European marketplaces. All firewalls share common firmware, enabling unified security policy management across IT and OT environments. Core capabilities include IPS, application control, VPN, vulnerability management, antivirus, antispam, and web filtering functionality. Recent developments include enhanced support for zero-trust architectures and improved orchestration for hybrid environments. Performance scales across the range, with SN-XL-Series delivering firewall throughput beyond 300 Gbps.

Centralized management is provided via Stormshield Management Center, enabling unified policy control and real-time monitoring across distributed deployments. It also offers, as an additional product, the Stormshield Log Supervisor solution, which aggregates logs and delivers enhanced analysis to provide insight into status and events across the network.

Stormshield also offers specific segmentation features for OT networks, including network segmentation, deep packet inspection, and contextual analysis of OT protocols, ensuring granular control over authorized messages and prevention of known and unknown attacks, making it suitable for industrial and critical infrastructure use cases. It also supports post-quantum cryptography standards.

As a European vendor, Stormshield has invested in ensuring it has a wide range of geographically suitable compliance qualifications. This includes ANSSI Standard Qualification, Common Criteria EAL4+, NATO Restricted, and SOG-IS compliance, positioning it for government, defense, and critical infrastructure.

Stormshield is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Stormshield scored well on a number of decision criteria, including:

• Performance and throughput: Stormshield delivers competitive performance across its product range, with scalable platforms that support license-based upgrades. Its flagship product delivers more than 300 Gbps of firewall throughput for data center deployments. The scalable platform architecture enables customers to upgrade within each series (S, M, L, XL) by changing licenses rather than hardware, providing investment protection.

• Threat analytics: Stormshield’s log analytics is a comprehensive threat analysis tool. It provides a unified view of event logs from Stormshield Network Security firewalls (SNS) and more than 300 other sources. It also analyzes flows and events across an infrastructure. Stormshield Customer Security Lab provides dedicated threat intelligence research and protection development.

• Management automation: Stormshield Management Center (SMC) provides centralized management for multisite SNS firewall deployments. The platform enables real-time configuration and, with unified firmware across all physical and virtual appliances, simplifies management and ensures consistent security policies across IT and OT deployments.

Opportunities
Stormshield has room for improvement in a few decision criteria, including:

• AI-enhanced operations: The vendor uses AI behind the scenes in its cloud sandboxing solution for malware detection and in the Stormshield Customer Security Lab (the Cyber Threat Intelligence team), which provides threat research and indicator of compromise (IoC) analysis. However, it does not currently offer any operational AI support such as policy automation or natural language queries of data sets. Adding these would enable customers to take advantage of operational AI to improve efficiency.

• SASE integration: Stormshield provides SD-WAN capabilities within its SNS firewall range, offering operator-agnostic WAN link management and optimization. However, it does not position a complete single-vendor SASE platform and does not provide any SSE-type capabilities in its portfolio. Customers today see the opportunity that cloud-based security tools provide in terms of both scale and flexibility. To remain competitive, Stormshield will need to consider how it can make this part of its approach. 

• Identity-based inspection and control: While SNS firewalls integrate with enterprise identity providers (including LDAP, RADIUS, Active Directory, OpenID Connect, and Entra ID) and offer user- and group-based policy enforcement, the platform lacks real-time use of identity and additional context to provide more dynamic controls. Increasingly, customers understand the importance of both identity and context to deliver accurate access control. Stormshield could strengthen its capabilities by incorporating additional context and deeper behavioral analysis to enable more dynamic control. 

Purchase Considerations
Stormshield offers flexible licensing models, including perpetual and subscription-based options for hardware and virtual deployments. Pricing details are typically obtained through authorized partners, with evaluation licenses available for proof-of-concept projects.

Professional services are available for design, deployment, and optimization, alongside online or onsite training programs.

Stormshield targets SMBs and large enterprises, with strong adoption in government and industrial sectors.

Use Cases
Stormshield SNS firewalls address key business challenges. They support compliance-driven industries by providing audit-ready reporting and certified security controls. For distributed enterprises and industrial environments, segmentation and centralized management reduce complexity while maintaining resilience and performance. Government and defense organizations will find its extensive European certifications attractive when evaluating firewall requirements. 

Teldat: be.Safe Pro

Solution Overview
Teldat provides network and security solutions primarily for enterprise and carrier environments, with be.Safe Pro serving as its next-generation firewall and secure access platform. Historically focused on communications in Latin America and Europe, Teldat has significantly expanded its cybersecurity offerings and is exploring new markets.

be.Safe Pro offers unified threat management, combining firewall, VPN, intrusion prevention, and secure web access in a single platform. It is available in physical and virtual form factors. Teldat also now offers an SSE cloud service that provides a range of capabilities, including NGFW, SWG, IPS, ZTNA, DLP, and CASB; all features are available across physical, virtual, and SSE deployments. All services are managed through a single, centralized console. Teldat has also added innovative solutions such as its virtual patching capability, which proactively addresses potential vulnerabilities before major operating system updates are required, and its proprietary "Self Virtual Patching" feature that applies virtual patching to the device itself.

The feature parity across its product set provides a consistent management experience. For example, firewall rules can be dynamically adjusted based on threat intelligence from the XDR solution. Additionally, threat analysis can be offloaded from overburdened endpoint devices to the cloud-based SSE, reducing endpoint load. The solutions also incorporate advanced threat detection powered by AI/ML analytics, providing predictive security against malware and encrypted traffic threats. 

Teldat is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the enterprise firewall Radar chart.

Strengths
Teldat scored well on a number of decision criteria, including:

• SASE integration: Teldat’s platform is designed to serve as both a typical NGFW and a SASE gateway. Its firewalls can enforce policies locally and act as a SASE edge connecting to its cloud services. Teldat supports seamless integration with its own cloud SSE platform (be.Safe Cloud) and also allows the use of third-party SASE through standard tunnels. All SD-WAN features (like dynamic path selection and ZTP) are natively supported, and policies are unified whether traffic is going out locally or through the cloud.

• Performance and throughput: Teldat’s high-end offerings deliver more than 100 Gbps of throughput and a wide range of interfaces. Its portfolio is designed to deliver consistently high performance across a wide range of deployment scenarios, from branch connectivity to high-capacity data centers.

• Zero-trust networking: Teldat’s zero-trust capabilities are natively embedded in the firewall platform and enhanced through integration with identity and telemetry ecosystems. Organizations can implement zero trust incrementally, starting with identity-based access and network segmentation and then extending to continuous trust verification and adaptive policy enforcement. Integration with its SSE platform helps deliver this at cloud scale. 

Opportunities
Teldat has room for improvement in a few decision criteria, including:

• Threat analytics: While Teldat offers threat analytics delivered by Threat Labs, these capabilities are only available at a basic level within its firewalls. Customers will be able to extend this using Teldat's XDR platform to provide more comprehensive telemetry collection and analytics. However, integrating more of these capabilities directly into the firewall would enable more robust analysis of threats identified by the firewall without requiring  investment in additional platforms, which would benefit customers.

• Identity-based inspection and control: Teldat’s Be.Active is an SSO solution integrated with the local Windows domain. It receives login information from domain controllers, can update users' IP addresses, and can apply firewall rules to users and update them dynamically. While this is a good feature, there is an opportunity to expand further and extend this beyond Microsoft Identity Platforms and provide more contextual, real-time assessment of identity behaviors, giving customers greater flexibility and richer context to apply dynamic identity-based controls. 

• Management automation: Teldat meets basic management automation standards, providing a central management platform for deploying policies with a single policy change. Basic tasks like report generation can also be automated. However, more advanced orchestration and automation require integration with third-party tools, which the solution supports. That said, customers expect to orchestrate more complex security responses and, if a tool cannot do this natively, enable it via integration. Teldat should consider developing these areas further to help customers meet these advanced orchestration needs.

Purchase Considerations
Teldat be.Safe Pro licensing is subscription-based, with options for 1-, 3-, and 5-year terms. Customers can choose between hardware appliances or virtual deployments, with security services bundled into tiered packages. Virtual firewalls and SD-WAN are priced based on bandwidth utilization, while the SSE product follows a subscription model for security-as-a-service delivery. Pricing is handled through Teldat’s partner network, and evaluation licenses are available for proof-of-concept deployments.

Teldat offers professional services and training for complex deployments, including SD-WAN and ZTNA rollouts.

Teldat solutions are suitable for SMBs through large enterprises. 

Use Cases
Teldat's solutions are well suited to organizations with complex deployments. The solutions are especially relevant for distributed retail chains that require zero-touch provisioning across hundreds of stores, financial institutions with branch networks that need secure direct internet access, and carriers serving B2B environments that require rapid, standardized deployments. The company's expanding product portfolio also positions it as a viable option for organizations seeking a single-vendor security stack with unified management capabilities.

Ubiquiti: UniFi Cloud Gateway*

Solution Overview
Ubiquiti is a global networking vendor that provides solutions for SMBs and distributed enterprises. Its UniFi product line includes Cloud Gateway, which integrates routing, firewall, and VPN capabilities into a single platform.

It offers a range of devices, from small models to its large-scale Enterprise Fortress Gateway product, which supports a maximum throughput of 23.5 Gbps. Cloud gateways are hardware appliances that combine advanced routing with integrated security features such as stateful firewalling, VLAN segmentation, and site-to-site VPN.

The platform is designed for simple deployment and management while still offering key capabilities required for an enterprise firewall. This includes routing and SD-WAN with load balancing and failover, as well as intelligent distribution of traffic across links. SD-WAN functionality is managed with its license-free Site Magic, which simplifies site-to-site connectivity. UniFi Cloud Gateway provides a stateful firewall with zone-based segmentation to simplify policy management, along with Layer 7 application awareness, allowing filtering by application, website, or category.

Management is centralized through the UniFi management platform, Site Manager, allowing central management of multiple sites and device types. An admin can configure networks, push updates, and monitor all UniFi gateways, switches, and Wi-Fi access points. It provides real-time traffic flow analytics and activity logs, as well as zero-touch provisioning and intuitive setup.

Ubiquiti is positioned as an Entrant and Fast Mover in the Innovation/Feature Play quadrant of the enterprise firewall Radar chart.

Strengths
Ubiquiti scored well on a number of decision criteria, including:

• SASE integration: While Ubiquiti does not provide a complete SSE solution for full SASE, it does offer license-free SD-WAN with multi-WAN load balancing and failover. UniFi Site Magic provides automated link setup, allowing customers to easily build site-to-site SD-WAN. 

• Management automation: Site Manager offers centralized multisite management, including Site Magic and automated SD-WAN management. It also provides update management, update scheduling, and APIs to integrate UniFi management with third-party tools for ticketing or monitoring.

• Microsegmentation: UniFi gateways support VLAN-based network segmentation with zone-based firewall policies. Advanced filtering by regions, domains, and applications is available. This level of segmentation works well with its target market, where areas such as workload segmentation and integration with technologies such as VMware NSX are not usually required. 

Opportunities
Ubiquiti has room for improvement in a few decision criteria, including

• Performance and throughput: This vendor focuses on the small business market, which is reflected in its performance numbers. Its high-end Enterprise Fortress Gateway delivers 12.5 Gbps of IPS throughput with 25G SFP28 interfaces. However, this may not meet the demands of larger organizations. If Ubiquiti is interested in this space, developing higher-performance solutions will be necessary. 

• Identity-based inspection and control: UniFi Identity is a separate identity platform that supports SSO across the UniFi range. However, it is limited in terms of how the firewall interacts with identities, offering little identity context or dynamic policy delivery. Customers are increasingly demanding this type of dynamic, identity-based policy control, and adding it would enhance the appeal of the solution. 

• AI-enhanced operations: While the solution uses AI (for example, Enterprise Fortress Gateway’s NeXT AI Inspection, a license-free, real-time inspection of encrypted packets with SSL/TLS decryption), it does not extend this to operational AI assistants. This capability is increasingly expected by customers, and adding it would enhance the appeal of Ubiquiti’s solution.

Purchase Considerations
Ubiquiti follows a hardware-plus-software model, with cloud gateways purchased as physical appliances and managed via the UniFi Cloud Console. Pricing is publicly available on Ubiquiti’s Store website. A 90-day support period is included in the initial purchase price, and 24/7 phone support services are available at an additional cost. All software capabilities are included in the purchase price, with no additional licenses or subscriptions required.

Professional services are limited compared to traditional enterprise vendors, but Ubiquiti offers extensive online documentation, community support, and training resources.

Target markets include SMBs, MSPs, and distributed organizations seeking simplified network security and management. 

Use Cases
UniFi Cloud Gateway addresses network complexity by unifying enterprise networking, security, and management functions in a single software interface. Its simplified multisite management scenarios, with Site Magic SD-WAN, will help those looking to deploy simple SD-WAN and intersite connectivity. Its operational and commercial simplicity will make it attractive for SMBs and MSPs looking for complete network solutions. 

WatchGuard: Firebox

Solution Overview
WatchGuard specializes in cybersecurity solutions for SMBs and the MSP channel, offering a wide range of products and services.

WatchGuard's firewall portfolio is built on the Firebox product line, available in physical, virtual, and cloud form factors. Devices range from tabletop models to midsize data center solutions. The M4800/5800 series delivers up to 87 Gbps of firewall performance. Firebox now incorporates enhanced AI-driven threat detection, including IntelligentAV-powered machine learning malware defense and APT Blocker AI-powered sandboxing services, delivering consistent protection and policy enforcement across distributed environments. Management is centralized through WatchGuard Cloud, a SaaS-based platform offering multitenant capabilities for MSPs and distributed enterprises. Zero-touch deployment simplifies provisioning, while WatchGuard System Manager remains available for on-box management.

Firebox offers a comprehensive suite of services, including IPS, URL filtering, gateway antivirus, and advanced protections such as file sandboxing and DNS filtering. Firebox integrates with WatchGuard’s ThreatSync XDR platform, aggregating telemetry from endpoints, Wi-Fi, and identity sources to provide unified threat visibility and automated remediation. Emerging capabilities include ThreatSync+ NDR for AI/ML-based anomaly detection and Open XDR integrations for third-party telemetry ingestion.

WatchGuard is expanding its portfolio with FireCloud, a SASE solution that provides secure internet access and VPN replacement capabilities. AI-driven features, including sandboxing and log analysis, are being integrated into ThreatSync to improve detection and operational efficiency. 

WatchGuard is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the enterprise firewall Radar chart.

Strengths
WatchGuard scored well on a number of decision criteria, including:

• Threat analytics: The ThreatSync platform uses AI and machine learning to analyze network and endpoint data, proactively detecting and responding to threats. By correlating data from multiple sources (including Firebox devices, endpoints, and third-party threat intelligence), it identifies anomalies and potential attacks, enriching security policies for more precise threat detection and response.

• SASE integration: WatchGuard offers a full-featured firewall tightly integrated with SASE services as part of the Unified Security Platform. Its FireCloud Internet Access provides cloud-hosted protection for users accessing the internet and SaaS applications. In addition, as part of WatchGuard’s SASE approach, FireCloud Total Access extends security to private resources through zero-trust access and conditional policies, providing customers with a solid starting point for SASE deployment. 

• Management automation: WatchGuard Cloud offers a broad range of automation and dynamic policy provisioning across its growing product portfolio. It provides automated provisioning, scheduled reboots, and firmware upgrades. It also supports configuration templates, allowing for zero-touch deployment. It also has PSA integrations to aid its MSP community in end-to-end device management. The solution also provides APIs to enable third-party SOAR integration.

Opportunities
WatchGuard has room for improvement in a few decision criteria, including:

• Performance and throughput: While WatchGuard offers a good range of devices, from small tabletop units to higher-performance firewalls, its focus on MSPs and SMBs means its high-end offerings, with a maximum throughput of around 87 Gbps, may not meet the performance demands of larger enterprises. To appeal more to larger customers, WatchGuard can build on its robust capabilities with higher-throughput hardware solutions. 

• AI-enhanced operations: While WatchGuard does leverage AI, much of it operates behind the scenes and within the SOC rather than as user-facing functionality. More operational, user-facing AI assistance is on the vendor’s roadmap, and delivering on this will be key to sustaining WatchGuard’s appeal, as customers increasingly expect AI-driven operational support to improve efficiency.

Purchase Considerations
WatchGuard does not publicly disclose firewall pricing, although it provides guidance on its packaged licenses. Purchasing and pricing are handled through its partner network. Firebox is priced by model, with the option to add either the Total Security Suite or the Basic Security Suite. Subscription terms include 1-, 3-, and 5-year options. There are also specific options for MSPs, including monthly billing and managed security service provider (MSSP) points, providing a range of flexible options. 

While deployment is similar to other vendors in this space, WatchGuard offers professional services for installations, allowing partners or customers to work directly with their support organization. WatchGuard provides free sales and technical training for all customers through the WatchGuard Learning Center. Its training department also offers online technical training. 

This solution is primarily aimed at the SMB and MSP markets and has developed a range of management tools designed to deliver a good experience, particularly for this market segment. 

Use Cases
WatchGuard's comprehensive capabilities make it an attractive option for SMBs seeking robust firewall protection. Its solutions are also well suited for organizations with hybrid networks supporting remote workers and those requiring distributed enterprise deployments, thanks to centralized management and zero-trust deployment capabilities through FireCloud Total Access. Its MSP tooling and integrations make it a strong platform for building customer offerings, particularly with the addition of AI-powered threat correlation and automated response capabilities that reduce analyst workload.

The enterprise firewall market, though mature, continues to innovate to address evolving cybersecurity challenges and threats. Vendors are embracing new technologies and strategies, including the use of AI, tackling post-quantum encryption and integrating their firewall platforms into their cloud-based SASE security strategies. As the market continues to develop, it is likely that very few firewall vendors will remain who do not use firewalls as an on-ramp to their cloud security solutions. 

When evaluating solutions, customers should consider fundamental firewall capabilities. Firewalls typically remain a core component of on-prem network infrastructure, making device performance a key factor, especially for organizations with high throughput requirements. Moreover, cybersecurity operations continue to grow in complexity, highlighting the need for management automation and AI assistants to help drive increased efficiency for cyber operations teams. 

Connectivity demands have also shifted, with customers moving away from point-to-point links and MPLS-based WANs toward the flexibility of SD-WAN. Firewalls must also support new security paradigms, such as zero trust, effectively accommodating distributed workforces and delivering enhanced cybersecurity through broader context and continuous risk assessment to protect infrastructure, applications, and data.

This report highlights the ongoing evolution of vendor offerings. As mentioned earlier, a major driver for most of the vendors we assessed is the adoption of cloud-based security solutions as part of their SSE offerings. Combined with the broad adoption of SD-WAN, this is enabling more vendors to deliver their firewalls as part of a broader SASE offering. While their offerings remain fully functioning next-generation firewalls, they may also serve as an on-ramp to cloud services. As noted, in the future the vast majority of today's enterprise firewall vendors will likely provide their firewalls as part of a broader SASE strategy. Vendors also continue to focus on other key customer challenges and are introducing operational AI across their platforms to improve threat analytics, automation, and orchestration. In addition, many vendors are beginning to support post-quantum cryptography standards. This is an area that organizations must consider in their cybersecurity planning, and firewall vendors are beginning to provide supporting technology to help. 

Key considerations for those evaluating this space include:

• Performance: As firewalls remain integral to the network, understanding performance needs is crucial. Prospective customers should consider the impact of running various security services on throughput.

• Automation: As the operational complexity of delivering enterprise cybersecurity increases, customers should assess how any cybersecurity purchase helps to address this complexity. Better threat analytics, contextual risk understanding, and automation tools will help here, as will the use of operational AI. 

• SASE: While this report doesn't specifically review SASE vendors, the growing importance of SASE is clear. To protect their investment, organizations should consider future needs and evaluate vendors with offerings that provide a migration path from firewalls to SASE.

Despite the maturity of the market, enterprise firewalls continue to innovate to meet the evolving demands of organizations and the dynamic cybersecurity landscape. We expect this to continue as vendors adopt new approaches and leverage cloud scale for greater flexibility. They will also use this scale to improve threat intelligence and explore how AI and automation can further support customers in addressing their security challenges.

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Radar reports, please visit our Methodology.

Paul Stringfellow has more than 25 years of experience in the IT industry helping organizations of all kinds and sizes use technology to deliver strong business outcomes. Today, that work focuses mainly on helping enterprises understand how to manage their data to ensure it is protected, secure, compliant, and available. He is still very much a “hands-on” practitioner and continues to be involved in a diverse range of data projects. Paul has been recognized across the industry and has spoken at many industry, vendor, and community events. He writes for a number of industry publications to share his enthusiasm for technology and to help others realize its value.

Paul hosts his own enterprise technology webcast and writes regularly on his blog.

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

© Knowingly, Inc. 2026 "GigaOm Radar for Enterprise Firewalls" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.