Date post: | 17-Jan-2017 |
Category: |
Technology |
Upload: | nss-labs |
View: | 225 times |
Download: | 0 times |
NGFW:MARKETGROWTH,DEPLOYMENTS,ANDNSSTESTRESULTSNSSLabsResearch03/17,2016
ThomasSkybakmoenResearchVP
MikeSpanbauerVPofSecurity,Test&Advisory
Slide4
Agenda
• TheNGFWmarketandgrowth• Drivingthedeploymentsintheenterprise• NSSLabs’2016NGFWGroupTestresults• TCO• SecurityEffec,veness• Performance
• Q&A
Slide5
NGFWDefined• TradiSonal“firstgeneraSonfirewall”features,suchas:• Basicpacketfiltering• StatefulmulS-layerinspecSon• NAT• VPN
• “NextgeneraSonfirewall”features,including:• ApplicaSonawareness/control• User/groupcontrol• IntegratedintrusionprevenSonsystem(IPS)• AbilitytooperateatLayer3(“tradiSonal”)• Externalintelligencetoenhanceblockingdecisions(i.e.,“reputaSonservices”)
Slide6
StateoftheMarket
• MarketSize• US$4.4Bin2015• US$5.1Bin2016(NSSest.)
• Currentbuyers• Largeenterprisemadeup38%ofsalesin2015
• Evolving+Expandingmarket
0%
5%
10%
15%
20%
25%
$0
$1,000
$2,000
$3,000
$4,000
$5,000
$6,000
$7,000
$8,000
$9,000
$10,000
2015 2016 2017 2018 2019 2020
NGFWRevenue NGFWGrowth
Slide7
DeploymentDrivers
• SecurityEffecSveness• Increasinglycomplexthreatlandscape• ConSnueddrumbeatofhighprofilebreaches• Availabilityofhighperformanceproducts
• TotalCostofOwnership• LowerTCOcomparedtomulSpleproducts• Securitymanagementthroughasingleplaeorm• Internalfirewallopensupnewdeployment(distribuSonswitchdisplacement)
• Improvesecurityworkflow/IntegraSon• IntegraSonwithSIEM,incidentresponse• Cloudandvirtualdeployments,commonpolicy
Slide8
NGFWGroupTest
• Individualproductstestedperthemethodology• ProductReportsreleased• ComparaSveReportsreleased• LiveTesSngSecurityComparaSveresultsfromNSSCyberAdvancedWarningSystem
• SVM
SecurityValueMap
VendorA
VendorB
VendorC
VendorD
VendorE
SecurityEffecNveness Performance TotalCostof
Ownership
ProductReports
ComparaNveReports
Slide9
GroupTestResults:Definitions
• TCO• Purchase• Maintenance-incl.subscripSonfees• AdministraSon–incl.installaSonandtuning
• SecurityEffecSveness• EquaSon:ExploitBlockRate*FWPolicy*AppControl*Evasions*Stability&Reliability
• TCOperProtectedMbps• EquaSon:(3-YearTCO)/(SecurityEffecSvenessxNSSTestedThroughput)
Slide10
GroupTestResults:ProtectionandTCOMapTCOperProtectedMbpsagainstSecurityEffec,veness
Furtherupandrightisbest
Aboveline=aboveaveragesecurity
SecurityRecommended
Slide11
GroupTestResults:SVM
NGFW v6.0
Barracuda
Check Point
Cisco ASA Cisco FirePOWER
Cyberoam
Dell SonicWALLForcepoint
Fortinet Hillstone
HuaweiJuniper
Palo Alto Networks
WatchGuard
100%
90%
80%
70%
60%
50%
40%$100 $80 $60 $40 $20 $0
TCO per Protected Mbps
Secu
rity E
ffecti
vene
ss
Average
Average
• 2000uniqueexploits• 2monthsoflivedata• 750+exploits
• Dec2015–Jan2016
Slide12
GroupTestResults:Breakdown
• Security• SecurityEffecSvenessfrom58.1%to99.6%• AverageSecurityEffecSveness:96.3%• CAWS:nosingleproductblockedallanacks
(77.12%to99.97%)• EvasioneffecSveness:100%
• Performance• Throughputfrom2,477to42,324Mbps
• TCO(10devices+1CMS)• 3-yearTCOrangedfrom$312,746to$12,573,800• Average3-yearTCOwas$2,579,457
• TCOperProtectedMbps• AverageTCOperProtectedMbps:US$27• RangedfromUS$6toUS$97
Slide13
SVMToolkit:CyberoamRetest
NGFW v6.0
Barracuda
CheckPoint
CiscoASA CiscoFirePOWER
Cyberoam
Del lSonicWALLForecepoint
Fortinet Hi l lstone
HuaweiJuniper
Pa loAltoNetworks
WatchGuard
CyberoamRetest
40%
50%
60%
70%
80%
90%
100%
$0$20$40$60$80$100
SecurityE
ffectiv
eness
TCOperProtected- Mbps
Slide14
CAWSTMBringsContinuousLiveExploitTestingtoGroupTests
AnnouncedFebruary18,2016
2016GROUPTESTROADMAP
CAWS
CAWS
CAWS
CAWSCAWS