In April, Information Security spoke with four infosecurity market analysts about trends in the firewall product space. Although they differ on the exact future of the firewall
market, all four analysts agree that small and medium-sized companies have opened up a new market for firewall appliances, while software-based firewall vendors, having saturated the enterprise environment, will continue to expand into new services and revenue streams. How these vendors will fare in the face of changing market demands is anybodys guess.
Swimming Upstream
In a study released last July, International Data Corp. (IDC) analyst Chris Christiansen reported that the firewall market grew 143 percent worldwide in 1997. Although the firewall business will be lucrative for some time to come, Christiansen predicted that revenue growth would gradually decrease over the next few years (see tables).
IDC is currently tabulating 1998 data on the firewall market, and so far it looks like 1997s predictions are right on target, according to Christiansen. "Our forecasts are pretty much on the mark, if not conservative," he says. "Weve collected some 1998 preliminary data, and were looking at revenue of $400 million to $450 million worldwide for software-based firewalls alone."
That figure doesnt include firewall appliances, Christiansen says, which "have a growing market among small and medium-sized companies looking for simple plug n play solutions. Things may have slowed down somewhat, but [to pronounce] the death or disappearance of the firewall market is a little premature to say the least."
E-commerce and remote access continue to drive the high-end firewall market, Christiansen says. "Whats new this year is a concern among Fortune 500 companies about putting in internal firewalls," he says. "Theres been a growing realization,
especially in the financial space, that its essentially wrong or dangerous to trust everybody inside the firewall."
Last years IDC study also saw the emergence of more firewalls packaged with VPNs, a trend that has expanded to include other security tools. "While there is still a firewall market, there are no longer any firewall-only vendors," Christiansen states. "Practically every vendor in that space has moved upstream to become a full-fledged
security vendor. This is because customers want more for their money. Also, integration is seen as increasing the robustness of the security system product."
The Need for Resiliency
Larry Deitz, information security analyst at the Alec Group, an affiliate of Current Analysis, agrees that the firewall market is moving toward integrated solutions. He indicates, moreover, that users of software-based and hardware-based firewalls clearly break down according to market size.
"I tend to segregate the firewall market into early adopters and everybody else," Deitz says. "Early adopters are the classic consumers of information security productsfinancial services, defense contractors, government, etc. In this big enterprise marketplace, the network operation center now controls all of the security aspects of the network, which includes Internet, intranet and extranet, and so requires a collection of security products, such as firewalls, VPNs and intrusion detection. The trend here is to consolidate those into fewer points, and so a software product located on a dedicated server makes the most sense. Everybody else is middle and small businessesand schoolswho are starting to use the Internet, and have no technical support whatsoever. That marketplace is attractive for the plug n play firewall content filtering appliance."
Deitz, however, questions whether theres still room for expansion in the big enterprise environment. "Because there is nothing there now, growth should be on the appliance-product side," he says. "Where security is at the moment, theyve already purchased some level of firewall security, so the software firewall companies need to be resilient and do other functions."
Firewallers Refocus
Eric Hemmendinger, senior analyst of information security at Aberdeen Group, agrees that high-end firewall vendors should look to diversifying their product offerings. "Small and medium-sized companies tend to outsource to a greater degree than large companies that have already made a heavy investment in security," Hemmendinger says. "That doesnt bode well for the high-end firewall suppliers. Also, people are gravitating to ISPs and hardware appliances, and [they] arent looking to use the appliance the same way they used an enterprise firewall.
"What people focus on today is whether or not the firewall is hacker proof," he adds. "They are more concerned with making sure its going to allow everything they need to allow and yet stop what they dont want going on. Its more to help control priorities than provide a full security solution. They dont want to buy a Cadillac if all they need is the capabilities of a sub-compact."
The end result, Hemmendinger contends, is a smaller revenue base for enterprise firewall suppliers. "If the service you provide becomes desired by a smaller segment of the purchasing community, your business prospect is lousy," he contends. "And so, vendors have to expand their business beyond the firewall-centric view. If people are not interested in buying the firewall the way they used to, they arent going to be
interested in buying a VPN. Instead, vendors have to focus on offering a variety of different security services that are network oriented."
The Demand for Performance
Forrester Researchs network strategies analyst Ted Julian predicts that hardware-based firewalls will eventually win out over the software-based approach. He attributes this to increased demands for firewall performance. "Firewalls tend to sit at the edge of
the network," Julian says. "We dont recommend users deploying multiple firewalls within the enterprise. People presume they can segment a network according to their business, which we feel is impossible. They are better off having an inspection point at the edge of the network. What they need is good authorization technology.
"If you buy that analysis, firewalls are probably sitting next to the edge router," Julian adds. "I would love to see a piece of software perform as fast as todays edge routers do. However, it is physically impossible. Consequently, software vendors are in a position where they dont perform as well as the hardware they are competing against, and so [they] have to come up with an exit strategy."
As middle and small companies enter the security arena, Julian notes, they are looking for appliance technology. "Herein lies the dilemma of Check Point, Axent and everyone else who has a software product," he says. "Everybody has other things they are leaning on right now. You hear Check Point talk a lot more about VPNs and management. Axent has its intrusion detection business. A lot of vendors will turn to the intrusion detection and scanning business, and because its such a hot market, it will get crowded pretty quickly. And so some of todays more marginal software firewall providers will end up simply as security consulting firms."
In addition, Julian expresses doubts about the efficacy of integrating increasing numbers of security tools. "I think Security Suites: Dead on Arrival hints at how I feel about integrated security solutions," he says, referring to a Forrester report issued in November 1998. "The fundamental problem is that the acquisition and implementation of security suites will become more distributed."
What it boils down to, Julian says, is system scalability. "As the company becomes compartmentalized, the scalability implications of the security manager having to touch every piece of equipment that has to do with security are rightly scary," he says. "We believe that security managers will get people in IT more directly involved in security product selection, implementation and management. The network manager can pick the firewall, for example, as long as it meets with the corporations agreed-to security policy guidelines."
Margot Suydam is managing editor of Information Security.
![]() | ![]() |
IDCS CHRISTIANSEN: "Customers want more for their money." | ALEC GROUPS DEITZ: "The software firewall companies need to be resilient and do other functions." |
![]() | ![]() |
ABERDEEN GROUPS HEMMENDINGER: "What people focus on today is whether or not the firewall is hacker proof." | FORRESTERS JULIAN: "Marginal software firewall providers will end up simply as security consulting firms." |
WORLDWIDE FIREWALL REVENUES ($M)
*Preliminary industry estimates pending actual results Source: IDC
WORLDWIDE FIREWALL REVENUE GROWTH | ||||||
Year | 1997 | 1998 | 1999 | 2000 | 2001 | 2002 |
Total Revenues (M) | $353.5 | $602.4* | $953.4 | $1,240.6 | $1,550.3 | $1,845.4 |
Growth (%) | 143 | 70* | 50 | 30 | 25 | 19 |
*Preliminary industry estimates pending actual results Source: IDC
© 1999 Information Security Magazine. Used with permission.
Information Security, the official publication of the ICSA, is dedicated to the needs of all security-conscious IT professionals. Free to qualified readers, Information Security features in-depth articles, product announcements and more analysis of information security issues than any other trade magazine. Subscribe today!