One of the oldest security technologies — the venerable enterprise firewall — continues to thrive, as highlighted in the recently published report, The Forrester Wave™: Enterprise Firewall Solutions, Q4 2024. Contrary to expectations that this space might have little left to offer, enterprise firewall vendors have done well to keep this technology relevant for modern cybersecurity needs. They have made significant progress in keeping up with rapid innovations while supporting clients in securing dispersed and hybrid enterprise architectures.
While enterprise firewalls continue to be delivered in the same manner, vendors have made the move to offer these capabilities as part of other “platform” initiatives such as Zero Trust edge/secure access service edge (ZTE/SASE) to not only make security enterprise firewalls more accessible to improve their adoption but to also increase value retention, not just for large enterprises but also for small- and medium-sized enterprises.
Consolidate, Centralize, And Deliver A Unified Management Experience
Clients require a consistent and streamlined method for managing various deployments of enterprise firewall solutions. This involves having a unified UX/UI across physical, virtual, and cloud deployments and recognizing the need to support adjacent efforts like ZTE/SASE. Consequently, leading enterprise firewall solutions now offer integrated and unified management for data center, branch, and edge use cases, which include:
- As-a-service offerings.
- Zero Trust network access (ZTNA).
- Software-defined wide-area networks (SD-WAN).
With this unified approach, clients can derive greater value from their enterprise firewall investments, enabling them to address use cases that secure both north-south and east-west traffic regardless of environment. Clients can streamline policies across various enforcement points, strategically creating and orchestrating policies at different levels of the transit path for multiple transient connections without having to navigate multiple administrative consoles. Common policy construct and centralized visibility, enhanced with built-in AI/ML, also improve policy optimization for enhanced incident response.
Part Of The Bigger Picture
It’s no surprise that the industry continues to push for cloud migration, prompting organizations to evaluate enterprise firewalls to ensure that they meet modern challenges and requirements without adding costs or complexity. The reality is that enterprises will have hybrid topologies for the foreseeable future, consisting of a mix of cloud, virtual, and physical environments, all of which need security. To advance toward a more mature Zero Trust architecture, it’s crucial for organizations to see the big picture and choose the right solutions for the long term.
Enterprise firewall vendors have not only enhanced capabilities but also improved consumption models, making these solutions viable for securing cloud workloads, facilitating secure connectivity with integrated SD-WAN and ZTNA, and creating microperimeters. That last use case is a big deal, too, since 61% of global respondents in large enterprises view enterprise firewalls as essential for supporting a microsegmentation strategy, according to Forrester’s most recent Security Survey.
The advancements in enterprise firewalls are transforming them from single-purpose tools into adaptable security solutions that can flexibly support an organization’s digital transformation journey.
Shared Mission, Shared Outcomes
The ZTE/SASE market is rapidly expanding, with many organizations seeing it as the ideal starting point for a Zero Trust architecture journey. And why not? As my colleague Andre Kindness highlights in his blog, this market is both disruptive and transformative. It allows organizations to replace legacy solutions with a consumable product as a service, merging networking and security stacks.
But what if you want to keep your firewall investment? Enterprise firewall vendors are addressing this by converging and consolidating their solutions to support and integrate ZTE/SASE. This approach simplifies adoption while preserving the value of existing deployments for organizations with ongoing on-premises needs. Whether the future involves moving to the cloud or not, the mission remains the same: Maintain comprehensive security everywhere, at all times. While the leaders in this space have advanced this strategy, other vendors are not too far behind and are poised to offer cost-effective offerings for smaller enterprises and other organizations.
You can read more about my findings and view each vendor’s strengths and weaknesses in the Wave report. Forrester clients, please reach out to schedule guidance sessions or inquiries with me to discuss our findings. If you’re feeling bold, join me at Forrester’s Security & Risk Summit in Baltimore on December 9–11, where I will host two sessions on Zero Trust that include a workshop and a panel discussion for getting your Zero Trust journey to the next level. Hope to see you there!