Greg YoungI saw a quote where it seemed that the following real quote:
“The next-generation firewall will have greater blocking and
visibility into types of protocols,” says Greg Young, research vice
president for Gartner
was being interpreted to mean that there is an All In One or ‘UTM’ firewall for the enterprise.
No.
The Gartner position here is actually that the firewall and IPS at the edge will be joined together increasingly into a Next Generation Firewall (NGFW). This is a lot different than suggesting that AV or anti-spam be on the same device. Are their a few exceptions? Yes. Branch offices are one exception. I believe this quote was from the Network Firewall Magic Quadrant, where we go on in the market overview section to expand on the exceptions and reasons why we assess that there will be some limited consolidation, but no uber-box.
See also this blog post here on the three silos of convergence of point products.
Network firewalls and IPS are usually separated only by a short length of network cable, and both have the same profile of handling network traffic and having low latency tolerance. In terms of complexity, joining these two effectively (not just "sheet-metal" integration i.e. jammed in the same box) will actually reduce complexity – e.g. why let the firewall push through traffic that is known to be bad, just to have the IPS get bogged down saying "yup – still bad". And that IPS deep inspection in the NGFW will have to evolve with out traffic patterns, rather than having to deploy new boxes. Application inspection inside HTTP/HTTPS is such an example.
Be careful when reading these "According to Gartner" quotes out of context of the whole research report.
Comments Off
Category: Uncategorized Tags:
