Grey Hair, Wrinkles and Sun Spots in the Aging Firewall Market

By on

I can't remember what they say the first thing to go is. Memory, perhaps?

But in addition to this, the balding, the weight gain and the undeniable loss of fashion sense, one effect of aging that we are all likely to face is shrinkage. It is caused by the degeneration and compression of the spine and the decreasing amount of water located within the discs of the spine. (But, damn it Jim, I'm an analyst, not a doctor!)

The U.S. commercial firewall market is strangely human in this sense. Maybe that's why they call it the product lifecycle. Whatever the reason, the rapid maturity of the firewall market has caused an interesting evolution that is limiting its size.

In 1999, it was crystal clear that firewalls would become the most common technology used to secure networks. For this reason, firewall revenues have been predicted to grow at double-digit growth rates for quite some time. One significant restraint of the firewall market has been the lack of a quantifiable return on investment (ROI). After all, what is the cost of being hacked? What value can be attributed to the compromise of confidential information or to the reputation of a business that is electronically insecure? The inability to show logically exactly how much money could be saved by implementing firewalls has created resistance for the technology - even in a market that understands the importance of security.

What is a restraint for the firewall market is ending up a driver for the IP virtual private network (VPN) technology market. Probably the most powerful driver for IP VPNs is the ability to clearly demonstrate a specific amount of money that can be saved by replacing leased lines and remote access services (RAS) solutions with an IP VPN. Armed with this information, administrators and CIOs can build a business case for implementing a security technology based on its ROI.

Over the last two years, vendors have increasingly bundled firewall technology with VPN technology. This is a logical progression, since the location that both of these technologies hold must be integrated into the network (among other reasons). Currently, the majority of gateway security devices include both firewall and VPN functionality.

At first glance, the synergy created by bundling these technologies would seem to drive both the firewall and the VPN markets. However, the two technologies do not contribute equal value to the device, at least not in the eyes of the vendors who build them. As VPNs have proven to posses a much more powerful argument for their implementation, vendors have focused their marketing and development efforts on the VPN at the expense of the firewall. This shifting focus also comes as a result of the maturity of firewall technology, whereas the development of the technology focuses more around the management of the appliance(s) and its policy rather than the fundamental technology of inspecting packets.

For these two reasons, vendors that bundle VPN and firewall technology have been recognizing an increased portion of revenues attributable to the VPN functionality at the expense of the firewall functionality. Frost & Sullivan has tracked both of these markets independently, and Chart 3.2 below represents the percentage of each technology, assuming that the markets are combined as they would be in a firewall/VPN appliance. As shown, VPN revenues represented only 24.7 percent of the total market in 1998. As vendors have recognized an increased percentage of sales attributable to the VPN functionality, the VPN representation has grown to 74.5 percent in 2001.


For the firewall market, this shift has curbed its revenue growth rate to a mere 2.5 percent in 2001, even as units continued to grow at a much higher rate. With the fantastic growth of the SOHO market, firewall units are forecast to continue to grow at healthy rates throughout the forecast period. Commercial firewall revenues, however, have stagnated and will actually decline by 2006.

While the technology is largely moving towards a value-added function, it will not do so completely. The firewall revenue carnage is expected to slow, as indicated in the figure, considering that there will always be value created by the firewall functionality.

If the U.S. commercial firewall market, which was slated for enormous growth just two years ago, can slide into a stagnant state in just two short years, what is to prevent the same from happening to the VPN market? Indeed, both VPN and firewall technologies could be cannibalized in the future by their own management consoles. Since manageability has been a key point of focus for both technologies, it is conceivable that the ability to manage these devices could hold more value than the technology being managed. Already, many key market players sell full versions of their management consoles as separate products, often for a price comparable to the firewall/VPN appliance itself.

Another potential technology could be intrusion detection systems, which have been bundled into some gateway security devices, as the performance capabilities of the hardware platforms continue to improve. While neither of these scenarios is expected to have the market impact that VPN technology has had on firewall technology, we can expect an increasing number of applications to reside on the gateway security device in the future. This will drive down the cost of security and improve the ROI of investing in security products - but I'll save that for my next article.

Jason Wright is industry analyst and program leader of security technologies, Frost & Sullivan (

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?