Selling next-generation firewalls: Overcoming resistance, challenges

Partners can find new business opportunities in helping customers understand the need for next-generation firewalls.

Well-entrenched and decades old, the traditional firewall market is undergoing dynamic changes driven by demand for mobility, virtualization and cloud. Users need next-generation firewalls to handle these complexities, but they are resistant to change. Channel partners will find great sales opportunities if they can help their customers understand the need for next-gen appliances.

The next-gen firewall market is ripe for partners who understand the hurdles to overcome. Today about 10% of enterprises have next-generation firewalls in place, and that figure is expected to reach 38% by 2016, according to Gartner Group.

According to Gartner, the next-gen firewall platform provides the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application level, versus just at the port and protocol level. Next-generation firewalls integrate three key assets: enterprise firewall intelligence/capabilities, quality Intrusion Prevention Systems (IPS) and application control.

Why customers must get over next-generation firewall resistance

Despite resistance from companies that have legacy firewalls in place, most organizations will eventually have to upgrade their network firewalls and intrusion protection products to protect against an increasingly sophisticated threat landscape.

"Most companies with legacy firewalls, [with] no immediate issues or attack threats, will carry on with the status quo," said Cindy Burns, senior engineer at Milestone Systems Inc., a value-added integrator focused on enhancing and securing networks. "But these older products will no longer be protecting the company," she added.

Security breaches are on the rise as applications and attackers get smarter, resulting in the traditional firewall no longer being the most suitable technology for the job. Customers must recognize that if they want to maintain a secure network as demands increase, they must comply with changes and embrace the new era of firewalls.

Partners recognize that customers taking the lead in the adoption of next-generation firewalls are risk-adverse, have regulatory or compliance issues to address, and/or are being proactive about maintaining the highest form of security possible to keep up with the ever-changing and vulnerable dynamic of their network.

How partners raise next-generation firewall awareness

Raising customer awareness about the next-gen firewall is at the top of the to-do list for security-focused solution providers. Norman Currie, vice president of managed solutions at Accuvant, a security-centric solution provider, calls the challenge "the migration of mindshare."

Accuvant offers a managed Palo Alto Networks next-generation firewall solution in addition to third-party firewall management software from FireMon. FireMon software is used for policy cleanup and analysis, as well as during the migration process. "It gives us visibility into activity that may not be available in the firewall. It can also help reduce costs associated with documentation and reporting," Currie said.

Read more on next generation firewalls

next-generation firewall vendor comparison

Gartner's new Magic Quadrant next-generation firewall

Survey shows user demand for next-generation firewall features growing

A core capability that's gone unchanged for decades, firewalls and related tools have been a stable component of infrastructure security, and network security folks like it that way, which presents challenges for partners.

"As a solution-driven company, that means we put our feet on the street and get out in front of our customers doing presentations, demos and proof of concept," he said.

Risk awareness in particular is an eye opener for many clients, and one that Burns said is very effective for visibility into the network. "I plug in a next-gen firewall at the customer site and run it for about a week, then run a report about what's going on in their network," said Burns.

Burns explains that clients are always surprised at what they haven't been aware of in their own network. "What they realize is that traditional firewalls are designed for yesterday's network traffic," he said. With next-generation firewalls, customers can have network visibility, functionality, security and ease of management.

When to offer next-gen firewalls to customers

Channel partners acknowledge that there's an opportune time for customers to move to next-gen firewall technology, and they can better determine when that is with the help of these recommendations from Greg Young, research vice president at Gartner:

  • Organizations that have not yet deployed network intrusion prevention require next-gen firewall capabilities at their next firewall refresh point.
  • If an organization has deployed network firewalls and network intrusion prevention, they should synchronize the refresh cycle for both technologies and migrate to next-gen firewall capabilities.
  • If a company uses managed perimeter security services, they should look to move up to managed next-gen firewall services at the next contract renewal.

Developing the business case and ROI to lessen the pain of writing a check for customers is about helping the customer understand and recognize the product benefits of and cost justification for the product's functionality.

In some cases, the cost justification is easy if the customer was planning to purchase separate firewalls, IPS and URL filter. The sales cycle is also lessened if the customer has an immediate issue and needs an immediate solution.

Partners add value to next-gen firewall offerings

Different vendors offer varying flavors of next-generation firewalls, so it's important for partners to understand where vendor products diverge.

"It's the job of the solution provider to be clear about next-generation firewalls versus unified threat management (UTM) devices and web application firewalls, as well as [understand] the complexity of policy management and [size] the firewall correctly," said Young.

Rob White, CEO of Frontblade Systems, sees his role as helping customers unify network security vendor sprawl, improve security posture to meet all compliance requirements, and reduce spending.

"Our job is to offer customers a matrix of choices to fit their unique business needs," White said.

In addition to selling products, Frontblade, a Check Point Software Technologies partner, also offers firewalls plus security in a managed solution via Fujitsu's alliance with Check Point.

Selling third-party firewall management software is a value-added opportunity for partners and customers, and it isn't going away with the move to next-generation firewalls.

In fact, channel partners report that migrating to more complex next-generation firewalls introduces new challenges they must face when selling to customers.

With the next-gen firewall market taking shape, channel partners that do their homework to understand the players, products and challenges will be the ones to leverage ongoing and robust business opportunities.

Dig Deeper on Network security products, technologies, services