Extracted from Garner Report March 2012

Quadrant Descriptions

Leaders –  Fortinet, SonicWall, Check Point Software Teechnologies, WatchGuard, Sophos (Astaro) 

The Leaders quadrant contains vendors at the forefront of making and selling UTM products that are built for midsize business requirements. The requirements necessary for leadership include a wide range of models to cover midsize business use cases, support for multiple features, and a management and reporting capability that’s designed for ease of use. Vendors in this quadrant lead the market in offering new safeguarding features, and in enabling customers to deploy them inexpensively without significantly affecting the end-user experience or increasing staffing burdens. These vendors also have a good track record of avoiding vulnerabilities in their security products. Common characteristics include reliability, consistent throughput, and a product that’s intuitive to manage and administer.


The Challengers quadrant contains vendors that have achieved a sound customer base, but they aren’t leading with features. Many Challengers have other successful security products in the midsize world and are counting on the client relationship or channel strength, rather than the product, to win deals. Challengers’ products are often well-priced, and because of their strength in execution, these vendors can offer economic security product bundles that others can’t. Many Challengers hold themselves back from becoming Leaders because they’re obligated to set security or firewall products as a lower priority in their overall product sets.


Visionaries have the right designs and features for the midsize business, but lack the sales base, strategy, or financial means to compete globally with Leaders and Challengers. Most Visionaries’ products have good security capabilities, but lack the performance capability and support network. Savings and high-touch support can be achieved for organizations that are willing to update products more frequently and switch vendors, if required. Where security technology is a competitive element for an enterprise, Visionaries are good shortlist candidates.

Niche Players

Most vendors in the Niche Players quadrant are enterprise-centric in their approach to UTM devices for midsize businesses. Some Niche Players focus on specific vertical industries or geographies. If midsize companies are already clients of these vendors for other products, or fit into those geographies or vertical industries, then Niche Players can be shortlisted.


Fortinet, which is based in California, has been focused on UTM appliances since 2002. From the start, Fortinet has focused on using custom application-specific integrated circuits for network processing and content inspection to reach high performance levels. Fortinet offers nine FortiGate UTM appliances aimed at the midsize market, ranging from 20 Mbps to 1 Gbps of firewall throughput. Several versions offer integrated WLAN access points, while others include voice over IP gateway and IP PBX functionality.

  • Fortinet continues to have the highest visibility of UTM providers among Gartner clients, and is the company most frequently mentioned by competitors.
  • The product line has aggressive price/performance points and an easy migration path as network speeds increase.
  • The Fortinet UTM line has strong channel and managed security service provider (MSSP) support.
  • FortiGuard Labs is a strong source of threat and vulnerability information.
  • While the management user interface has improved, it is still rated lower than competing offerings by Gartner clients.
  • Users would like to see more flexible log filtering and viewing.


Headquartered in California, SonicWALL was acquired and taken private by private equity firm Thoma Bravo in 2010. SonicWALL has been shipping UTM products since 1998, and has two product lines aimed at the midmarket. The TZ Series ranges from 100 Mbps to 200 Mbps of firewall throughput, and includes an optional integrated WLAN access point. The NSA 200 Series supports firewall throughput of between 600 Mbps and 2.75 Gbps, and offers SSL inspection and application control.

  • SonicWALL has strong global partner and MSSP support.
  • SonicWALL is well-known in the UTM space and appears frequently on Gartner client shortlists.
  • The graphical elements of SonicWALL’s management interface are consistently highly rated.
  • SonicWALL’s release of new features has kept up with midmarket needs, and has been matched by usability enhancements.
  • SonicWALL’s push into the high end with SuperMassive may divert resources and focus from the UTM market.
  • SonicWALL does not offer a virtual appliance for the UTM space.

Check Point Software Technologies

Check Point Software Technologies is a well-known pure-play security company that has been shipping UTM products since 2004. Headquartered in Israel with R&D in Israel and California, Check Point has a range of appliances and software “blades” that implement network security functions. Check Point’s UTM offerings include the 2200, 4200 and 4800 appliances, which range from 2 Gbps to 6 Gbps of IPS throughput. The Check Point SG80 is aimed at branch offices and offers up to 750 Mbps of IPS throughput. The Check Point UTM-1 series ranges from 1 Gbps to 4 Gbps of IPS throughput. The Safe@Office appliances offer up to 1 Gbps of firewall throughput.

  • Trained personnel and external support are easy to find for Check Point products.
  • Check Point offers a managed service starting at less than $20 per device per month, an aggressive price point compared with other managed service offerings.
  • For the high end of the UTM market, Check Point management console is highly rated.
  • Check Point’s product and service pricing often make its total capital expenses pricier than comparable offerings from competitors.
  • Regional integrators and smaller VARs tend to recommend competing products for midsize businesses, often driven by Check Point licensing complexity and better SMB channel support from competitors.


Privately held WatchGuard is headquartered in Washington and has been shipping UTM appliances since 2000. WatchGuard’s primary UTM offering for midsize businesses is the XTM 5 Series, which is composed of models ranging from 850 Mbps to 2.3 Gbps. WatchGuard also offers XTM 2 Series and XTM 3 Series UTM appliances for small businesses, and the Extensible Content Security (XCS) line of email/Web security appliances for midsize businesses that already have separate firewall solutions. WatchGuard XTMv is a virtual appliance that runs on VMware.

  • A balance between ease of use and strong security is consistently cited as a reason why clients choose WatchGuard.
  • WatchGuard had the highest use rate of multiple features (beyond firewall, IPS and URL blocking) of all vendors.
  • Users and channel partners report high reliability on the appliances and strong support from WatchGuard.
  • WatchGuard has decreased in visibility to Gartner clients, and was less frequently mentioned by competitors compared with other vendors.
  • Users cite shortcomings in reporting performance and functionality.
  • MSSP support for WatchGuard appliances is limited compared with the major competitors.

Sophos (Astaro)

Based in Massachusetts, with R&D in Germany, Astaro has been shipping UTM products since 2001. Astaro was acquired by endpoint security vendor Sophos in May 2011, but the Astaro branding will be maintained until the next major release in April 2012. Its UTM product line is branded as the Astaro Security Gateway. Hardware appliances are available that range from 45 Mbps to 575 Mbps of overall UTM throughput. The Astaro Security Gateway is available in hardware and software versions that support firewall, IPS, VPN and other functions. The product is also available as a virtual appliance that runs on VMware, Citrix, KVM and Hyper-V, along with an Amazon Machine Image (AMI) for Amazon’s EC2. Astaro offers a series of Gateway “Extension” products, such as Wi-Fi access points and remote management appliances that integrate with the Astaro Command Center management console.

  • Astaro’s Red appliance and secure access point products enable it to offer very attractive bundles to vertical industries such as retail, healthcare and education.
  • Ease of deployment, use and expansion are consistently cited as decision factors favoring Astaro.
  • The acquisition of Astaro by Sophos should increase financial resources and channel strength, and improve visibility.
  • Astaro has not shown up on many Gartner client shortlists, and is not cited by competitors in our surveys as a major factor.
  • Users are looking for improvements in the granularity of Astaro’s reporting, which Sophos plans to address in a 2012 release.
  • Sophos must avoid the temptation to drive toward UTM solutions that depend on Sophos on the endpoint.



    Your Name (required)

    Your Email (required)

    Your Company (required)

    Your Contact Number (required)


    Your Message