But Gartner says it sees Cisco winning most procurements through sales/channel execution or "aggressive discounting for large Cisco networks where firewall features are not highly weighted evaluation criteria (that is, as part of a solution sell in which security is one component)."
Gartner also notes that Gartner clients often find Cisco's security strategy, nomenclature and product descriptions "confusing." Gartner cites by way of example that Cisco uses the terms "context-aware" and "CX" rather than "application control" or "NGFW," and says Gartner clientele will out of confusion exclude Cisco in comparing its offerings to competitors' offerings.
Terms like "SecureX" and Cisco's marketing campaign "Internet of Everything," referring to how many devices are coming online, are confusing, says Erik Devine, information security manager at Riverside HealthCare, based in Kankakee, Ill. Devine says he has huge respect for Cisco as a network provider but simply "doesn't believe they're a strong security firm." He says that, like Juniper, Cisco should "stick to switching and routing."
Devine, who not only directs security but also networking decisions that include wireless and mobility for the healthcare organization, chose to migrate away from what was a Cisco-based network to an HP-based one, in part because licensing proved more attractive. In the course of that change, Riverside also moved away from Cisco-based ASA firewall modules. Instead, Riverside went with a variety of Fortinet firewall, SSL/VPN, encryption and messaging protection gateways that include wireless control for the core network.
Though he did look at Palo Alto and Cisco gear as part of the evaluation process, in the end Devine felt the Fortinet firewalls had sufficient application-level control for what the healthcare organization needed and were technically sound and cost-effective. In his own experience over the decades, Devine says he's found Cisco's licensing models to be overly complicated and expensive.
Palo Alto Networks, which Gartner considers the front-runner firewall maker technically in application-aware capability (though perhaps a bit pricey), says it sees Cisco as a worthy competitor.
"They are an impressive company. They have tremendous presence in the customer base," says Chris King, director of product marketing at Palo Alto, adding Cisco seems to have something akin to "absolute dominance" in the networking organization and remarkable sway with networking managers, who may have budgets for firewalling security, too. (Cisco doesn't disclose what portion of its firewall sales come from blades in switches and routers or as stand-alone firewall appliances.)
Because Cisco and Juniper alike stress that security should be part of the networking infrastructure and be integrated into it, the challenge for a firm such as Palo Alto is to get potential enterprise customers to understand the advantage of application-aware controls. King argues Cisco firewalls are simply stateful inspection with some application controls, and Palo Alto has to win acceptance by proving its NGFW functionality is worth it. According to its latest SEC filing, Palo Alto had 6,000 end-user customers at the start of last year and about 11,000 today.
Sign up for CIO Asia eNewsletters.