Have firewalls lost their cool?

"The firewall's ability to define and defend a network perimeter has earned itself a reputation as an indispensable security product," said Chris Rodriguez, a research analyst at Frost & Sullivan, in a statement.

But sales of firewalls have been slowing in recent years thanks to "market saturation, economic pressures, and mature technology," he said. Add to that list the many firewall vendors that are resting on their laurels. While vendors have released unified threat management appliances, Rodriguez said, "UTM continues to be considered a small business solution due to weak performance and protection."

Now, however, the market is due for a shakeup. While the firewall market earned revenue of about $3 billion in 2009, a new report from Frost & Sullivan estimates it will reach $4.6 billion in 2016, a 6.7% compounded annual growth rate.

The increase in revenue will be driven in part by the capabilities of the emerging fourth generation -- as Frost & Sullivan sees it -- of firewalls. They typically include such features as deep packet inspection, load balancing, and support for voice over IP, and which increasingly include application and identity-based filtering. "This will provide better protection for customers while reinvigorating customer demand for the technology," said Rodriguez.

Part of the firewall problem to date is that it's been difficult for outsiders to shake up the industry. In 2009, for example, just five vendors controlled 72% of the firewall market. In addition, while there were 60 firewall vendors in 2007, by 2008 there were 40, and by 2009, only about 30.

"The firewall initially underwent much change and innovation, with multiple product methodologies developed in a short span of a few years," said Rodriguez. "Since then, vendors have introduced new features, but customers have essentially been using inspection firewalls for over a decade."

These inspection firewalls typically use port and protocol-based filtering. Once state of the art, these techniques alone aren't ideally suited to protecting enterprise networks against today's more blended and targeted attacks, or for defending a much more porous network perimeter, taking into account virtualization, cloud computing, and mobile devices.

As a result, Rodriguez issued a call to arms to IT managers to change their attitudes. Specifically, rather than just refreshing their existing firewalls based on throughput and scalability specifications, he said they should also rethink how firewalls with the latest generation features can help them better protect enterprise networks.