Magic Quadrant for SSL VPNs

(1)

Magic Quadrant for SSL VPNs

12 December 2011 ID:G00219366

Analy st(s): John Girard

VIEW SUMMARY

Se cure Socke ts La ye r virtua l priva te ne tw orks compose a ma ture ma rke t se gme nt, se rving a va rie ty of VPN use ca se s for w orksta tions a nd mobile -de vice re mote a cce ss.

What You Need to Know

This document was revised on 19 December 2011. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.

Re mote a cce ss is a fa ct of e ve ryda y life for IT-e na ble d e mploye e s w ho w ork w ith a mixture of busine ss-provide d a nd pe rsona lly ow ne d de vice s tha t a re incre a singly in continuous conta ct w ith the Inte rne t. The solution spa ce for re mote -a cce ss VPNs include s ma ny protocols, but the most significa nt a re : (1) IPse c, a long-use d protocol imple me nte d a s a La ye r 3 tunne l; a nd (2) Se cure Socke ts La ye r (SSL), w hich ca n be use d to e sta blish La ye r 7 a pplica tion se ssions, a s w e ll a s La ye r 3 tunne ls. Se cure She ll (SSH) is occa siona lly imple me nte d a long w ith or in w a ys comple me nta ry to SSL. SSL VPN products a ll support a n upda te d protocol — Tra nsport La ye r Se curity (TLS) — tha t provide s Adva nce d Encryption Sta nda rd (AES) e ncryption, but "SSL" pe rsists a s the officia l la be l. Multimoda l re mote a cce ss cre a te s a ne e d for vigila nt se curity tha t w orks a cross multiple de vice s a nd OSs, ta king the w orking de finition of a re mote -a cce ss VPN w e ll be yond the ba sic ne e d for a n e ncrypte d tra nsport conne ction. Ga rtne r ha s tra cke d the SSL VPN ma rke t for a pproxima te ly 10 ye a rs, during w hich time SSL re mote -a cce ss products a nd se rvice s ha ve e sta blishe d a long-te rm role in busine ss a cce ss. During this pe riod, SSL ha s be e n the most disruptive force in VPNs be ca use of its ve rsa tility in providing e ncrypte d a cce ss from ne a rly a ny computing de vice , combine d w ith re ve rse -proxy isola tion, me nu-drive n a nd clie ntle ss front e nds, a nd se ve ra l forms of ne tw ork a cce ss controls de signe d to ve rify clie nt syste m he a lth a nd to qua ra ntine se nsitive informa tion.

Ga rtne r ra nks ve ndors in the SSL VPN Ma gic Qua dra nt ba se d on pe rforma nce for the four qua rte rs of 2010 through the e nd of Se pte mbe r 2011, a nd on clie nt re vie w s re ce ive d up to Nove mbe r 2011. The Ma gic Qua dra nt conside rs w hich ve ndors w ill be in fre que nt use a nd w ill influe nce te chnology dire ctions through 2016, a s w e ll a s w hich ve ndors a re the most visible a mong clie nts, ge ne ra te the gre a te st numbe r of re que sts for informa tion a nd contra ct re vie w s, a nd a ccount for the most ne w a nd ongoing insta lla tions a mong Ga rtne r's clie nt ba se .

Afte r re a ding this Ma gic Qua dra nt, VPN pla nne rs w ill ga in a n unde rsta nding of the role of SSL VPNs in re mote a cce ss a nd w ill be pre pa re d to e va lua te the suita bility of SSL VPNs in compa ny re mote -a cce ss use ca se s. VPN pla nne rs should use the Ma gic Qua dra nt a na lysis comme nts to unde rsta nd compe titive diffe re ntia tions be tw e e n product a nd se rvice offe rings. All the ve ndors tha t Ga rtne r tra cks in the SSL VPN ma rke t ha ve products tha t w ill me e t the ne e ds of most buye rs. SSL VPNs a re pra ctica l to comple me nt or re pla ce IPse c VPNs. The y a re e a sy to se t up in the ir de fa ult role a s a pplica tion porta ls, a nd offe r good pe rforma nce for tunne le d La ye r 3 tra ffic, if de sire d. SSL VPN's re silie nce ove r poor conne ctions a nd a bility to conduct dyna mic e ndpoint se curity che cks ha s strong a ppe a l for w he n a cce ss from noncompa ny de vice s must be controlle d, including use ca se s for contra ctors a nd busine ss continuity.

Ga rtne r offe rs a Toolkit w ith sugge ste d que stions for a n RFI/RFP e va lua tion of SSL VPNs (se e "Toolkit: Se cure Socke ts La ye r Virtua l Priva te Ne tw ork RFI a nd RFP Te mpla te s"). Afte r conside ring this re port a nd conducting the ir ow n RFI/RFP surve ys, VPN pla nne rs should a pply the ir findings to the follow ing de cision ste ps:

Conside r your incumbe nt ne tw orking a nd a pplica tion de live ry ve ndors, w hich ma y a lso provide VPN products a nd se rvice s. The re a re be ne fits for a voiding a dditiona l contra cts, console s a nd tra ining. W he re a pplica ble , conside r ve ndor ra tings, stre ngths a nd cha lle nge s in a dja ce nt ma rke ts — such a s W AN optimiza tion, a pplica tion de live ry, W e b confe re ncing, W e b a cce ss ma na ge me nt (W AM) a nd e nte rprise single sign-on (ESSO).

De ma nd a compre he nsive w orking de monstra tion in the RFP pha se . SSL VPNs a re e a sy to se t up. Ma ke the ve ndors prove the ir w orth, a nd you might e ve n ge t the first prototype of your e ve ntua l production syste m for fre e . Be sure to a sk for de monstra tions for sma rtphone a nd ta ble t support, e ve n if the se a re not pa rt of your imme dia te VPN pla n.

Conside r the e a se of se tup a nd a dministra tion, on-de ma nd se curity, gra nula r a cce ss policie s, a nd othe r fe a ture s tha t cha ra cte rize products in this ma rke t. The se a spe cts w ill low e r the cost of ow ne rship — e ve n if your initia l purcha se is more e xpe nsive tha n a ba sic IPse c VPN.

Ba se d on ma rke t dyna mics, Ga rtne r w ill discontinue the SSL VPN Ma gic Qua dra nt a fte r this 2011 re port. In 2012, SSL VPN w ill be come a ma ture VPN ca pa bility tha t w ill prima rily be sold a s pa rt of la rge r ne tw ork infra structure de cisions ra the r tha n a s sta nd-a lone inve stme nts, a lthough SSL VPNs ma y be de live re d a s sta nd-a lone se rve rs in the la rge r infra structure for sca la bility a nd re lia bility purpose s. In ma ny ca se s, SSL VPNs w ill be inte gra te d w ith ne xt-ge ne ra tion fire w a lls a nd

VENDORS ADDED OR DROPPED

W e re vie w a nd a djust o ur inclusio n crite ria fo r Ma gic Q ua dra nts a nd Ma rk e tSco pe s a s m a rk e ts cha nge . As a re sult o f the se a djustm e nts, the m ix o f ve ndo rs in a ny Ma gic Q ua dra nt o r Ma rk e tSco pe m a y cha nge o ve r tim e . A ve ndo r a ppe a ring in a Ma gic Q ua dra nt o r Ma rk e tSco pe o ne ye a r a nd no t the ne x t do e s no t ne ce ssa rily indica te tha t we ha ve cha nge d o ur o pinio n o f tha t ve ndo r. T his m a y be a re fle ctio n o f a cha nge in the m a rk e t a nd, the re fo re , cha nge d e va lua tio n crite ria , o r a cha nge o f fo cus by a ve ndo r.

EVALUATION CRITERIA DEFINITIONS

Ability to Execute

Product/Service: C o re go o ds a nd se rvice s o ffe re d by the ve ndo r tha t co m pe te in/se rve the de fine d m a rk e t. T his include s curre nt

pro duct/se rvice ca pa bilitie s, qua lity, fe a ture se ts, sk ills, e tc., whe the r o ffe re d na tive ly o r thro ugh O EM a gre e m e nts/pa rtne rships a s de fine d in the m a rk e t de finitio n a nd de ta ile d in the subcrite ria . Overall Viability (Business Unit, Financial, Strategy, Organization): Via bility include s a n a sse ssm e nt o f the o ve ra ll o rga niza tio n's fina ncia l he a lth, the fina ncia l a nd pra ctica l succe ss o f the busine ss unit, a nd the lik e liho o d o f the individua l busine ss unit to co ntinue inve sting in the pro duct, to co ntinue o ffe ring the pro duct a nd to a dva nce the sta te o f the a rt within the o rga niza tio n's po rtfo lio o f pro ducts.

Sales Execution/Pricing: T he ve ndo r's ca pa bilitie s in a ll pre -sa le s a ctivitie s a nd the structure tha t suppo rts the m . T his include s de a l m a na ge m e nt, pricing a nd ne go tia tio n, pre -sa le s suppo rt a nd the o ve ra ll e ffe ctive ne ss o f the sa le s cha nne l. Market Responsiveness and Track Record: Ability to re spo nd, cha nge dire ctio n, be fle x ible a nd a chie ve co m pe titive succe ss a s o ppo rtunitie s de ve lo p, co m pe tito rs a ct, custo m e r ne e ds e vo lve a nd m a rk e t dyna m ics cha nge . T his crite rio n a lso co nside rs the ve ndo r's histo ry o f re spo nsive ne ss. Marketing Execution: T he cla rity, qua lity, cre a tivity a nd e ffica cy o f pro gra m s de signe d to de live r the o rga niza tio n's m e ssa ge in o rde r to influe nce the m a rk e t, pro m o te the bra nd a nd busine ss, incre a se a wa re ne ss o f the pro ducts, a nd e sta blish a po sitive ide ntifica tio n with the pro duct/bra nd a nd o rga niza tio n in the m inds o f buye rs. T his "m ind sha re " ca n be drive n by a co m bina tio n o f publicity, pro m o tio na l, tho ught le a de rship, wo rd-o f-m o uth a nd sa le s a ctivitie s. Customer Experience: R e la tio nships, pro ducts a nd se rvice s/pro gra m s tha t e na ble clie nts to be succe ssful with the pro ducts e va lua te d. Spe cifica lly, this include s the wa ys custo m e rs re ce ive te chnica l suppo rt o r a cco unt suppo rt. T his ca n a lso include a ncilla ry to o ls, custo m e r suppo rt pro gra m s (a nd the qua lity the re o f), a va ila bility o f use r gro ups, se rvice -le ve l a gre e m e nts, e tc. Operations: T he a bility o f the o rga niza tio n to m e e t its go a ls a nd co m m itm e nts. Fa cto rs include the qua lity o f the o rga niza tio na l structure including sk ills, e x pe rie nce s, pro gra m s, syste m s a nd o the r ve hicle s tha t e na ble the o rga niza tio n to o pe ra te e ffe ctive ly a nd e fficie ntly o n a n o ngo ing ba sis.

Completeness of Vision

Market Understanding: Ability o f the ve ndo r to

Magic Quadrant for SSL VPNs 10/19/2012

(2)

unifie d thre a t ma na ge me nt (UTM) solutions. Return to Top

Magic Quadrant

Figure 1. Ma gic Qua dra nt for SSL VPNs

Source: Gartner (December 2011)

Return to Top

Market Overview

SSL VPNs a re pe rsiste nt e ncrypte d conne ctions be tw e e n use r syste ms a nd VPN ga te w a ys, using the SSL protocol. SSL w a s origina lly conce ive d to inte rmitte ntly se cure protocol La ye r 7 for brow se r se ssions, but it ha s e xpa nde d to provide a broa de r ra nge of a cce ss, ra nging from La ye r 7 for a pplica tions, dow n to La ye r 3 for a cce ss to ne tw orks. SSL VPNs ha ve be e n e va lua te d in a Ma gic Qua dra nt, be ca use for ma ny ye a rs, the y w e re the foca l point for innova tions in re mote a cce ss. SSL VPN te chnology ha s be e n a good source of re ve nue for ne tw ork infra structure compa nie s, la rge a nd sma ll, for more tha n 10 ye a rs. Industry re ve nue s a nd shipme nts of SSL te chnologie s a re tra cka ble a nd ha ve me t Ga rtne r's crite ria for de fining a nd tra cking a te chnology ma rke t. Most importa ntly, clie nts cite SSL a nd brow se r-ba se d VPNs a s ke y de cision fa ctors in ne w a nd upgra de d VPN inve stme nts.

SSL VPNs a re be st cha ra cte rize d by the fa ct tha t the use r ca n sta rt a VPN se ssion from a W e b brow se r, a lthough ne a rly a ll ve ndors offe r a non-brow se r-clie nt a lte rna tive . SSL VPN ga te w a ys fe a ture a me nu-drive n, e mbe dde d re ve rse -proxy front e nd to provide a de fa ult gre e ting scre e n to a re mote use r, w hich ca n be dyna mica lly configure d a ccording to a cce ss policie s a nd conte xts. The me nu a nd re source s offe re d to the use r ca n be a lte re d by runtime rule s tha t re a ct to the use r's a cce ss sta tus w ith re spe ct to a va rie ty of fa ctors, including re mote -syste m he a lth se curity sta tus, a nd the use r's me thod of a uthe ntica tion. SSL's a dva nta ge s for VPNs include :

The VPN ca n be e sta blishe d w ithout a forma lly insta lle d clie nt be yond the brow se r, a nd supports the ma instre a m sta nda rd for e ncryption stre ngth.

SSL se ssions ca n survive unre lia ble ne tw orks a nd multiple inte rruptions, a nd ca n re conne ct a nd roa m a cross ne tw orks w ithout pre se rving a n IP a ddre ss.

Nonbrow se r SSL VPN clie nts incre a se the use r's e xpe rie nce of tra nspa re ncy, w hile providing SSL re lia bility be ne fits. The y ca n a lso support loca tion-inde pe nde nt, IP-a ddre ss-inde pe nde nt "conne ct on de ma nd" situa tions, w hich a re pa rticula rly a ttra ctive on sma ll mobile de vice s w ith limite d ba tte ry life .

SSL VPNs fe a ture se curity tools tha t ca n be dow nloa de d to e nd-use r syste ms during se ssion e sta blishme nt. The se tools e nha nce ne tw ork a cce ss control (NAC) de cisions by pe rforming clie nt-side he a lth che cks, e ve n on syste ms tha t ha ve ne ve r be fore ma de a VPN conne ction. Use r re fe re nce s obta ine d for this ye a r's Ma gic Qua dra nt re port indica te incre a se d utiliza tion of the se tools.

SSL VPNs shie ld the use r from the LAN by de fa ult, a nd La ye r 3 tunne ls to support routing ca n be limite d by policy choice s. The se policie s ca n be se t dyna mica lly, ba se d on ga te w a y rule s tha t e va lua te the use r, de vice a nd loca tion. W he n use rs initia te a VPN from a n unma na ge d de vice , re mote se curity controls ma y not be possible , but a dministra tors ca n use SSL VPNs to mitiga te the risk of ne tw ork e xposure s by limiting a pplica tions a nd se rvice s.

Compe lling use ca se s for SSL VPNs include :

The y provide se le ctive a cce ss to syste ms on a ne e d-to-know ba sis, a llow ing re la tive ly e a sy a cce ss pa rtitioning to support use ca se s, such a s contra ctors, pe rsona l e mploye e de vice s a nd a d hoc e me rge ncy a cce ss from unknow n syste ms.

The y provide se cure intra ne t or Inte rne t busine ss porta ls. SSL VPNs, combine d w ith W e b-e na blb-e d businb-e ss a pplica tions, crb-e a tb-e insta nt, robust porta ls ca pa blb-e of b-e xtb-e nding strong a uthe ntica tion a nd he a lth che cks.

The y provide a d hoc priva te se rvice to support unpla nne d a nd e me rge ncy re mote -a cce ss ne e ds.

unde rsta nd buye rs' wa nts a nd ne e ds a nd to tra nsla te tho se into pro ducts a nd se rvice s. Ve ndo rs tha t sho w the highe st de gre e o f visio n liste n a nd unde rsta nd buye rs' wa nts a nd ne e ds, a nd ca n sha pe o r e nha nce tho se with the ir a dde d visio n.

Marketing Strategy: A cle a r, diffe re ntia te d se t o f m e ssa ge s co nsiste ntly co m m unica te d thro ugho ut the o rga niza tio n a nd e x te rna lize d thro ugh the we bsite , a dve rtising, custo m e r pro gra m s a nd po sitio ning sta te m e nts.

Sales Strategy: T he stra te gy fo r se lling pro duct tha t use s the a ppro pria te ne two rk o f dire ct a nd indire ct sa le s, m a rk e ting, se rvice a nd co m m unica tio n a ffilia te s tha t e x te nd the sco pe a nd de pth o f m a rk e t re a ch, sk ills, e x pe rtise , te chno lo gie s, se rvice s a nd the custo m e r ba se . Offering (Product) Strategy: T he ve ndo r's a ppro a ch to pro duct de ve lo pm e nt a nd de live ry tha t e m pha size s diffe re ntia tio n, functio na lity, m e tho do lo gy a nd fe a ture se t a s the y m a p to curre nt a nd future re quire m e nts.

Business Model: T he so undne ss a nd lo gic o f the ve ndo r's unde rlying busine ss pro po sitio n. Vertical/Industry Strategy: T he ve ndo r's stra te gy to dire ct re so urce s, sk ills a nd o ffe rings to m e e t the spe cific ne e ds o f individua l m a rk e t se gm e nts, including ve rtica ls.

Innovation: Dire ct, re la te d, co m ple m e nta ry a nd syne rgistic la yo uts o f re so urce s, e x pe rtise o r ca pita l fo r inve stm e nt, co nso lida tio n, de fe nsive o r pre -e m ptive purpo se s.

Geographic Strategy: T he ve ndo r's stra te gy to dire ct re so urce s, sk ills a nd o ffe rings to m e e t the spe cific ne e ds o f ge o gra phie s o utside the "ho m e " o r na tive ge o gra phy, e ithe r dire ctly o r thro ugh pa rtne rs, cha nne ls a nd subsidia rie s a s a ppro pria te fo r tha t ge o gra phy a nd m a rk e t.

(3)

Limiting fa ctors for SSL VPNs include :

IPse c is de e ply e mbe dde d in ne tw orking products, such a s route rs a nd fire w a lls, a nd ha s a low e r incre me nta l se ssion cost in ga te w a ys. SSL VPNs ha ve historica lly re pre se nte d a n e xtra cost.

Ma ny compa nie s a re sa tisfie d w ith the ir IPse c e xpe rie nce s. If the le ga cy VPN me e ts busine ss ne e ds, the re is no pre ssure to cha nge .

The ma jor mobile -de vice OSs include mobile IPse c clie nts. IPse c is e a sy to configure on some mobile de vice s, such a s iPhone s a nd iPa ds, a nd ca n support conne ction on-de ma nd, w hich conse rve s ba tte ry life . Also, se ve ra l spe cia lize d le ga cy mobile VPNs ha ve succe ss re cords re lying ne ithe r on SSL nor IPse c.

Tw e lve ve ndors re turne d surve y da ta for this Ma gic Qua dra nt. The se le ction of ve ndors include s a ll ge ogra phie s, w ith the gre a te st e mpha sis e ve nly a ve ra ge d be tw e e n North Ame rica , Europe a nd Asia /Pa cific. Among the ve ndors tha t provide d da ta for this Ma gic Qua dra nt, the compa ra tive ye a r-ove r-ye a r grow th of re ve nue w ithin e a ch ve ndor's SSL VPN line of busine ss (LOB) w a s positive . Re porte d a nd e stima te d re ve nue for the LOB conta ining SSL VPN (w hich ma y include re la te d products, a s w e ll a s support a nd se rvice s) tota le d a bout $443 million, incre a sing from $400 million la st ye a r. This a mounts to a n 11% incre a se tha t is slightly be tte r tha n Ga rtne r's grow th fore ca st a cross a la rge r se le ction of ve ndors se lling spe cia lize d SSL VPN e quipme nt w orldw ide , re porte d a t a 9% compound a nnua l grow th ra te (CAGR) through 2015 (se e "Fore ca st: Spe cia lize d SSL VPN Equipme nt, W orldw ide , 2005-2015, 4Q11 Upda te ").

This ra te of grow th is sufficie nt to justify SSL te chnology a s a va lue d compone nt in the infra structure of incumbe nt ve ndors but is not e nough to sugge st tha t SSL VPN w ill continue to drive a diffe re ntia te d VPN ma rke t (se e "Fore ca st: Spe cia lize d SSL VPN Equipme nt, W orldw ide , 2005-2015, 4Q11 Upda te "). Ve ndors surve ye d for this Ma gic Qua dra nt re porte d individua l grow th for the LOB conta ining SSL VPN tha t ra nge d from 2% to 44% ove r the pre vious ye a r. Our 2011 a sse ssme nt of the SSL VPN ma rke t re ma ins ca utious. SSL te chnology ha s prove n, long-te rm via bility a s a tool in the kit of ne tw ork a nd se curity pla nne rs. How e ve r, a s a sta nd-a lone ma rke t, SSL VPN is show ing its a ge .

Se a t sa le s (se a t se ssions or pe ne tra tions) a re e stima te d for this Ma gic Qua dra nt to be usa ble concurre nt VPN se ssions on product ga te w a ys. Ve ndors tha t do not se t ma ximum ca pa city limits on the ir products w e re a ske d to e stima te the numbe r of ports a va ila ble on products sold, a ccording to the re comme nde d loa ding. The numbe r obta ine d re pre se nts the usa ble logica l se ssions in pla y.

Se a t pe ne tra tions, ca lcula te d ba se d on re sults from 11 ve ndors re porting se a t da ta (Citrix Syste ms de cline d to pa rticipa te in the surve y), a dd up to a tota l of more tha n 18 million for full-ye a r 2010, a n 80% incre a se compa re d w ith 10 million re corde d in the study pe riod of the pre vious Ma gic Qua dra nt. In pre vious Ma gic Qua dra nt re ports, the pe rforma nce of re porting ve ndors incre a se d only 32% from 2008 to 2009 in a difficult e conomy. W e a ttribute much of this grow th to a n improve d e conomy, incre a sing numbe rs of te le w orke rs (pa rticula rly in gove rnme nt positions), incre a sing inte re st in busine ss continuity progra m de ve lopme nt, a nd spa re ca pa city purcha se de cisions.

Ba se d on a full-ye a r 2010 a na lysis, the re porting ve ndors ge ne ra te d a ve ra ge se a t pe ne tra tions of 2 million se a ts, up from 940,000 in 2009. The me dia n sha re a lso incre a se d to 358,000 se a ts, compa re d w ith 250,000 in the prior ye a r, w hich ha d in fa ct be e n a 25% slump from 2008. At the sa me time , me dia n income in the SSL VPN LOB incre a se d to a bout $18.7 million, up from $15 million, but this is still a slump from $19.5 million in 2008. The 2011 e conomy a ppe a rs fa vora ble to a ll of the tra cke d ve ndors, a nd the ir e stima te s for 2011 full-ye a r pe rforma nce a re on tra ck for he a lthy improve me nts in sa le s re ve nue a nd se a t pe ne tra tions tha t w ill e xce e d those of the prior ye a r.

Return to Top

Market Definition/Description

Products in the SSL VPN ma rke t provide se cure a nd priva te conne ctions for individua ls to re a ch compa ny ga te w a ys via the Inte rne t using the SSL protocol from a w orksta tion, such a s a de sktop, la ptop, or a sma lle r e nd-use r computing de vice , such a s a sma rtphone or ta ble t. This Ma gic Qua dra nt e va lua te s SSL VPN products tha t a re sold for purcha se a nd use w ithin e nte rprise s. SSL VPN products combine brow se r se curity e nha nce me nt softw a re w ith a VPN ga te w a y tha t ma y be de live re d a s a sta nd-a lone ga te w a y a pplia nce or a s softw a re to be insta lle d on a use r-supplie d ga te w a y se rve r. The ma rke t is domina te d by a pplia nce s; how e ve r, pure softw a re products a re be coming more popula r through virtua liza tion, w hich ma ke s it e a sy to de ve lop drop-in, sca la ble , plug-a nd-pla y solutions for ga te w a y production syste ms, a s w e ll a s to e va lua te pre sa le de monstra tions. Me nu-drive n, "point a nd click" brow se r a cce ss to progra ms a nd re source s cha ra cte rize the de fa ult inte rfa ce for a n SSL VPN; how e ve r, se ve ra l compa nie s offe r nonbrow se r clie nts to more close ly imita te a n IPse c VPN, a nd a fe w compa nie s omit the me nu inte rfa ce a ltoge the r.

SSL VPNs support the strong a uthe ntica tion a nd se ssion logging de sire d for VPN prote ction, a s w e ll a s a pplica tion a cce ss a udits. The y a lso support the roa ming re quire me nts for mobile use rs, e spe cia lly those ca rrying note book compute rs a nd, incre a singly, sma rtphone s a nd ta ble ts. The most commonly re que ste d mobile support in 2011 ha s be e n for iPhone s a nd iPa ds, ma king Apple de vice s a n importa nt point for compe titive diffe re ntia tion.

Return to Top

Inclusion and Exclusion Criteria

Inclusion Criteria

SSL VPN compa nie s w e re conside re d for this Ma gic Qua dra nt unde r the conditions liste d he re . W e conta cte d 26 compa nie s, a nd 12 w e re qua lifie d to be ra nke d:

(4)

The compa ny must se ll a VPN product tha t fits the SSL VPN ma rke t de finition, a nd is comme rcia lly supporte d.

The ve ndor must ge ne ra te sufficie nt Ga rtne r clie nt inte re st a nd inquirie s, e spe cia lly by e vide nce of the ir a ppe a ra nce in shortlists a nd RFIs.

The ve ndor should a ppe a r re gula rly in othe r source s, such a s publica tions, support forums a nd confe re nce s, a s a product tha t is compe titive w ith compa nie s tha t a re qua lifie d for this ma rke t.

The ve ndor must de monstra te compe titive pre se nce a nd sa le s to Ga rtne r a na lysts. Compe titive pre se nce is improve d gre a tly if the product is sold a nd supporte d in multiple countrie s — or, e ve n be tte r, in multiple ge ogra phie s. Exce ptions ma y be gra nte d if othe r inclusion fa ctors me rit conside ra tion. Ga rtne r a na lysts e va lua te fe e dba ck from clie nts w ho conta ct a na lysts for inquirie s, a s w e ll a s from nonclie nts, including re fe rra ls of use rs provide d by ve ndors during the surve y proce ss.

For 2011, minimum thre sholds for se a t sa le s a nd re ve nue ha ve be e n continue d. To qua lify for inclusion, ve ndors ha d to me e t both of the se conditions:

A qua lifying ve ndor ne e de d to e a rn a t le a st $1 million in re ve nue in 2010 in the w orldw ide LOB for SSL VPNs. In this Ma gic Qua dra nt, no ra nke d ve ndor e a rne d le ss tha n $4.5 million. Ma ny of the ve ndors in this Ma gic Qua dra nt a re sma ll compa nie s, or la rge compa nie s w ith sma ll e a rnings in this ma rke t.

A qua lifying ve ndor ne e de d to a ccount for a t le a st 100,000 cumula tive concurre nt use r/se a t se ssions in pla y for 2008, 2009 a nd 2010. In this Ma gic Qua dra nt, no ra nke d ve ndor re porte d fe w e r tha n 200,000.

Return to Top

Exclusion Criteria

VPN compa nie s ha ve be e n e xclude d from the 2011 Ma gic Qua dra nt for one or more of the se conditions:

The compa ny did not ha ve a compe titive product on the ma rke t for a sufficie nt a mount of time during 2010 a nd the first ha lf of 2011 to e sta blish a visible , compe titive position a nd tra ck re cord.

The compa ny ha d a minima l or ne gligible a ppa re nt ma rke t sha re a nd ma rke t inquiry inte re st a mong Ga rtne r clie nts.

The compa ny se lls the product prima rily a s a n a pplica tion fire w a ll or othe r spe cia lize d inte rfa ce tha t is not compe ting dire ctly w ithin the la rge r SSL VPN product or function. The compa ny se lls W e b-e na ble d, pe rsona l re mote -control products tha t a re not true multiuse r a cce ss ga te w a ys.

The compa ny w a s invite d to pa rticipa te , but did not re ply to a n a nnua l RFI a nd did not othe rw ise me e t the inclusion crite ria . Alte rna tive me a ns of a sse ssme nt, pa rticula rly clie nt re que sts a nd compe titive visibility, did not me e t the inclusion crite ria .

Se rvice s built from the products a nd offe re d by third pa rtie s a re conside re d a dditive to the product ve ndor's ra nking, a nd the se rvice ve ndors a re not ra nke d. Ma na ge d ne tw ork se rvice s of a ll type s a re se pa ra te ma rke ts.

Due to cha nge s in inte rna l dire ction or a cquisition, a pre viously ra nke d compa ny no longe r ope ra te s in a dire ctly compe titive sta nce for the SSL VPN ma rke t.

Return to Top

Other Companies

Compa nie s tha t ha ve products in the ma rke t but a re not ra nke d in this re port include Ava ya , Ba rra cuda Ne tw orks, Elite core Te chnologie s (Cybe roa m), HOB GmbH, Fortine t, La ntronix, O2Se curity, Pa lo Alto Ne tw orks, Stone soft a nd W a tchGua rd Te chnologie s.

Return to Top

Added

Cryptzone a cquire d AppGa te a nd is a dde d to this re port.

Te chnology Ne xus ha s a cquire d PortW ise a nd is a dde d to this re port. Ultra Ele ctronics a cquire d AEP Ne tw orks a nd is a dde d to this re port.

Return to Top

Dropped

AEP Ne tw orks ha s be e n a cquire d by Ultra Ele ctronics a nd is now ra nke d unde r the na me Ultra Ele ctronics.

AppGa te w a s a cquire d by Cryptzone a nd is now ra nke d unde r the na me Cryptzone . Ne oAcce l w a s a cquire d by VMw a re to a dd ne tw ork priva cy ca pa bilitie s into the compa ny's product line s for se curity, VMw a re Vie w a nd cloud, ve rsus dire ctly compe ting for a sta nd-a lone VPN mnd-a rke t shnd-a re . VMw nd-a re hnd-a s de clnd-a re d the e nd of life for the stnd-a nd-nd-a lone Ne oAcce l a pplia nce , a nd w ill pursue ne w virtua l te chnology de ve lopme nts in w hich Ne oAcce l w ill provide ne w e na bling te chnologie s for re mote a cce ss.

PortW ise ha s be e n inte gra te d into a ne w compa ny ca lle d Te chnology Ne xus a nd is ra nke d unde r tha t na me .

Return to Top

Evaluation Criteria

Ability to Execute

(5)

Exe cution conside rs fa ctors re la te d to ge tting products sold, insta lle d, supporte d a nd in use r ha nds. Compa nie s tha t e xe cute strongly ge ne ra te pe rva sive a w a re ne ss a nd loya lty a mong Ga rtne r clie nts, a s w e ll a s a ste a dy stre a m of inquirie s to Ga rtne r a na lysts. Exe cution is not prima rily a bout compa ny size a nd income ; how e ve r, a s the ma rke t ma ture s, la rge r compa nie s te nd to ha ve a gre a te r influe nce on the ma rke t. W e tra ck influe nce on buye rs through re ve nue a nd se a t sa le s. W e tra ck influe nce a mong ve ndors in the ma rke t through clie nt fe e dba ck a bout shortlist de cisions, a s w e ll a s on comme nts from e a ch ve ndor a bout its pe e r group, including pe rce ive d thre a ts a nd compe titive se lf-a sse ssme nt. For thre e ye a rs running, Junipe r Ne tw orks, Cisco a nd Citrix Syste ms w e re vote d by the ir pe e rs a s the most se rious compe titive thre a ts in the ma rke t.

Ne w products, ne w fe a ture s a nd e stima te d sa le s in 1H11 w e re conside re d in the fina l ra nking. Unofficia l roa d ma ps, pe nding contra cts, future sa le s a gre e me nts, future promise s for ve ry re ce nt a cquisitions a nd va gue stra te gie s do not significa ntly contribute to a ve ndor ra nking or to inclusion in this Ma gic Qua dra nt; how e ve r, ve ndors tha t ha ve officia l a nd public roa d ma ps, a nd ma ke consiste nt progre ss, a re re cognize d.

Exe cution w e ightings a re conside re d sta nda rd, be ca use w ithin our re vie w , the re la tive me rit of e a ch ra nking fa ctor ca n be a de qua te ly e xpre sse d for the ge ne ra l ca se w ithout a dditiona l a djustme nts. W e ightings a re subje ctive a nd conte xtua l; re a de rs w ho conduct the ir ow n RFIs ma y choose to cha nge w e ightings to suit the ne e ds of the ir busine ss a nd the ir industry. W e ighting sugge stions a nd de ta ile d surve y que stions a re pre se nte d in "Toolkit: Se cure Socke ts La ye r Virtua l Priva te Ne tw ork RFI a nd RFP Te mpla te s." Follow ing a re de scriptions of the e va lua tion crite ria for e xe cution:

Product/Service: Compa re s the comple te ne ss a nd a ppropria te ne ss of core SSL VPN

products sold for use in the e nte rprise re mote -a cce ss ma rke t. The SSL VPN ma rke t de fine d in this Ma gic Qua dra nt is product-focuse d, but re la te d se rvice a re a s ma y contribute , including consulting se rvice s a nd ma na ge d se rvice re se lle rs. A strong product focus is critica l to de monstra ting tha t the ve ndor ca n ge ne ra te ma rke t a w a re ne ss.

O verall Viability (Business Unit, Financial, Strategy, O rganization): Conside rs the

compa ny's history a nd its de monstra te d commitme nt in the SSL VPN ma rke t, a s w e ll a s the diffe re nce be tw e e n a compa ny's sta te d goa ls for the e va lua tion pe riod a nd a ctua l

pe rforma nce , a s compa re d w ith the re st of the ma rke t. The grow th of the custome r ba se a nd the re ve nue de rive d from sa le s a re conside re d. All ve ndors w e re a ske d to disclose

compa ra ble ma rke t da ta , such a s SSL VPN re ve nue , the numbe r of unique compa nie s unde r contra ct a nd informa tion a bout se a ts sold ye a r by ye a r. "Se a ts" a re de fine d a s concurre nt a ctive lice nse se a ts de ploye d on sold products. W he re compa nie s ha ve move d to a n unlimite d-lice nse mode l, a ctive se a ts a re e stima te d from the norma l ca pa city limits of the pla tforms sold.

Some ve ndors do not re port portions of compe titive informa tion in the forma t re que ste d for compa rison. In the se situa tions, othe r qua ntita tive source s of Ga rtne r informa tion w e re conside re d, but qua lita tive e vide nce from clie nt fe e dba ck a nd pe e r a na lyst fe e dba ck be come more importa nt. Indire ct me a sure s of product pe ne tra tion, such a s "boxe s shippe d," w e re not use d to me a sure e xe cution in this Ma gic Qua dra nt. Inste a d, w e conside re d concurre nt se a ts sold, lice nse d a nd a cce ssible to the buye r a s e vide nce tha t the products a re be ing use d. Ve ndors w e re a ske d to conve rt to the concurre nt se a t formula a s ne ce ssa ry, a nd the a ctua l numbe rs re porte d w e re tre a te d a s guida nce , ra the r tha n a s ha rd fa cts.

Sales Execution/Pricing: Compa re s the stre ngth of ve ndors' sa le s a nd distribution

ope ra tions, a s w e ll a s the ir discounte d list pricing for syste ms supporting a s fe w a s 25 concurre nt use rs a nd up to more tha n 10,000 concurre nt use rs. Pricing w a s compa re d in first-ye a r, cost-pe r-concurre nt-a ctive -lice nse se a ts, including the cost of a ll ha rdw a re a nd support.

Market Responsiveness and Track Record, and Marketing Execution: Ra te s compe titive

visibility a s the ke y fa ctor, including w hich ve ndors a re most commonly conside re d the top compe titive thre a ts during the RFP proce ss a nd w hich a re conside re d the top thre a ts by pe e rs. In a ddition to buye r a nd a na lyst fe e dba ck, this ra ting conside rs fe e dba ck from clie nts, a na lysts a nd the ve ndors the mse lve s. Strong ra tings me a n tha t a compa ny ha s

de monstra te d to Ga rtne r a na lysts tha t the e nte rprise ca n ge t liste d in RFPs e a rly a nd ca n w in a la rge pe rce nta ge in compe tition w ith othe r ve ndors. Ma rke ting e xe cution in this Ma gic Qua dra nt is conside re d a n a spe ct of ma rke t re sponsive ne ss a nd tra ck re cord, ra the r tha n a se pa ra te crite rion.

Customer Experience: Is subje ctive ly ra te d from clie nt fe e dba ck to a na lysts; the opinions of

Ga rtne r a na lysts in se curity, ne tw ork a nd pla tform re se a rch groups; a nd ve ndor-supplie d re fe re nce s, w he re ne e de d. Inte nse inte re st in SSL VPNs from Ga rtne r clie nts provide d a ye a r's w orth of a mple fe e dba ck to fra me the ma rke t.

O perations: Conside rs the a bility of a ve ndor to pursue goa ls in a ma nne r tha t e nha nce s

a nd grow s its influe nce in a ll e xe cution ca te gorie s.

Ta ble 1 provide s a n ove rvie w of the e va lua tion crite ria for the Ability to Exe cute .

Table 1. Ability to Exe cute Eva lua tion Crite ria

Ev aluation Criteria Weighting

Product/Service Standard

Overall Viability (Business Unit, Financial, Strategy, Organization) Standard

Sales Execution/Pricing Standard

Market Responsiveness and Track Record Standard

Marketing Execution No rating

C ustomer Experience Standard

Operations Standard

(6)

Completeness of Vision

The SSL VPN ma rke t is ma ture in te rms of its core de finition, a nd most ve ndors ha ve functions a nd fe a ture s tha t ma ke the m more simila r ra the r tha n distinguishe d a mong pe e rs. For the pa st tw o ye a rs, ma ny SSL VPN ve ndors — pa rticula rly the sma lle r ve ndors — conce ntra te d on se lling into sa fe situa tions, a nd the ir inve stme nts in disruptive vision-diffe re ntia ting a ctivitie s w e re limite d. Some of the R&D proje cts tha t re quire d a lot of e ffort, such a s building out support for virtua liza tion, a re now conside re d sta tus quo ra the r tha n ma tte rs of diffe re ntia tion.

Vision w e ightings a re conside re d sta nda rd, be ca use , w ithin our re vie w , the re la tive me rit of e a ch ra nking fa ctor ca n be a de qua te ly e xpre sse d for the ge ne ra l ca se w ithout a dditiona l a djustme nts. W e ightings a re subje ctive a nd conte xtua l; re a de rs w ho conduct the ir ow n RFIs ma y choose to cha nge w e ightings to suit the ne e ds of the ir busine sse s a nd the ir industrie s. W e ighting

sugge stions a nd de ta ile d surve y que stions a re pre se nte d in "Toolkit: Se cure Socke ts La ye r Virtua l Priva te Ne tw ork RFI a nd RFP Te mpla te s." Follow ing a re de scriptions of the e va lua tion crite ria for vision:

Market Understanding and Marketing Strategy: Asse sse s through dire ct obse rva tion the

de gre e to w hich a ve ndor's products, roa d ma ps a nd mission a nticipa te le a ding-e dge thinking a bout buye r w a nts a nd ne e ds. Ga rtne r ma ke s this a sse ssme nt subje ctive ly by se ve ra l me a ns, including inte ra ction w ith ve ndors in brie fings a nd by re a ding pla nning docume nts, ma rke ting a nd sa le s lite ra ture , a nd pre ss re le a se s. Incumbe nt ve ndor ma rke t pe rforma nce is re vie w e d ye a r by ye a r a ga inst spe cific re comme nda tions tha t ha ve be e n ma de to e a ch ve ndor a nd a ga inst future tre nds ide ntifie d in Ga rtne r re se a rch. Ve ndors ca nnot me re ly sta te a n a ggre ssive future goa l; the y must put the se pla ns in pla ce , show tha t the y a re follow ing the pla ns a nd modify the pla ns a s ma rke t dire ctions cha nge .

Sales Strategy: Exa mine s ve ndors' stra te gie s for communica ting the ir product me ssa ge s.

This ra nking fa ctor is the bridge be tw e e n ma rke ting e xe cution a nd product stra te gy.

O ffering (Product) Strategy: Is ra nke d through a n e xa mina tion of the bre a dth of functions,

pla tform a nd OS support for the SSL clie nt; the VPN ga te w a y OS a nd fe a ture s; a nd the inve stme nts ma de by the ve ndor to optimize a nd support a pplica tions a cce sse d through the ga te w a y. R&D inve stme nts a re cre dite d in this ca te gory.

Business Model: Ta ke s into a ccount a ve ndor's unde rlying busine ss obje ctive s for its

products a nd its ongoing a bility to pursue R&D goa ls in a ma nne r tha t e nha nce s a ll vision ca te gorie s.

Vertical/Industry Strategy: Conside rs a ve ndor's a bility to communica te a vision tha t

a ppe a ls to spe cific industrie s a nd ve rtica l ma rke ts.

Innovation: Ta ke s into conside ra tion the de gre e to w hich ve ndors inve st in core

re quire me nts for the succe ssful use of the ir products. Crite ria include a ve ndor's inte rna l inve stme nts in va lue -a dde d se curity tools a nd te chnology roa d ma ps, a s w e ll a s e xte rna l e fforts to e xpa nd inte rope ra bility, a llia nce s a nd pa rtne rships w ith compa nie s in re la te d se curity ma rke ts. A ve ndor w ith a strong vision cre a te s communitie s w ith othe r compa nie s, a nd this, in turn, he lps othe r compa nie s, a s w e ll a s buye rs, vie w the SSL VPN ve ndor a s a ne ce ssa ry compone nt of la rge r busine ss solutions.

Geographic Strategy: Ta ke s into a ccount a ve ndor's stra te gy to dire ct its re source s, skills,

products a nd se rvice s in multiple ge ogra phie s.

Ta ble 2 give s a n ove rvie w of the e va lua tion crite ria for Comple te ne ss of Vision.

Table 2. Comple te ne ss of Vision

Eva lua tion Crite ria

Ev aluation Criteria Weighting

Market Understanding Standard

Marketing Strategy Standard

Sales Strategy Standard

Offering (Product) Strategy Standard

Business Model Standard

Vertical/Industry Strategy Standard

Innovation Standard

Geographic Strategy Standard

Leaders

Le a de rs de monstra te ba la nce d progre ss, e ffort a nd clout in a ll e xe cution a nd vision ca te gorie s. The ir a ctions ra ise the compe titive ba r for a ll products in the ma rke t, a nd the y ca n cha nge the course of the industry. To re ma in in the Le a de rs qua dra nt, ve ndors must e xce l in pe rforma nce , sca la bility a nd prote ction, a nd must domina te in sa le s. How e ve r, a le a ding ve ndor is not a de fa ult choice for a ll buye rs, a nd clie nts a re w a rne d not to a ssume tha t the y should buy only from the Le a de rs qua dra nt. To sta y on the right side of the cha rt, Le a de rs (a nd Visiona rie s) must follow course s tha t a re compe titive ly disruptive , a nd not only a re a he a d of the curve , but a lso offe r fe a ture s tha t re move significa nt roa dblocks to ve ndor sa le s a nd buye r imple me nta tions. One e xa mple of a compe titive ly disruptive a ctivity might include de live ring a supe rior sma rtphone clie nt in te rms of ca pa bility, use r e xpe rie nce a nd use r a doption tha t could significa ntly stimula te ne w sma rtphone VPN de ployme nts.

Ve ndors tha t ha ve pursue d ne w te chnologie s but ha ve not cha nge d the course of buye r de cisions a nd imple me nta tions, a nd compa nie s tha t a dd fe a ture s to ma ke the ir products more comple te in

(7)

compa rison w ith the sa me fe a ture s offe re d by othe r ve ndors, a re not cre a ting compe titive ly disruptive situa tions.

In a ma ture VPN ma rke t, Le a de rs se ll broa d ne tw ork infra structure product fa milie s to buye rs, a s w e ll a s sta nd-a lone VPNs. Buye rs of Le a de r products include la rge r compa nie s a nd/or proje cts tha t ofte n stre tch products in w a ys tha t uncove r proble ms in sca la bility a nd ma inta ina bility. Quick re sponse is e sse ntia l. La rge r inve stme nts in he lp a nd support ope ra tions contribute gre a tly to sa tisfa ction.

Return to Top

Challengers

Cha lle nge rs ha ve a ttra ctive products tha t a ddre ss the typica l ne e ds of the ma rke t, w ith strong sa le s a nd visibility tha t a dd up to highe r e xe cution tha n Niche Pla ye rs. Cha lle nge rs a re good a t w inning contra cts, but the y do so by compe ting on a limite d se le ction of functions or a limite d se le ction of prospe ct buye rs. The y ma y be pe rce ive d a s a thre a t by othe r ve ndors, but tha t thre a t w ill be prima rily focuse d on a limite d cla ss of buye rs, ra the r tha n the VPN ma rke t a s a w hole . Cha lle nge rs a re e fficie nt a nd e xpe die nt choice s for de fine d a cce ss proble ms. Ma ny clie nts conside r Cha lle nge rs to be the conse rva tive , sa fe a lte rna tive to Niche Pla ye rs.

Return to Top

Visionaries

Visiona rie s inve st in the le a ding-e dge or "ble e ding e dge " fe a ture s tha t w ill be significa nt in ne xt-ge ne ra tion products, a nd w ill give buye rs e a rly a cce ss to improve d se curity a nd ma na xt-ge me nt. Visiona rie s ca n a ffe ct the course of te chnologica l de ve lopme nts in the ma rke t, but the y la ck the e xe cution influe nce to outma ne uve r Cha lle nge rs a nd Le a de rs. Buye rs pick Visiona rie s for be st-of-bre e d fe a ture s, a nd for broa de r ne tw ork infra structure inve stme nts tha n Niche Pla ye rs. Buye rs ma y obta in more pe rsona l a tte ntion. Visiona rie s ma y ta ke risks on pote ntia lly disruptive te chnologie s (a s de scribe d in the Le a de rs se ction), a nd ofte n, the y do this w ithout the fina ncia l re se rve s of a Le a de r or Cha lle nge r. Buye rs of Visiona rie s' products ma y ba se the ir se le ctions on spe cific te chnology fe a ture s a nd on pa rticipa tion in the ve ndor's roa d ma p pla ns.

Return to Top

Niche Players

Niche Pla ye rs offe r via ble , de pe nda ble solutions tha t me e t the typica l ne e ds of buye rs a nd fa re w e ll w he n give n a cha nce to compe te in a product e va lua tion. Niche Pla ye rs re spond to ma rke t cha nge s a nd ne w te chnologie s, but the y ge ne ra lly la ck the clout to cha nge the course of the ma rke t. Niche Pla ye rs ma y se rve conse rva tive a nd risk-a ve rse buye rs more e fficie ntly tha n Le a de rs. Clie nts te nd to se le ct Niche Pla ye rs a s sta nd-a lone or point solutions for SSL VPN w he n sta bility a nd focus on a fe w importa nt functions a nd fe a ture s a re more importa nt tha n a w ide a nd long roa d ma p. Niche Pla ye rs ma y ta rge t clie nts tha t, for va rious re a sons, pre fe r not to buy from la rge r ne tw ork pla ye rs. Buye rs re port tha t Niche Pla ye rs te nd to provide more pe rsona l a tte ntion to the ir ne e ds. Buye rs of the se VPN products a re ge ne ra lly ha ppy a nd do not stre tch the syste ms pa st the de sign pa ra me te rs. The y a re unlike ly to sw itch ve ndors, but the y ma y re pre se nt limite d upse ll opportunitie s.

Return to Top

Vendor Strengths and Cautions

Array Networks

Founde d in 2000, Arra y Ne tw orks se lls e ntry-le ve l through ca rrie r-cla ss e quipme nt into a numbe r of re la te d ma rke ts, including a pplica tion de live ry controlle rs, loa d ba la ncing a nd SSL a cce le ra tion. Buye rs a re most strongly inte re ste d in VPN a lte rna tive s to IPse c a nd, fre que ntly, combine SSL VPN w ith De sktopDire ct, Arra y's fully monitore d Re mote De sktop Protocol (RDP) re mote -a cce ss sw itch tha t w orks a s a compa nion to the SSL VPN. Fe de ra l Informa tion Proce ssing Sta nda rd (FIPS) 140-2 Le ve l 2 a nd Le ve l 3 a dd-in e ncryption ca rds a re a va ila ble .

Strengths

Arra y ha s a compe titive price /pe rforma nce , gre e n IT de signs (high pe rforma nce w ith re duce d pow e r a nd re duce d ne tw ork ove rhe a d), a nd sca la bility for la rge a nd de ma nding a cce ss ne e ds, w hile a lso offe ring a n a fforda ble , low -e nd e ntry point.

Arra y's 2010 re ve nue gre w 19% ove r 2009, w hich is in line w ith the me dia n grow th re porte d by compa nie s re sponding to the Ma gic Qua dra nt surve y.

High-e nd pe rforma nce re a che s 64,000 concurre nt se ssions in a single a pplia nce .

Cautions

Arra y's compe titive visibility is a mong the low e st re porte d. Sa le s a nd clie nt re cognition a re stronge st in Asia /Pa cific, pa rticula rly in China a nd India . A long-a nticipa te d ove rha ul of ma rke ting a nd communica tions is unde r w a y.

Arra y ha s not ye t de live re d a virtua l a pplia nce ga te w a y. This is a ne e de d fe a ture to re a ch pa rity in the ma rke t, w hich ha s prove n compe titive a mong pe e rs.

Return to Top

Check Point Software Technologies

Che ck Point Softw a re Te chnologie s' SSL VPN w a s de ve lope d in-house sta rting in 2002, a s a n inte gra l pa rt of its VPN-1 fa mily, a nd a ugme nte d w ith Zone La bs te chnology to provide inte gra te d se curity tools. Toda y, Che ck Point se lls SSL VPN in the Conne ctra a pplia nce , a s a softw a re bla de in its se curity ga te w a y fa mily, a s a virtua l a pplia nce for ESX a nd a s sta nd-a lone softw a re to run on se ve ra l se rve r pla tforms. Che ck Point se lls in a ll ge ogra phie s, but is stronge st in Europe a nd

(8)

the U.S., follow e d by Asia /Pa cific. Buye rs a re most inte re ste d in a lte rna tive s to IPse c VPNs, e xtra ne t/contra ctor a cce ss a nd disa ste r ma na ge me nt/busine ss continuity a cce ss. Che ck Point's re mote -a cce ss solutions a re na tive ly ce rtifie d to Common Crite ria (CC) Eva lua tion Assura nce Le ve l 4 (EAL4), a nd the R65 HFA-30 offe rs na tive FIPS 140-2 Le ve l 2 ce rtifica tion.

Strengths

Che ck Point's e ntry-le ve l SSL VPN configura tion include s inte gra te d fire w a ll, IPse c VPN a nd a n intrusion pre ve ntion syste m (IPS). Othe r fe a ture s of a UTM configura tion a re e a sily a dde d a s "softw a re bla de s."

Che ck Point offe rs w ide a nd consiste nt support a cross pla tforms, including de sktops, note books, sma rtphone s a nd ta ble ts. Che ck Point ha s be e n e a rly to ma rke t for se ve ra l ye a rs, w ith optimize d support for sma rtphone s a nd ta ble ts.

Na tive support for Microsoft Excha nge is pre se nt in the VPN ga te w a y so tha t use rs do not ne e d a dire ct conne ction to a n inte rna l Excha nge se rve r to synchronize . How e ve r, most Ga rtne r clie nts pre fe r to se le ct a mobile de vice ma na ge me nt (MDM) ve ndor to he lp w ith this ta sk.

Cautions

Re porte d a nd e stima te d SSL LOB pe rforma nce a nd visibility ha ve be e n be low a ve ra ge . Ga rtne r clie nts tha t inquire d a bout SSL VPNs w e re like ly to a sk for a re pla ce me nt or a diffe re nt ve ndor for SSL, e ve n if the y use Che ck Point fire w a lls. Clie nts re porte d confusion ove r pricing a nd re quire me nts for VPN clie nt softw a re , a s w e ll a s va ria ble support qua lity from re se lle rs.

De spite Che ck Point's innova tions during the pa st se ve ra l ye a rs, its e fforts ha ve not ma de the compa ny stronge r in te rms of compe titive re cognition by ve ndors or buye rs. Ba se d on clie nt fe e dba ck a nd pe e r a na lyst re vie w , Ga rtne r be lie ve s it me rits a Visiona ry ra nking. A ne xt-ge ne ra tion "VPN on a stick" na me d Abra w a s de live re d, but Sa nDisk de cide d to ca nce l the origina l pa rtne re d Cruze r ha rdw a re product. Che ck Point ha s gone through a bra nd cha nge to the na me "Go" a nd ha s re re le a se d Go to include porta ble a pplica tions. It is a lso pla nning to support Go on othe r ha rdw a re de vice s be yond Sa nDisk. Che ck Point ha s ha d some succe ssful Go de ployme nts, but in ge ne ra l, Ga rtne r be lie ve s tha t de ma nd for a nd visiona ry va lue of a ll products in this cla ss ha ve diminishe d since la st ye a r.

Return to Top

Cisco

Cisco re le a se d its first SSL VPN in 2004. Toda y, Cisco's SSL VPN ca pa bilitie s a re a n e mbe dde d option on a ll Ada ptive Se curity Applia nce s (ASA se rie s) a nd ma ny Cisco IOS pla tforms. Cisco's unive rsa l-a cce ss vision for VPNs is e mbodie d in AnyConne ct, a ubiquitous VPN clie nt tha t e njoys a ta cit e ndorse me nt from Apple for use on iPhone s a nd iPa ds. It is a lso a va ila ble on othe r mobile de vice pla tforms, including Android, Symbia n a nd W indow s Mobile 6.x, in a ddition to PCs, Ma cs a nd Linux. Cisco's product focus a nd vision a re e xpre sse d in the Se cure Mobility solution, a nd it ha s be e n w e ll-communica te d to buye rs a nd ha s re ce ive d a strongly positive re sponse from use rs. FIPS 140-2 ce rtifica tions of se ve ra l le ve ls a re offe re d on diffe re nt ha rdw a re a nd softw a re pla tforms. Most ASA pla tforms a re ce rtifie d to Le ve l 2 a nd ga rne r CC EAL4. AnyConne ct clie nt is ce rtifie d to Le ve l 1 a nd CC EAL4.

Strengths

Cisco curre ntly ge ne ra te s a high ra te of Ga rtne r clie nt inquirie s, a nd e a rns a high le ve l of clie nt a w a re ne ss. Among le ga cy ne tw ork infra structure pla ye rs, Cisco is highly succe ssful a t ge ne ra ting re ve nue for both IPse c a nd SSL VPNs be ca use of the low cost a nd e a se of a ctiva tion on ASA pla tforms, a s w e ll a s the positive e nd-use r e xpe rie nce , pa rticula rly on mobile de vice s. Cisco's SSL VPN e ntry cost a nd discount ra te s a re the low e st re porte d in the history of this Ma gic Qua dra nt re port. Othe r surve ye d ve ndors conside r Cisco a ma jor compe titive thre a t, w hich sha re s se cond pla ce w ith Citrix Syste ms a fte r Junipe r Ne tw orks. AnyConne ct offe rs ba sic ne tw ork pe rsiste nce for unsta ble conne ctions. It supports a n a utoma tic conne ct mode to compe te w ith Microsoft Dire ctAcce ss a nd a conne ct-on-de ma nd mode to support pow e r sa vings a nd mobile a cce ss ne e ds.

Cisco's 2010 a nd pre limina ry 2011 VPN LOB re ve nue re sults a re the se cond highe st re porte d. Ove ra ll se a t pe ne tra tions a re the highe st re porte d for se ve ra l ye a rs, a nd w ould be ra nke d a t the top e ve n if the count w a s conse rva tive ly discounte d. Cisco se lls in a ll

ge ogra phie s for a ll use ca se s, a nd is a de pt a t se lling SSL VPN combine d w ith or a s a tota l re pla ce me nt for IPse c.

Cautions

Low pricing combine d w ith high volume ma y se t a limit on the re ve nue tha t Cisco ca n ge ne ra te from the SSL VPN portion of the ASA pla tform a nd ma y le a d to buye r sa tura tion. In contra st, some othe r influe ntia l ve ndors de rive a high ra te of re ve nue from SSL VPN. Buye rs should ma ke the ir de a ls w hile the de a ls a re good, so to spe a k, be ca use the re a re va lid compe titive re a sons for a future price hike .

De spite a strong ra nking in the "Ma gic Qua dra nt for Se cure W e b Ga te w a y," Cisco Sca nSa fe Se cure Mobility doe sn't ge ne ra te visibility a mong Ga rtne r clie nts in a ma nne r comme nsura te w ith Sca nSa fe 's role in prote cting re mote -a cce ss use rs. Buye rs should conside r Cisco Sca nSa fe Se cure Mobility w he n se tting up SSL VPNs w ith the Cisco AnyConne ct clie nt. Cisco buye rs ha ve long upgra de w ish lists in line w ith le a de rship e xpe cta tions. Buye rs should a sk for roa d ma p commitme nts for le a ding-e dge conce rns — including unive rsa l Android SSL support (tha t is, for a ll Android va ria nts on the ma rke t); e nha nce d ma na ge me nt in bring your ow n de vice (BYOD) sce na rios; a nd inte gra tion w ith Cisco Ide ntity Se rvice s Engine (ISE), w hich supe rse de s Cisco Ne tw ork Admission Control (NAC).

Return to Top

Citrix Systems

Citrix built its Citrix Acce ss Ga te w a y a nd Citrix Ne tSca le r products to provide se cure re mote

-Magic Quadrant for SSL VPNs 10/19/2012

(9)

a cce ss e nte rprise a nd W e b a pplica tions, including virtua lize d a pplica tions a nd de sktops. Buye rs prima rily use Citrix SSL ca pa bilitie s to e xte nd se cure a cce ss to Xe nApp or Xe nDe sktop. Citrix Acce ss Ga te w a y Ente rprise Edition ha s be e n na tive ly ce rtifie d to CC EAL2 a nd up. Sta rting in 2011, SSL is be ing re positione d a s a n e mbe dde d fe a ture in othe r product line s, including Xe nDe sktop, Xe nApp, Ne tSca le r a nd CloudGa te w a y. Future de ve lopme nt e fforts w ill mix inte rna l a nd e xte rna l a pplica tion a cce ss to W e b, W indow s, softw a re a s a se rvice (Sa a S), a nd mobile a pps a nd da ta a t Citrix CloudGa te w a y. Although Citrix chose not to pa rticipa te in this ye a r's surve y, a combina tion of e mpirica l e vide nce from industry source s, clie nt fe e dba ck, a nd Ga rtne r's pre va iling know le dge of Citrix use ca se s a nd ca pa bilitie s me rite d its ra nking in this Ma gic Qua dra nt re port.

Strengths

During the study pe riod, Citrix SSL VPN ga te w a ys ge ne ra te d significa nt e nte rprise ma rke t pre se nce a nd use r inte re st. The se ga te w a ys a re fre que ntly bundle d w ith sa le s for Xe nApp a nd Xe nDe sktop through strong globa l re se lle r cha nne ls. Citrix sha re s se cond pla ce w ith Cisco in be ing na me d a compe titive thre a t a mong the surve ye d ve ndors.

Citrix Re ce ive r is a w e ll-know n re mote a pplica tion displa y pla tform a nd supports a w ide ra nge of e nd pla tforms, including sma rtphone s a nd ta ble ts. It is fre que ntly use d a s a n e na ble r for re mote a cce ss to Xe nApp. Fe a ture s such a s SmoothRoa ming e nha nce the sta bility of Re ce ive r w he n ope ra ting through a VPN.

Citrix provide s a n unusua lly broa d choice for ma na ge me nt inte rfa ce s, including a proprie ta ry console de live re d via Fla sh, Microsoft Ma na ge me nt Console (MMC) sna p-in, progra mma ble SOAP inte rfa ce a nd SNMP. Citrix a lso provide s inte gra tion w ith se curity informa tion a nd e ve nt ma na ge me nt (SIEM) products tha t ha ve syslog a nd SNMP hooks.

Cautions

IT ma na ge rs a re unlike ly to re cognize Citrix a s a pla ye r in the VPN ma rke t. IT ma na ge rs fre que ntly conte nd w ith tw o VPNs: one inte ntiona lly purcha se d for ne tw ork infra structure ; a nd the othe r — a Citrix product — inde pe nde ntly introduce d by the a pplica tion te a m. Indire ct se lling a nd duplica tion do not ge ne ra te compe tition, a ccording to a cle a r pursuit of the ma rke t de finition use d in this re port; the re fore , e xe cution ha s be e n re duce d. Citrix ha s re positione d its ne w a cce ss solutions to be fe a ture s of CloudGa te w a y, in w a ys tha t incre a singly dive rge from the ma rke t de finition use d in this re port. CloudGa te w a y is a n importa nt stra te gic vision for Citrix, but the SSL VPN offe ring e qua te s to a Cha lle nge r ra nking in the pre va iling SSL VPN Ma gic Qua dra nt de finition.

Compe ting SSL VPN ve ndors ca n offe r a cce ss support for Xe nApp a nd Xe nDe sktop tha t is simila r to the Citrix ga te w a y e xpe rie nce , including se le ctive a pplica tion publishing a t a low incre me nta l cost on top of e xisting SSL VPNs.

Return to Top

Cryptzone

In 2010, Cryptzone a cquire d AppGa te , a re la tive ly sma ll compa ny w ith ma rke t sha re a nd othe r crite ria sufficie nt for inclusion in this Ma gic Qua dra nt. AppGa te be ga n building se cure a cce ss solutions for the Sw e dish de fe nse industry in the la te 1990s. The VPN provide s functions, look a nd fe e l tha t a re highly simila r to a typica l SSL VPN, but it use s SSH a s the unde rlying tra nsport la ye r. This is a cce pta ble be ca use some Ga rtne r clie nts a re inte re ste d in SSH for VPNs. Cryptzone provide s a dditiona l funds a nd re source s a nd is building a pre se nce in U.S. ma rke ts. Buye rs a re most inte re ste d in e xtra ne t/contra ctor a cce ss, nonbrow se r tunne l clie nts a nd sma rtphone VPNs. AppGa te fe a ture s a n e mbe dde d FIPS 140-2 Le ve l 1 va lida te d cryptogra phic module ba se d on Ope nSSL 1.1.2. Products a re ce rtifie d to CC EAL2 a nd up.

Strengths

AppGa te be come s the se cure a cce ss compone nt w ithin Cryptzone 's la rge r portfolio of se curity solutions, w hich include risk ma na ge me nt, policy complia nce , conte nt se curity a nd e ndpoint se curity.

For a sma ll compa ny, Cryptzone ha s offe re d comple x a nd va rie d re fe re nce s, indica ting a n a bility to compe te on mission-critica l re a l-time imple me nta tions. Mobile clie nts a re a va ila ble for a ll ma jor phone a nd ta ble t pla tforms, including Apple a nd Google .

The compa ny ha s be e n a ble to re duce its re lia nce on Europe a n tra de a nd is show ing nota ble re ve nue grow th in North Ame rica , the Middle Ea st a nd Africa .

Cautions

Acce le ra tion is not a va ila ble a t this time from AppGa te , a lthough compre ssion is include d. AppGa te doe s not support a conne ct-on-de ma nd VPN, a nd should a dd this ca pa bility to support roa ming mobile -de vice -a cce ss sce na rios.

Its re ve nue for 2010 to 2011 is a t the bottom of the ra nge of ra nke d ve ndors, a lthough w e ll w ithin the inclusion le ve l. How e ve r, in a ma ture ma rke t, the ra nking prospe ct re ma ins a s a Niche Pla ye r.

Return to Top

F5 Networks

F5 ha s offe re d SSL VPNs since 2003. F5's ma in distinguishing cha ra cte ristics a re high

pe rforma nce , re lia ble ga te w a ys a nd ca rrie r-cla ss a cce le ra tion. F5 de live rs ste a dily on roa d ma p mile stone s, including its Acce ss Policy Ma na ge r (APM), Big-IP Edge Ga te w a y a nd support for mobile de vice s. Combine d w ith good fe e dba ck, bre a dth of de ployme nts a nd se a t pe ne tra tion e xce e ding 1 million for the pa st ye a r, F5 re ga ins its Le a de r ra nking. Buye r pre fe re nce s include hoste d virtua l de sktop support, busine ss continuity a nd sma rtphone support. Big-IP e a rns a ce rtifica tion of CC EAL2 a nd up; FIPS 140-2 Le ve l 1 ce rtifica tion on a ll mode ls ca n be provide d by optiona l ha rdw a re .

Strengths

Re ve nue for F5's SSL VPN LOB gre w a solid 28% in 2010, follow ing a strong run of 35%

(10)

grow th during the e conomic slow dow n of 2008 a nd 2009. Ove ra ll, the compa ny gre w more tha n 40% a fte r a fla t pe rforma nce in the study pe riod of the pre vious Ma gic Qua dra nt re port. F5's a bility to se ll a ge ne ra l-purpose re mote -a cce ss solution, a strong unde rsta nding of W e b a pplica tion de ployme nts w ithin the e nte rprise , a nd the fa ct tha t it is a le a ding pla ye r in the provision of a pplica tion de live ry se rvice s a ccount for a he a lthy ra nking for vision. F5 is a strong pla ye r in re la te d ma rke ts for loa d ba la ncing, W e b a cce le ra tion, W AN optimiza tion, dyna mic DNS loa d ba la ncing, a pplica tion-le ve l fa ilove r a nd W e b a pplica tion fire w a ll. Entry-le ve l pricing is a ttra ctive . Top-e nd pe rforma nce re a che s 60,000 use r se ssions in a singEntry-le a pplia nce , supporting throughput spe e ds of 10 Gbps a nd up.

F5's Visua l Policy Editor a nd iRule s scripting la ngua ge continue to se t the ba r for e a se of use a nd use r-drive n customiza tion. Visua l support ha s be e n e xpa nde d to iApps for a pplica tion de live ry.

Na tive a ge nt support w a s a dde d in 2011 for Apple a nd Google phone s a nd ta ble ts.

Cautions

F5 re ce ive s a third-pla ce me ntion a s a compe titive thre a t by its pe e rs, w hich is indica tive of se lling into diffe re nt buying ce nte rs, on the positive side , but of missing opportunitie s to compe te , on the ne ga tive side . The compe titive thre a t que stion is indica tive of the a bility of a ve ndor to be disruptive in a ma rke t.

F5 fa ce s a n uphill conte st w ith ve ndors tha t offe r both SSL a nd IPse c, a nd should re conside r w he the r to build or a cquire clie nt-ba se d IPse c support, pa rticula rly to me e t a w ide r se t of ne e ds on mobile de vice s.

Return to Top

Juniper Networks

Junipe r Ne tw orks ha s he ld a Le a de r position continuously since e nte ring the Ma gic Qua dra nt re port in 2004. Junipe r compe te s on the ba sis of unive rsa l a cce ss, broa d clie nt pla tform support a nd compre he nsive infra structure . The Se cure Acce ss SSL VPN ha rdw a re product line ca n sca le to hundre ds of thousa nds of use rs a nd se lls w e ll to ca rrie rs a nd a pplica tion se rvice broke rs, in a ddition to e nte rprise s. Buye rs pre fe r Junipe r SSL a s a tota l re pla ce me nt for IPse c a nd for e xtra ne t/contra ctor a cce ss. All products a re na tive ly ce rtifie d to CC EAL3 a nd up. A FIPS 140-2 Le ve l 3 cryptogra phic module is a va ila ble on se le cte d mode ls.

Strengths

Junipe r de live rs sound multiye a r pe rforma nce , w ith strong sa le s a nd re ve nue in SSL a nd IPse c VPNs. In ge ne ra l, Junipe r ca n se ll products a t a high ra te , w ith highe r incre me nta l re ve nue tha n a ny othe r compa ny in the ma rke t, cre a ting a n uncha lle nge d disruptive sa le s a dva nta ge . Junipe r's curre nt historica l re ve nue s a re the be st in the SSL VPN ma rke t, a nd a high clie nt sa tisfa ction ra te ke e ps buye rs on the pla tform.

Junipe r is the No. 1 compe titive thre a t cite d by pe e r ve ndors in the SSL VPN ma rke t. This a sse ssme nt ha s pe rsiste d for ma ny ye a rs. Junipe r se lls in a ll ge ogra phie s for a ll use ca se s. The compa ny a ppe a rs on most shortlists discusse d in Ga rtne r clie nt inquirie s for midsize to la rge busine sse s a nd is e ntre nche d in the Fortune 500, w ith a tra ck re cord for la rge de ployme nts.

Junipe r's Junos Pulse clie nt, introduce d in Octobe r 2010, ha s be e n highly visible in clie nt pla nning de cisions for mobile phone s a nd ta ble ts, w ith support offe re d for Apple a nd Google de vice s. On PCs, Pulse supports a n a utoma tic conne ction mode to compe te w ith Microsoft Dire ctAcce ss.

Cautions

Junipe r's e ntry price s continue to be high in the ma rke t, but a re ne gotia ble . Va rious compe titors a re more e ffe ctive a t se lling to the sma ll-busine ss e nd of the ma rke t be ca use of low e r e ntry price s.

Clie nts re a ching e nd of life on the ir Junipe r VPNs ha ve re porte d tha t upgra de s a nd re pla ce me nts a re typica lly not discounte d.

The Junos Pulse Mobile Se curity Suite a nd the Junos Pulse Se cure Acce ss Se rvice for SSL VPN sha re a common umbre lla bra nd in Junos Pulse , though the Mobile Se curity Suite a nd mobile VPN ca n w ork e ntire ly inde pe nde ntly. Some time s, custome rs ha ve be e n confuse d ove r this point. Be ca use VPN a nd MDM a re still se pa ra te buying ce nte rs, the confusion ca n de la y product se le ction.

Return to Top

Microsoft

Microsoft ha s offe re d SSL VPN support since 2006, ba se d on te chnology a cquire d from W ha le Communica tions, sta rting w ith the Inte llige nt Acce ss Ga te w a y (IAG), a nd follow e d by the Unifie d Acce ss Ga te w a y (UAG). Buye rs fre que ntly pick UAG to provide se cure a cce ss, in combina tion w ith Sha re Point a nd Fore front. UAG is ce rtifie d to CC EAL2 a nd up, a nd use s the W indow s

cryptogra phic functions, w hich a re complia nt w ith FIPS 140-2.

Strengths

Microsoft's UAG ha s prove d to be a de pe nda ble product, a nd e a rns positive clie nt fe e dba ck. Microsoft ha s be e n succe ssful a t se lling UAG into sma ll, midsize a nd la rge busine sse s. De e p inte rope ra bility w ith the W indow s OS a nd ma ny Microsoft product fa milie s is a n a dva nta ge for IT orga niza tions tha t a re inte nt on compre he nsive W indow s solutions. Spe cifica lly, Microsoft provide s its ow n UAG a pplica tion optimize rs for Excha nge (Outlook W e b App, Active Sync a nd Outlook Anyw he re ), Sha re Point, Dyna mics CRM, Lync, Re mote De sktop Se rvice s a nd Fore front Ide ntity Ma na ge r. Third-pa rty optimize rs a re offe re d through pa rtne rs for SAP, IBM Lotus Note s a nd othe rs.

Multiple ga te w a ys ma y be cluste re d for ma na ge me nt purpose s in la rge -sca le insta lla tions.

Cautions

(11)

Microsoft is promoting Dire ctAcce ss a s a n a lte rna tive to a VPN. Conce ptua l diffe re nce s be tw e e n conve ntiona l VPNs a nd Microsoft Dire ctAcce ss a re confusing a nd some time s he lpful to the compe tition. Othe r VPN ve ndors ha ve pre pa re d e xpla na tions for cre a ting the e quiva le nt e xpe rie nce to Dire ctAcce ss by using a utoma tic conne ction me thods.

During the study pe riod, Microsoft did not offe r a full UAG-ma na ge d, va lue -a dde d VPN w ith e ndpoint de te ction a nd ma na ge me nt for W indow s Phone 7 or othe r sma rtphone pla tforms. Outside of UAG, Microsoft ca n publish Excha nge Active Sync a nd Sha re Point to W indow s Mobile , W indow s Phone 7, Android, Apple a nd Symbia n de vice s.

Microsoft doe s not curre ntly provide dire ct support to a n inde pe nde nt, truste d time a nd da te source to va lida te the a udit tra il from its ma na ge me nt syste m.

Microsoft doe s not provide compa ra tive e stima te s of re ve nue or pe ne tra tion. Ba se d on clie nt fe e dba ck a nd pe e r a na lyst re vie w , Ga rtne r be lie ve s it me rits a Visiona ry ra nking.

Return to Top

Sangfor Technologies

Sa ngfor Te chnologie s is a compe titive spe cia list for VPN products a nd se rvice s, origina ting in China . In a ddition to SSL VPNs, Sa ngfor provide s IPse c VPNs, W AN optimiza tion, Inte rne t a cce ss ma na ge me nt, IT gove rna nce a udits a nd Inte rne t la w a ssista nce . Sa ngfor ha s e xte nde d its ope ra tions w ith loca l pre se nce in the U.K., Singa pore , Tha ila nd, Ma la ysia a nd Hong Kong. Buye rs re spond most strongly to IPse c re pla ce me nt, e xtra ne t/contra ctor a cce ss solutions a nd SSL clie nt se curity fe a ture s. All products a re se curity-ce rtifie d by the Chine se gove rnme nt.

Strengths

Sa ngfor is a na tive Chine se compa ny, a nd cla ims to ha ve a pre se nce in 70% of the top 500 busine sse s in China . Its re ve nue is curre ntly de rive d 100% in Asia /Pa cific, but the compa ny ha s ope ne d ope ra tions in the U.K., Singa pore , Tha ila nd, Ma la ysia , Indone sia a nd Hong Kong. In China , Sa ngfor ha s rolle d out 34 dire ct bra nche s a nd a pproxima te ly 436 pa rtne rship a ge ncie s for sa le s a nd support.

Re ve nue s in the SSL VPN LOB, a s w e ll a s se a t sa le s, a re on pa r w ith some of the e sta blishe d sma lle r, long-te rm strong Niche Pla ye r a nd Visiona ry compa nie s in this Ma gic Qua dra nt. Se a t sa le s double d in 2010 ove r 2009. Re ve nue in the SSL VPN LOB w a s e sse ntia lly fla t, but ove ra ll re ve nue s gre w by 32%, compa re d w ith the study pe riod in the pre vious Ma gic Qua dra nt re port.

Pricing is compe titive w ith ma ny of the incumbe nt ve ndors tra cke d in this ma rke t, pa rticula rly w he re e xpe rtise in China is a fa ctor. Sa ngfor ca n offe r a dva nta ge s for compa nie s tha t w ish to ope ra te VPNs going in a nd out of China . Compa nie s tha t w ish to do busine ss in China w ill ne e d to comply w ith China 's re gula tions for priva cy a nd se curity.

Cautions

As a na tive Chine se compa ny, Sa ngfor ha s conside ra ble e xpe rie nce a nd a uthoriza tion to se ll VPN products unde r re gula tion by the Chine se Ministry of Public Se curity a nd Office of the Sta te Comme rcia l Cryptogra phy Administra tion (OSCCA) for ce rtifica tion of its comme rcia l pa ssw ord product. Buye rs w ho a re e xpa nding the ir pre se nce in China w ill be ne fit from Sa ngfor's know le dge . How e ve r, multina tiona l compa nie s tha t choose products ope ra ting unde r Chine se re gula tions should close ly e xa mine the crossove r point be tw e e n Chine se re gula tions a nd othe r countrie s.

Sa ngfor offe rs a broa d product portfolio, a long w ith the stre ngth of its spe cifica tions a nd a strong busine ss built w ithin China , w hich me rits a n e xe cution ra ting tha t is on pa r w ith simila r pe rforme rs. How e ve r, its na rrow ge ogra phica l ope ra tion limits compe titive options, re ga rdle ss of othe r vision fa ctors, e a rning it a n ove ra ll Niche Pla ye r sta tus in this re port. Sa ngfor doe s not ye t ha ve provisions for ra pid surge a cce ss to the VPN, re quiring fa st sca ling, to support busine ss e me rge ncy situa tions. This ca pa bility ha s be e n a dde d to the product roa d ma p.

Return to Top

SonicWALL

SonicW ALL sold SSL a nd IPse c VPNs into sma ll a nd midsize busine sse s be fore a cquiring Ave nta il in 2007. The compa ny se lls VPN products unde r both bra nd na me s, w ith Ave nta il products se rving the high e nd. SonicW ALL w a s a cquire d by Thoma Bra vo in 2010, a nd ope ra te s a ga in a s a priva te compa ny for the first time in 10 ye a rs. The tra nsa ction provide s SonicW ALL w ith fina ncia l prote ction a nd a sta ble ba se for future grow th. Buye rs a re strongly inte re ste d in de ploying VPNs for ve rtica l a pplica tions a nd e xtra ne t/contra ctor a cce ss, le ve ra ging SSL conve nie nce . FIPS 140-2-le ve l-ce rtifie d e ncryption is na tive ly provide d on se 140-2-le cte d a pplia nce pla tforms.

Strengths

SonicW ALL se lls prima rily in North Ame rica , but ha s a globa l pre se nce a nd globa l support structure .

SonicW ALL's 2010 se a t pe ne tra tions a nd fore ca st for 2011 a re show ing good grow th, up 50% re la tive to the study pe riod in the pre vious Ma gic Qua dra nt re port. This grow th he lps the compa ny ca tch up from a loss of grow th ca use d by the e conomic slow dow n of 2008 a nd 2009, but it is not e nough to e a rn Le a de r e xe cution.

SonicW ALL ha s pre fe rre d sta tus to se ll its products to othe r compa nie s in the Thoma Bra vo portfolio, some of w hich a re a lre a dy la rge custome rs. Additiona lly, SonicW ALL continue s to se ll Ave nta il products to globa l ca rrie rs, w hich use its products to build ma na ge d re mote -a cce ss se rvice s.

Cautions

SonicW ALL's 2010 LOB re ve nue is incre a sing but re ma ine d low , compa re d w ith othe r long-te rm ve ndors w ith founda tiona l products in the VPN ma rke t. The compa ny's Supe rMa ssive pla tform ha s not ge ne ra te d significa nt Ga rtne r inquirie s re ga rding ne w inve stme nts, nor ha s it re duce d inquirie s a bout e nte rprise product re pla ce me nt.