Check Point Fortinet
Fortinet Sophos
Management
# of Application Visibility &
Control
# of URL Filtering Categories
Integrated Remote Access
Firewall / Network
Security of the Vendor (sense of
urgency)
Security
Security -> Threat Intel
3rd party leadership
integrated wifi / LTE
Sophos WatchGuard
WatchGuard SonicWall
SonicWall
Can be managed by: • Lack of unified policy view
• For a zero-touch deployment, • Legacy Central Mgmt
• Mobile app That provides full visibility Lack of unified policy view: Policies are separated firmware upgraded and firmware
FortiDeploy Is required, it cost $109 • Once the Appliance is been
and action taking with different tabs, hard to manage with multiple checks are not automatically and
• Adding hard drive for logging ability managed by cloud, access
• Cloud SaaS Web portal require upgrade of the appliance policies through on-Prem is blocked – it require manual upload
• On-premise
limits the administrator
~9,300 apps ~4,150 apps ~3,500 apps Limited - ~1,200 apps Limited - Support ~1,400 apps
115 Categories 88 Categories 75 Categories 39 Categories 52 Categories
Built-in Remote Access Built-in, Extremely Vulnerable Remote Access:
Built-in – no extra charge Require license and dedicated client
Including support of L2TP & clientless But for full support EMS is required ~18 Different CVE’s for vpn client
• 83 critical&high CVEs in the past 2 18 critical&high CVEs in the past 1 years • 52 critical&high CVEs in the past 2
WatchGuard hides the CVE security
No critical & high CVEs in the years years
advisory
• Fortinet VPN vulnerability was rated Had a major SQL injection vulnerability on firewall Critical CVE exploited in the wild:
Critical CVE exploited in the wild:
past 2 years is one of the most exploited series - attacker gain access to usernames and
WatchGuard firewall devices used fo • Zero-day
exploited in the wild
in the wild. passwords associated with Active Directory (AD) r Malicious activity • Ransomware Risk in Unpatched
• Threat protection throughput is
significantly low compared to
• Protect connections to botnet sites Verdict from sandbox received after the
Does not prevent connection to botnet sites
spark series
Sandbox not supported on SMB
• Out of the box security Policy with all Malicious passed through and allowed • • Emulation may take up to 20
• Do not scan all files, only files marked “risky” GWs
threat protection abilities enabled patient zero minutes
• Do not prevent iinitial infection
of 0-day malware
ThreatCloud - Powered by 150K Networks • Very weak Threat Intel since
Threat Intel is Based on receiving feed from large • Limited threat intel - Intel based
& Millions of devices from all check point FortiGuard is missing visibility from there is not feed from emails
number of devices reporting back to cloud, compared only on gws.
solutions including Email, Mobile, Cloud & Mobile devices Which make it inferior solution and mobile solution
it to CP, Sophos Products are not Commonly • SonicWall Products are not
OSINT with real time context & deployed • WatchGuard Products are not commonly deployed
prevention via built-in AI engines commonly deployed
• Gartner Magic quadrant 2021–
• Gartner Magic quadrant 2021 – leader • Gartner Magic quadrant 2021 – • Gartner Magic quadrant 2021– Sophos marked as WathGuard marked as niche • Gartner Magic quadrant 2021–
• Proven Sandblast leader Sophos marked as niche player
niche player player
• Cyber Ratings Enterprise firewall - • Cyber Ratings Enterprise firewall – • Cyber Ratings - Sophos did not participate • Cyber Ratings Enterprise firewall • Cyber Ratings - SonicWall did not
Leader [AAA] Not a leader [AA] – Not a leader [AA] participate
YES Wifi YES – LTE Available for 40F&60F at WIFI-YES Require additional module for wifi
Yes LTE (for S2/S3) expensive model + 3rd party usb modem LTE Available XGS116 (not to XGS107) and LTE YES & YES
COMPETITIVE ADVANTAGES