Next Generation Firewalls

Industry Analysis April 2011

Equity Research Industry Analysis April 2011

A White Paper on Next Generation Firewalls

Software & Internet Infrastructure

Todd C. Weller, CFA
(443) 224-1305 tcweller@stifel.com

Ben Lowe
(443) 224-1264 loweb@stifel.com

Next Generation Firewalls

Industry Analysis April 2011

Table of Contents
Introduction ...... ............................................................................................................................................ 2 Defining Next Generation Firewall (NGFW) .................................................................................................. 2 Common Themes of NGFW Concept ........................................................................................................... 3 NGFW as Convergence of Firewall, Intrusion Prevention & Web Security/Filtering .................................... 3 NGFW Versus Unified Threat Management ................................................................................................. 3 A Look at the NGFW Players ........................................................................................................................ 3 NGFW Pure Play: A Look At Palo Alto Networks ............................................................................ 4 Big Three Large Enterprise-Focused Firewall Providers ................................................................. 6 UTM and SMB-Focused Security Providers .................................................................................... 7 Intrusion Prevention Providers ......................................................................................................... 8 Large Diversified Security Providers ............................................................................................. 10 NGFW Market Impacts to Consider and Dynamics to Watch ..................................................................... 11

All prices are as of market close on 4/26/11.

Stifel Nicolaus does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that the firm may have a conflict of interest that could affect the objectivity of this report. Investors should consider this report as only a single factor in making their investment decision.

All relevant disclosures and certifications appear on pages 12 and 13 of this report.

Next Generation Firewalls

Industry Analysis April 2011

Introduction The network security segment of the security market continues to experience attractive growth relative to the broader security market. Within network security, we continue to believe the theme of Next Generation Firewall (NGFW) remains a key area to watch because it yields the potential for opportunities as well as disruption to incumbent players in the market. Over the last several months, we have focused on gaining a better understanding of the Next Generation Firewall (NGFW) concept, the current strategy/positioning of key players in the market, competitive dynamics in the industry, and some of the key issues involved with gauging opportunities/threats. Regarding the latter, we believe it is too early to draw concrete conclusions, given the early stage of the NGFW market and competitive dynamics. However, we thought it would be useful to take a closer look at the NGFW market and, in the process, not only provide some context, but also identify the dynamics worth monitoring. Defining Next Generation Firewall For an official definition of NGFW, we refer to the Gartner description originally published in its October 2009 report entitled Defining the Next-Generation Firewall. In this report, Gartner first defines the concept of a network firewall as an in-line security control that implements network security policy between networks of different trust levels in real time. Gartner goes on to say the term next-generation firewall [is used] to indicate the necessary evolution of a firewall to deal with changes in both the way business processes use IT and the way attacks try to compromise business systems. According to Gartner, at a minimum, NGFW solutions should have the following attributes: Standard first-generation firewall capabilities Integrated, rather than merely collocated, network intrusion prevention Application awareness and full stack visibility Extra firewall intelligence (i.e., integration with directories)

Although this definition was established in late 2009, we have had several conversations with Gartner over the last few months, and there have been no changes to it. Privately held Palo Alto Networks, which we view as the current mindshare leader in the space, sponsored a book called Next-Generation Firewalls For Dummies. With respect to defining NGFW, the book states, Starting with a blank slate, next-generation firewalls classify traffic by the applications identity in order to enable visibility and control of all types of applications including Web 2.0, Enterprise 2.0, and legacy running on enterprise networks. The book also outlines a series of essential functional requirements for an effective NGFW, including:

Beforedoinganythingelse,identify applications regardless of port, protocol, evasive techniques,

or SSL encryption. Provide visibility of and granular, policy-based control over applications, including individual functions. Accurately identify users and subsequently use identity information as an attribute for policy control. Provide real-time protection against a wide array of threats, including those operating at the application layer. Integrate, not just combine, traditional firewall and network intrusion prevention capabilities. Support multi-gigabit, in-line deployments with negligible performance degradation.

Next Generation Firewalls

Industry Analysis April 2011

Common Themes of NGFW Concept Regardless of the NGFW definition, we believe there are some common themes related to the concept. At the highest level, we believe the key tenant of NGFW is that policy management and security must be focused upon from an application and user perspective. This differs from the traditional approach of many firewalls, which focused on what port the traffic was coming through as well as the specific protocol. Common issues cited with this approach include:

Most of the traffic entering todays networks represents a combination of personal and business applications emanating from the Web. This implies that a lot of the traffic looks the same. Therefore, from a policy and security perspective, it is more important to identify the applications being used.
The relationship between certain protocols being associated with certain ports has broken down. Currently, there are many instances of applications having the ability to go through different ports (e.g., Skype). This is referred to as port hopping. We believe it is well documented that the majority of security threats today are being targeted at the application layer and client side as opposed to the network layer.

Although application identification is an important characteristic of NGFWs, we believe another key characteristic relates to incorporating identity information from directory services because certain applications may be deemed suitable for some users, but not others. NGFW As Convergence of Firewall, Intrusion Prevention (IPS), and Web Security/Filtering Although NGFW clearly represents an evolution of firewall solutions, we believe it is important to also understand that NGFW solutions represent a convergence of multiple security technologies, including firewall, intrusion prevention (IPS), and Web security/filtering. The IPS capabilities provide the ability to identify and block attacks, and, with respect to Web security/filtering capabilities, we think of this from two angles. First, because a lot of the traffic entering networks is Web based, it seems logical and convenient to have Web filtering capabilities integrated into the firewall. Second, because NGFW solutions focus on identifying applications (and many of these applications are Web based), this conceptually seems similar to Web filtering, which utilizes a database to identify and categorize Websites or URLs. Many NGFW solutions incorporate a database that contains information used to identify applications. NGFW Versus Unified Threat Management (UTM) NGFW represents a convergence of multiple security technologies. Therefore, we believe it could be viewed as a subset of the UTM concept. In its Defining the Next-Generation Firewall report, Gartner emphasizes that several network security segments are adjacent to NGFW, but not equivalent. These segments include UTM, network-based data loss prevention, secure Web gateways, and messaging security gateways. Gartner further indicates that although UTM solutions include first-generation firewall and IPS functions, they do not provide application awareness functions, nor are they integrated, single engine products. In our recent conversations with Gartner, the firm pointed to increased NGFW marketing efforts by UTM providers as muddying the waters and creating a need for further clarification between the two concepts. A Look at the NGFW Players We believe the current NGFW competitive landscape is made up of four main types of players: NGFW Pure Play: Palo Alto Networks, a private company that we believe is most associated with the current NGFW concept. Large Enterprise-Focused Firewall Providers: Check Point Software, Cisco Systems, Juniper Networks, and, to a lesser degree, McAfee. UTM & SMB-Focused Security Providers: Barracuda Networks, Fortinet, SonicWALL, and others.

Next Generation Firewalls

Industry Analysis April 2011

Intrusion Prevention (IPS) Providers: Cisco, HP (TippingPoint), IBM (ISS), Juniper, McAfee (Intruvert), Sourcefire, and others.

Below we take a high-level look at some of the key players in the market and how they are currently approaching NGFW. NGFW Pure Play: A Look at Palo Alto Networks We view privately held Palo Alto Networks as the company most associated with the current iteration of the NGFW concept. Our reference to current iteration is meant to be sensitive to application/proxybased firewalls, which we view as an earlier iteration of approaching security and policy management from an application perspective. Palo Alto was founded in 2005 by Nir Zuk. Mr. Zuk brings significant security experience to the table. He was a principal engineer at Check Point in its early days and an early developer of stateful inspection technology, which has been the predominant architecture for network-based firewalls. Mr. Zuk was also a co-founder and CTO of OneSecure, a provider of intrusion detection and prevention technology that was acquired by NetScreen. In addition to Mr. Zuk, we believe Palo Alto has assembled a strong team with experience from Check Point, Cisco, NetScreen, Juniper, and McAfee, to name a few. A Look at Palo Altos Solution Palo Alto provides NGFW appliance-based solutions and currently offers four appliances, including its PA-5000 (new), PA-4000, PA-2000, and PA-500 series firewalls. The company indicates that its solutions enable enterprises to identify and control applications, users, and content, not just ports, IP addresses, and packets. The company highlights the following three identification technologies: App-ID: indicated to classify all traffic on all ports, irrespective of protocol, encryption, or evasive tactic. User-ID: indicated to securely enable applications on networks based on users and groups, not just IP addresses. Content-ID: indicated to provide real-time content scanning to block threats, control Web surfing, and control data/file transfers.

In early March 2011, Palo Alto announced the availability of GlobalProtect, a new PA-5000 series appliance, and the fourth release of its PAN-OS software. The company indicated that it believes these new capabilities extend its ability to secure users and data, regardless of location. According to Palo Alto, the new offerings also improve performance to 20Gpbs, enhance security functionality by enabling users to write custom App-IDs for their internally developed apps, and provide new capabilities to identify previously unknown threats. Over the last few months, we have had several interactions with Palo Alto in an effort to better understand its positioning. We believe some of the key elements of the companys positioning include: Palo Alto believes NGFW is not about application control, but taking what enterprises do with Web and e-mail security and extending it to all applications. The company also believes current security solutions do a good job with Web and e-mail, but are limited with respect to securing other enterprise and consumer applications. Palo Alto believes that an issue with current security solutions, such as firewalls, antivirus, and data loss prevention, is they cannot see threats embedded in applications, such as WebEx, SharePoint, CRM, and P2P. Additionally, the company believes that many of these solutions are ineffective with respect to traffic that is encrypted via SSL. While the competition is focused on blocking applications like Facebook, Palo Altos approach is about securely enabling applications. The company believes this is a key fundamental difference versus its competitors. Palo Alto believes its solutions carry a technical advantage relative to many other competitive approaches. Some of the advantages the company often cites include:

Next Generation Firewalls

Industry Analysis April 2011

Its solution is architected from the ground up to provide NGFW capabilities. This is in contrast to competitive approaches, which it believes look to bolt on functionality, such as application control and IPS, on top of a legacy firewall. Palo Alto believes that one of the flaws of the competitive approach relates to the limitations of traditional firewalls, which focus more on ports and protocols. We note that competitors have responded to this claim by stating that firewalls have become more application aware over the years. Palo Alto believes its ability to deal with SSL encrypted traffic is an advantage. The company cites increasing amounts of SSL traffic, an increasing amount of attacks being embedded in SSL traffic, and its view that many current security solutions are unable to look into encrypted traffic. Palo Alto claims that none of the other firewall providers can currently look into encrypted traffic, although we believe these capabilities are on the future roadmaps of many competitors. Palo Alto cites the performance or speed of its solutions as an advantage. The company utilizes specialized chips from Cavium Networks and highlights its single pass architecture, in which packets can be analyzed once for multiple issues as opposed to having to be analyzed by multiple engines.

From a target market perspective, we believe Palo Alto is primarily focused on the high-end market. We believe the company looks to target firewall, IPS, and/or secure web gateway refresh opportunities.

Palo Alto: Lots of Bark, but Growing Bite There is no doubt, in our view, that Palo Alto has lots of bark, from both a marketing perspective as well as with respect to the salvos it frequently fires at incumbent network security providers, notably Check Point Software. However, behind the bark, we believe there are signs of a growing bite, which we believe makes Palo Alto a company to watch as a potential disrupter in the network security market. We believe the signs that point to increasing market traction for Palo Alto include: The company pointing to the achievement of an annual revenue run rate of $100 million in 2010 as well as its expectation that this run rate will double in 2011. Our industry checks, which point to growing customer interest in NGFW and increasing momentum for Palo Alto Networks. Competitive responses from traditional firewall and IPS providers, which appear to be targeted at NGFW (and hence, we believe, Palo Alto).

A Look at How Various Competitors Are Approaching NGFW We believe there are clear signs that many incumbent providers of network security solutions are responding to both growing customer interest in NGFW capabilities as well as Palo Altos success in the market. We believe that incumbent providers of firewalls in the large enterprise market have been most aggressive on this front, with Check Point being the most active among them, in our opinion. We have seen a less aggressive response to date from IPS providers, although Sourcefire has been the most vigilant from this group, in our opinion. Firewall providers targeting the SMB segment of the market and UTM providers targeting all segments have also been focusing on NGFW. Below, we take a brief look at some of the things various network security providers are doing in the area of NGFW.

Next Generation Firewalls

Industry Analysis April 2011

Big Three Large Enterprise Firewall Providers Check Point Software (CHKP, $53.60, Hold) There is clearly a lot of back and forth between Palo Alto and Check Point; Palo Alto certainly seems to be aggressively targeting Check Point customers and partners. We believe that some of Check Points actions demonstrate the company is responding to what could be classified as a competitive threat from Palo Alto. Notably, in its recent R75 software release, Check Point highlighted four new software blades for Application Control, Identity Awareness, Data Loss Prevention, and Mobile Access. With the exception of mobile access, the new feature/function appears to be directly related to NGFW. We believe Check Points broad approach to NGFW represents evolution (of features) as opposed to revolution. We also believe Check Point is positioning itself as a security platform. According to the company, its software blade strategy provides customers with the flexibility to use various feature/functions, such as IPS and Application Control blades, on a cost effective basis. We believe that Palo Altos competitive response revolves around its purpose-built architecture vs. bolt-on functionality, its ability to deal with SSL, and what it believes are performance advantages relative to Check Points software-based approach. We believe enhancing its SSL capabilities is a part of Check Points future road map. Check Point also believes that an advantage of its solution is direct integration with Active Directory. As highlighted above, we believe Palo Alto is having some success in the market against Check Point. This competitive dynamic bears watching, but it is still at an early stage, in our opinion. We believe the next 12-18 months should be interesting from the perspective of discerning the relative momentum of Palo Altos overall business versus Check Point. During this period, customer adoption of Check Points R75 release and Application Control blades could represent a key focal point. Although the NGFW battle remains in its early days, we have come across a few positive data points with respect to Check Point. First, based on various conversations with channel partners, the sentiment seems to be that R75 represents a good competitive response to Palo Alto that should serve to protect the companys installed base. We note that Check Points large installed base and proven track record are two key advantages. Second, NSS Labs, a leading independent security research and testing firm, recently published a Next-Generation Firewall Individual Product Test Results report for Check Points Power-1 11065 appliance. NSS is in the process of conducting a group test to get a baseline of NGFW effectiveness. Check Point was the first company to submit its solution for evaluation. NSS expects to publish a follow up report with other vendors in June or July. The Check Point solution used in the test achieved a NSS Labs rating of Recommend and scored well as far as overall protection, client protection, and throughput. The NSS report also indicated that Check Points management interface (a traditional strong suit for the company) was well designed and intuitive. The only major issue that seemed to be identified in the report was that some application identification information was not being provided to the IPS blade, which meant IPS protection was limited to standard ports. Although the solution does enable application control to be conducted on every port (a feature that is not enabled by default), NSS indicated the impact on performance was unknown because testing was conducted using default settings. The full NSS report can be found at: http://www.nsslabs.com/research/network-security/firewall-ngfw/ngfwreport-check-point-power-1-11065-q1-2011.html.

Next Generation Firewalls

Industry Analysis April 2011

Cisco Systems (CSCO, $17.52, Hold, covered by our colleague Sanjiv Wadhwani) As a market leader in firewall, IPS, and Web security, we believe Cisco has a lot of the core elements needed to address the NGFW market. However, we have not seen the company clearly articulate a strategy in this area. Potentially complicating matters, Ciscos security business appears to be in a period of transition. This inference is based on the recent sluggish performance of Ciscos security business, which we believe has translated into share gains for the competition. Our conversations with industry analysts point to a need for the company to refresh its Adaptive Security Appliance (ASA) solutions (its high-end solution was refreshed in 2010), including a need for an improved management console and the addition of next generation features. Again, it is not clear to us that Cisco has clearly articulated a NGFW strategy. We note that in early February 2011, the company announced a new security architecture called SecureX, but its key element seems to revolve more around the challenges related to organizations being increasingly borderless (i.e., it is driven by mobility, virtualization, and cloud computing). It is also worth noting that Cisco appears to be undertaking some broader refocusing efforts with respect to its overall strategy. This has resulted in some questions about whether the company views security as a strategic area, but we have not seen anything to suggest it does not. In fact, we believe security is likely critical to Ciscos core routing and switching business.

Juniper Networks (JNPR, $39.05, Buy, covered by our colleague Sanjiv Wadhwani) Via its acquisition of NetScreen, Juniper is a leading player in the firewall/VPN and IPS markets. In early 2006, Juniper was messaging around NGFW capabilities with its high-end integrated security gateway (ISG). ISG integrates firewall/VPN and intrusion detection and prevention onto a single appliance. However, over the last few years, we have not seen much messaging around NGFW from Juniper. Also, similar to Cisco, we do not perceive a clearly articulated NGFW strategy from Juniper. We believe Juniper has been heavily focused in the area of unified threat management (UTM). We have heard positive feedback with respect to its SRX series service gateways, which are secure routers that incorporate firewall/VPN, IPS, antispam, antivirus, and Web filtering. We note that although Juniper owns firewall/VPN and IPS capabilities, the company uses OEMs to provide many of the other functions.

UTM and SMB Security Providers Barracuda Networks Barracuda Networks, which is most closely associated with its spam and virus firewall solutions as well as broader solutions targeting the SMB segment, made a move into the enterprise firewall market via its 2009 acquisition of Austria-based phion AG. We believe the acquisition of phion, combined with Barracudas other capabilities in the areas of antivirus, Web filtering, and cloud security, represents the basis of its NGFW offering. The company markets its NG Firewall as integrating a comprehensive set of next generation firewall technologies, including Layer 7 application control, intrusion prevention, Web filtering, antivirus, anti-spam, and network access control. We believe Barracuda is looking to differentiate its capabilities around manageability, especially with respect to large distributed deployments and its incorporation of networking features, such as WAN optimization. The company has pointed to strong demand for its NG firewall, which has experienced revenue growth of 50%-plus. Barracuda sees itself primarily competing with Juniper and Check Point, although we believe the company also views Fortinet, Palo Alto, and SonicWALL as competitors.

Next Generation Firewalls

Industry Analysis April 2011

Fortinet (FTNT, $41.15, Hold) As the market leader in the UTM area, we believe Fortinet has the various capabilities required to play in the NGFW area. As noted earlier, we think there is some confusion with respect to NGFW and UTM. In our conversations with Gartner, the researcher pointed to a need for clarification between the two segments. In its original report, Gartner stated that UTM solutions did not provide awareness functions and were not integrated, single-engine products. We note that Fortinets UTM solutions contain application control capabilities; we believe the companys position is that this represents a feature of a broader platform. Although we believe Fortinet has some NGFW capabilities, and we see some NGFW messaging from time to time, it does not seem as if the company is aggressively marketing its solutions as NGFW. We think this makes sense, considering what we expect will be a category battle between NGFW and UTM.

SonicWALL In April 2010, SonicWALL unveiled its Project SuperMassive, which it deemed as the industrys first next-generation security platform and technology capable of detecting and controlling applications, preventing intrusions, and blocking malware at up to 40 Gbps. In February 2011, in concert with the RSA Conference, the company announced its SuperMassive E10000 series of NGFWs, including the E10100, E10200, E10400, and E10800. The E10100 is expected to be available in 2Q11, with the other models available in 3Q11. We note that SonicWALL demonstrated these solutions at the RSA Conference, and there appeared to be solid attendance at the sessions. SonicWALL is most known for having a solid position in the SMB segment of the market. However, over the last few years, the company has been looking to move up market, an ambition that has likely accelerated now that the company is private, in our opinion.

Intrusion Prevention (IPS) Providers Sourcefire (FIRE, $26.14, Buy) Of the IPS providers, we believe Sourcefire has been the most aggressive with respect to articulating a NGFW strategy. In October 2010, the company officially announced it would expand its solutions into the NGFW market. In an attempt to better understand its strategy in this area, we have had several interactions with the company. Some of the key takeaways include: o o The company views the NGFW concept as being the consolidation of IPS, firewall, and new capabilities around control and management of application traffic. Sourcefire views the basic feature set as being a packet filtering firewall, application control, and IPS. The company is focused on integrating all of these features into a single engine to handle all of the inspection at once, as opposed to hand-offs between multiple engines. The company believes its strategy comes down to having an integrated policy between firewall, IPS, and control. With respect to Palo Alto, Sourcefire sees its strength around a new hardware-based architecture. Sourcefire indicated that the benefit of a hardware platform is performance, while the negative is more limited flexibility. Sourcefire plans to leverage its stand-alone SSL appliance to deal with encrypted traffic. Over time, we believe the company will look to embed the ability to deal with SSL directly

Next Generation Firewalls

Industry Analysis April 2011

into its NGFW platform. The company indicated that it believes there is significant performance degradation with Palo Altos solution when the SSL capability is turned on. o With respect to application control, Sourcefire plans to leverage its real-time network awareness (RNA) capabilities and could look to partner for some increased capabilities as well. We believe Sourcefire will look to enable users to incorporate custom application identifiers, an approach that would be similar to the one taken with its IPS solutions. We believe Sourcefire is internally developing a key new firewall-related capability.

Sourcefires NGFW remains in development mode. We expect the solution to enter beta in 2Q11 and be available in 2H11. In addition to NGFW, Sourcefire is also focused on marketing what it terms its Next-Generation IPS solutions. The company seems to be positioning this more for larger customers that desire the benefits of NGFW capabilities without having to replace their existing firewall infrastructure.

HP (TippingPoint) (HPQ, $40.69, Buy, covered by our colleague Aaron Rakers) HP has become a key player in the IPS market via its acquisition of 3Com, which had acquired TippingPoint. HP also has a broader security strategy derived from its acquisitions of Fortify, a provider of software security assurance products and services, and ArcSight, a leading provider of security information and event management (SIEM) solutions. We recently had an opportunity to catch up with Alan Kessler, vice president of security. Mr. Kessler is in charge of the TippingPoint business unit. Mr. Kessler pointed to HP currently having application awareness capabilities with its TippingPoint Application Digital Vaccine tools. However, Mr. Kessler emphasized the broader security capabilities of HP, which he identified as one of the companys major strategic and tactical advantages. Mr. Kessler believes one can no longer think about security from a perimeter perspective. Rather, he stated that you have to be able to correlate internal data and network activity with outside access. HP believes that integration between TippingPoint and ArcSight has the potential to be a game changer. The company is not looking to compete on just a box-by-box basis, but is looking to focus at a more strategic level with customers around risk management and compliance. Converged infrastructure is another key theme being pushed by HP. From this perspective, Mr. Kessler indicated that NGFW is a good thing. However, he also stressed that when you turn on all the features, the performance has to be there. Otherwise, the user might not have the network protection that is assumed. HP is also heavily focused on virtualization security, as highlighted by its February 2011 announcement with VMware. Both companies are collaborating on developing and marketing a next-generation Intrusion Prevention System (IPS) designed and optimized for VMware Spherebased virtual and cloud environments.

IBM (Internet Security Systems) (IBM, $168.49, Buy, covered by our colleague David Grossman) In August 2006, IBM announced the acquisition of Internet Security Systems (ISS), the market leader in intrusion detection and prevention. We believe IBM continues to have a meaningful share of the market, but see clear signs that ISS has become significantly less competitive over the last several years. We believe this has fueled market share gains for companies like McAfee, Sourcefire, and HP/TippingPoint. We note that IBM originally put ISS under its Global Services business unit. However, we believe the business unit underwent a reorganization in early 2010 that placed it under IBMs software business unit. Recently, we have heard of more changes occurring at ISS. We have not seen IBM clearly articulate a strategy in NGFW.

Next Generation Firewalls

10

Industry Analysis April 2011

Large Diversified Security Providers Intel (McAfee) (INTC, $22.48, Buy, covered by our colleague Kevin Cassidy) McAfee has a solid position in the IPS market with its IntruShield offerings. We classify the company as having a niche position in the firewall market and a good position in the Web security market, the latter coming from its acquisition of Secure Computing. In April 2010, the company announced NGFW solutions with its McAfee Firewall Enterprise version 8. Although McAfee appears to have numerous foundational elements to offer a comprehensive NGFW solution, we believe the companys current offering is more a collection of loosely integrated point products, as opposed to being an integrated NGFW solution. With its recent acquisition by Intel, it will be interesting to see how McAfees network security business unit fits into the new organization. It appears as if the primary focus of Intel revolves around the mobile security opportunity. Additionally, we believe that directly competing in the network security appliance market could create some conflict for Intel, given its platform serves as the basis for many competitors appliance offerings. However, all recent indications from McAfee point to this remaining an important part of the overall security portfolio.

Symantec (Huawei Symantec JV) (SYMC, $19.34, Buy) Several years ago, Symantec played in the network security market by offering both firewall and IPS solutions. However, the company was unsuccessful and ultimately decided to withdraw from the market. Symantec continues to maintain that it does not want to play in the network security market because of the challenges it perceives are involved with becoming a top player. However, at the same time, given the current threat environment, we believe there is logic to having a comprehensive security strategy that encompasses both endpoint and network. Symantecs joint venture with Huawei is worth monitoring as it relates to NGFW. Huawei Symantec is currently offering storage and security appliance solutions. The companys current security solutions include UTM, firewall/VPN, and IDS/IPS.

Next Generation Firewalls

11

Industry Analysis April 2011

NGFW Market Impacts to Consider and Dynamics to Watch As stated earlier, NGFW remains an early stage market, but we believe the concept is gaining traction and yielding the potential for opportunities and threats to incumbent network security providers. We believe that some of the key potential market impacts to consider and dynamics to watch include: The potential for NGFW to disrupt the firewall, IPS, and Web security markets as well as incumbent positions in these markets. On a near-term basis, we believe a key area to watch is the competitive dynamic between Palo Alto Networks and incumbent firewall providers, including Check Point, Cisco, and Juniper. It currently appears as if Palo Alto is targeting Check Point most aggressively. Although Palo Alto has the potential to be disruptive to Check Point, we believe Check Point has responded with its R75 software release and blades that offer NGFW capabilities. We believe the relative momentum between Palo Alto and Check Points new platform and associated blades is one key thing to watch over the next 12-18 months. We believe Check Points opportunity is to sell additional features/functions associated with its platform, while its threat revolves around the potential for Palo Alto to gain share. A lot of the NGFW action today seems to revolve more around the firewall area, with NGFW incorporating IPS capabilities. This creates opportunities and threats for stand-alone IPS vendors. In its December 6, 2010 Magic Quadrant for Network Intrusion Prevention Systems report, Gartner forecasts that by 2015 more than 50% of IPS deployments will be as part of a NGFW. Of the IPS players, Sourcefire appears to be the most aggressive in responding to the NGFW opportunity/threat; the key question relates to the degree to which NGFW represents an incremental market opportunity for Sourcefire, versus being cannibalistic to its existing business. With NGFW solutions also incorporating some Web security/filtering capabilities, we believe the potential for NGFW to cannibalize the Secure Web Gateway market bears watching. This would impact companies like Blue Coat Systems and Websense. To date, our checks indicate that NGFW has had a modest impact on this market. We also believe the interplay between UTM and NGFW will be interesting to watch. As mentioned earlier, in some respect, NGFW looks to be a subset of UTM. We believe UTM has historically been most widely adopted in the SMB market, while todays NGFW action seems to be focused more in the large enterprise segment. However, with UTM providers like Fortinet looking to increase penetration into the large enterprise segment, we think the dynamic between UTM and NGFW bears watching.

All statements in this report attributable to Gartner represent Stifel Nicolaus' interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this report). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.

Next Generation Firewalls

12

Industry Analysis April 2011

Important Disclosures and Certifications I, Todd C. Weller, CFA, certify that the views expressed in this research report accurately reflect my personal views about the subject securities or issuers; and I, Todd C. Weller, CFA, certify that no part of my compensation was, is, or will be directly or indirectly related to the specific recommendation or views contained in this research report.

For our European Conflicts Management Policy go to the research page at www.stifel.com For applicable current disclosures for all covered companies please visit the Research Page at www.stifel.com or write to the Stifel Nicolaus Research Department at the following address. Stifel Nicolaus Research Department Stifel, Nicolaus & Company, Inc. One South Street 16th Floor Baltimore, MD. 21202 Stifel, Nicolaus & Company, Inc.'s research analysts receive compensation that is based upon (among other factors) Stifel Nicolaus' overall investment banking revenues. Our investment rating system is three tiered, defined as follows: BUY For U.S. securities we expect the stock to outperform the S&P 500 by more than 10% over the next 12 months. For Canadian securities we expect the stock to outperform the S&P/TSX Composite Index by more than 10% over the next 12 months. For yieldsensitive securities, we expect a total return in excess of 12% over the next 12 months for U.S. securities as compared to the S&P 500 and Canadian securities as compared to the S&P/TSX Composite Index, and for other non-U.S. securities as compared to the MCSI World Index. For U.S. securities we expect the stock to perform within 10% (plus or minus) of the S&P 500 over the next 12 months. For Canadian securities we expect the stock to perform within 10% (plus or minus) of the S&P/TSX Composite Index. For other nonU.S. securities we expect the stock to perform within 10% (plus or minus) of the MSCI World Index. A Hold rating is also used for yield-sensitive securities where we are comfortable with the safety of the dividend, but believe that upside in the share price is limited. For U.S. securities we expect the stock to underperform the S&P 500 by more than 10% over the next 12 months and believe the stock could decline in value. For Canadian securities we expect the stock to underperform the S&P/TSX Composite Index by more than 10% over the next 12 months and believe the stock could decline in value. For other non-U.S. securities we expect the stock to underperform the MSCI World Index by more than 10% over the next 12 months and believe the stock could decline in value.

HOLD -

SELL -

Of the securities we rate, 49% are rated Buy, 49% are rated Hold, and 2% are rated Sell. Within the last 12 months, Stifel, Nicolaus & Company, Inc. or an affiliate has provided investment banking services for 33%, 20% and 13% of the companies whose shares are rated Buy, Hold and Sell, respectively.

Next Generation Firewalls

13

Industry Analysis April 2011

Additional Disclosures Please visit the Research Page at www.stifel.com for the current research disclosures applicable to the companies mentioned in this publication that are within Stifel Nicolaus' coverage universe. For a discussion of risks to target price please see our stand-alone company reports and notes for all Buy-rated stocks. The information contained herein has been prepared from sources believed to be reliable but is not guaranteed by us and is not a complete summary or statement of all available data, nor is it considered an offer to buy or sell any securities referred to herein. Opinions expressed are subject to change without notice and do not take into account the particular investment objectives, financial situation or needs of individual investors. Employees of Stifel, Nicolaus & Company, Inc. or its affiliates may, at times, release written or oral commentary, technical analysis or trading strategies that differ from the opinions expressed within. Past performance should not and cannot be viewed as an indicator of future performance. Stifel, Nicolaus & Company, Inc. is a multi-disciplined financial services firm that regularly seeks investment banking assignments and compensation from issuers for services including, but not limited to, acting as an underwriter in an offering or financial advisor in a merger or acquisition, or serving as a placement agent in private transactions. Moreover, Stifel Nicolaus and its affiliates and their respective shareholders, directors, officers and/or employees, may from time to time have long or short positions in such securities or in options or other derivative instruments based thereon. These materials have been approved by Stifel Nicolaus Limited and/or Thomas Weisel Partners International Ltd., authorized and regulated by the Financial Services Authority (UK), in connection with its distribution to professional clients and eligible counterparties in the European Economic Area. (Stifel Nicolaus Limited home office: London +44 20 7557 6030.) No investments or services mentioned are available in the European Economic Area to retail clients or to anyone in Canada other than a Designated Institution. This investment research report is classified as objective for the purposes of the FSA rules. Please contact a Stifel Nicolaus entity in your jurisdiction if you require additional information. The use of information or data in this research report provided by or derived from Standard & Poors Financial Services, LLC is 2011, Standard & Poors Financial Services, LLC (S&P). Reproduction of Compustat data and/or information in any form is prohibited except with the prior written permission of S&P. Because of the possibility of human or mechanical error by S&Ps sources, S&P or others, S&P does not guarantee the accuracy, adequacy, completeness or availability of any information and is not responsible for any errors or omissions or for the results obtained from the use of such information. S&P GIVES NO EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE. In no event shall S&P be liable for any indirect, special or consequential damages in connection with subscribers or others use of Compustat data and/or information. For recipients internal use only.

Additional Information Is Available Upon Request 2011 Stifel, Nicolaus & Company, Inc. One South Street Baltimore, MD 21202. All rights reserved.

Hugo J. Warns, III, CFA Director of Research (443) 224-1301 Keith Gay Associate Director of Research (415) 364-2582
AEROSPACE, DEFENSE & GOVT SVCS. Aerospace & Defense Troy J. Lahr (443) 224-1319 Joseph W. DeNardi (443) 224-1358 Government IT Services William R. Loomis, CFA James Harlow, CFA (443) 224-1325 (919) 645-5919 Engineering & Construction Robert Connors, CFA, CPA EDUCATION Education & e-Learning Robert L. Craig Jerry R. Herman, CFA Jason P. Anderson, CFA ENERGY & POWER Canadian E&P Kurt Molnar Kenneth Verenka Michael Zuk Canadian Oil Services Dana Benner, CFA International E&P David Dudlyke Quinn Sievewright MLPs & Utilities Selman Akyol Brian Brungardt Justin Kinney, CFA Non-Bank Financials (443) 224-1359 Christopher C. Brendler, CFA Matthew S. Heinz, CFA Michael R. Widner Sean Tillman Property/Casualty Insurance Michael G. Paisan Mariza F. Costa Meyer Shields, FCAS Vincent M. DeAugustino Arash Soleimani , CPA Regional Banks Anthony R. Davis, CFA Christopher M. Mutascio Charles Nabhan Brian J. Zabora, CFA Specialty Finance Troy Ward Greg Mason, CFA Closed-End Funds Alexander Reiss HEALTHCARE Biotechnology Maged Shenouda Sam Mukherjee Stephen Willey (443) 224-1303 (443) 224-1382 (443) 224-1336 (443) 224-1339 (212) 847-6628 (212) 847-6622 (443) 224-1331 (443) 224-1330 (443) 224-1377 (804) 727-6366 (443) 224-1302 (443) 224-1384 (443) 224-1335 (314) 342-2714 (314) 342-2194 (212) 847-6633

(216) 430-1733 (216) 430-1734 (216) 430-1754

Specialty Defense & Homeland Security Stephen E. Levenson (212) 847-6626 William H. Mullin (212) 847-6627 BUSINESS SERVICES Commercial IT Services Shlomo H. Rosenbaum Steven Shui CONSUMER & RETAIL Food & Beverage Christopher Growe W. Andrew Carter Daniel Stephen Mark Swartzberg Aashiv Shah Mark S. Astrachan Edward McPike Gaming & Leisure Steven M. Wieczynski, CFA Brad J. Boyer Hardlines Retail David A. Schick James J. Albertine Taylor G. LaBarr Elizabeth Lintner Home Furnishings John A. Baugh, CFA Stanley S. Elliott

(403) 268-9156 (403) 268-9164 (403) 268-9158 (403) 268-9168 (44) 203-205-3607 (44) 203-205-3617 (314) 342-2158 (314) 342-8570 (314) 342-2164

(443) 224-1322 (443) 224-1336

(314) 342-8494 (314) 342-8452 (314) 342-2128 (212) 271-3865 (212) 271-3425 (212) 847-6620 (212) 847-6634 (443) 224-1324 (443) 224-1342 (443) 224-1332 (443) 224-1290 (443) 224-1326 (443) 224-1360 (804) 727-6367 (804) 727-6364

Oil & Gas Exploration and Production Amir Arif (202) 778-1975 Jack Pecoraro (202) 778-4781 Michael Scialla (415) 364-6072 Dan Guffey (415) 364-6074 Oilfield Services Equipment R. Thaddeus Vayda (443) 224-1318

(212) 271-3867 (212) 271-3830 (212) 271-3620

Healthcare Providers & REITS Jerry L. Doctrow (443) 224-1309 Kirk Streckfus (443) 224-1354 Daniel Bernstein (443) 224-1351 Healthcare IT & Pharmaceutical Services Steven Halper (212) 271-3807 Beau Davenport (212) 271-3807 Caroline LeCates (212) 271-3793 Healthcare Services Thomas A. Carroll Mark T. Kelly Jamie F. Shurtleff, CFA Medical Devices Charles Chon, CFA Eugene Peysakh Thomas Kouchoukos, CFA Pharmaceuticals: Specialty Annabel Samimy Yelena Ofengeym

FINANCIAL INSTITUTIONS Asset Management/Investment Services J. Jeffrey Hopson, CFA (314) 342-8497 Charles Warren (314) 342-8496 Community Banks & Thrifts David J. Bishop, CFA Lucy Webster P. Carter Bundy, CFA Derek J. Ferber Stephen Geyen, CFA Charles R. Miller Collyn Bement Gilbert Aaron C. Brann Travis Lan Laurie Hunsicker Indra Elangovan (443) 224-1304 (443) 224-1206 (804) 727-6365 (804) 727-6362 (612) 455-5770 (612) 455-5774 (973) 549-4092 (973) 549-4179 (973) 549-4278 (202) 756-7764 (443) 224-1340

Household & Personal Products Mark S. Astrachan (212) 847-6620 Edward McPike (212) 847-6634 Sports and Lifestyle Brands Jim Duffy Eric Alexander Restaurants Steve West Matthew Van Vliet Softlines Retail Richard E. Jaffe Megan E. Roesch Samantha Shapiro (415) 364-6076 (720) 479-2441 (314) 342-2140 (314) 342-2182 (212) 847-6630 (212) 847-6631 (212) 847-6632

(443) 224-1310 (443) 224-1289 (443) 224-1353 (212) 271-3698 (212) 271-3828 (612) 455-5771

(212) 271-3823 (212) 271-3818

DIVERSIFIED INDUSTRIALS Infrastructure Jeff Beach, CFA (303) 291-5246 Noelle Dilts, CFA (303) 291-5239 Richard Hall (303) 291-5206 Nathan Jones, CFA (303) 291-5208

PCG Liaison Group Linda Olszewski (443) 224-1367 Research Marketing/Media Relations

Carol Popp (314) 342-2045 Research Equity Marketing Liaison

Gary Susel (443) 224-1372 Research Equity Marketing Liaison

INTERNET, MEDIA & TELECOM Internet Services Jordan Rohan (212) 271-3765 Michael Purcell (212) 271-3580 George I. Askew (202) 756-7763 Steve Rubis (202) 778-4780 Zim Yin (202) 756-7761 Media Ben Mogil Adam Kepecs Drew Crum, CPA David Pang, CFA (416) 815-3078 (416) 815-3127 (216) 430-1726 (216) 592-2006

Cleantech Jeff Osborne Sven Eenmaa Scott Reynolds Dilip Warrier Tom Daniels Communications Equipment Sanjiv Wadhwani Electronic Supply Chain Matt Sheerin Nikhil Kumar Paramveer Singh

(212) 271-3577 (212) 271-3838 (212) 271-3429 (415) 364-2983 (415) 364-2535 (415) 364-2538

EQUITY STRATEGY Equity Macro & Sector Strategy Barry B. Bannister, CFA (443) 224-1317 ADMINISTRATION Candace Kane Christina Ketover Laura Kuhl Glenn Wharton

(415) 364-2516 (443) 224-1248 (443) 224-1333 (443) 224-1334

Telecom, Media & Tech Regulatory Rebecca Arbogast (202) 778-1978 David Kaut (202) 778-4341 Telecom Services Christopher C. King Josh James METALS & MINING Base & Precious Metals George Topping Michael Scoon Dave Hove Basic Materials Horst Hueniken, CFA Fadi Benjamin Gold/Precious Metals Josh Wolfson Dave Hove Metals & Mining Paul Forward, CFA George Panageotou Paul Massoud, CFA (443) 224-1329 (443) 224-1375

(212) 271-3753 (212) 271-3635 (212) 271-3809

Supervisory Analysts Kathleen Shipley Christian R. Bell Maureen Caldaro Mariah Ehlert Jackie Ganguly Katherine Greiling Paige Prichard Cheryl Schmidt Gwen Wagner (443) 224-1327 (443) 224-1373 (410) 884-7728 (303) 388-1421 (781) 659-3809 (703) 910-6100 (415) 364-5921 (212) 271-3636 (443) 224-1328

Enterprise Hardware/Software and Hard Disk Drives Aaron C. Rakers, CFA (314) 342-8401 Matthew J. Nahorski (314) 342-2792

(416) 815-3113 (416) 815-3121 (416) 815-1548 (416) 815-1633 (416) 815-3128 (416) 815-3080 (416) 815-1548

Information & Financial Tech Services David Grossman (415) 364-2541 Nicole Conway (415) 364-5934

Semiconductors Kevin Cassidy Neilay Mehta, CFA

(212) 271-3864 (212) 271-3794

Semiconductors: Analog & Mixed Signal Tore Svanberg (415) 364-7461 Erik Rasmussen (415) 364-2553 Evan Wang (415) 364-7463 Semiconductor Capital Equipment Patrick J. Ho (214) 647-3509 Software: Applications & Communications Blair Abernethy (416) 815-3050 Tom Roderick (312) 269-0323 Chris Koh (415) 364-2655 Gur Talpaz (415) 364-2608 Software & Internet Infrastructure Todd C. Weller, CFA (443) 224-1305 Ben Lowe (443) 224-1264 Software: Infrastructure Tim Klasell Dormain Geyer Drewitz Abhishek Ghuwalewala Stephen Hagan

(443) 224-1379 (443) 224-1291 (202) 778-4342

REAL ESTATE Retail, Timber, Finance REITs Nathan Isbee (443) 224-1346 Joshua A. Barber (443) 224-1347 Jennifer Hummert (443) 224-1288 Lodging/ Multifamily REITs Rod Petrik Simon Yarmak, CFA Office & Industrial REITs John W. Guinee Erin T. Aslakson Andrew Pyke TECHNOLOGY Application Software Blair Abernethy, CFA Applied Technologies Ajit Pai Patrick M. Newton, CFA Christopher Weng (443) 224-1306 (443) 224-1345 (443) 224-1307 (443) 224-1350 (443) 224-1308

(612) 455-5772 (415) 364-2807 (212) 271-3653 (212) 271-3833

(416) 815-3050

(212) 271-3695 (303) 291-5345 (212) 271-3826

TRANSPORTATION Trucking/Railroads/Airfreight/Logistics John G. Larkin, CFA (443) 224-1315 Michael J. Baudendistel, CFA (443) 224-1357 David G. Ross, CFA (443) 224-1316 J. Bruce Chan (443) 224-1386

PCG Liaison Group Linda Olszewski (443) 224-1367 Research Marketing/Media Relations

Carol Popp (314) 342-2045 Research Equity Marketing Liaison

Gary Susel (443) 224-1372 Research Equity Marketing Liaison