The recent barrage of high-profile cyberattacks has put many companies on edge, but it has also been a boon for developers of new security tools. Makers of so-called next-generation firewalls are particularly hot. Traditional firewalls filter out harmful data “packets” and pass along legitimate ones. The new breed looks at software applications coming into a corporate network and not only susses out dangerous ones but grants workers case-by-case permission to use certain apps. (A company may allow workers to use Facebook, say, but prohibit them from downloading games and other fare — increasingly a vehicle for spreading malware — from the Facebook App Center.)
According to a recent Gartner report, Internet connections secured using next-generation firewalls will hit 35% in 2014, up from 10% today. (Overall, corporate firewall sales will be about $6.8 billion this year.) Here’s a sampling of the startups, incumbents, and Johnny-come-latelies vying for a piece of the business:
Palo Alto Networks
Santa Clara, Calif.
Palo Alto Networks (yes, it’s based in Santa Clara) got the next-gen party started in 2005 when founder Nir Zuk figured out that apps could usher viruses into corporations. The company went public last year and now has some 11,000 customers. It has a clear early-mover advantage and a focus on new tech, but lacks the breadth of security products — such as endpoint protection and e-mail gateway capabilities — offered by more established competitors.
Check Point Software Technologies
Check Point pioneered firewall technology back in 1994, and by all accounts it is improving on its original product. Recent tests by NSS Labs, a network security research firm, claimed that Check Point’s next-gen firewall is the “most mature and feature-complete in its class.” Company growth has slowed recently, partly because of increased competition.
Cisco was late to embrace next-gen firewalls. To catch up, Cisco CEO John Chambers hired RSA veteran Chris Young in 2011 and reportedly gave him a blank check to turn around its lagging security business. The company recently added an application-control layer to its existing firewall product. Analysts believe Cisco still has work to do but could win over customers who want a one-stop shop for their networking needs.
Bottom line: Firewall security is getting tighter, but you can bet that cybercrooks are already figuring out how to pierce next-generation solutions. The winner will be the firewall maker that can stay ahead of the bad guys.
This story is from the April 8, 2013 issue of Fortune.