According to a recent Gartner report, Internet connections secured using next-generation firewalls will hit 35% in 2014, up from 10% today. (Overall, corporate firewall sales will be about $6.8 billion this year.) Here’s a sampling of the startups, incumbents, and Johnny-come-latelies vying for a piece of the business:

Palo Alto Networks

Santa Clara, Calif.

Palo Alto Networks (yes, it’s based in Santa Clara) got the next-gen party started in 2005 when founder Nir Zuk figured out that apps could usher viruses into corporations. The company went public last year and now has some 11,000 customers. It has a clear early-mover advantage and a focus on new tech, but lacks the breadth of security products — such as endpoint protection and e-mail gateway capabilities — offered by more established competitors.

Check Point Software Technologies

Tel Aviv

Check Point pioneered firewall technology back in 1994, and by all accounts it is improving on its original product. Recent tests by NSS Labs, a network security research firm, claimed that Check Point’s next-gen firewall is the “most mature and feature-complete in its class.” Company growth has slowed recently, partly because of increased competition.

Cisco Systems

San Jose

Cisco was late to embrace next-gen firewalls. To catch up, Cisco CEO John Chambers hired RSA veteran Chris Young in 2011 and reportedly gave him a blank check to turn around its lagging security business. The company recently added an application-control layer to its existing firewall product. Analysts believe Cisco still has work to do but could win over customers who want a one-stop shop for their networking needs.

Bottom line: Firewall security is getting tighter, but you can bet that cybercrooks are already figuring out how to pierce next-generation solutions. The winner will be the firewall maker that can stay ahead of the bad guys.

This story is from the April 8, 2013 issue of Fortune.