The global network security market eclipsed $7-billion in 1Q 2026 – up 14% percent year-over-year – according to Dell’Oro Group.
Growth remained resilient, but the stronger market signal was policy-plane expansion as enterprises increased investment in architectures that coordinate enforcement across users, applications, clouds, branches, and customer-controlled environments. That shift is becoming more urgent in the agentic AI era where security teams must govern human users, non-human actors, applications, APIs, and distributed infrastructure through fewer policy planes.
“Physical firewalls and select point products are not going away, but the agentic AI era is raising the value of software and cloud-based network security platforms that reduce policy sprawl across users, applications, clouds, and branches,” says Mauricio Sanchez, senior director, Enterprise Security and Networking at Dell’Oro Group. “SSE’s 22% growth, WAF’s 20% growth, and Firewalls’ 9% growth show that buyers are adding cloud-delivered access, application front-door controls, and virtual enforcement alongside the physical appliance base to get enterprises ready for the agentic AI era.”
Additional highlights from the report include:
- Firewalls: Physical appliances remained essential for throughput, segmentation, and local enforcement, but the stronger architectural signal came from virtual and hybrid enforcement models that extend firewall policy across distributed environments.
- Security Service Edge (SSE): Cloud-delivered access remained central to policy-plane consolidation as buyers looked to apply consistent controls across users, devices, SaaS applications, private applications, and emerging AI usage patterns.
- Application Delivery Controllers (ADC): Application delivery modernisation continued to matter because agentic and AI-adjacent workflows increase the need for resilient application performance, automation, and customer-controlled deployment options.
- Web Application Firewalls (WAF): Application front-door controls gained strategic importance as enterprises worked to govern API exposure, bot activity, automated traffic, and AI-adjacent application behaviour without slowing application delivery.