Through my consulting experience started from last year, there were a couple of times when attendees were talking about the performance and usability issues of their security products. Interestingly enough, I found most of these issues were not related to the performance and features at all. Instead, they were more close to how devices are bought.
Among the discussions, a shared process is locking a brand, then deciding which models had the best fit in their environment and finally sought partners for the final procurement. I asked some friends about whether this process was in their companies or not, and most of them admitted. So I can conclude that this process is ubiquitous but is wholly reversed. In case you don’t see the problem, thinking about buying a car for speed racing, no one would consider a truck just as no one would buy a Ferrari 488 GTB for family travel.
A better way is figuring out the current situation and vulnerability, then deciding which type of device is best for strengthening the network. Probably each question has multiple answers in contexts, such as malware can be detected by email security, web security, endpoint detection, and IPS, etc. where we should fortify influences what we should use. After the type of the device has been locked, we can move on to vendors and models by comparing their features and costs. This is always the way I recommend to my students.