Jody Brazil
CEO at FireMon
By the early 2000s, proxies had lost, and stateful inspection dominated the market. As internet speeds increased and firewall adoption inside the enterprise increased, performance drove purchasing decisions. Enter Netscreen, the firewall appliance, and the Application-Specific Integrated Circuit (ASIC).
The Rise of the ASIC
Similar to what Cisco built and sold for networking, Netscreen did for security. Netscreenintroduced the purpose-built firewall “appliance.” By controlling the hardware, OS and software, they were able to significantly out-perform the software-based Check Point firewall. In addition, Netscreen introduced a security-specific ASIC for firewall decision packet processing. Rather than inspecting traffic in software, the Netscreen firewall had a purpose-built chip enabling faster inspection and subsequently less latency and higher throughput at a lower cost. With performance listed as a top buying criteria for firewalls, the appliance gave Netscreen a significant advantage.
Netscreen was not the first to sell a firewall appliance. Cisco was selling the PIX in the 90s. However, Netscreen combined the market prefered stateful inspection firewall and an easy to use GUI in the firewall appliance. Initially, they did not offer central management, but the ease of deployment and management of the individual firewalls overcame that limitation in some smaller environments. And the lower TCO of not having to buy a separate platform or manage the OS and higher performance resulted in success in large enterprises. Eventually, Netscreenalso saw the lack of enterprise management as a weakness and delivered a central management platform with similar functionality to Check Point.
The Appliance Becomes the Standard
Netscreen and Cisco were not alone in pushing the firewall appliance. Nokia, following the acquisition of Ipsilon Networks, began providing an appliance platform for the Check Point software firewall. For many Check Point customers, the Nokia appliances became a standard deployment platform for all Check Point firewall gateways. The primary benefits included:
- Appliance platform: Security teams could own the hardware, OS, and software of an appliance deployment. Alternatively, in many organizations, if it was not an appliance, the security team would have to coordinate with internal IT resources including hardware teams and Operating System teams.
- Performance: Nokia supported offloading of stateful tables to dedicated hardware lookups for improved performance
- HA: Nokia shipped with an embedded failover capability, VRRP, enabling HA firewalls without buying a third-party solution.
- Management: Ease of OS management via the Web UI and ease of OS upgrades and downgrades made Nokia IPSO an easy to maintain platform.
Performance was such a significant driver to this market that other platforms focused on delivering higher performance came to market. Crossbeam was a general-purpose hardware chassis platform that found a powerful niche in the firewall appliance market. Very similar to the benefits stated above, Crossbeam delivered a high-performance, HA hardware platform.
Eventually, Check Point was convinced that an appliance was a market preference and brought a Check Point branded appliance to market. In time, Check Point acquired the Nokia division that provided the firewall appliances and continued to expand their appliance line and capabilities.
All subsequent, major firewall vendors delivered an appliance, including: Palo Alto Networks, Fortinet, Watchguard, and Sonicwall to name a few.
Security Goes Mainstream
Netscreen proved to be a very formidable competitor to Check Point. However, a rising tide lifts all boats; the market was expanding so quickly that all firewall vendors thrived in the mid-2000s. Security had moved from a technical challenge to a business challenge. High-profile attacks and increasing dependence on the Internet for critical business functions, drove security from the obscure to the forefront. The firewall was, and is, one of the most commercially successful security products on the market. As evidence, a recent State of the Firewall survey from FireMon indicates that approximately 70% of organizations spend between 10% – 50% of their entire security budget on firewalls.
I think it is fair to ask why the firewall became such a core component of security. Most high-profile attacks at this time were malware (viruses and worms) that were ineffectively prevented by firewalls. Insider threat was better addressed with authentication and authorization solutions. External threats were often exposed by applications intentionally open to the world. So why did the firewall thrive?
First, the firewall was, and is, one of the few positive security model products in use. A positive security model does not depend on staying ahead of the attacker with the next virus signature or intrusion pattern. The firewall explicitly defines what is allowed and denies all other access. While the firewall was never THE answer to security, the firewall very effectively limits the risk to an enterprise to only the access defined.
Second, it was something that security controlled. In fact, the rise and adoption of the firewall appliance furthers this point. The firewall appliance allowed the security engineer to “own” the entire solution without dependence on internal IT for hardware and operating system support. The firewall could be placed on the network without partnership from system owners, end-point administrators to install agents, or application developers to ensure secure code was deployed. The entire system was purchased, managed, and maintained by security. Perhaps this is not a valid security reason for the firewall to thrive, but corporate politics are a reality, and in the case of the firewall helped make it a leading technology in the security ecosystem.
By the mid-2000’s the firewall had solidified its position as a core security technology. But,innovation didn’t stop. The next generation of firewall technology was right around the corner.