The early years with the TIS Toolkit as the proxy firewall didn't gain widespread adoption because "it was so hard to maintain a proxy firewall," says Matt Howard, now at Norwest Venture Partners, who helped develop Network Translation's PIX firewall later acquired by Cisco.
Back then, "everyone thought the firewall would be killed — the router would subsume the firewall," says Howard. But that didn't happen. Infrastructure providers Cisco and Juniper certainly sell firewalls in routers and switches.
But Gartner reckons that enterprises tend not to depend on that approach for their core firewall purchases. Though it faces tough competitors, Check Point continues to hold the top spot at 22% of the market for firewall equipment, by Gartner's reckoning. By consultancy IDC's account, Cisco may be slightly ahead with 24.3% share.
Check Point is "one of the stalwarts of the firewall group" and the two have been rivals for a long time, says Scott Harrell, vice president of product management for security at Cisco. "They're a formidable competitor and we see them in many accounts."
Gil Shwed is co-founder and CEO of Check Point, with which began with help from Israeli tech investor Shlomo Kramer and vice chair Marius Nacht. Shwed says he agrees with many of Ranum's points about that era. Shwed notes that Check Point's strong suit was its stateful inspection engine and simple graphical interface. Check Point FireWall-1 ushered in a "turning point" that turned a "niche" into "a mainstream," he notes. He adds he holds Ranum, a recognized pioneer in the field, in high regard.
Shwed said his own ideas for the firewall began coming together long before the founding of Check Point while he served in the Israeli military and was busy connecting networks.
Corey Nachreiner, director of research and strategy at WatchGuard, agrees that Check Point's FireWall-1 can be considered the "first real commercial run" at a firewall. He notes that Check Point early on was software-based while WatchGuard differentiated its early Firebox as a hardware appliance. (In a back to the future kind of way, WatchGuard is reviving the Firebox brand name it had earlier dropped.)
Today what's called the firewall typically does far more than simple port-based filtering and control. It might also include an intrusion detection and protection system (IPS), antivirus or URL filtering, act as data-loss prevention device, and much more, including sandbox-style zero-day threat detection. Security analysts at tech consultancies have left their mark by criticizing whatever the security vendors were doing over the years, and urging them to reach for more, such as higher throughput speeds or better management.
At research firm IDC, security products research director Charles Kolodgy coined the term "unified threat management" for a class of firewall-capable devices, often seen as suitable for small to mid-sized businesses. And at Gartner, analysts Greg Young and Neil MacDonald in recent years began urging network-firewall providers to produce the kind of "application-aware" gear that would be able to establish access and user identity controls through granular knowledge of the applications, plus capabilities such as IPS.
Sign up for CIO Asia eNewsletters.