Palo Alto Networks, founded in 2005 by its CTO Nir Zuk, set the pace with its Next Generation Firewall (NGFW) that shipped in 2007. This compelled vendors that include Cisco, Check Point, Intel Security division McAfee, Barracuda Networks, and recently HP, to join the charge to NGFW.
Along the way, Zuk, who had been at Check Point developing the early firewalls, has stepped upon the stage as a clear — but controversial — leader and innovator. After a falling out early on with Check Point management, he started OneSecure in 1999, which was acquired by NetScreen in 2002, later acquired by Juniper for $4 billion in 2004.
After Zuk left Juniper to establish Palo Alto, Juniper launched firewall-related patent-infringement lawsuits. The two sides dueled over firewall patent lawsuits until finally in May of this year they settled it with a cross-licensing arrangement that included Palo Alto agreeing to pay $175 million in cash and equity.
While some of his former employers tend to wince at his name, Zuk nonetheless gets the nod from others.
"Nir's the brains," comments Ranum. "He did the design of a lot of Check Point, Netscreen (now Juniper) and Palo Alto — he takes a team of programmers around with him, who — by now — can code firewalls in their sleep."
The world has moved far beyond what was possible in the early '90s, Ranum adds. "Now that you can buy programmable 'switch on a chip' processors like the Cavium Octeon, it's possible to do the layer-7 analysis at packet speed, which we could never do in 1991. I see the trend as a sort of vindication of the idea the game was always at layer-7 to begin with and 'stateful inspection' was a 15-year-long digression."
In all this time, the firewall market has mushroomed into what Gartner thinks will be more than a $9 billion market this year. Firewalls have long since been used not just at the perimeter but also inside of enterprise networks to cordon off segments. But despite all this, the irony is that the role of the network firewall is more in doubt than ever before because of the rise of the use of cloud-based services and mobile devices.
IT and security managers have always had their doubts about firewalls, especially when web traffic had to be let through. Those doubts reached a crescendo in the 2005 timeframe and on when a group of security professional from several large global enterprises gathered together under the banner of the "Jericho Forum" to voice their displeasure with firewalls.
Their complaints centered around the idea that the growth of cloud services, e-commerce and mobile were all acting to eliminate any discernible "perimeter" in their networks they had once enjoyed. The Jericho Forum, led by security pros such as Paul Simmonds, who worked at paint and chemicals firm ICI and later AstraZeneca, spoke out passionately about the perceived limits of firewalls and a deep desire for new approaches that were data-centric.
Sign up for Computerworld eNewsletters.