on June 27, 2007

The firewall emerged two decades ago, ushering in the first wave of security technologies designed to protect IP networking. Intrusion detection systems and intrusion prevention systems followed the firewall. Unified threat management came on the security scene as a way to package existing technologies into an easier-to-deploy format. What follows is a timeline and discussion of the key developments.

Related Stories:

• Instrusion Detection (IDS) Essentials
• Firewall Comparison Guide
• Top Open-Source Snort Products
• Network Access Control Resource Center

1988: The Morris Worm

The Morris Worm, which hit NASA and several universities, sparked the development of the first firewalls. Those devices were IP routers with packet filtering capability, noted Alex Quinonez, vice president of Americas sales and support at Astaro, a perimeter security vendor.


1989: IDS Emerges

University and government research yields the first generation of intrusion detection system (IDS) technology. Early commercial products include Haystack Labs’ Stalker, which built upon developments in the public sector and academia.


1991: Packet and Circuit Firewalls

Digital Equipment Corp. rolled out the first application-layer proxy firewall – dubbed SEAL -- in 1991. Bell Labs research spawned Raptor Eagle, a circuit-level firewall, a few months later.


1993: TIS Releases Source Code

Trusted Information Systems distributes its firewall toolkit as source code. Quinonez said that moved sparked additional activity in the firewall market. A notable commercial offshoot was the Gauntlet firewall, which after a series of acquisitions, ended up with Secure Computing Corp. in 2002.


1993: Inventing the Wheel

Air Force begins deploying its Automated Security Incident Measurement system. Two years, later Air Force developers found WheelGroup, which launches the NetRanger IDS system.

Domenick Lionetti, vice president of sales for ExaProtect, a security management vendor, noted that Air Force projects helped launched IDS, but noted that the market didn’t take off until the latter half of the 1990s. Cisco acquired WheelGroup in 1998.


1994: Check Point and The Stateful Firewall

Check Point Software debuted Firewall-1, inaugurating the stateful firewall market. Dean Ocampo, product marketing manager for Market Intelligence and Web Security at Check Point, said the emergence of stateful firewalls represented a middle ground between the performance of packet filtering firewalls and the intelligence and demarcation of proxy firewalls. Following the Firewall-1 introduction, Check Point turned its attention to developing a more intuitive management interface. Early firewalls were command-line driven.


1998: Snort Debuts

Martin Roesch creates the open source IDS Snort, which is now considered the most widely deployed IDS/IPS in the world.


1998-2000: IPS Arrives

Industry begins to recast IDS as Intrusion Prevention Systems (IPS), as products such as Network ICE’s BlackICE hit the market.


2003: Attack of the Worms

Slammer and Blaster hit corporate networks in a banner year for worms and other malware. Ocampo said this development “drove an outcry for a smarter firewall and things like intrusion prevention.”


2004: UTM Defined

IDC is credited with coining the phrase “unified threat management” to describe products that combine the functionality of firewalls, IDS/IPS, and other network protection gear in a single appliance.

David Frazer, director of technology services at anti-virus vendor F-Secure, said the emergence of UTM coincided with the rise of blended security threats.

Lionetti said the impetus for combining security functions in one box dates back to the late 1990s, when Cisco began offering encryption in its routers. Astaro and Fortinent, two of the current leaders in the UTM market, were actually founded in 2000.

2006-2007: Consolidation

IBM purchases IDS/IPS vendor Internet Security Systems for $1.3 billion; Secure Computing Corp., which markets UTM appliances among other products, acquires messaging security vendor CipherTrust Inc.; SonicWall, also in the UTM space, acquires e-mail security provider MailFrontier; Check Point purchases NFR, an IPS vendor.

Related Stories:

Instrusion Detection (IDS) Essentials

Firewall Comparison Guide

Top Open-Source Snort Products

Network Access Control Resource Center