Channel Best-Sellers: Firewalls

Software firewall

UTM is especially attractive to small and midsize companies because it removes much of the management complexity by consolidating multiple security functions within a single box, and usually comes with a price tag that won't induce cardiac arrest.

The Cisco Adaptive Security Appliance, which combines firewall, IPS, and VPN, has replaced the Cisco Pix as the vendor's primary firewall, and more than 90 percent of Cisco's firewall sales now come through sales of the ASA, said Tom Russell, senior director of Cisco Systems' Security Technology Group.

"Traditional Cisco Pix customers have migrated to the ASA. Cisco's move to the ASA was made with the goal of offering a rich profile of technology that's necessary to combat the threats of today," said Russell, adding that Cisco ASA sales have been "extremely healthy."

Check Point, a relative newcomer to the UTM market, still sells stand-alone firewalls, which is the most likely explanation for why it led the firewalls category by such a large margin, according to solution providers.

Sponsored post

In firewalls, Check Point has been adding incremental performance gains and a few new features, but overall, the biggest attraction has been in hardware, where Check Point's UTM-1 and UTM-1 Edge appliances have been gaining popularity, said Lou Rubbo, principal at DirSec, a Centennial, Colo.-based solution provider. "We see more interest in the hardware vs. any big changes in the software," Rubbo said.

Bill Calderwood, president of The Root Group, a Boulder, Colo., security solution provider that partners with Check Point and Cisco, says Check Point's solid reputation, combined with a sensible price point, have helped it parlay its reputation as a high-end firewall leader down to the midmarket. "They've definitely seen some market- share gains as a result of that," he said.

Both Check Point and Cisco are making "very good progress" in the UTM market on the strength of performance and user interface features, adds Calderwood. "I think we'll see over time that as different point products get integrated into UTM, it'll complement both vendors' already good management tools, and that's really what larger corporations look for," Calderwood said.

However, larger companies have yet to gravitate to UTM en masse because many prefer a more layered approach to security and are finding that compromises exist with regard to performance and functionality in some UTM solutions, according to Calderwood.

One question Check Point customers must continually ask themselves is that while it may be possible to replace their infrastructure for what they're paying for a Check Point subscription, it just doesn't make sense to go this route, says Ken Phelan, chief technology officer for Gotham Technology Partners, a solution provider based in Montvale, N.J. "Rule bases make this a sticky technology, and Check Point still arguably remains the best technology available. Low acquisition cost is just not that compelling," he said.

From a channel standpoint, another of Check Point's strengths is that their direct reps work closely with the channel, which helps them maintain their standing as one of the industry's most channel friendly vendors, Phelan said. "Check Point never takes a deal direct, and works well to protect the channel in accounts where they add value. They don't just shrug their shoulders when some carrier scoops your deal at cost," said Phelan.