The Shopify Hacker-Powered Security Story » Get the Report from HackerOne!
Welcome Guest | Sign In

Best Firewalls for Big Enterprises

By Elizabeth Millard
Jul 2, 2003 4:00 AM PT

Although every company should employ firewalls to keep its networks and data safe from bad guys, larger enterprises tend to have an even deeper need for breach-proof perimeters.

Best Firewalls for Big Enterprises

With multiple offices, thousands of employees and a wealth of electronic access points into their systems, these big enterprises must lock down a great deal of infrastructure to stay safe.

Thanks to vendors that are committed to providing the locks, CIOs can sleep a bit better. Although no firewall solution is perfect, several can do the job well and keep even the largest enterprises relatively secure. So, which are the best firewalls for big business?

Top Choices

Not surprisingly, most firewalls for big companies are produced by the market-leading companies in this space: Cisco, Check Point (Nasdaq: CHKP) and NetScreen (Nasdaq: NSCN). There are smaller contenders, such as Sidewinder from Secure Computing, but when it comes to overall firewall implementation, the top three are unchallenged at this point.

According to Michael Rasmussen, Giga Information Group research director, there is room for all three major players in the market because different firewalls have different functionalities.

"For centralized management, Check Point is very strong," Rasmussen told the E-Commerce Times. "On speed, NetScreen wins hands down as the fastest firewall. And Cisco is Cisco."

Which one is installed depends on an IT department's preferences and areas of expertise. "It all depends on your architecture," Rasmussen said. "Sometimes there's a trade-off on speed for security."

Richard Stiennon, Internet security research director at Gartner, told the E-Commerce Times that there are enough products on the market to fit most budgets. "They're all on a similar enough platform that they're manageable from a central console, too," he said.

Security Chief

With its security certifications and reputation as a leader, Cisco is certainly one of the top dogs in the pack.

"We have a very broad portfolio," Cisco product manager Mike Jones told the E-Commerce Times. "Basically, it's based on different price/performance levels."

The company's overall product family is the Cisco PIX 500 series, with five firewalls available that offer increasing protection and cost. The lowest-priced appliance is the PIX 501, built for small office and telework customers.

Large enterprises should focus on the company's higher-end solutions, such as the PIX 525 and, especially, the highly scalable PIX 535, Jones said.

The 535 provides 1 Gbps of firewall throughput and can handle up to 500,000 concurrent connections. Some models include integrated hardware acceleration for VPN (virtual private network) and have up to 95 Mbps of 3DES VPN and support for 2,000 IPsec tunnels. Pricing starts at US$29,995.

Although hardware flaws caused several Cisco firewalls to hang in 2001, the company seems to have worked out the kinks and has assuaged affected users by sending them rush replacements for the affected boxes.

Point Guard

Rival Check Point "has first-mover advantage," Sweta Duseja, product marketing manager at the company, told the E-Commerce Times. "We definitely have an inherent lead, and it gives us great hold over the market in terms of brand recognition."

The company's flagship product is called Firewall-1. Although it is possible to buy this firewall on a per-seat basis, large enterprises likely will be more drawn toward a bundled arrangement.

Starting at $19,000, an enterprise can purchase a Firewall-1 Gateway Bundle, which includes an enforcement point protecting an unlimited number of IP addresses. The bundles utilize Check Point's security management architecture, which provides one-click centralized policy distribution.

As Rasmussen mentioned, this centralized management ability is a strong quality for Check Point. The company also has worked to secure the application level as well as the network level.

Duseja noted that this is an important addition to any firewall, because hackers have been targeting applications with greater frequency in recent months and years. "You need to be able to protect anything that touches the corporate LAN," she said.

New Contestant

As the most recent entrant in the field, NetScreen is holding its own against its larger competitors. As Rasmussen noted, "NetScreen has a hardware-based appliance and a very focused custom operating system that's compelling."

For a large enterprise, the company recommends a central site system like its NetScreen-5000 series, which features customized hardware configurations based on interface, power supply and performance needs.

The mightiest offering in this product line, the NetScreen-5400, is a 12 Gbps firewall with 1,000,000 sessions. It includes a 6 Gbps 3DES VPN with 25,000 IPsec tunnels. Although its pricing depends on customization options, the lower-end NetScreen-5200's price tag of $99,000 should give enterprises a rough idea of how much its big brother might cost.

Larger distributed deployments are delivered through the NetScreen-Global PRO, which enables management of all firewall and VPN devices from a single interface.

Firewall Future

Although Cisco, Check Point and NetScreen are the three firms that big enterprises turn to at present, the firewall world is one in which startups still can flourish, according to Stiennon.

"We see the firewall space as changing dramatically in the next few years," he said. "There's an opportunity for startups to challenge existing vendors to change their technology."

Moreover, as large vendors work more diligently to keep networks and applications secure -- and to stay ahead of the pack -- big enterprises can only benefit from the race to make the best firewall.


Advertising revenue is diminishing across the Internet, and independent publishers like ECT News Network are the most adversely affected.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats, and no subscription fees.

If you like the content on the E-Commerce Times, and want to help support traditional journalism, please consider making a contribution of any size via PayPal by clicking the Donate button:

By donating, you acknowledge that no goods or services are purchased with your donation, donations are not tax-deductible, are non-refundable, and no perks are given to donors.


ECT News Network offers a variety of custom sponsorship packages to meet your business goals. Please contact sales for advertising information.

Facebook Twitter LinkedIn Google+ RSS
Freshsales - Don't fall prey to Excel sheets
What best describes your attitude toward social networks and politics?
The value of engaging in serious political discourse outweighs the negatives.
Most of the political conversations seem overheated and ignorant.
Social networks provide a lot of very good political information from reliable sources.
Almost every political post I see is skewed or totally fake.
Political interactions on social networks simply mirror those in the real world.
Social networks remove inhibitions, bringing out the worst in people and politics.