This is the first in a series of four posts by Tony Burgess. You can follow the series as it's published here.
Back in the early 2000s, a small Austrian security company built a new kind of firewall to fulfill the specialized needs of a unique client. Today, thanks to the design principles behind that firewall and its descendants, Barracuda Networks is poised to disrupt the enterprise firewall market with solutions that are uniquely well suited to the era of cloud integration, SD-WAN, and the Internet of Things (IoT). It makes for a fascinating story.
A Little History
For a long time, corporate WANs were all designed pretty much the same way, as walled gardens with a hub-and-spoke shape. At headquarters, there was a data center and an internet connection. Each remote location was directly connected only to headquarters, where the servers were with all the data and apps. All internet traffic—there wasn’t much of it, and it was mostly email, which can tolerate lots of lag—was backhauled through the central breakout, or gateway, with a firewall installed on the gateway to scan for bad stuff.
Then came Web 2.0—the emergence of a vast landscape of online applications and interactive websites. Suddenly, corporate networks were handling a huge amount of internet traffic—more than the firewalls of the day were able to efficiently scan. Much of that new traffic, such as YouTube videos, social media, online games, and so on, was unrelated to business, just employees using the internet for entertainment.For the biggest enterprise-scale organizations, not even the new next-generation firewalls could handle the traffic without creating a bottleneck. ~ 'SD-WAN, IoT, and the disruptor taking aim at the enterprise firewall market' Click To Tweet
But some of it was increasingly critical to operations. Web-hosted enterprise software services such as CRM solutions, SalesForce, payroll outsourcing, and more were becoming deeply embedded in company operations.
This led to two important developments. First, firewalls had to get smarter, and they did. They learned to identify app-specific traffic and selectively block, slow, and prioritize it. This ensured that your YouTube video might stutter, and your gaming platform might be blocked, but business-critical traffic would get the bandwidth it needed. These new firewalls are still known as “next-generation firewalls.”
But for the biggest enterprise-scale organizations, even these new application-aware firewalls couldn’t handle the volume of traffic without causing unacceptable latency. The firewalls were the bottleneck.
ASIC to the Rescue
The biggest enterprises needed vast, fast throughput—”feeds-n-speeds”—from their firewalls. This led to the second important development: A new generation of high-end firewall vendors used ASIC design to deliver the throughput that big clients needed.
ASIC (Application-Specific Integrated Circuit) refers to computer chips that have “software” code physically embedded in the chip’s actual circuits. This allows it to execute that code far more rapidly than generic chipsets running code that’s stored in memory or on disk.
By packing as much code as possible into the smallest possible area of their specialized chips—packed tighter than Tetris blocks—the new enterprise firewall vendors were able to deliver solutions that could keep up with the fast-growing volume of internet traffic and let customers hang onto their legacy network architectures for another decade.'Many firewall vendors would discover that ASIC design left them grossly unprepared for the dramatic architectural transformation of enterprise WANs' ~ Tony Burgess Click To Tweet
However, ASIC does have an important downside, which is that it is physically impossible to edit the embedded code that’s on the chip. It can only do precisely what it was designed to do. As enterprise firewall vendors would eventually discover, that simple fact left them grossly unprepared for the dramatic architectural transformation that enterprise WANs are now undergoing.
This is the first of four in a series. Check back tomorrow for part two which covers the first IoT firewall. You can follow the entire series as it's published here.
For information on Barracuda CloudGen Firewalls and SD-WAN capabilities, visit us online at http://cuda.co/sdwan.
Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.
You can connect with Tony on LinkedIn here.