Pix Firewalls Out, Unified Threat Management In

AirIQ selects Check Point UTM solution as its new perimeter security architecture

Dark Reading Staff, Dark Reading

September 19, 2008

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Like other Cisco Systems Inc. (Nasdaq: CSCO) Pix firewall customers, AirIQ had to make a move. So instead of just replacing its Pix boxes -- which are being phased out by Cisco -- with another firewall, AirIQ decided to go with a unified threat management (UTM) solution, which goes beyond just firewalling.

AirIQ, which provides wireless location-based services to companies managing commercial, marine, and consumer fleets of vehicles, has about 60 employees who work mainly in its Toronto office, as well as six satellite offices scattered throughout North America.

The UTM decision came down to either sticking with Cisco and buying its ASA 5500 Series, or moving to Check Point Software Technologies Ltd. (Nasdaq: CHKP)’s UTM-1 450. Although AirIQ had been a content Cisco customer, Check Point won over the firm. “All Check Point focuses on is firewalls [and security]. Cisco has a lot of other products, so it was not clear to us how much of a priority its security products were,” says Stephen Masarovich, manager of IT operations and support for AirIQ.

AirIQ also had concerns about Cisco’s new licensing model: Instead of just being able to purchase the firewall as an appliance, customers now also had to pay licenses for each connected device as well. The ASA 5500 Series includes a firewall, SSL and IPsec VPN, IPS, and content security.

The Check Point UTM-1 450 includes firewall, VPN, intrusion prevention, SSL, antivirus, anti-spyware, Web filtering and security, and anti-spam. Masarovich says the Check Point team that AirIQ worked with had a better handle on its product than the Cisco team did on its UTM offering. “Because the Cisco product was new, we raised some questions that were not easily answered,” Masarovich says.

But the Check Point system was pricey -- in the $60,000 range, slightly more expensive than the Cisco system, according to Masarovich. Still, AirIQ thought the better vendor support and a richer set of features in UTM made it worth the investment. To save some money, AirIQ decided to lease the Check Point UTM product rather than buy it.

The graphical user interface of the Check Point UTM-1 450 made it simpler to configure than the command line interface of the Pix router, and it includes smart tracker and dashboard features.

Although UTM has been around for a few years, it’s been slow to take off. In some cases, the functionality available in the UTM packages often pales in comparison to autonomous products. But AirIQ saw that the benefits outweighed any risks. “We have more visibility into our network than we did before,” Masarovich says. “The system identified that we had overlapping IP addresses -- something we had been unaware of.”

So far, the company hasn’t experienced any performance problems UTM systems sometimes cause, given that they squeeze multiple security functions into one system. “We have not had any complaints from our users since we installed the system,” noted Masarovich.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights