Check Point Software Technologies has been giving companies such as Cisco a run for their money in the enterprise security space. But as the company attempts to both diversify its product set and move into the SMB markets, it faces a new set of challenges. BRETT WINTERFORD sat down with Check Point president Jerry Ungerman to discuss the vendor’s strategy.
How has Check Point expanded its business over the past twelve months?
Jerry Ungerman (JU): What we have done well to date is perimeter security for the enterprise. We have 97 of the Fortune 100 using our products.
We nonetheless recognised the need for a major expansion. The first part of that expansion was moving into the small and medium business markets with products such as Check Point Express, for medium-sized companies with 101-500 employees, and Safe@Office, a small business product.
We have now begun expanding our product portfolio. We introduced a new internal security product called InterSpect, acquired a desktop firewall vendor called ZoneLabs, and we are now about to release a new Web-based security product.
Is Check Point’s product diversification driven by market saturation for perimeter security?
JU: It was driven primarily by customer needs. Yes, there is saturation in the market. But there is still significant growth left in perimeter security. With broadband and wireless technologies on the rise, the perimeter changes every day so it is an ongoing challenge.
Who will Check Point’s competitors be in these new markets?
JU: For InterSpect we feel that there is no other product on the market that can do what it does. For the new Web-based security product, there are a lot of competitors in the market. There are a lot of point products — single sign-on vendors, SSL VPN vendors, firewall authentication vendors. But to complete the solution an organisation today may need some four to six point products. We are going to bring out a single product for all of these needs. To date nobody else has done that.
What is Check Point’s hardware strategy?
JU: We had traditionally gone to market with our primary gateway perimeter security software on open servers from the likes of HP and Nokia. But recently we decided to launch Check Point branded appliances, and we subsequently released InterSpect under our own brand.
What attracted the company to acquire ZoneLabs?
JU: ZoneLabs gives us a desktop security solution. It produced and distributed — free of charge — a personal firewall called ZoneAlarm. This free product has been downloaded by more than 25 million users. The company then released ZoneAlarm Pro, a personal firewall with some additional functionality that users would be prepared to pay for. It was when the company began developing an enterprise product that we became interested. It has taken what it has learned from 25 million users and created an enterprise product called Integrity. While it might have 25 million users of the free product, ZoneLabs only had 1400 enterprise customers. Check Point has 80,000 enterprise customers. So it made sense for us to acquire them and take that technology to market.
Is there still room for software partners as Check Point broadens its product range?
JU: There are still other security needs out there that are not covered by Check Point — consider all the antivirus and content filtering products for a start. There are more than 350 security vendors that have partnered us under our Open Platform for Security (OPSEC) initiative. This has worked very well for us — and for our partners it means they can go to a customer and reassure them that the product will work with Check Point.
We like to tell people that the first thing a new technology start-up in Silicon Valley does is go to a venture capitalist for funding. The first thing a new security technology start-up does is get OPSEC certified.
Who hasn’t joined OPSEC? What are the competing visions in the security space?
JU: Cisco has not joined. Cisco is without a doubt our major competitor. Cisco has its own technology partner program that it started three years ago — but it has nothing like our numbers.
Cisco’s strategy tends to be to acquire technology, not partner. They continually buy second and third tier technology companies, but tend not to do a good job on integrating them.
Networking vendors are starting to see security as an important part of their business. How has Juniper’s acquisition of NetScreen affected the market? Has Check Point been approached as an acquisition target?
JU: It would hurt our reason for being if anybody did acquire us. Juniper’s acquisition of NetScreen leaves us as the only independent software security company. The acquisition is good for us — I think it is a limiting approach to see your technology merely become part of someone else’s network infrastructure business.
Are you concerned by the aggressive pricing moves of IDS/IPS vendors? What does it mean for firewall vendors?
JU: We find that products such as InterSpect are being installed for the same issues as those IDS and IPS vendors are trying to solve. I can understand why some new technologies might be undermining the value of intrusion detection and prevention. These technologies are reactive as they are signature-based. There is no advanced warning of an attack. In the past a threat was unleashed and you would read a news report or a bulletin warning you that it will arrive in this many days or hours. Today it’s done. As soon as the attack is launched, it’s over. There is no time for analysis anymore. The technology has to be proactive. I don’t think intrusion detection meets today’s threats.