commentary Check Point may have made big bucks selling firewalls in its early days, but it is struggling to live up to its CEO's vision in today's rapidly shifting security market.
It wants to be the last big "pure-play" security vendor in the business, offering a wide range of solutions to the enterprise and even small- to medium-sized businesses (SMBs). But with 70 percent of Check Point's sales coming from one, core product -- VPN and firewall perimeter software -- can the Israel-based company pull it off?
Check Point rode the gravy train in the 1990s selling firewalls to every
company possible. It was a boom time for basic security kit, and Check Point had good gear. But times have changed, and so has the market. It's a new world for security vendors, with many of the established names having been acquired or themselves diversifying into other areas. Check Point wants to buck that trend, focusing entirely on security.
One of Check Point's most direct competitors, Netscreen, was acquired by
router-maker Juniper Networks in 2004. The move hasn't done its share price
any favours, and Check Point's Vice Chairman, Board of Directors, Jerry
Ungerman, thinks he knows why. "When you talk about Juniper, they got
security to help sell routers and switches, not to become a security
company," he told ZDNet Australia. "I don't think they've been as
successful as they'd envisioned."
It may seem like competitor bashing, but Ungerman's right in this case.
Juniper flew press and analysts from all over the globe to its California
headquarters to hype the acquisition in late 2004, and this correspondent
was invited. Company management were open about it -- the Netscreen
acquisition was all about Juniper's move into the enterprise market, a
source of revenue it couldn't tap from its telco heartland.
Through Netscreen, they'd acquired some snappy technology, a tonne of
customers, and a sales channel into the enterprise. Previously, Juniper did
the majority of its dealings directly with telcos. This was its big move
against Cisco, in a David versus Goliath-style battle. Unfortunately for
David, the big guy is still looking healthier than its smaller rival, despite Juniper
offering excellent products.
Three months earlier, Check Point had announced its first big acquisition.
It snapped up consumer security technology company Zone Labs for US$205
million, with the vision of bringing endpoint security to the enterprise.
Security outfits are still attractive targets, it seems. Storage vendor EMC
acquired RSA Security for US$2.1 billion this year; a reverse-play of
Symantec's US$13.5 billion acquisition of storage infrastructure outfit
Veritas last year.
The pairing of security companies with storage vendors strikes some analysts
and commentators as odd. In the case of EMC acquiring RSA, offering security
tokens with storage solutions is like putting chocolate on hamburgers --
it's not criminal, but it is strange. And EMC is no dummy when it comes to
buying good technology. VMWare, which the company bought in 2003, is now one
of the fastest growing software companies in the world, which just makes its
seemingly bizarre play for RSA seem more, well, bizarre.
"We also don't get it," Gil Shwed, the founder, CEO and Chairman of Check
Point, told ZDNet Australia. He built the company on software he
wrote himself, and he's a technologist to the core. If there are synergies
between RSA and EMC, he doesn't see them.
Ungerman, his right-hand, is more philosophical. "I think they're defensive
plays. I've worked in this business for a long time and you don't make money
selling disk drives. You don't," Ungerman says. "There're big players in
there that make very little money and EMC is one of the big ones. They're
trying to build up their software business."
Check Point, too, has attempted to expand through acquisition. Sick of being
known as a one-trick company that makes a good firewall, it announced its
intention to buy US-based security outfit Sourcefire for US$225 million this
year, its first big move since Zone Labs in 2003.
As a company that now defines itself as the last significant vendor left
that focuses solely on security, it was a good move. Sourcefire has great
technology, more good will than you can poke a stick at, and a fairly
impressive list of clients.
Unfortunately, at around about the same time, a firm from the United Arab
Emirates was looking to buy some United States port infrastructure. US
President George W Bush killed the UAE deal when word got out
through the press, a decision that may have impacted Check Point's chances
of purchasing Sourcefire.
Many privately say it was this political situation that made US federal regulatory approval of the purchase by the Israel-based Check Point politically impossible. They simply couldn't say no to the Arabs and yes to the Israelis.
Eventually, US regulators scuttled the deal.
"I think it was the circumstances that were a little bit complicated. There
was a political issue, especially with the deal with the UAE that was on the
table," Shwed says. "There were multiple factors -- one of them was the
political situation at the time, but the big one was the fact that the US
government wants to make sure that certain technology that they're using
heavily won't be under any kind of foreign ownership."
Sourcefire makes arguably the best network-based intrusion detection system that's ever existed, and it's used on some very sensitive networks by the US Government. Handing control of the company that develops and maintains that software to foreign interests seemed a little too much for the feds. "I think Sourcefire is a great company I think they had good things and I think I would be happy tohave them as a part of Check Point. But I don't think that there are no alternatives to that technology," Shwed says.
Check Point will either form an OEM relationship with Sourcefire, or simply
buy another company that owns a similar technology, he added. The roadmap
stays the same, he insists.
It was telling that yesterday in Bangkok, at Check Point's annual regional
customer and partner event, Shwed delivered his keynote speech, outlining
his vision of his company as a pure-play security vendor that will provide a
"security architecture" and an "independent security layer", not a mish-mash
of loosely related technologies.
The elephant in the corner, of course, was Sourcefire. The
doomed acquisition bid was not mentioned once.
After his speech, ZDNet Australia asked Shwed about growth in other
areas, like the endpoint security software the company acquired when it
purchased Zone Labs. "Well I do hope that five years from now we will see a
much, much higher growth in the number of endpoint agents we sell," he says.
"I don't think it's growing as fast as it should grow, let's put it this
Consumers still love Zone Alarm, he says, but manageability concerns mean
that the adoption of endpoint security software has been slow. He's
confident, however, that it will pick up, and with Australia's AusCERT
Computer Crime and Security survey showing enterprise desktops are now an
attractive target, it's hard not to see his point.
Still, with 70 percent of Check Point's sales based on one product, its
challenge now, as the self-proclaimed "last man standing" security vendor,
is to grow through the right acquisitions. It must go big, or risk becoming
the target of takeover itself.
Both the Zone Labs and Sourcefire acquisitions were great plays. Now the
latter has been sunk, the challenge for Shwed, a truly technical CEO, will
be finding the right technology to make his vision of Check Point a reality.
Patrick Gray travelled to Bangkok as a guest of Check Point.