Framing Check Point's Vision

The Israel-based security company, whose U.S. headquarters is in Redwood City, Calif., aims to make its firewall/VPN technology all-pervasive, securing everything from huge enterprises to small businesses, remote offices and homes as they connect to the Web, Ungerman said. "Security is going to be pervasive as we continue to take advantage of the benefits and cost efficiencies of the Internet. Security is going to be required," he said.

Ungerman and other Check Point executives plan to convey that vision this week at Check Point Experience, the vendor's annual technical conference and partner forum. Check Point expects approximately 1,000 attendees,more than half of them solution providers,at the Anaheim, Calif., event.

"We want to talk about the opportunities,the new market segments we're moving into and all the new technology we're bringing out,to show them how we've evolved," Ungerman said.

For example, Check Point plans to unveil technology designed to help companies repel the hybrid types of attacks that emerged last year, such as Nimda. The technology, slated to ship in the third quarter, detects attacks by monitoring network traffic patterns and will be integrated with Check Point's FireWall-1 software.

Check Point's goal of becoming a ubiquitous security brand marks an evolution in its market strategy. The company traditionally has targeted the enterprise space but now is angling to tackle the SMB and consumer markets with scaled-down products. The vendor also is targeting the wireless arena and has reshaped some of its enterprise products to fit different needs for that market.

Check Point dominates the enterprise firewall/VPN software arena with roughly a 60 percent market share, compared with single-digit shares for Microsoft, Computer Associates International, Novell, Symantec and IBM, according to the most recent estimates from research firm IDC. With a 100 percent indirect sales model, Check Point has nearly 2,500 solution provider partners worldwide and is recruiting new channel partners as it reaches out to new markets, Ungerman said.

Solution providers welcome Check Point's latest efforts, particularly its move to serve SMBs, which the vendor defines as businesses with 1,000 employees or less. Yet some wonder if that strategy might tarnish the strong reputation of Check Point's enterprise technology.

"With some of the changes they've made, it's helped us take solutions to SMBs. It's made a big difference," said Roger Blohm, director of operations at Satel, a Salt Lake City-based security firm. Before Check Point released a small-office version of its flagship software, its products were too expensive for SMBs, forcing Satel to find alternatives, he said.

Pricing for the next-generation version of Check Point's VPN-1/FireWall-1 Small Office software, which supports up to 50 users, starts at $400, according to the company. Check Point partners offer appliances with the software pre-installed; prices for the devices start at $975. Prices for the vendor's enterprise VPN-1 Pro solution range from $3,500 for 25 nodes to $11,000 for up to 250 nodes and $20,000 for an unlimited number of nodes.

Check Point's small-office software and S-box appliance, from its SofaWare subsidiary, provide a "soup-to-nuts" security solution, said Robert Cohen, president and CEO of CGAtlantic, a New York-based systems integrator. The products enable his firm to target SMBs and revisit enterprise customers with security offerings for their remote offices, branches and home PCs, he said.

"It allows us to go to accounts and potential accounts that are familiar with Check Point and say, 'Keep it all in the family,' " Cohen said, adding that Check Point's brand also carries much weight. "There's a warm and fuzzy feeling that when you're secured by Check Point your requirements are being tended to in a professional way."

The SofaWare Safe@Home Pro and Safe@Office products, released in January, are offered on the S-box through service providers (as a managed service) and VARs. Pricing for the device starts at $399.

Still, some solution providers question whether Check Point's SMB initiative,where SonicWall, NetScreen and WatchGuard present heavy competition,could dilute its brand in the enterprise.

"It's like an identity crisis for them. Do they want to be the Mercedes or the Honda?" said Rich Forsen, president of ForSense Solutions, Herndon, Va.

"If [Check Point is going to play in both markets, it would adversely affect the reputation of their enterprise product because people are going to realize they can get more for less. Long term, it's going to hurt where their bread and butter is," said Forsen, whose firm partners with SonicWall.

Gary Fish, president and CEO of FishNet Security, a Kansas City, Mo.-based solution provider, said Check Point's SMB efforts will succeed but noted that the vendor may be walking a tightrope with its enterprise image. "They need to be careful that they maintain a high-end corporate image as they roll out the SofaWare [products," Fish said.

However, Ungerman said that Check Point will only enhance its brand by entering new markets and he's confident that the company will succeed in the competitive SMB space.

"It's a big market. There are very low penetration rates of security technology in the SMB marketplace," he said. "Even though there are some [competitors who are already there, we think there's a natural move for us into that market."

As long as Check Point finds the right partners, it can succeed in the SMB market, said IDC analyst Charles Kolodgy. "It's much easier to go downstream than upstream," he said.

The SMB push will require Check Point to attract new partners, Ungerman said. "We have a lot of partners who are happy with what they're doing. There's a big market out there, and they're not expanding into it, which is why we're augmenting them where it makes sense," he said.

Service providers are a natural channel for reaching SMBs, as are traditional VARs, Ungerman said. To help drive VAR partnerships, Check Point formed an alliance with distributor Tech Data last fall. It already has an alliance with Ingram Micro.

And to fortify its enterprise strength, Check Point aims to tap another new channel: networking VARs. "They understand the need to add security technology to their product portfolio if they're going to be successful in the enterprise," Ungerman said. Check Point recently released VPN-1 Net, a dedicated VPN product that should be attractive to networking VARs, he added.

Wireless also will play an increasing role as Check Point expands its product offerings and partner ranks. The company recently extended its VPN-1 SecureClient to Windows-based handhelds and plans to roll out more wireless security technology this year, according to Ungerman.

"It is still a few years out, but every one of our partners who is dealing with corporate customers in the wired world are going to be doing the same thing in wireless," he said.

But as Check Point rolls out new technology, it needs to do a better job of communicating with partners, said one solution provider who requested anonymity. "Check Point does an awful job of communicating down the ranks,what their intentions are, what their product lines are," he said. "They could do a lot better in that respect."

Ungerman acknowledged that "knowledge transfer" to partners looms as a big challenge for Check Point as it evolves. One hurdle in channel communication is that more than half of Check Point's revenue comes from solution providers that go through distribution or Check Point vendor partners and are not in its partner program, so they aren't on the company's mailing lists, he said.

Another challenge is the sluggish economy, which has checked Check Point's phenomenal growth. The company posted revenue of $527.6 million last year, up from $425.3 million in 2000 and $219.6 million in 1999.

This week, Check Point is scheduled to report results for its fiscal 2002 first quarter. In early April, it warned that slow IT spending likely will reduce first-quarter revenue to around $105 million, down 15 percent from its previous forecast and nearly 28 percent from first-quarter 2001 sales of $145 million.

Check Point also was accused of abusing its market position in a complaint lodged last year with the European Commission by Stonesoft, a Helsinki, Finland-based security vendor. The commission closed its investigation and Stonesoft dropped its complaint earlier this month, after Check Point agreed not to engage in exclusionary supply practices with its distributors.

Some industry observers also question if Check Point can maintain its leadership in the mushrooming security market. "If they're going to continue to be

the dominant force, they need to be the creative innovators of the next security solution. They have yet to demonstrate how they'll lead to the next direction," said Ed McPherson, director of the technology security practice at PricewaterhouseCoopers. The convergence of firewall, antivirus, intrusion detection and other technologies will steer the future of the IT security space, he said.

But Ungerman said that Check Point,with the largest R and D team for security technology,is "always pushing the edge of the envelope." And key to the vendor's future, he noted, is its Open Platform for Security (OPSEC), which certifies interoperability between Check Point products and those of more than 300 vendor partners. Customers look to VARs to fulfill all their security needs, and OPSEC gives Check Point partners the only "true, single security suite," Ungerman said.

Satel's Blohm describes OPSEC as "very valuable" when it comes to integrating technologies. "You know they're going to work together because they passed OPSEC," he said.

And while the success of Check Point's SMB effort remains to be seen, even some competitors said the company's enterprise presence alone will make it a formidable rival going forward.

"Check Point is a world-class firewall," said Patrick Sweeney, senior director of marketing at SonicWall, Sunnyvale, Calif. "We're not going to go in and knock that big boy off the [enterprise fence anytime soon."