Beyond the Firewall: Check Point's Next Move
Although he'll never say it like this, Gil Shwed's body language and demeanor speak louder than words: "Critics be damned."
No matter which way you cut it, his company, Check Point Software Technologies, is the No. 3 security player. If you're talking about perimeter security and firewalls, it falls behind Cisco Systems and Juniper Networks. If you're talking about pure-play security companies, it lags behind McAfee and Trend Micro in terms of gross revenue. And its primary rivals--Cisco, Symantec, Microsoft, Juniper--are multidimensional companies with security and nonsecurity products, something that analysts say better positions them to deal with changing market conditions and offer more holistic solutions to partners and customers. Also, Check Point is increasingly fending off attacks from smaller, more midmarket-focused companies, such as SonicWall and Fortinet.
"There's not a lot of innovation there, and we're all getting worried about it," says Bruce Tucker, president of Patriot Technologies, a Frederick, Md.-based Check Point VAR. "We're talking to other vendors, but we're trying to stay loyal to Check Point. We try to stay loyal to the vendors we started with."
None of this deters CEO Shwed. In fact, he promises a new era for Check Point: total data protection, something that definitely takes the company out of its firewall comfort zone.
Over the next three years, Check Point will build a portfolio that protects data from compromise wherever it resides--at rest, in use or in transit. The first step in this process is the $625 million bid for Pointsec Mobile Technologies, which provides critical encryption for mobile devices.
Data protection may be not only a wise move but a necessary one. In the early days of the Internet, Check Point's firewall revolutionized network security with its strong stateful packet-inspection engine and intuitive management console. The later, integrated firewall/VPN made a powerful combination.
Agile, innovative and revolutionary are words few people use to describe Check Point today. In fact, one security luminary said, "It's strange for us to be talking about Check Point as an also-ran."
A recent Infonetix market report placed Check Point behind Juniper in network security sales, making it third in the market. Similar reports show the sales and demand for software firewalls slowing, with integrated firewall and security appliances--those offered by Cisco, Juniper (NetScreen) and SonicWall--on the rise.
Check Point does enjoy a strong relationship with Nokia, which sells embedded Check Point software on its appliances.
"The overall perimeter-security market is growing. Check Point is maintaining a good share," says Greg Young, a research vice president at Gartner. "I don't see them in decline, but there's more competition now."
Shwed shrugs off the market numbers. What's important, he says, is Check Point's security focus and goals.
"They've diversified out of security, not focusing more on security. None of our competitors have survived," he says. The merger of Symantec and storage-software-management innovator Veritas Software, Juniper's acquisition of NetScreen Technologies and IBM's purchase of Internet Security Systems are examples of security companies cited by Shwed that lost their security focus. "If you look at the marketplace, there are fewer independent companies to compete with us."
NEXT: Why Juniper and Cisco think Check Point is vulnerable
That's not how Check Point's competitors see things. While they acknowledge that Check Point is a formidable foe, they believe the company's market and channel shares are vulnerable.
"They're a little worried as a one-trick pony that can be displaced by someone that's more strategic and can provide a full suite of products," says Frank Vitagliano, Juniper's vice president of worldwide channels and U.S. enterprise operations.
The greater challenge for Check Point is who's specifically buying its products. Security managers used to buy security products for their companies, but nowadays, more network managers are buying the security gear, too, and the percentage of security managers making purchasing decisions continues to slip, says Edison Peres, vice president of advanced and core technologies for worldwide channels at Cisco.
"They don't tend to buy the best appliance; the criterion is just that it has to work on their network," Peres says.
Shwed believes Check Point is diversified enough in its product lines, which are entirely focused on security. Reflecting on the past five years, he proudly says that Check Point offers more products today for different levels of customers--enterprise, midmarket, home office, consumer--than it ever has. And despite all of the nay-saying, Check Point is financially healthy and expected to top $600 million in sales for fiscal year 2006.
As for growing the company, Shwed predicts that Pointsec will account for up to 20 percent of Check Point's overall revenue in 2007. Pointsec's 2006 revenue was about $52.4 million--or roughly 9 percent of Check Point's 2005 gross.
Checking Data Protection
Check Point is betting that it can capitalize on the identity-theft plague with its data-protection strategy. Through Pointsec, Check Point gains technology for data-encryption management on a variety of devices--from PCs to smartphones.
Pointsec, Shwed says, will move Check Point beyond its perimeter-security roots and into an area with no major players. While data-leakage and identity-theft problems are well-known, data protection--as a technology and market--remains relatively undefined. Problems with managing keys, automating data classification and training users have hindered data-protection adoption. Nevertheless, Gartner estimated that desktop encryption alone will be a $300 million market in the next few years.
"It's a huge growth potential," Shwed says. "Pointsec doubled its revenue this year because of customer demand."
Pointsec is a good beginning, but Shwed acknowledges that more technology is needed to complete the entire data-protection portfolio. "Our goal is to protect data from going to the wrong place," he says.
Check Point needs a lot to pull off the data-protection strategy because it's more than just encryption. Automated data classification and content inspection are areas that few have successfully implemented with reasonable degrees of reliability. A document with a Social Security number is relatively easy to detect and block, but discerning sensitive financial documents or legal papers involves a much higher level of complexity.
At the very least, Check Point believes adding data protection to its quiver will give partners something more to sell.
"We need to make sure we have more offerings than the market is demanding," says Amnon Bar-Lev, Check Point's vice president of field operations and technical services. "When there's growth, there's growth for everybody."
NEXT: Revitalizing channels
Paul Foley, a sales rep at TigerNet Systems, hasn't sold a Check Point product in nearly a year. Primarily servicing SMBs, the Stamford, Conn.-based VAR is finding great success in unified threat management--in devices with integrated firewalls, VPNs, antivirus, antispam and content filtering. TigerNet's UTM vendor of choice: Fortinet.
"Most of our clients don't want to get separate solutions for firewall, spam and filtering," Foley says. "Fortinet fits nicely into that solution in one appliance; it gives you what Check Point can give you, and more, at the same price point."
Many Check Point partners are frustrated with the lack of innovation and product offerings, poor sales and marketing support and difficulty of doing business, as reflected in last year's ARC scores. While the company's core network-security products play well on the enterprise level, solution providers hold in higher regard competing offerings by SonicWall, Secure Computing and Fortinet.
With data protection, Check Point will have to step up with training and support that engages and enables its partners to go to market with the new technology. And data protection could be a whole new ball game for both Check Point and its solution providers, because the people who purchase encryption may not be the same people who purchase network security.
"When you look at any hop in technology, you have to look at the execution plans--network-buying centers to host-based buying centers," Gartner's Young says. "They're different channels; you can't sell trucks to a car buyer. If they're going into any non-network-security market, they're going to have to change their channels or increase resources into feeding their existing ones."
The danger of slippage is real for Check Point. Solution providers are hooked on the rich license-renewal business, but the lack of new installs and diminishing growth potential has some looking for alternatives. "Renewals are the bulk of our business. That's not a problem, but it's a concern," Patriot Technologies' Tucker says. "If Check Point isn't going to have new and innovative solutions, we'll look for others."
Check Point sees a lot of upside to its data-protection strategy, and, with more than 95 percent of its revenue coming from the channel, it's promising renewed emphasis on partner enablement. Specifically, the company is promising improved support, marketing, partner profitability and ease of doing business.
"We're going to re-energize our channel," Bar-Lev says. "We're going to roll out the partner program to make sure we're focused on the overall marketing activities--to make sure we focus on the right channels and grow them."