<I>CRN</I> Interview: Jerry Ungerman, Check Point Software Technologies


Check Point Software Technologies aims to expand from its traditional enterprise market to the SMB space, with help from channel partners. In an interview with CRN West Coast Bureau Chief Marcia Savage, Check Point President Jerry Ungerman outlined the firewall/VPN vendor's business strategy and message that it will deliver to solution providers at its Check Point Experience technical and partner forum next week.

CRN: Check Point's U.S. headquarters is in Redwood City, Calif., but the company is based in Israel. Is the conflict in Israel affecting Check Point's operations?


Jerry Ungerman, Check Point Software Technologies President

UNGERMAN: Not at all. It's not around there. Israel is a small country, but [in some ways a big country. [The conflict is on the West Bank and the Gaza Strip, not in the industrial part around Tel Aviv.

CRN: Check Point Experience starts April 23. What message can partners expect to hear there?

UNGERMAN: I'm going to talk about the opportunities we have. Knowledge transfer is always our biggest issue. Being 100 percent indirect, how do we get the information from our core product people to our 2,400 channel partners around the world? Sometimes I find people who say they've been partners for five years, so they know Check Point. But they just hired three new salespeople or two new engineers. They might have some expertise or a long-standing relationship [with us, but they have new people. We want to talk about the opportunities--all the new market segments we're moving into and all the new technology we're bringing out--to show them how we've evolved from what many [saw us as five years ago, as a firewall company, to what we're doing today.

CRN: What is Check Point's strategy for doing that?

UNGERMAN: Our overall vision is 'Check Point everywhere.' We really think security will be necessary for every corporation, to be run at the gateway, the clients and the servers; to be run in a wired and wireless world; and to allow people to connect in their office and anywhere in the world. It's about connecting anytime, anyplace and accessing the information they need to do their job, which is why we're moving into the home.

While we were focused on the enterprise for our formative years, it's gone far beyond that now. Now it's about connecting all the satellite offices and remote employees and connecting their partners, customers and suppliers, which gets us into small businesses. Large corporations have accounting firms, legal firms and insurance companies that they deal with that are very small. If they're going to connect over the Internet, they're going to want them to be as secure as if they were part of the corporation. There are millions of small businesses around the world: small offices and home offices with one or five employees who can use the same level of security that our bigger customers can.

CRN: How will Check Point drive its SMB efforts?

UNGERMAN: We think the service providers, ISPs and telcos we do business with are our natural channel to SMBs. They sell them connectivity. Whether it was actually the telco or the resellers that they go through, they're a natural extension to sell a value-added security solution. But there are also traditional value-added solution providers, which is one of the reasons we have a relationship with [distributor Tech Data. It has a large portfolio of small and medium resellers.

CRN: Does Check Point plan any new channel programs or training for the products targeted at the SMB market?

UNGERMAN: We increased the staff that works with our distribution partners to make sure they're putting out programs, training sessions and seminars for all the resellers to bring them up to speed on these solutions.

CRN: Players like SonicWall and NetScreen are already in the SMB space. How does Check Point plan to compete with them?

UNGERMAN: It's a big market. There are very low penetration rates of security technology in the SMB marketplace, so even though there are some [competitors who are already there, we think there's a natural move for us into that market. We're going to have to do a lot of work; it's not just going to be given to us. We're going to have to do marketing campaigns and seminars with our resellers. We're always doing co-marketing. There is some pull, but we're going to also have to create demand and market awareness of Check Point.

CRN: How does SofaWare fit into Check Point's operations?

UNGERMAN: It's a Check Point affiliate. We invested in it at the very early stages, to seed funding to develop them. We licensed our Stateful Inspection technology to them so they could downsize it to fit into cable modems, DSL modems and the new S-box that we brought to market. We're the exclusive distribution arm and sales channel for all of the SofaWare technology. It's Check Point technology, but it's built by SofaWare.

CRN: One published report questioned whether Check Point created SofaWare to offload R and D costs.

UNGERMAN: Enron threw everything into question. There are only 10 or 12 employees there [at SofaWare. It's very small. We said we expense everything. It was in our 20-F [statement. It was very clear in there how it works. There was no hiding.

CRN: Check Point has a partnership with Nokia. Is Nokia already working with the SofaWare technology?

UNGERMAN: Many of our partners are going to OEM the SofaWare technology and bring it to market. When we first announced it, we said that we were doing both the hardware and the software. But our intent going forward is to only do the software and have other hardware partners step into that role and either OEM the S-box as it's currently manufactured or to manufacture their own. Two companies we've announced so far are Intrusion and Celestix. I believe Nokia will announce it in the near future.

CRN: Solution providers and industry analysts give conflicting reports about the security market. They say some people are buying security technology while others are interested but not buying. What does Check Point see?

UNGERMAN: [Return on investment is hard to prove with security. It's easy to prove with VPNs. The No. 1 [customer issue for the last four years has been security. But what's happening right now, because of the economy, is that people are buying less than what they need.

Most of the resellers I talk to say they're very busy. In fact, most are very enthusiastic about what's going on [with security demand. They're very pleased with the level of activity. Yes, they'd like to be closing more. The sales cycle has been elongated a bit. The deals are getting smaller, and instead getting the entire [project they're getting a piece at a time. That's a little frustrating. We saw the economy improving, but I think IT spending is lagging behind that. We're finding that customers are very cautious right now. That's why we see a high level of activity but not a lot of real business right now--not as high as some people expected.

CRN: You said ROI is easy with VPNs. Can you elaborate?

UNGERMAN: It's very quantifiable. The alternatives are dedicated lines, frame relays and T1s. Most projects we've worked on typically have 85 percent cost savings associated with VPN technology vs. a dedicated line. There's very significant, very compelling ROI associated with VPNs.

CRN: How big of a role will wireless play in Check Point's business?

UNGERMAN: Long term, very big. It's still a few years out, but every one of our partners dealing with corporate customers in the wired world is going to do the same thing with wireless. Instead of carrying PCs around that we have to connect into a wall and dial up, we're going to be carrying some kind of handheld device. It's a big opportunity for resellers. We have wireless LANs out there today. We announced our technology before wireless LANs emerged. Today, 802.11b is one of the big concerns. We announced our secure client technology a couple of years ago. Every one of our partners can go back to their customers and say, 'Hey, you must be putting in wireless LANs. There are benefits to it. You need to put in a Check Point secure client.'

CRN: What is Check Point's focus in its R and D efforts?

UNGERMAN: We have the largest R and D team in the world for building security technology. The core fundamentals we're always looking at are scalability, manageability, performance and ease of use. Outside those four philosophies, we're creating new technology all the time. I think the definition of a firewall has changed and will continue to change as we put more technology into them. It's the same for the VPN. It think it will look different three years from today because we put a in lot of new, emerging technology to better secure networks. We're always pushing the edge of the envelope from a security standpoint.

CRN: What are some of the key challenges for Check Point?

UNGERMAN: The biggest one is knowledge transfer. The company has changed so much. We have over 2,400 partners now in our partner program. But we know that more than half of our revenue comes from solution providers not in our partner program. So there are thousands of them that are going through distribution and selling our solutions who don't have a direct relationship with us. They're not in our partner program, so they're not on our mailing list. They're not getting our updates and information. So that's the challenge: How do we keep everyone educated and updated on what we're doing, what our OPSEC [Open Platform for Security partners are doing and the number of platforms we deploy on? We are a software-based company, and everyone says the market is moving to hardware-based solutions. But we now embed our technology with 18 different hardware companies.

CRN: OPSEC seems like it will be a big factor in Check Point's future.

UNGERMAN: All the choices we provide, we've always thought that was extremely important. We'll continue to strongly support OPSEC, both from a complementary security technology standpoint as well as the standpoint of which platforms we deploy our product on.

There are a couple companies out there pushing [a security suite because they keep acquiring other technologies. If you had a single security suite, you'd have about 20 different technologies. These companies have four or five of them. So they're not selling a single security suite, but four or five of the ones you need, which means you have to have to get the other 16 someplace else. There is no single security suite out there. Check Point, with its OPSEC alliance, is the only one out there that is a true, single security suite. You can get everything certified so that it interoperates seamlessly in the Check Point framework, and from one partner. Everyone talks about the single point of contact. The single point of contact is not the manufacturer; it's the reseller. That's who the customer looks to. He goes to his reseller, who says, 'I'll bring you content filtering, antivirus, firewall and authentication.' That's where we think we have armed our resellers, providing them with a single security suite.

CRN: Where do you see security industry going?

UNGERMAN: It's only going to become more important. Security is a layer in and of itself. That's why it's much more than being in a router, a switch or a network. It has to be everywhere. It has to secure all the gateways, all the servers and all the clients, in both the wired and wireless world. Security is going to be pervasive as we continue to take advantage of the benefits and cost efficiencies of the Internet. Security is going to be required.

CRN: Check Point is looking to grow into the SMB space, but what about the enterprise space? is the company looking for new partners to expand there?

UNGERMAN: That's where a lot of the networking [channel guys fit in. They're in the enterprise space and understand they now need to add security expertise and technology to their product portfolio if they're going to be successful. We have a lot of partners who are happy with what they're doing. But there's a big market out there, and they're not expanding into it, which is why we're augmenting them where it makes sense. Where we already have a lot of penetration and success, we don't need new partners. But we have a lot of capacity to absorb new partners on a global basis.

CRN: What do you think about Microsoft's new emphasis on security?

UNGERMAN: It's about securing their products, not about security as a product. It's about making their products more secure and less vulnerable. They're trying to make [Windows XP and Office more secure. They haven't talked about coming into the security marketplace yet. I think that's a full-time effort for them to figure out how to secure their products as opposed to starting to sell security products. There is a big difference between the two.

CRN: But Microsoft has said it's developing a new business unit that will look at security products.

UNGERMAN: Until they can make their own products secure, they're not going to be a viable player in the security marketplace.