Beyond the Firewall

It's ironic that Check Point Software Technologies, the pioneers of perimeter security, treated its staff to a screening of the new Harrison Ford flick Firewall, since both are having image problems.

The action-hero days are receding into the distance for Harrison Ford, who looks more like Calista Flockhart's grandfather than the swashbuckling Han Solo who wooed Princess Leia in Star Wars. Firewall is

just further evidence of a career in decline.

Oddly enough, many were saying the same thing about firewall technology not too long ago.

As the theory went, you build battlements around the network--the firewall--and everything on the inside is safe. But ports 25 (SMTP) and 80 (HTTP), as well as other pervasive holes, have rendered the firewall virtually useless. Some would argue that these heavy pieces of iron are little more than squelching mechanisms against Internet background noise.

The firewall's obsolescence is what prompted many security companies to diversify their approaches to network security with intrusion-detection and prevention technologies, endpoint-security mechanisms, content filtering, policy enforcement and self-defending networks. Even Check Point, whose claim to fame is being the first with a viable firewall, has transformed itself from a perimeter security company to a provider of "end-to-end protection."

But Check Point, like Ford, has a problem. For years, the vendor shunned the "security-vendor" label, arguing that its pioneering firewall and VPN technologies were part of the network infrastructure and should be classified as such.

And so, as Check Point pushed new revisions of its management console and scalable versions of its software, its competitors capitalized by introducing innovative technologies and educating their markets. Cisco Systems and NetScreen Technologies--acquired by Juniper Networks--eroded Check Point's perceived market and technology leadership. SonicWall, WatchGuard and Symantec eroded Check Point's position on the lower end of the market with functional, yet affordable, firewalls and "unified threat management" boxes.

But it's not as if Check Point has been asleep at the switch. CEO Gil Shwed and company have been busy over the past couple of years acquiring new technology and products. Two of the smartest acquisitions were Zone Labs, which gave Check Point its endpoint security, SSL VPNs and automated intrusion response. The vendor launched InterSpect, its first homegrown appliance, as an internal network choke point to throttle worms. And its acquisition of SourceFire, with its RNA technology, gave Check Point a powerful IPS tool.

But, like the washed-up Hollywood hunk, Check Point still runs the risk of becoming "the guy that used to be a leading man." And it knows that.

Check Point's marketing and channel teams say the vendor plans to start making noise and asserting its security leadership. You'll see its executives speaking out more too.

It's about time. While Symantec's John Thompson, Cisco's John Chambers, Microsoft's Bill Gates and Sun's Scott McNealy were headlining the annual RSA Conference in San Jose last month, Check Point barely registered on the list of security luminaries.

Check Point is a good company with solid, best-of-breed technology. It recognizes that it needs to put Shwed on the conference stump and go after rivals more aggressively. In all likelihood, Check Point will never disappear from the IT landscape, but it needs a PR victory. Let's just hope it's not too late for this pioneer--that Check Point and its partners won't have to settle for a movie like "Indiana Jones and the Geritol Raiders."

LAWRENCE M. WALSH ([email protected]) is the editor of VARBusiness and GovernmentVAR magazines. Listen to his podcast interviews at www.varbusiness.com/podcast.