Check Point Shifts Strategy

Q&A: CEO Gil Shwed drives Check Point Software Technologies beyond the perimeter to internal security.

Few vendors in the security industry are better known or have more widely deployed products than Check Point Software Technologies Ltd. The Redwood City, Calif., company helped popularize the notion of a network firewall, and 11 years after its founding, 100 percent of the Fortune 500 uses some product from Check Point. Gil Shwed, the companys founder and CEO, however, has often been content to live in the shadow of his company and the stateful inspection technology he invented.

eWEEK Senior Editor Dennis Fisher caught up with Shwed recently to discuss Check Points recent move into internal and endpoint security, potential acquisitions and the future of the firewall market.

Check Point has always been known for its strength in perimeter security, but thats changed recently. Youve been getting into internal and Web security. Why the shift in strategy?

Over the last six months, theres been a big expansion, maybe a revolution in our strategy. Basically, what weve seen is that to get high-level protection, you have to extend beyond the traditional perimeter to the gateway and the endpoint.

So far, its been a great success. Its only been a short time, but so far the acceptance has been very good from customers. Over the next year, we have to continue to expand the strategy and the education process.

Are there more new products on the horizon to fill out the strategy?

We will come up with some new products, but the main thing is making a big impact in all of the areas that were in now. We have new versions and big extensions in all of the product areas. We see more projects on large-scale VPNs taking place. We have nice traction there but have seen a lot of acceleration lately.

The SSL [Secure Sockets Layer] VPN market has taken off recently, as well. Do you think that will eventually rival IPSec [IP Security] VPNs?

SSL is making it interesting. I see the need for both. If youre talking about heavy use, IPSec is still the better solution. Its more robust. Once you understand, its not enough just to get the encrypted link, its really less relevant what the underlying protocol is.

/zimages/5/28571.gifClick here to read eWEEK Labs review of four SSL VPNs.

To what do you attribute the increase in VPN deployments weve seen of late?

The extension of broadband is driving that. IPSec provides the fastest, most reliable communication. But 80 to 90 percent of it is still done on leased lines, which are slower and more expensive. Its also a maturity thing. The commercial Internet is 10 or 11 years old now. Companies see that, instead of paying a thousand dollars, they can get a much cheaper line for $50.

I know that endpoint security is a big part of your strategy, and its also a big focus for Microsoft [Corp.] and Cisco [Systems Inc.] right now. How do you anticipate those plans shaking out?

Theres a big difference between providing a good solution and marketing. Much of it is marketing, especially on the Cisco side. The real challenge, especially for the enterprise, is overall security architecture and not implementing 50 point products. Cisco is a good example. They have many security products. Some are reasonable, some are not so good. Its typical of Cisco.

Is there still enough demand for a traditional network firewall with all of the specialized firewalls out there?

The firewall itself has become a much more complete tool. It does Web security, application security, centralized management. It has a very strong foundation. If you take a product at the level of five or six years ago, youd need six to 12 other products to build whats in a Check Point firewall today. Take a Cisco PIX. You have to include five or six other products to get to what we have in Firewall-1 NG.

Theres been a lot of consolidation in the security industry in the last year or 18 months. Do you think that will continue, and will Check Point look at more acquisitions?

There is room for more acquisitions at Check Point. The big challenge is for the company to keep building a consistent architecture and not just a portfolio of products. Its a little harder to do in hardware. We will see more consolidation. At Check Point, there may be some bigger steps like the Zone Labs [LLC] deal but not many. Just taking a lot of products and putting them next to each other doesnt work.

/zimages/5/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our Security news feed to your RSS newsreader or My Yahoo page