Dear Gil:

This letter is meant to be a wake up call. While it points to many missed opportunities and wrong turns that I believe Check Point Software has made I hope you will understand that it is a call to action rather than a criticism of past blunders.

I have been perplexed by Check Point’s actions, or rather lack of actions, for the last seven years. Do you not see that there are opportunities in network security that surpass the existing size of the market? Do you not understand that your current customers are less well protected from outside threats than they were when they first became your customers? Do you not see the warning signs when you lose your major accounts to competitors? Do you not watch the network security start up activity in Silicon Valley? Have you not noticed that Cisco is pulling off a marketing coup with its mis-begotten Network Admission Control scheme?

What do you think? Discuss Stiennon's open letter.

By way of reminder I should recount my connection to Check Point. When you were first trying to get a foot hold in the United States with your revolutionary stateful inspection Firewall-1 product I was director of business development for a reseller in Detroit. I sold the first enterprise firewalls to much of the automotive industry. I also introduced your co-founder, Shlomo Kramer, to Bob Moskowitz who was both heading the Automotive Industry Action Group’s (AIAG) effort to standardize VPN technologies on IPSec and coordinating the IETF’s IPSec efforts. You may recall that Check Point had settled on S-WAN for encrypted communications until that introduction. I accompanied two of your young engineers to MCI’s lab in Plano, Texas, later that year for the first ever IPSec interoperability bake-off hosted by the AIAG and the IETF.

Several years later found me the analyst at Gartner responsible for creating the Firewall Magic Quadrant. Remember when I took all of the firewall vendors out of the leader’s quadrant for lack of vision? That was the time frame that NetScreen managed to carve out a huge segment of the firewall industry through innovation in technology, business model and marketing. How was it possible for a new firewall vendor to enter your space so late and establish a market valuation of $4 billion by the time they sold to Juniper Networks?

Your recent failed attempt to acquire an entity that is commercializing SNORT, the freeware Intrusion Detection System(IDS), was the final sign I needed that you do not understand the network security market, the gaping holes in defenses yet to be filled, the rising tide of cybercrime, or the big picture. This is not a time to copy RSA, IBM, Symantec and McAfee by acquiring multiple pieces of the security pie and hope to meet Wall Street’s appetite for improved numbers quarter over quarter. This is a time to dominate the network security space and leverage that dominance in the network; not the desktop, not the data, not physical security, not the server, not the data center- the network.

Here is my unsolicited advice. To be heeded only if you have the goal of dramatically increasing Check Point’s presence within the enterprise, doubling revenue in less than five years, and opening market opportunities measurable in the billions of dollars.

First and foremost, the operations and corporate administration of CheckPoint Software must move to the United States. That may be tough to swallow but the location of a corporate headquarters location is not a lifestyle decision, it is a business decision. Strategy and operations must be guided from this headquarters. While your current office location in Northern California is ideal the ultimate location of your headquarters could be influenced by acting on my next piece of advice.

Check Point firewalls must be hardware appliances. The current model of giving away half the revenue of a firewall sale and most of the support revenue has been demonstrated to be a market share loser. Yes, you enjoy enviable margins as a software-only company but it has been at the expense of giving up market share. It may not be too late to develop your own hardware platform but I would advise that this market cannot wait. Check Point should acquire an existing platform that is already successful in supporting FW-1, your flag ship product. Check Point must own the platform in order to execute on the rest of my advice.

After investing the capital in a hardware acquisition there is work to be done. You have to maintain your existing channel while you cut prices, increase partner margins, and introduce new product configurations and support. There are four segments in the network security arena: enterprise gateway, enterprise core, SME and carriers. Across all of these segments your products need a major overhaul. They must be capable of processing entire packets and even sessions at speeds that exceed what your current products do with just packet headers. You will have to OEM your technology to other manufacturers in a tactical move to curtail the number of companies eroding your share in the small office/home office.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports