Check Point’s CEO tackles security issues

Check Point CEO Gil Shwed talks sliding stock prices, product testing and more.

Check Point Software  needs this quarter to be its biggest in years for revenue if it hopes to match last year’s revenue figure of $528 million. The company also is in the midst of a slide in its stock prices from a high of about $50 per share to a low of $10.37. This, despite claims by potential customers of the firewall/VPN vendor that security has higher priority now more than ever. The company also reported results of a test it commissioned that found that its gear – surprise – outperformed similarly priced gear from competitors Cisco and NetScreen Technologies. Check Point Chairman and CEO Gil Shwed recently discussed these developments and others with Network World Senior Editor Tim Greene.

Our readers say that even though their budgets are cut, security is a heightened priority. What does that do to your revenue?

Many people renew licenses, and that is a very good source of revenue. Many people extend existing infrastructure and buy a little bit more. That’s another part. We do see a number of large projects. Actually, the surprising part is we see today more large projects than we saw before. The negative news is that people are very, very cautious on spending. In the past, these large projects were closing in three to six months. Today, it can be six to 18 months to close because they are very, very cautious about their spending.

Are these large projects by virtue of shifts from another vendor or technology, or are these new companies?

It’s existing companies, a company that has 100 firewalls built over five years by 10 different departments, and they now want to buy infrastructure to manage it consistently to really streamline the security policy. Most of it is reorganizing and buying management infrastructure. The other projects are replacement of frame relay links about usage of broadband to [access] the Internet instead of legacy networks. There we see projects that range from connecting five sites to connecting 18,000 offices in an extranet.

What are your thoughts on Check Point and appliances? Will there be Check Point-manufactured appliances?

I think that we dominate the appliance arena with partnerships. Nokia is by far our most successful partner – our premiere partner. Appliances gained reputation over the past few years of devices that are easy to maintain and which provide high performance. Appliances moved from being 10% of the market to around 50% of the market. Appliances are pieces of hardware running software. An open server running software is also doing the same kind of job and in most cases they use similar architectures.

I was actually thinking of appliances built by Check Point rather than obtained via partners.

I think what we’ve been doing in a better way is work with partners. We created better appliances basically because the appliance partners we have are doing a very good job in an open market. Sometimes it’s easy for us to say ‘We have everything, just get it from us,’ but in the end it’s not the right thing for the customer. I see situations today where one appliance vendor will have a $3,000 solution and another will have an $800 solution. It’s not clear what’s the right choice for the customer. The $800 one may not give the customer everything they need, and the $3,000 may be too expensive or too complicated. The fact that we have internal competition drives us forward in a very big way.

These open server platform vendors seem to introduce different security applications to them. What is your road map for adding different types of security to your current software?

We work with partners, so we don’t necessarily plan to offer it on our own. You can take an Intel-based platform or a Sun-based platform and run on it multiple pieces of software that integrate very nicely. Some customers say religiously they want different intrusion detection running on a different device than the firewall, and some customers would say the other way around. We see all kinds of combinations running around.

So you’re pretty much going to stick with the partners and not go with adding more to your own line?

Well, we add more to our own line all the time, but we try to make this more in terms of breaking new ground rather than competing with existing vendors. Not that we necessarily won’t compete with any existing products or category in the marketplace, but I think there is plenty for us to do without trying to imitate or compete with other people.

What new ground are you talking about?

One example is something we did with SmartDefense, which is redefining what the firewall does for you and making the firewall a much smarter platform. Another is scaling the ability to manage various systems. For example, we’ve developed in one of the most advanced parts of the products that we have is the ability to collect and manage very large amounts of log information. This capability is not only important in our product, but the fact that we can use that to collect data from other systems is [also] new ground because it talks about technologies for event correlation. You’ll be able to see for a certain user this is where they crossed the firewall, this is where they accessed the Web site, this is how they accessed the application. You can consolidate all that information and not just see it as five different entries that are logged and separated in five different systems.

Do any of these possible new areas involve Check Point having to make acquisitions?

The chances of us making a major acquisition are not very high, but if we find the right technologies or the right companies in those areas, we won’t hesitate.

Recently you choose NetScreen and Cisco to test your products against. Why those two?

Cisco is a large competitor, and it’s a very serious company that obviously we can’t ignore. NetScreen is a very loud company that tries to send a lot of messages to the marketplace and make a lot of noise, and we wanted to address the issue that they raise.

Do you regard these two your main competitors by virtue of their merits or their noise?

Cisco is a large company that has been in our marketplace for a long time and from these two facts they are expected to be strategic competitors on every networking deal. NetScreen belongs to a group of many, many challengers that we have seen over the years. Secure Computing was one of the first security companies to go public and establish ground as a leader. Then Raptor came by and took an entire world with NT firewalls and they also faded away. Two years ago. we had a group of 15 VPN start-ups from Xedia to RadGuard which completely faded away. From that generation of companies, NetScreen is the only survivor so far.