In Information Age’s recent Global Technology Report, an analysis of the IT industry’s financial performance during 2009, one company stuck out for a remarkable feat of profitability. During the calendar year, Israeli security software vendor Check Point generated an average net income of over 50% of its revenues.
This was simply the continuation of one of the true success stories of the Israeli IT security sector. Check Point was founded in 1993 by Gil Shwed, a 23-year-old computer whizz who was exposed to the field of network security during his time in the Israeli Defence Force and who remains CEO to this day.
The company’s reputation was built on the success of its first product, a firewall named simply FireWall 1, which introduced the innovation of monitoring all IP packets coming into a network for signs of intrusion. The product is now used by every one of the Fortune 100 companies and has, the company claims, never been breached.
On the back of that success, Check Point has built or acquired a number of supplementary security products. It now boasts a product suite that ranges from virtual private networking to mobile encryption, and in early 2009 it launched a security platform that allows end-user organisations to manage and administrate the various component ‘enforcement’ tools, such as antivirus or email filtering, from a single console.
This ‘Software Blade’ architecture allows organisations to push security policies out to all of their defence mechanisms simultaneously, according to Nick Lowe, Check Point’s head of Northern Europe, and has proved popular as a result.
“The main reason customers are deploying Software Blades is that it consolidates the security infrastructure into a single manageable entity,” he says. “That frees up resources that they would otherwise have to spend administrating their various security tools.”
The platform approach also helps organisations detect so-called ‘blended attacks’, which address a number of network entry points simultaneously (an example might be a phishing email that links to a website that automatically downloads a virus), by correlating the various detection tools to form a complete picture of an attack. But with technological threats and the criminal culture that exploits them constantly evolving, no security suite is ever complete.
According to Lowe, Check Point is currently developing systems that address the emerging security issues associated with cloud computing and virtualisation.
To address the latter, he says, the company has partnered with VMware to develop security tools that can inspect the transfer of data between applications on the same virtual machine, a blind spot for traditional security systems.
As for cloud computing, Lowe argues that this calls for an approach to security that pays greater heed to user behaviour. Companies will of course expect some security functions, such as authentication, to be handled by their cloud computing providers, he says, but those providers cannot monitor how users move and share data between cloud-based systems, and nor can businesses abdicate their responsibility to protect data security.
“You will soon begin to see security policies having an added element that governs the behavioural usage of data,” he says. “I envisage an environment in which a user will be prompted in real time if they are about to email or copy something that looks like sensitive information.” Policing this behaviour, he adds, necessitates a blended approach to security monitoring.
As an independent security vendor, Check Point’s ability to capitalise on these trends rests above all on how effectively its tools address them. Certainly, with a profit margin of over 50% on top of revenues approaching $1 billion, it has the resources it needs to buy or to build the necessary technology.
But the cost to customers is the relatively high price of its products. Lowe says that Check Point’s competitors would most likely point to the cost of its products as a means of differentiation, although he argues that its prices are competitive once the long-term cost of owning a product is considered.
“Some of our competitors have sought to produce something half as good for half the price,” he says. “I would argue that when it comes to security, you don’t want something half as good.” He denies that Check Point’s high profit margin suggests its products are overpriced. Instead, he insists that the company is “very well run financially. We don’t make silly decisions about how we spend money”.
However, he does say that the company is “recognised for quality, for strong features, for innovation and for technology leadership. I would say there is a premium associated with those.”