Check Point Software Technologies Ltd. is an industry leader that helped make firewalls standard-issue software for IT departments. Check Point plans to take its software beyond the firewall to help secure wireless applications and business-to-business e-commerce. Executive Vice President Jerry Ungerman, talking with InfoWorld Editor in Chief Michael Vizard, explains how Check Point will evolve beyond intranets in the next few months.
InfoWorld: What in your mind differentiates Check Point Software in the security space?
Ungerman: Instead of treating a VPN [virtual private network] as just a networking access device for site-to-site VPNs, we integrated our security technology into our VPN technology to create what ultimately became our architecture. Our secure virtual-network architecture brings home the importance of providing an end-to-end, enterprise-wide security infrastructure that focuses on securing networks, applications, systems, and users.
InfoWorld: What makes your VPN approach different?
Ungerman: We integrated the firewall and the VPN into one product. Now [customers] have only one management station from which they manage the entire security policies and rules that relate to the VPN and the firewall. So the tight integration of the two-into-one product is what has distinguished us. This approach is hugely cost-effective for site-to-site access, for remote access, and for protecting the internal network, as opposed to such things as frame relay or private lines. Everybody is moving to it for cost reasons. A lot of people still put in standard VPN solutions that provide only encryption from site to site. Yet eventually most people rip them out. Six months, nine months down the road, they find this is impossible to operate. They can't manage the VPN independently -- it's too cumbersome. They're punching holes in our firewalls, and it's not providing a [proper] level of security.
InfoWorld: After that happens, what comes next?
Ungerman: Our long-term strategy is that we are now going to take our Check Point technology everywhere. What we mean by everywhere is that we run on all major operating systems: Unix, Windows NT, and Linux. We also have a long-standing relationship with Nokia. They make our high-end VPN appliance. Now we've added a number of other appliance-hardware manufacturers that will make Linux-based security appliances. You'll see Check Point technology deployed not only on all the servers, but now on a lot of the major appliance manufacturers' products, which is the fastest-growing platform for security today. Beyond that, we're going to move into the small-to mid-sized business market and the consumer space. We're going to start deploying on broadband devices, both cable modem and DSL modem. We also made a major announcement to take our security technology to the network level as an application layer. And we'll be making announcements early in 2001 about wireless initiatives.
InfoWorld: How would that differ from what, say, Cisco is trying to do?
Ungerman: Their definition of everywhere is only in the router. And it deals only with the network. It doesn't deal with application systems users. If any company has any other networking equipment from any other company, that will be unsecured unless they put in a different security architecture, because Cisco is going to secure only its own routers. I would have said the router is the wrong place to deploy security in the first place. We're integrated in the networking equipment, in the appliances, in the servers, in the devices. Cisco's being a closed proprietary environment doesn't allow that; it doesn't deal with it.
InfoWorld: What role are service providers playing in security?
Ungerman: Managed service providers are our fastest-growing channel today. All the big telcos, the major ISPs, the ASPs [application service providers], and the Web-hosting companies are offering some flavor of a managed security service. So that's going to be the avenue and the channel to take this technology into the small-to mid-sized business, small office, home office, and consumer market. You're going to need cable operators and the telcos to manage the security offering because I don't think an individual consumer or a small business will be able to do that. Check Point is the easiest, most open product with the best management capability in the marketplace. But if you don't have anybody who understands security, then you turn to a managed service provider to do that for you.
InfoWorld: What types of security threats are the most lethal?
Ungerman: The thing that's driving our business today is [securing] intranets, with companies tying into remote sites, remote employees, and tying down the internal network. Studies show that 70 percent to 80 percent of all the malicious activities come from inside of the network. And the costs associated with that threat are significantly higher than an external threat. We have customers with in excess of 1,000 copies of our software installed because they deploy it deep into the enterprise to make sure there is true security.
InfoWorld: In the overall market, why do best-of-breed security applications seem to have won out over the suite approach that dominates other markets?
Ungerman: Basically people don't want to compromise on the quality, the robustness, the richness of getting the best firewall technology, VPN technology, intrusion detection, content filtering, and PKI [public key infrastructure]. They [aren't] going to compromise by going to one company and saying, "You've got the third best firewall and the second best intrusion detection," and be OK with that. In addition, we opened up our product and our software by making it a framework that has lot of APIs to all the other best-of-breed companies. We now have more than 270 companies ... that have joined our OPSec [Open Platform for Security] alliance.
InfoWorld: We've talked about intranets. What are the implications of securing extranets and business-to-business e-commerce?
Ungerman: We're at the very, very early stages. It's intranets today; it's going to be extranets tomorrow. It is going to be a major business opportunity for us. The issue is the management complexity of having untrusted networks tied into your own. We will bring out a new product in the first half of 2001 that will specifically address that challenge. We think it will be a very robust product offering that will help spur the reality of tying in partners, customers, and suppliers in an extranet into a corporate network.