Amid the changing landscape of the security sector, Check Point Software has been seeking a broader identity to affirm its status as a security technology heavyweight. While the undisputed pioneer of firewall software, Check Point has, over the past two years, seen the segment commoditise and its dominance eroded, primarily by Cisco and Juniper, who largely sell security integrated into their networking hardware or in pre-configured appliances.
Check Point's reaction has been to expand from the perimeter into wider network security, locking down web applications and end points. But in the meantime, rivals such as Symantec and Cisco have been rapidly building broad security suites, mostly through the acquisition of specialists, anticipating that customers want suites or appliances that cover most facets of security.
Check Point can no longer ignore this approach, and, attempting to grow beyond selling point products, has now launched NGX, a security platform bringing together 21 of its security measures on a unified architecture.
Aside from personal firewall vendor Zone Labs in 2004, Check Point has rarely expanded its portfolio by acquisition. This allows the company's co-founder and vice president, Marius Nacht, to highlight its rivals' inevitable difficulties in integrating their purchases, in contrast to the simplified manageability of its own single code base.
Check Point is not wavering from its conviction that its long-term commitment to software, rather than hardware, is another key differentiator. While Nokia and others resell Check Point's firewall and VPN products bundled within security appliances, Nacht is scornful of Cisco's "box mentality", claiming that a software approach to security will always be less restrictive than appliance-based approaches. "You need to be innovative. As soon as you are confined to a particular hardware platform you may not have enough memory or CPU power," he says.
Not universally true, says Burton Group analyst Diana Kelley: some companies prefer the convenience of a pre-configured box that they know has the right specification for the job.
In spite of its consistency around software and acquisitions, Check Point has been forced to alter its strategy. Recent releases have targeted smaller businesses, and it has used partnerships to broaden its portfolio, most recently with Computer Associates for antivirus.
But it is not clear if this is adding many customers. New product licences slipped below 50% of total revenues for the first time in Check Point's history during its quarter to 31 March. Nacht says that this is merely a natural product of an expanding existing user base – one of Check Point's greatest assets – and also reflects a change in charging models, a challenge facing most software companies today.
Many customers now pay an ongoing subscription for both support and software upgrades, including new releases such as NGX, so much of the new product uptake appears in the service rather than licence revenue column.
But another area of concern is R&D investment, which at 9% of revenues is proportionately lower than Symantec's 14% and McAfee's 15%. This could cause problems for a company arguing against growth by acquisition and reflecting this, Check Point upped R&D spending by 48% in the last quarter. It also claims its costs are lower because R&D is conducted in Israel.
The fundamental problem remains balancing its ability to create sufficient innovation in its software to set it apart, with the challenge of keeping up with the suite vendors. But Check Point's competitors have widely differing agendas: Cisco and Juniper are network vendors; Symantec is adding storage with its Veritas acquisition. The very fact Check Point does nothing beyond pure security could still give the company the thought leadership and advanced functionality it needs to stand out.