This morning Check Point announced a deal to acquire Protect Data, better known as Pointsec, for about $586 million in cash (here). At first glance, this is a good deal for Check Point, a better deal for Pointsec, and puts Check Point right in the middle of one of the hottest markets out there - mobile data encryption.

First, Check Point has done SOMETHING, so that is good. Most have just assumed that Check Point would continue milking their installed base and continue going nowhere fast. This at least shows definitive evidence that Gil and Co. are still working for a living. Acquiring Pointsec, which is headquartered in Sweden, was also a good move because it takes US regulators out of the critical path. It's not clear that regulators would continue to be an issue (since Alcatel/Lucent was just approved by the US President himself) for Check Point to buy US companies, but why take the risk?

Second, the deal feels a bit pricey. $586 million on what will likely be around $75M or so in 2006 revenues is a 7-8x multiple on sales. It represented about a 40% premium to where Protect Data's stock was trading in Sweden (UPDATE: the premium is on the average price over the past 90 days - the premium is nil to where the stock trades now). The Pointsec business (which is about 90% of Protect Data's revenues) is growing over 90% year over year. But we all know that the law of large numbers kicks in (Check Point is only expecting $90 million in 2007 revenue impact), so maintaining that type of growth rate will be hard.

Let's look at the market for what Pointsec does. Clearly, given all the laptop and PDA thefts that resulted in private data loss (and the resultant notification efforts) in the news, this is a hyped-up market. Given Pointsec's run rate, they are moving a lot of units to meet demand. This is one of the few security markets where customers are buying first and thinking (and architecting) second, which makes sense given the pain of the notification effort (VA anyone?). Pointsec's technology has always been well regarded and the market will continue to show good growth.

It was mentioned in the press release that Pointsec gives Check Point exposure to the "data security" market, and that's an interesting thought. Protecting data is different than protecting the infrastructure, and it will be interesting to see how Check Point goes after the data security market. Will they look at application security oriented solutions next? Or something in the database security space? To be clear, mobile encryption is not data security, but it's certainly closer than a firewall.

What about leverage with Check Point's existing business? Clearly there is quite a bit, since I've said for a while that mobile encryption is a feature of a broader endpoint security offering. Well, Check Point already has one of the leading products in that space with the Integrity/ZoneAlarm suite. So the Pointsec solution can be bundled pretty quickly and provide a more compelling (and broader) solution for endpoint security.

On the negative side, Check Point hasn't done a good job integrating Integrity/ZoneAlarm into their bigger set of product offerings. So now, Check Point has two distinct businesses, the network stuff (still dominated by FW-1/VPN-1) and now the client side (Integrity and Pointsec). The buyers are different, since it tends to be the desktop manager that has a bigger say in what solutions get rolled out to the endpoints. But Check Point is talking about a "single framework" for network and data security, which I'm not sure is going to be compelling given the organizational dynamics at work.

Clearly this is a first step. Check Point still needs more pieces to be able to spin a compelling story at the CIO level. The data security angle is an interesting one. But doing security well at both the infrastructure and the data/information level is hard and requires a lot of resources. Ask Symantec about that.

So overall, this is a good move to Check Point, albeit a bit expensive. Given the cash flow machine that is Check Point, if they can drive some better channel efficiencies and bundle Pointsec along with the Integrity endpoint stuff, it could be a bargain in hindsight. But isn't that the case with all deals?

Not sure if the word is out, but Richard Stiennon will be taking on my former columnist slot at NetworkWorld. Good luck with that Richard. Hopefully you can learn from the line I drew in the sand. I believe his first column appears on Monday.

But just as I went out swinging, Richard is coming in swinging. Richard sends Gil Shwed of Check Point a little love note here. Something tells me Gil just took Richard off his Hanukkah card list. But Richard makes a number of good points about what Check Point should be doing next. I won't rehash the entire letter here, but put my spin on a few points that Richard makes.

1. Check Point needs to ship a hardware appliance - First of all, Sofaware doesn't count. I agree with this and believe given the need for Check Point to fortify their enterprise and service provider position, they should buy Crossbeam. And they should do it today. If someone like Lucent/Alcatel, Motorola, Ericcsson or Siemens takes them out you'll be sorry Gil. You really will because Richard is right, the service providers are itching to build in-the-cloud security services and Crossbeam can help get you there. And yes, Nokia will be pissed, but where else are they going to go? There is minimal risk there.
   
   
2. Check Point should focus on the network - This I disagree with. Given that I believe "big is the new small" I don't see how it's defendable over any length of time to not play on the servers or on the end points. Customer want more integrated solutions to help with the mind-numbing complexity they have to deal with, not just networking stuff. Check Point already does the endpoints OK (with the zone stuff), but now they should buy a database security player (maybe like Imperva and bring Shlomo back home) to gain exposure to that segment.
   
   
3. Reset expectations on margins - This is an astute observation from Richard. Check Point's unbelievable, Microsoft-ian margins is not doing them any favors. It's set unrealistic expectations for Wall Street that they need to leave behind. Buying a box player is one way to do it and making it more attractive to sell for the channel is another. And Check Point has such margin cushions, they could add another 5 points for the channel and not even breath heavy. Juniper, not so much.
   
   

There is one other thing I'll add to Richard's suggestions. Take a long hard look at WAN and web site optimization. I'm a big fan of focus and believe there are lots of security things you can (and should) focus on, but Citrix is right. The perimeter is consolidating around secure accelerated access. Application and network acceleration is a perfect complement to the stuff you already sell to customers. If you don't want to mess around in the data center, dig deeper into the perimeter and what's selling in the perimeter is application and network acceleration.

But as with Richard, feel free to take my feedback with a grain of salt. And I have no doubt that you will. You can milk your existing installed base for years to come, maintain your crazy margins and just exist. But what fun is that? It's about winning and right now, you ain't. So get out the checkbook and get moving, time is a wasting...

 

DISCLOSURE: I am a very very very limited partner in a venture capital fund that has invested in Crossbeam. I have no involvement in the management of the fund or any of its portfolio companies.

The wonderful thing about the blogosphere is that you can pretty much have anything show up in your feed reader. So it seems that there is a fellow out there that publishes earnings call transcripts among other things on the Software Stock Blog (http://softwarestockblog.com). Lo and behold, Check Point's earnings call transcript showed up in my reader (http://softwarestockblog.com/article/9410) and it was very interesting.

Now I'll admit, I haven't been kind to Check Point of late. I think their strategy is non-existent and having to back out of the Sourcefire deal was a big blow to momentum. They had pre-announced a weak quarter (relative to expectations anyway) and in their earnings call they had an opportunity to talk more about the strategy and why they are going to recover. Needless to say I was underwhelmed.

There was weakness, but they positioned it as a hangover from a big Q4. They are also moving from a perpetual licensing model to annual subscriptions, but that is a very minor part of the business. They believe that customers do want integrated security solutions (which I agree with), but that adoption has been slower than they anticipated. It seems the real issue is customers are not embracing Check Point's integrated security story and not upgrading their point products. Not to Check Point stuff anyway.

Just check out this quote from Jerry Ungermann on the call:

We continue to get very positive feedback regarding our new direction and new products and while interests in activity are high, it appears that it’s taking customers longer than we had originally thought to replace their various point products with our newer integrated technologies. They like the direction and the implications associated with the Unified Security Architecture and what they perceive to be better security at a lower total cost of ownership, but it will take them more time to transition from today’s installed product to a more complete Check Point solution.

While we have talked about a general softness we’re experiencing in the market today, I believe security is still a very important area of investment, and our challenge is on the execution side to ensure we can enable our customers to get to tomorrow sooner. In this regard, we have a number of new initiatives we are working on and we will be making announcements about it in the near future to help make it easier and cost effective for our customers to buy our expanded solutions set sooner rather than later. This will include things like packaging, positioning, pricing, and promotions.

So, let me get this straight. Check Point is going to address the issue of their customers not upgrading their stuff through the use of the 4 P's?!?! I guess Jerry bought one of the Trout/Ries marketing books over the weekend and is all raring to go. Come on now. This is real business, not an MBA program. Even if that's what you are doing, don't tell anyone. It makes them seem amateurish.

I personally believe that two things are a work here, first is Check Point's lack of strategy is hurting them in the channel. There are lots of options out there for resellers to push, so they are going to go with the most exciting option. Sure, lots of the resellers are lazy and will only drop by to pick up their Check Point renewal, but customers will push for integrated solutions and Check Point has not made it clear why it should be theirs, as opposed to a Crossbeam or Fortinet. Websense also announced a weak quarter, and I think a lot of the same issues are at work. If the channel doesn't see a compelling strategy, they move on to the next thing.

So, Check Point's mission is clear. They have to figure out how to get their existing customers to upgrade to the new stuff and buy into Check Point's more integrated suite of products. Candidly, it's going to be an uphill battle. They don't have a compelling NAC story like Cisco to push upgrades of their installed base. They are under siege from both big and little UTM boxes that provide much better price/performance. And the US Government has made it clear Check Point is not going to be able to acquire new stuff to accelerate the strategy (like RSA did).

To be clear, Check Point is still a cash machine. Their margins remain tremendous and they've got a ton of customers. But as I've said before, they need a strategy to remain relevant moving forward. Smaller companies can bring niche products to market and do well. They don't need a big story because they solve a specific problem. That is not Check Point anymore, but that is how they continue to act. Their window of relevance is closing, so they better move fast.

Check Point customers have some decisions to make. A lot of Firewall-1 and VPN-1 will renew this year, or not. Do you buy into the next wave of Check Point's product or do you swap it out? I believe that without a compelling strategy from Check Point many customers are going to be looking at alternatives.

Having to jog my memory to remember the inventor of the firewall got me thinking about the early days of the network security market. As I'm writing this, I'm not exactly sure where it's going to end up. I'm thinking that providing some firewall history will help folks understand today's market dynamics a bit better.

The first thing that is abundantly apparent is that the world is far more complicated today. Way back when, customers had to worry about strong authentication and firewalls. That was about it. I guess you could count mainframe security, but that was more of the data center guys than the network guys that I dealt with daily. Nobody really thought about enterprise security, it was really focused on domains like network and host.

In terms of examining the two spaces, they couldn't be more different. Security Dynamics (now RSA) dominated the authentication space because they had built their agent into every remote access product out there. The other folks (Enigma Logic, LeeMah Datacom) couldn't compete. RSA still enjoys a huge market share position today.

The firewall market was brutal. You had DEC initially, but they couldn't get out of their own way. Then you had Trusted Information Systems, Raptor, Secure Computing, and Check Point trying to get established. So very similar to today, you had a bunch of companies that were chasing the same market, telling roughly the same story and making every deal a blood bath.

So when I say I've seen the movie about today's market dynamics, I'm not kidding. There are more moving pieces and product cycles are a lot faster, but things are roughly the same.

Now TIS was an interesting company. To my knowledge, they were the first company that offered a security product for free over the Internet (the Firewall toolkit) and then sold a more functional and polished commercial version on top of that. I think a couple of company's have made that model work since then, eh?

Ultimately one company survived the firewall war, and it was Check Point. Why? They had better distribution and marketing. Check Point's approach was different (stateful inspection vs. application proxy) and they played that up. They vilified application proxies as slow and the wrong approach.

At the same time, Check Point nailed down a distribution deal with Sun, so an entry level version of Firewall-1 shipped on every internet server that Sun sold - and that was a lot. Check Point also got very good at getting the Sun direct reps to bundle in the upgraded version as part of the deal. The cost of sales on these deals was minimal, Sun did all the work. That's why Check Point had gross margins like Microsoft and net margins over 50%.

Interestingly enough, Raptor tried a similar deal with Compaq. That went over like a lead balloon. Basically, Compaq didn't sell much of anything - their channel did. Raptor just couldn't get Compaq's channel interested in upgrading the firewall. There were too many other things to do.

Check Point also started OPSEC, their partnership program, positioning their firewall as a platform, not a product. Once they built an ecosystem around their stuff, it was a lot harder for the other guys to compete.

But all of the firewall companies were able to go public and all benefited from the rising tide for a while. Then economic reality set in. Secure Computing used their overvalued currency to acquire a bunch of other companies and then hit the wall big time. They almost went down during the bubble, and ceased to become a firewall player. They are still in the business and even acquired what was left of TIS after the Network Associates deal, but they never regained their luster in the space.

Speaking of TIS, they sold out to Network Associates and then watched as CEO Bill Larsen's dream of a suite of security and management products turned out to be a few years premature. They tried to be big when small was still cool.

Then, of course, a little company called Netscreen started doing a firewall packaged as a secured appliance. I remember meeting with them when they were first launching the company. I couldn't believe what a dumb idea it was. Didn't they realize that Check Point owned the firewall market? Who wants it on a box anyway? Not one of my shining analytical moments.

So what? I ask that question all the time. Who cares about this ancient history? Well, I think every user needs to because history has a way of repeating itself. If you pay attention to the signs and recognize the patterns, you can save yourself a lot of heartburn. Vendors lose their edge, they don't navigate product or market transitions very effectively and many customers are left holding the bag.

Look at your current stable of "key" security vendors. Are you comfortable with their strategy? As big becomes the new small, are they poised to prosper? Are they willing to acquire the right products and partner to build a broader product set? Are they financially stable and have the resources to keep investing ahead of the next threat?

If you are not comfortable with any of the answers to those questions, it's time to start building a contingency plan. You don't need to pull the trigger too early, but you should give some thought to what you'd do if one of your key vendors is acquired or doesn't keep pace with the rate of change.

I mentioned in a recent Daily Incite about how Network World took some editorial liberties in naming Shlomo Kramer, one of the founders of Check Point as the "inventor of the firewall." In a subsequent TDI, I mentioned how Dave Piscitello called them out on that, mentioning a number of folks that had done research and published papers that seemed awfully "firewall-like."

But now evidently one enterprising chap has voted for Marcus Ranum and Fred Avolio as the inventors during their days at DEC. I concur since this is my recollection as well.

I'm sure you are wondering how I would remember something like that from over 12 years ago, when I can hardly remember what I had for breakfast this morning. I tend to remember pricing and I distinctly remember being appalled when one of my clients at META Group called up asking what I thought of the DEC SEAL security device and whether it was worth $50,000.

$50,000 for a what? Of course, this was when the Internet was being referred to as the "Information Superhighway." Well before Internet access was ubiquitous. That was the first time I had heard of a "firewall." I had to get smart pretty fast on what it was and what it did.

So, I'll also cast my vote for Ranum and Avolio.

That being said, if the contest was to decide the inventor of the stateful inspection firewall, then it is indeed Shlomo, Gil Shwed and Marius Nacht of Check Point. These guys would also win the award for creating personal net worth from the network security market.

So I'm going to rant again about an entry by Larry Greenemeier on the InformationWeek blog. Read the post here. This time it's about Check Point's rationalization about having to walk away from Sourcefire. The source is Check Point's CMO Ken Fitzpatrick, who must be very dizzy from all the spinning.

In my opinion Check Point is starting to sound very desperate. Clearly Plan B is either way out from a delivery standpoint or not there at all. Let's examine some of Fitzpatrick's statements:

"We are talking to Sourcefire about a number of security announcements," Ken Fitzpatrick, Check Point chief marketing officer, told me Thursday. "We jointly withdrew from CFIUS review so we could be more responsive to our customers. The CFIUS process was very complex in dealing with 12 agencies."

How were customers impacted by the regulation process? I guess they must have had engineers and customer support reps (the folks that actually interact with customers) working overtime on closing the deal. NOT! What he's saying is that it was too hard, so they gave up. At least be honest. They didn't think they could get the deal done in this political environment, so we walked away. There is no shame in that. But this drivel goes down as one of the all time lame excuse justifications that I've seen.

Fitzpatrick maintains that the resources devoted to responding to CFIUS's inquiries and the delay in its proposed Sourcefire acquisition would have hurt Check Point's efforts to expand its intrusion detection and prevention technologies.

Talk about a rationalization here. Give me a break. I guess they couldn't really look to buy anyone else while they were still courting Sourcefire. So if that's Plan B, then sure - they needed to terminate the deal. But if Plan B is a US-company, what makes them think the outcome will be any different?

If they are set on building their own stuff now, good luck with that. And I don't see how continuing down the regulatory approval process would have impacted their ability to continue doing internal development, and it's not like Check Point doesn't have profitability to burn to bring on another engineering team to build stuff as a contingency plan.

Looks like Check Point and Sourcefire will have to remain just friends for the time being, which is probably for the best in today's politically charged business environment.

Friends my ass. One of two things will happen and something needs to happen quickly. First, Check Point figures out a way to OEM the Sourcefire stuff. I don't see how that is in Sourcefire's best interest, but I'm sure it's on the table. If this is the direction they go, anything short of an OEM is an absolute failure on the part of Check Point. A "marketing" agreement does nothing for them.

Second, Check Point buys something else and it won't be a US company. So then they compete with Sourcefire. So to say that they'll remain friends is being a bit optimistic.

I do have to say that Check Point needs to get a much better story out there and really crystallize what their post-Sourcefire strategy is going to be. Right now, it's clear they are struggling. They way the deal falling apart was communicated was terrible and to not have a follow-on story was a big mistake.

They do have a lot of money and continue to be unbelievably profitable, but you can find yourself in the Hall of the Walking Dead very quickly in this business. 

I was invited by Martin McKeay (at Alan Shimel's behest - thanks Alan) to participate in Martin's weekly Network Security Podcast. The topic was the Check Point/Sourcefire non-merger and the impact across a whole number of perspectives. It was an enjoyable conversation and we had some good banter. We did end up on the same page relative to winners, losers and the fact that America got a black eye from interfering in this deal.

Martin does a good job with the podcast and also discusses a few other topics. Listen to it here.

 

I know. I know. I'm on vacation, but I couldn't resist. This is big.

Both Check Point (release here, FAQ here) and Sourcefire (here) have issued releases basically calling off their deal. Evidently the pressure from the Feds became intolerable, the approval process unbearable and the likelihood of closing the deal minimal. So both parties bowed out.

First, this is a shame. I'm sure someone on the financial side will do a bit of digging to figure out why the Feds would kill this deal. Hopefully it's more than that stupid Dubai ports fiasco. I'd be very disappointed if it turned out to be a well funded competitor making waves. That's dirty pool. Frankly I'm both surprised and concerned. Given the current administration's penchant to be pro-business, this is a big step in the wrong direction.

Customers won't really be impacted too much by this deal falling apart. There was little overlap between CHKP and Sourcefire, so it will be business as usual for both companies and their customers.

Check Point is a HUGE loser. Firstly, a lot of folks like me had been calling on them to talk more lucidly about what was next. Clearly that was Sourcefire. Now it's not, so they need Plan B and that hasn't been clear or forthcoming. Additionally, you need to be big to prosper and survive in the security business. This is a very CLEAR message to Check Point that they will not be allowed to buy US security companies. That is a big problem if they want to broaden their position and remain strategic. A very big problem.

Sourcefire is a big winner here. Sure, they did waste a bit of time, but did not lose much momentum from what I see. Everything I've been hearing about their business is very positive. With profitability, a strong growth rate and the best story among all the perimeter defense plays, they are well positioned. Their price tag just went way up.

There were rumblings that Check Point got a bargain based on Sourcefire's strong Q4 and pipeline momentum. Guess that's not an issue any more. To be clear, Sourcefire is a long way off having the breadth to be a long term, publicly traded, sustainable security player - so being acquired is still the most likely outcome for them. But Sourcefire will need to find another partner quickly before they get too big. It's very hard for all but 2 or 3 vendors to do a deal north of $300 million and that's clearly where Sourcefire's price tag is now.

So overall, I think this is terrible news for the industry and America takes a black eye. Truly horrible news for Check Point. Sourcefire comes out smelling like a rose.

Now back to my previously scheduled vacation.