Check Point secures Web services
President Jerry Ungerman talks about how firewalls, VPNs are evolving
WITH THE ADVENT of Web services, many folks think that the firewall has begun to outlive its usefulness. Jerry Ungerman, president of Check Point Software Technologies, firmly disagrees. In an interview with InfoWorld Editor in Chief Michael Vizard and Test Center Director Steve Gillmor, Ungerman talks about how firewalls, VPNs, wireless devices, and Web services can all come together in one environment.
InfoWorld: With the rise of Web services, people are starting to say that the firewall is irrelevant because this technology pokes so many holes through the firewall. How will firewalls evolve to meet this challenge?
InfoWorld: Does that mean you will secure the Web services, or just make it easier for me to create a Web service that goes through a firewall?
Ungerman: We’re going to do both. We’re going to continue to bring out functionality and capability that will secure a Web service, make it easier to deploy, less vulnerable, and not let people get back into the network from there.
InfoWorld: What’s your take on evolving Web services security standards?
Ungerman: We’re going to add a lot of value on top of that. I don’t think they’re sufficient yet. [They’re still in] the very early stages.
InfoWorld: Another technology that raises the security stakes is wireless. What strategic initiatives does Check Point have in this space?
Ungerman: We’re doing a number of things in wireless. … The fact is we announced a whole new initiative in our OPSEC Alliance for just wireless infrastructure. We also announced a new version of the firewall VPN called GX about three months ago that is specifically for the core infrastructure for wireless carriers. We also announced last December that with Nokia we will do a number of things in the wireless arena to take our current security that we have in the wired world and make it applicable to wireless. The first step was on the client side, where we announced for all Windows CE-based handhelds that we will put our secure client technology, which is in laptops today, into handhelds. We’re doing the same thing with Nokia and the rest of the Symbian group. We’re going to put our security technology into that operating system. We will put our VPN and our firewall technology into handheld devices, because we see it as just any other means of connecting into the corporate network, whether it’s a PC, a handheld, or a mobile phone. We’re going to replicate what we do in a wired world in the wireless world, both from the core infrastructure as well as the access points and the handheld devices. It’s just a matter of a different footprint and how much technology we put into it, depending upon how much room is there.
InfoWorld: What impact did the events around Sept. 11 have on your customers?
Ungerman: Everybody asks me did that pick up your business? Security already was a No. 1 concern for customers, and 9/11 wasn’t about security. What people did realize is that there is a need to have employees connected when their office goes away. So we’ve seen a lot more emphasis on remote access capability, business continuity, etc.
InfoWorld: How has business changed since the collapse of the dot-com companies?
Ungerman: Security is top of mind in many cases and situations, and it [became] more so as the dot-coms went away. As you know, the Internet didn’t go away and the use of the Internet didn’t go away. It’s still a very effective, efficient communications tool and it’s got to be secure. Everybody talks about how vulnerable the Internet is, yet what went down on Sept. 11 was a lot of fixed lines. The Internet didn’t go down. The Internet was still operational for everybody in New York.
InfoWorld: So just what impact has the falling economy had on Check Point?
Ungerman: The numbers for last year alone can speak to [that question], because it’s on a relative basis. We ended last year with revenues up 24 percent year over year and EPS [earnings per share] up 49 percent. I’ve challenged everybody [who] wants to discuss this to show me some other company in the technology space that had a 24 percent increase in revenues in 2001 vs. 2000. Now, we didn’t grow at 50 or 60 or 70 percent, [which] we had been [doing] the previous few years, but I think the market still is capable of growing at that rate. The economy impacted us, but not to the same extent that it did Oracle or Siebel or PeopleSoft or Sun. That said, we closed probably the largest single transaction we ever closed at the end of June, so it’s nice to see it’s finally opening up. But it took [that customer] six months longer to justify getting funding, so they went five months running a risk.
InfoWorld: How do firewalls and VPNs evolve from here?
Ungerman: We started out with the first integrated firewall VPN. We’ve been in the business since 1996 with it, but it really propelled our growth through 1999 and 2000. Nokia, our partner, went out into a standalone VPN business because Nortel was doing it, Cisco was doing it, and Lucent was doing it. But now they’ve all come to where we said they needed to be anyway. It really is a story about integrating from a single policy management all of your firewall and VPN policies.
InfoWorld: In the future, a lot of hardware and software people are saying their next-generation products will leverage 64-bit computing, Very Long Instruction Words, and code isolation techniques to greatly diminish the need for security products. What’s your take on that?
Ungerman: I don’t think they understand security at all. Security has become a layer in and of itself that transcends everything in heterogeneous environments. We have 17 different companies now that are manufacturing appliance form factors that are embedding our software. We’re running in cell phones, PDAs, and laptops. It’s a horizontal approach, and one of the things that has made us successful is our management capability. From a single management station, you can maintain the global policies of a worldwide network. Being software-based gives us a lot more flexibility. Rather than waiting for new releases every 18 months or two years, we think security is far too important to hold back and [wait to] package new functionality. You can’t do that in a hardware form factor. [And] I just don’t think many of the other application guys or operating system guys have thought about security to the extent that security companies have thought about security, about securing the Internet. They’re going to have their hands full just trying to make their own products secure.
InfoWorld: So at the end of the day, is there too much emphasis on security threats?
Ungerman: I have a sense that security administrators today are not paranoid. They feel very comfortable with what they’ve done, what they continue to do. And it’s an ongoing process that they’re in; it’s not a one-time event. The entire network is a growing, amorphous thing. It’s not stagnant so you can’t just put a little checkmark up in a box and say you have secured the network. These are full-time activities, but most of our customers feel very comfortable with the technology, the quality, the functions and features that we’ve put in place. I don’t sense panic or paranoia out of our customers, but there are guys out there [who] are trying to come up with new and ingenious ways to penetrate data.
