Cybersecurity is an ongoing headache for large corporations. For enterprise customers, keeping corporate networks clean and preventing outsiders from accessing them—both to stop crippling DDoS attacks and to safeguard intellectual property rights—is a major concern. Security companies who provide software and appliances to protect large networks are in a lucky place when it comes to market positioning; they also have front-row seats to the ongoing confluence of cybercrime and cyberwarfare.
Check Point, an Israeli company specializing in network security, primarily serves larger financial customers but is making inroads into the small business market. The company's core products are software packages and hardware appliances which fortify corporate networks; essentially, Check Point works in the same territory as rivals such as Cisco and Dell, but in a pure security space. Apart from security divisions of those multinational tech giants, similar products are also offered by rivals Sourcefire and Fortinet alongside a host of others.
According to Check Point's Tomer Teller, a major part of the company's work involves protecting clients from leakage and threats they are unaware of. For large corporate clients, dormant threats on networks can create financially sensitive problems months or years later. This requires customers to closely monitor firewalls and potential spearphishing attacks.
Check Point's particular specialty—scalable firewall solutions for enterprise customers—is particularly lucrative. In promotional materials, Check Point boasts that 100% of Fortune 100 firms and 98% of the Fortune 500 use their product. Government tenders are also a massive source of lucre for Check Point. This past month, Bloomberg's Leslie Picker reported that up to 10% of Check Point's North American profits come from the public sector. Ongoing federal government cybersecurity initiatives require federal agencies to obtain large-scale security contracts—and Check Point reportedly gets many of these. Check Point declined to discuss what percentage of their business comes from the public sector in an email.
In 2013, the company's major focus has been expanding into the small business market. Earlier this year, Check Point launched a series of small business appliances which offer what they call "Fortune 100 security" to small firms. The devices, called the 600 Appliances, can protect offices of up to 100 employees and retail at a starting point of $399. By offering budget-priced alternatives to their mammoth enterprise protection systems, Check Point is able to secure a whole other demographic—and offers protection to small businesses in sensitive fields such as product design, fabrication, finance, defense, and energy which may face outside intruders.
Teller told Fast Company that the company sees the security sphere as "nested within circles"—there are hardcore security experts who attend specialized industry conventions such as DEFCON and Black Hat in an inner circle. Then, surrounding them, is a larger community without a heavy security grounding but well versed in the particulars of information technology. Around them is an even larger community of tech professionals with more general knowledge—with the Fortune 100 market well sewn up, growth for Check Point relies on attracting more purchasers with less pressing security needs than the federal government and multinationals.
Like many other security firms, Check Point leverages threat information found through clients' systems to protect other customers. Last month, for instance, Check Point published a security update about a phishing attack using previously unknown software that was detected on customers' networks. Using fraudulent "Merchant Statements" with spoofed Citibank or Bank of America email addresses, criminals attempted to infect users' machines with botnet software.
Although phishing attacks are commonplace, they're also one of the worst headaches enterprise users can have. Recent politically motivated hacker attacks on The Onion and the Associated Press were caused by phishing attacks; the AP hack also caused significant damage to the stock market after investors were spooked by several fraudulent messages hackers placed on the AP's Twitter feed. Just as importantly, many intellectual property theft and bank fraud attacks against commercial customers use phishing as a primary attack vector.
Check Point was founded in Israel and the company is still headquartered in Tel Aviv. The Middle Eastern country is one of the world's information security hotspots and has one of the strongest cybersecurity sectors outside of the United States. Apart from Check Point, security firms Cyber-Ark, Imperva, Radware, and a host of other companies are all either based in Israel or helmed by Israelis. Many of the engineers and executives in Israel's cybersecurity sector are veterans of Unit 8200, a section of the Israeli military that closely parallels the functions of the NSA. In a 2007 Forbes article, reporter Gil Kerbs found that 8200 veterans occupied prominent spots at many Israeli tech firms. Among them is Gil Shwed, Check Point's founder and CEO. Israeli's particular security needs and reliance on signals intelligence inadvertently fueled a massive private-sector cybersecurity industry.
Although Unit 8200 isn't directly responsible for Israel's disproportionate strength in corporate cybersecurity, there's a symbiotic relationship between 8200 and the private sector. 8200 alumni leave military service with a skill set strongly suited for the cybersecurity industry, and a contact network that steers them toward jobs at existing companies—or guides them toward funding to start their own companies. In American terms, it's almost as if the NSA also functioned as an informal private sector incubator or university department... and Check Point is arguably their biggest success story.
Because the bulk of Check Point's profits come from large corporations—all of whom have sprawling global bureaucracies and a need to make sure security solutions work in Minsk as well as they do in Manhattan, the company's solutions remain geared toward these large corporations. Their firewall and VPN products enable large corporations to take care of day-to-day security concerns. Smaller corporations handle specific forensic, data-tracing, filtering, and situation-oriented security needs, but Check Point's products take care of the bigger picture and make them a hefty profit in the process.
[Image: Flickr user Ian Donald Ross]