Over the twenty years that have passed since the Internet became part of our lives, protection of access to it has become more and more sophisticated, as have the threats. Furthermore, the space that the means of protection are trying to shelter has changed. Until not long ago, the enterprise network and endpoints (usually a PC, or any device that serves the end-user) were all that we had to worry about, but today they are only part of the whole. The intensity of the time we spend on the web, the switch to mobile devices such as iPhones and iPads, the growing amount of critical information in digital format, and new computing platforms these are just some of the trends generating constant demand for new information security solutions.
Israeli company Check Point Software Technologies Ltd. (Nasdaq: CHKP), which has become one of the leaders of the security market, is well aware of these changes. Over the years, the company has changed its approach to the market and the products it sells, and it seemed as though the investment community was happy about that. In the past two years, its share price rose 68%, and the company reached a peak market cap of $13.4 billion in April this year. Then something went wrong. Since the release of the company's first quarter results, the company has lost about a quarter of its value, falling to a market cap of $10.2 billion.
Check Point has always been a company to provide pleasant surprises, quarter after quarter, but in the first quarter of this year almost the opposite happened. The company disappointed, both with its results and with its guidance. It posted year-on-year growth of just 4.7% in sales of products and licenses, compared with double-digit growth in the corresponding quarter. Its revenue guidance for the second quarter was for 8-11% growth, at the lower end of Wall Street expectations. The results and guidance raised old-new questionings about the company's conduct in the changing security market, questionings that apparently found expression in the share price.
The Firewall needs renovation
In a report just after the first quarter results were published, Merrill Lynch analyst Tal Liani said that part of the decline was attributable to the economic atmosphere making firms cut back on expenditure, but that most of it was due to Check Point's excessive conservatism. Check Point is considered number two in the network security market, with a market share of 13.6%, according to Infonetics Research. The market leader is Cisco, with 31%, while Juniper Networks is in third place, with 12.5%. Infonetics puts the value of the market last year at $5.7 billion.
Check Point set out 19 years ago, and provided one of the first commercial enterprise network protection products. Since the Internet is based on standards that enable different computers to talk to each other, basic protection analyses the information packages that help to create the conversation and prevents undesirable use of the open access allowed by the TCO/IP protocol. By analogy with the physical world, Check Point called its technology Firewall, a wall that limits passage to those who are permitted to pass through, and by permitted means.
On the business side, as can be seen from its profit and loss account, Check Point has a business model that makes it a strong, stable company that has maintained its status despite the passing years and the growing competition. The secret of Check Point's amazing profitability lies in the large proportion of revenue that comes from returning customers, to whom the company provides updated versions, maintenance and support, and other services. These sources generated 64.8% of its revenue in the first quarter of this year, and the gross profit margin on them is very high, 92.1%. The remainder of its sales (35.2%) is of licenses and equipment to new and existing customers, and these bear a lower gross margin of 82.2%.
As far as operations are concerned, the company has a fairly slim expenses profile (R&D, marketing and sales) that helps its profits to grow.
Check Point's product offering has broadened over the years, and it currently provides a comprehensive solution to deal with security problems arising from access to the external network (i.e. the Internet, outside the enterprise network). Most of the company's sales (about 80%) are of hardware devices that provide a solution to a variety of external threats and are sold for between a few thousand and a few million dollars. Three years ago, Check Point started providing software blades, designed to deal with more advanced threats, that integrate with its hardware infrastructures.
"Missed opportunity to take market share"
Check Point now has to face two main challenges. It has to improve the performance of its products to adapt them to the requirements of current Internet traffic (higher speed, and multimedia). This is a fairly large change for the company's original architecture, which was designed to deal with another order of size of data. In addition, the more sophisticated threats of the present do not come from general access to the Internet (the original threat Check Point dealt with), but from applications like social networks, via which users with permissions can enter the enterprise network and do it harm.
"Check Point is indeed at the cutting edge of technology, but the problem at the company is excessive conservatism," Tal Liani told "Globes". This criticism by Liani, who currently rates Check Point "Market Perform", relates mainly to investments made by Check Point in the past two years. Liani says that its two major competitors, Cisco and Juniper, were in relatively weak positions, and Check Point failed to take advantage of this opportunity to invest more in R&D and marketing in order to take market share from them. Check Point chose not to contribute to this article.
Whether it exploited the opportunity or not, one's impression is that all this would have been forgotten had some young companies not sprung up lately providing solutions similar or tangential to those of Check Point. The latest example is Palo Alto Networks, which is about to hold an IPO in the US. Behind Palo Alto is Nir Zuk, who was among the first employees of Check Point, and who stresses his antipathy towards his former employer at every opportunity. The car he drives bears the license plate CHKPKLR "Check Point Killer".
The difference between Palo Alto's product and that of Check Point starts with its architecture, which is much more reliant on parallel processing with a large number of processors, facilitating better performance for the same price, and meeting the demand for fast data transmission on security devices. Palo Alto's solution, called a "next-generation firewall", attempts to cope with the new challenge of data security to control a little more what the end-user can do via web-based applications.
Palo Alto isn't a problem
Palo Alto's technology is supposed to be able to block use of Facebook, for example, for particular users within the enterprise. The company's products indicate a shift in emphasis from perimeter protection that focuses on the technical characteristics of communications between the enterprise network and the outside user to a different perspective. The next-generation firewall can block access inwards or outwards, including for particular content, and not just because of a technical feature that doesn't fit.
The financial performance figures in Palo Alto's prospectus indicates that it will have revenue of $200-250 million this year, double last year's figure. These are very impressive numbers, particularly if one recalls the slowdown in Check Point's growth, and have led some analysts to declare that Palo Alto's progress represents a substantial competitive threat to Check Point, and that that is why the latter's share price has fallen. Palo Alto, incidentally, has 2-3% of the network security market, about a fifth of Check Point's share. It was not possible to obtain a response from Palo Alto to this article.
Liani does not agree with his colleagues' assessments. "It's not true that Check Point's problems come from its small competitor, because there will always be small companies snapping at its heels. Check Point should look inwards and ask, where did we go wrong? When did the company's management procedures prove deficient? In my view, the decision making process in the company was wayward and too slow." Liani estimates that Check Point's profit margin will not continue upwards, and a higher market cap can only come from top-line growth. "The share is cheap," he says, "but still, the company isn't aggressive enough, and as far as that is concerned, I do not see the light at the end of the tunnel."
It isn't just Palo Alto that is dealing with the new generation of threats on the network. There are several other newish companies, such as Sourcefire and Fortinet. Check Point itself deals with the problem through the software solutions it offers. Another approach is that of the big data storage and management companies, such as IBM, Oracle and EMC, which believe that the right way is simply to guard the data itself and not the entranceways to the enterprise.
"If you remove the firewall from the enterprise network, you will probably get yourself into trouble, but these tools, designed to provide perimeter protection for the network, cover less and less of the threat," argues Amichai Shulman, co-founder and CTO of Imperva, which focuses on solutions designed to protect the information inside the enterprise, and not to prevent penetration of the enterprise. "In the past few years, the war has been on the plane of the data and the applications," he says. Imperva was floated last November at $18 per share, soared to $41.91, and now has a market cap of $643 million, 60.1% higher than its IPO valuation.
Shulman founded Imperva with Shlomo Kramer, one of the founders of Check Point, who is also a shareholder in Palo Alto. Kramer too was left with negative feelings towards Gil Shwed, who founded Check Point with him, and towards Check Point itself. Perhaps these feelings are what led him to think of solutions right at the other end of the data protection scale. Imperva offers two solutions : database activity monitoring (DAM), which monitors access to the enterprises databases, and web application firewall (WAF), which ensures that Web-based applications are used in accordance with the enterprise's security policy.
Will the division between protection of the enterprise from the outside and guarding of its information within it change, indirectly giving the perimeter protection products more advanced capabilities? Shulman does not see this happening in the near future. "The approach to protecting information within the enterprise comes mainly from companies with a software background, and it’s a matter of people and the companies' DNA. Only recently have developers from the database world started to get into security, and that is what is needed. Companies like Cisco have not developed this kind of approach."
Published by Globes [online], Israel business news - www.globes-online.com - on July 5, 2012
© Copyright of Globes Publisher Itonut (1983) Ltd. 2012