Check Point: The Net Veteran
Founded in 1993, when the Internet was still in diapers, Check Point Software Technologies over the years has built a reputation as one of the leading providers of firewall and network security software.
At UnumProvident, a disability insurance company in Chattanooga, Tenn., Check Point firewallsrunning on "hardened" appliances from Nokia, a Check Point partnerprovide the outermost security layer for the perimeter network (the point at which internal systems connect to the Internet and other external networks).
"That's working very, very well," says Lynda Fleury, chief information security officer at UnumProvident. "To the best of our knowledge, nobody's made it through that first line of defense."
Travis Abrams, information-technology security and systems manager at international law firm Holland & Knight, believes that "Check Point has always been the best firewall, based on their experience and length in the market. It's been an industry standard."
The challenge, he says, has been getting a higher-level view of the security infrastructure that pulls in event information generated by Check Point firewalls, Web servers and other systems. Check Point provides some ability to analyze that information, but the main limitation for Abrams has been devoting staff to keep a constant eye on things: "It's very hard for us to monitor our firewalls 24/7." As a result, Holland & Knight has outsourced that function to Lurhq Corp., a managed security services firm.
Check Point continues to bulk up its core technology portfolio: In October 2005, it acquired Sourcefire, a maker of intrusion prevention software, for $225 million. The company has also expanded its Web-based virtual private network product line, called Connectra, adding the ability to require remote users to meet certain policy requirements (such as having up-to-date antivirus software) before they're given access to the network.
But at times, Check Point has irritated customers with what has been perceived to be a lack of attention.
Chet Phillips, vice president of information technology at Classic Residence by Hyatt, which operates 20 high-end retirement communities in the U.S., uses Check Point-based Nokia firewall appliances to protect a network of 800 computers.
His staff recently upgraded one of its Windows Server 2003 systems with a service pack (a consolidated group of fixes Microsoft typically releases for its operating systems). But "Check Point kind of broke it," Phillips says. According to a Check Point bulletin issued in May, its NG firewall causes directory replication to fail on Windows 2003 Server Service Pack 1 systems.
Phillips says Check Point provided the necessary fix for the problem, but he thinks the company should have told him sooner. "People I pay maintenance to should really know what kind of hardware we have and be more proactive," he says.
Check Point, for its part, directs customers to its separately sold SmartDefense Services for "real-time updates and configuration advisories" for its products. The company says SmartDefense Serviceswhich cost $30,000 per year for customers with 100 firewall systemsare "complementary" to the regular enterprise software maintenance subscription, and Check Point says it strongly recommends both.