This article can also be found in the Premium Editorial Download "Information Security magazine: Buying spree: 2003 product survey results."
Download it now to read this article plus other related content.
Gil Shwed won't divulge his age. Or his middle name, even an initial. His girlfriend? Motto in life? Oh, puh-leeze.
The cofounder, CEO and chairman of Check Point Software Technologies is one of network security's most successful, influential and enigmatic leaders, a casually dressed billionaire who ranks among Israel's richest men. He runs a publicly traded company that managed a decade of exceptional profit margins despite producing only two core products: FireWall-1 and VPN-1. That software has been installed at more than 300,000 sites globally, including almost every Fortune 500 company--a feat done with a mere 1,200 employees worldwide.
And he's done all this without making much of a name for himself.
This spring marks the 10-year anniversary of Check Point, the software firm on which Shwed and two partners staked their careers and a $350,000 loan. When it first hit the market, critics shunned Shwed's firewall for being all flash and no substance. Who needs a fancy GUI? What's with all these icons and colors? And this so-called "stateful inspection"--what's up with that?
Not only did FW-1 defy critics and become a huge success, but it also catapulted Shwed into the role of Check Point's first pitchman. His public persona, though, was handicapped by introversion and youth. That's why he's still touchy about his age.
"I try to keep it confidential," he explains, recalling how he had to shield his youth to
A Typical Techie
"Typical techie." That's the phrase most frequently used to describe Shwed, who doesn't initiate many conversations but gladly participates in many of them. He's most comfortable discussing Internet security, general IT and Check Point's business strategies. But he's surprisingly loquacious--and personal--when he wants to be, offering that his mother died a few years ago and that his two younger brothers and an older sister now live in Tel Aviv.
Shwed is also said to possess a strong sense of humor and to be generous with his time and money. What you see, people say, is what you get.
"He has a similar approach to life and business and technical issues. He's very consistent as a person," says Jerry Ungerman, whom Shwed convinced to leave Hitachi Data Systems five years ago to become president of Check Point. "He's a true visionary. He really understands customers' needs, their requirements and what's going on in the world."
Shwed is very bright, the son of a systems analyst father and a schoolteacher mother. He attended high school and college simultaneously in Jerusalem, but joined the Israeli army before earning a degree. He's able not only to read people and predict markets, but absorb vast amounts of data--coding, product designs, accounting rules, legal stuff, employee anniversaries--that leave coworkers and close friends in awe.
Lately, some industry observers have questioned whether Check Point might be heading for harder times. The enterprise firewall market is close to saturation, and the VPN, which now makes up a bulk of Check Point's business, is "commoditizing" rapidly. With different VPN clients and servers becoming interoperable, and a vast majority of organizations planning to deploy a VPN in the next couple of years, year-over-year growth is bound to slow down eventually.
"Gil has run one of the most incredibly conservative software operations I've ever seen, and I've been in this business since 1968," notes Christian Byrnes, who heads the security division for the META Group. "After 10 years, he really only has two software products. That's not usually considered a recipe for growth."
Such a cautious approach, though wildly profitable in the past, may become Shwed's and Check Point's biggest liability moving forward. "Every bet he places must be a winner," Byrnes notes. "And he's only placed two in his entire life."
Mother of Invention
But what winners they have been.
The story of FW-1 starts after Shwed left Hebrew University in his native Jerusalem to begin his compulsory three-year stint in the Israeli Defense Forces. He knew there was a need for a user-friendly firewall, one that departed from packet-filtering and proxy-based solutions available at that time. His technology would keep state on the traffic running through it, remembering the context of packets and storing key details on protocols, ports and sequence numbers. Stateful inspection, as he called his patent, greatly improved the accuracy and granularity with which a firewall could evaluate traffic. Check Point also would be the first firewall vendor to push policy down to multiple machines simultaneously, rather than configure each firewall independently.
But FW-1's biggest advancement, in many people's minds, was its interface. For the first time, a GUI let users do a lot of pointing and clicking to set up rules. This made the technology more accessible to nontechies than command line-driven routers and packet filters.
After a March 1993 Internet Security Conference in San Diego, Shwed returned to Israel, and, together with pals Marius Nacht and Shlomo Kramer, began writing FW-1. Check Point incorporated in June 1993, and FW-1 was ready for market in 1994.
"It was very, very difficult for us, especially being such a small company and employing only a handful of people for more than a year," recalls Nacht, who now is senior VP and vice chairman of Check Point's board. "Here we were competing against Digital and Sun and IBM, trying to convince all these large customers to buy from a startup something crucial and fundamental to their business--and also with unique technology that goes against all the textbooks." Kramer remains a board member, but is no longer involved in daily operations.
Check Point's big break came at the Network+Interop trade show in 1994, when FW-1 won "Best in Show." OEM agreements mushroomed, eventually evolving into the company's Open Platform for Security, or OPSEC, which partners Check Point's software with third-party products. Today, that alliance includes some 350 companies and integrates Check Point firewalls and VPNs with 200 certified products. It also serves as an example of how to build market share through partnerships.
Some say Check Point's ability to leverage these partnerships is the key to its future. Others believe it's time for Shwed to come up with something brand new--and hope history repeats itself.
Deeper, Broader, Smarter
They're working on it.
Last year, the company gave the industry a peek at how it plans to maintain its prominent position in the enterprise security ecosystem: placing Application Intelligence in technologies it already has perfected. It introduced a new category dubbed "Active Defense," and last spring unveiled its flagship offering, SmartDefense, which uses signature-based scanning to detect and block attacks in real time.
The next generation of FireWall-1 is GX, designed to protect GPRS 2.5G and 3G wireless infrastructures from rogue users. VPN-1, introduced in 1995, well ahead of the pack, is now Check Point's biggest seller. It's recently been tweaked to integrate with a personal firewall to secure wireless communications through PDAs.
Shwed travels half the year, spending 18 to 20 hours at a time sitting, sleeping and thinking about business strategies on commercial planes bound for his home and office in Ramat Gan, outside Tel Aviv, and Check Point's U.S. headquarters in Redwood City, Calif. He enjoys the downtime, the break from 14-hour workdays.
Technically, the company is still based in Israel, where it's far cheaper to do business. That and using a network of channel partners, rather than hiring a herd of sales and marketing staffers, have helped Check Point post impressive numbers, even when other tech companies began to flounder in April 2000's NASDAQ meltdown. Back in the day, Check Point enjoyed enviable profit margins of 60 percent or more. Even Microsoft couldn't compete with those figures. But eventually the tech bust caught up. Impressive margins dwindled from a 44 percent average to 10; its stock price plunged 13 percent to $39 a share the day news broke of possible accounting irregularities. Today, the stock hovers around $15 a share, a far cry from its all-time high of $120 in June 2000.
At last count, the company had about $1.3 billion in cash and interest-bearing investments. Net income rose 4 percent in Q4 over Q3 2002. Shwed told investors in January that Check Point is still growing its global market lead. It also must hold off gains by chief rivals Cisco Systems, Symantec and NetScreen.
There are about 50 new projects or proposals competing for consideration in Shwed's head right now. Among them: enhancements to SmartView Reporter, a solution to help admins correlate millions of daily log entries generated by firewalls and IDSes, and turn out reports that C-level managers with no IT experience can understand.
Not much has been said about SmartView yet. "We usually don't make a huge noise about the technologies until they're ready," Shwed explains.
That philosophy seems to extend to the man himself.
At a recent lunch, someone well versed in security and intrusion detection was asked what he thought about Shwed and Check Point.
"I'm glad you mentioned Check Point in that question, because otherwise I'd have no idea who you were talking about," he answered.
This was first published in May 2003