Beyond firewalls
By Tim Clark
Staff Writer, CNET NEWS.COM
PORTOLA VALLEY, California--On Presidents Day weekend two
years ago, Check Point chief executive
Deb Triant did what she often does to get away from the office--ride her
horses in a race. The outing turned out to be anything but relaxing: She
was thrown from her steed, leaving her with a broken collarbone, wrist, and
ribs.
But after only one night in the hospital, she went home to run the security
firewall company from her sick bed, returning to the office a week later
and eventually leading the company to a successful public stock offering.
"Maybe that's where I got the reputation for being tough," laughs the
red-haired mother of sons, ages 14 and 12.
Triant kicked off her professional life as a math professor at laid-back
University of California, Santa Cruz. After just a week, she craved more
excitement.
"I'm not the kind of person that can keep doing the same thing over and
over again--no matter how nice it was," she said. "Mathematics and teaching
are just too isolated from the world, and that's not my personality."
So Triant headed over the hill to Silicon Valley, where she worked for 17
years as a technical, strategic, and marketing manager. At famed think tank
Xerox PARC, she was bitten by the digital bug.
After stints at Sun Microsystems and Adobe Systems, in July 1995 she became the
U.S. chief of Check Point, then an obscure Israeli technology company.
Her mission: Build sales, marketing, and support operations in the United
States while research and development remain in Israel under cofounders Shlomo
Kramer and Gil Schweid, who also bears a CEO title.
Check Point quickly dominated firewall software and since has delved into new
realms. Here Triant reflects on being a female CEO in the technology
industry, shares her view on competitors Cisco and Microsoft, and explains why
Check Point's vision has always been broader than firewalls.
NEWS.COM: Do you still think of Check Point as a firewall company?
Deb Triant: When we went public two years ago we said, "Today we're in the
firewall
market because that's the market that's out there, but we're not a firewall
company. We're an enterprise security company." That was part of my IPO
road show pitch. So I sometimes get slightly frustrated when I hear
Check Point identified as a firewall company.
The underlying architecture behind the product (which was developed more than
four years ago) was really designed for what we're currently seeing in
the market: the world of VPNs and the use of the Internet for business
communications, not just for Web surfing.
The founders of this company came up with such a different architecture for
doing network security than what had been used before. They didn't think
about the product as being the firewall. They also envisioned a time where
you might have these gateway points that were monitoring and securing the
traffic in many points of the network, not just in one point. And therefore
they took a totally different point-of-view in management of security.
They wrote the
security policy in terms of the whole network, not just in terms of what
goes on at any one point. Nowadays that has become a buzzword: policy
management. I'm pretty sure we were the very first policy-based management
system ever designed, and that was four years ago.
But you don't call yourself even a "security company" anymore.
The market today is beginning to evolve from a firewall market, which
still exists, but is getting sucked up into the VPN market. That's the
big growth engine now. It's still very much in the early stages, but
virtual private networking means using the Internet for your business
communications instead of just for the classic Internet applications.
And virtual private networking requires more than simply being able to
secure the network. You've also got to make sure that the applications are
going to get through, and that's why you need bandwidth management. You
also need to be able to manage the infrastructure of this now broad and
complex IP [Internet Protocol] network. So you need infrastructure
management and that's why we
did the Metainfo acquisition and now have three separate product lines.
We're going to stop worrying in the future about intranets and Internets
and extranets. It's all just going to get woven together into these broad
and complex IP networks.
These networks require a layer of management that is managing not just the
underlying physical structure of the network, but is managing the behavior
of the traffic on the network. These networks are highly dynamic, so you
can't just manage them as static pieces.
That's exactly the architecture that we're putting in place. So we think
we've got a very good shot at creating a de facto standard.
Security was the first killer application for IP networks, it's why
everybody has
to have network security. And because we're the market leader there, we're
more broadly installed. That's going to be a strong position to build from.
What other services do you still need to be able to offer?
The main additions will enhance the management components and address the
challenges of managing IP networks and directory services. We're not going to
compete with Microsoft or Netscape or Novell or anyone for the actual
directories, but the challenge is to be able to use those directories in an
enterprise-wide environment.
One key area is going to be management tools, reporting and auditing tools,
as well as continuing to enhance the traffic management capabilities and
security. We're fortunate through our OPSEC alliance to be able to not have
to do it all our ourselves. We can let third parties do a lot of the
development and then we can pull it together under our OPSEC architecture
into an integrated system. But over time more and more of those components
may become sufficiently widely desired by customers, and then it would make
sense
for us to pull that under the Check Point umbrella.
How do you see what you're doing in relation to what Cisco does?
They're very complimentary. Cisco and some of the other internetworking
companies come closer to sharing our vision of the future than anyone in the
marketplace. Certainly none of the other security companies are thinking
about the world this way.
The implied question is: So how does Check Point survive if this is
something that Cisco focuses on? Cisco's focus and real strength as a
business is in the platforms that they build and sell into the market. Now,
clearly the software component of those platforms is their value-add;
however, their business focuses around selling the devices that the network
is built out of.
Our focus is on selling the management capability, which needs to be
able to operate in a highly heterogeneous environment. And I'm not just
talking heterogeneous like Cisco and Bay or Cisco and 3Com. I'm talking
about Cisco and Microsoft, because the networks of the future are made up of
routers and switches and servers and workstation gateways and desktops.
The ability to manage these IP services is critical to our customers. I
think they are going to expect to get that from a third party, such as Check
Point, that is not tied to any particular platform.
So is Cisco a competitor?
Our relationship with Cisco can go either of two ways: We can either
become more competitive or more cooperative. And right now I'm actually
optimistic that over time we'll have a chance to become increasingly
cooperative in our relationship with Cisco, as we have with Microsoft.
Certainly we worry about Cisco. I don't want to create the rosy picture
that we have nothing to worry about. I'm optimistic that we can actually
become closer, but today they are our biggest competitor. We're still
dramatically larger in terms of market share than Cisco is within the
context of the security market. But Cisco's a large company, a successful
company, and we'll continue to view them as our biggest competitor.
NEXT: Risking it for security