The founding generation of Check Point Software Technologies seems poised to make a big splash in the U.S. capital market in 2012. Three signs point in this direction: Revenues for Gil Shwed's Check Point rose 14% in 2011, to $1.25 billion; Shlomo Kramer, another Check Point founder, raised $90 million in New York at the end of 2011 in the initial public offering of a second company he founded - Imperva; and now Nir Zuk, one of Check Point's original employees, is headed toward an IPO on Nasdaq with Palo Alto Networks.
Last week The Wall Street Journal reported that Palo Alto has been making the rounds among investment banks to serve as underwriters for the upcoming IPO. Zuk told TheMarker he can't grant an interview before the IPO is completed.
Based on financial figures revealed in The Wall Street Journal, it seems the company is well suited to making a public offering. Its revenues in the second quarter of 2011 amounted to about $50 million, twice those of the same quarter the previous year, and should reach at least $200 million in annual terms if it keeps up the pace. Besides, the company's cash flows have now been positive for five consecutive quarters.
We asked a data security expert how come the Check Point old-timers all have new companies now ready for breakthroughs on the capital market. He believes the three succeeded thanks to knowledge and experience gained from serving in Unit 8200 of the Israel Defense Forces' intelligence corps, which spawned a great number of start-ups, in addition to accumulating years of experience in innovation and thinking out of the box.
In contrast to many other Israeli entrepreneurs, the three have been careful about jumping around between ventures or allowing themselves to be enticed by attractive sell-out offers. They are completely focused on a single goal - building a large company. All three are involved in firewall software. Check Point and Palo Alto are centered on enterprise network firewalls that protect organizations' electronic gateways - their computer networks - from penetration by computer viruses and worms, while Imperva deals with web application firewalls. Data security experts say Palo Alto now competes head-to-head with Check Point. Other major players in this market include Juniper Networks, Cisco Systems and Fortinet.
Last month Gartner, a leading information technology research firm, ranked Palo Alto's technological solution among the top four organizational firewalls, alongside Check Point. The ranking spotlights Palo Alto as one of the sector's dominant players and could lead to a wave of new orders for the company.
How, just seven years after being started, Palo Alto Networks has become a major force in its field and one of Check Point's most tenacious competitors, all begins and ends with Zuk. He joined Check Point in 1994 as one of its first employees, linking up with Shwed and Kramer who he knew from their days serving in Unit 8200. Shortly thereafter Zuk was appointed Check Point's chief engineer, but he fell out with the company within a few years.
Zuk let the bad blood between him and Check Point be known publicly, as he drove around Silicon Valley in a car with the license plate "CHKPKLR" - Check Point Killer.
In 2002 Zuk sold OneSecure, a company he had founded, to NetScreen Technologies for $45 million and became its chief technology officer. When Juniper Networks bought NetScreen in 2004 for $4 billion in stock, Zuk became Juniper's vice president of data security. In 2005 he left Juniper and founded Palo Alto Networks.
Kramer has also become a Palo Alto shareholder. Market rumors have it that Kramer didn't just invest in the company, he also switched Imperva's firewall from Check Point's to Palo Alto's.
Palo Alto scales new heights
Palo Alto's product, from a technological standpoint, is considered the next generation of firewalls. While standard firewalls prevent viruses and worms from penetrating according to the IP address and port from which they originate, Palo Alto's firewalls block malicious software according to the type of application. They don't only block specific addresses, but also usages within applications found at the same address. This would be like, for example, a Facebook user being prevented only from connecting to Zynga games within Facebook.
All firewall companies are now developing next-generation solutions, says an industry expert. "Check Point is developing technology in a similar direction to that of Palo Alto Networks, and Fortinet is too," says the expert. "Juniper still has a way to go to get there." Fortinet is considered very advanced, but is geared in the local market toward small and medium-sized businesses, not large organizations.
Palo Alto also offers customers a service for checking suspicious files sent to users within an organization. If a user in the organization is sent a suspicious-looking file, Palo Alto's firewall stops it and checks it before it lands in the user's computer. If the file turns out to be harmless, the firewall then allows it through.
"For some reason Check Point is taking too much time closing the gap with Palo Alto Networks," claims the expert. "They bought a database containing information on all the applications but still haven't managed to identify all the existing applications. Palo Alto identifies viruses and worms in applications much better. Not only that, but they can teach systems about new applications."
One interesting story making the rounds is that after Juniper bought NetScreen, Zuk suggested developing an advanced firewall similar to the one later devised by Palo Alto, but Juniper wasn't interested. That's when Zuk left the company, says the source, set up Palo Alto Networks, and did an end run around Juniper.
Palo Alto is represented in Israel by InnoCom of the Aman information technology group. Although the company has many customers, most of the market still leans toward Check Point. "They tend to treat Check Point kindly," says the expert.
Imperva's stock shooting up
Imperva doesn't compete with Check Point and Palo Alto. It develops products for an entirely different field - protecting websites. Its main competitor is F5 Networks. The company conducted an IPO on the New York Stock Exchange in November, selling five million shares at $18 per share, transcending the planned range of $14 to $16 per share.
Company value derived from the IPO totaled about $400 million. Trading under the symbol "IMPV," the stock has since shot up to $33 per share, raising the company's trading value to $729 million. Imperva was expected to reveal its 2011 and fourth quarter financial results this week.
Kramer, its founder, has consistently shied away from granting media interviews about the company.
Imperva was founded at the end of 2002. Headquartered in Redwood Shores, California, the company has a development center in Tel Aviv and sales offices throughout Europe. Kramer's company developed software that protects organizational files and manages permission to access them from any location, while maintaining data security and file confidentiality. Imperva's software can also track file activity and detect potential threats.
Last year The Wall Street Journal included Imperva in its list of the 50 most promising venture-capital-funded companies. Explaining why it's a "hot" company, the newspaper mentioned that its CEO, Kramer, was also a cofounder of Check Point. Kramer, Shwed and fellow founder Marius Nacht invented the firewall in 1993 and turned the start-up into a data-protection giant.
In addition to Check Point and Imperva, Kramer also founded Trusteer, the developer of Rapport, a software security solution for protecting websites from identity theft of customers. He also founded Confidela, which developed software allowing people in an organization to share documents and work on them together at the same time while preventing misuse and loss or theft of critical organizational data.
The market predicts that Imperva will be successful, especially considering the recent hacker attacks in Israel and around the world. The company's technology could prevent hackers from penetrating computer systems and damaging websites - something that, in light of the cyber war, has become much sought-after protection.