The enterprise security vendor said Tuesday that it has signed a definitive agreement to acquire Rockville, Md.-based NFR Security for approximately $20 million. The company said it will incorporate NFR's intrusion detection and prevention (IDS/IPS) technologies into Check Point's family of firewall, VPN and security management products.
Since Check Point has been lacking in the IDS/IPS department, analysts believe that's a wise move.
"Check Point has been missing a piece of the market and needed this technology," said Greg Young, a research vice president for Stamford, Conn.-based Gartner Inc. "Their choices were to develop it themselves or acquire someone, and I think they did the right thing by going with NFR."
The move is equally good for NFR, since the company has struggled to get its name out there, Young said, adding, "Check Point will be getting good IDS/IPS technology and NFR will get the business boost it has needed."
Paul Stamp, a senior security analyst for Cambridge, Mass.-based Forrester Research Inc., said Check Point has struggled to build its credibility in the deep packet inspection and intrusion prevention market place and that "their application intelligence capabilities just weren't cutting it." He believes the NFR acquisition will give Check Point the breakthrough it has been looking for.
The acquisition has left some industry experts wondering if Check Point is trying to make up for the ground it lost when the $225 million Sourcefire deal fell through.
That deal was unpopular among Sourcefire customers who use the vendor's widely popular open source Snort IDS tool. Some feared Check Point would allow Snort to languish. And some said it has done so since it acquired the popular free ZoneAlarm desktop firewall application as part of its $205 million purchase of Zone Labs in 2003. Others worry that Check Point would seek to further monetize Snort by no longer allowing it to be an open source product.
Check Point, an Israeli firm, ran into trouble with the Committee on Foreign Investment in the United States (CFIUS), which scrutinized the deal amid concerns that foreign ownership of Snort would threaten U.S. national security. Snort is used by the U.S. Department of Defense, among others.
Stamp believes the NFR acquisition is Check Point's way of making up for the Sourcefire debacle.
"This is definitely a make-up game, but arguably this is better for Check Point than the Sourcefire deal," Stamp said in an email exchange. "The IPS market is consolidating down to a few players so there are a few good bargains out there, and Check Point seems to have picked one up."
Pete Lindstrom, a senior analyst with Midvale, Utah-based Burton Group, shared Stamp's assessment.
"At one-tenth the price of Sourcefire, this is a clear technology bargain," he said in an email exchange. "It is safe to assume that Check Point wants a company in this space and there really aren't many left. However, I suspect NFR was in the same boat to accept such a low offer. They (NFR) were pioneers in their space but really got left behind market-traction wise."
Gil Shwed, founder and chief executive officer of Check Point, agreed in a statement that the NFR deal is the next logical step in his company's evolution.
"This acquisition is an important step in Check Point's leadership strategy to continuously raise the level of security available to enterprises for protecting their mission-critical networks. It is part of our focus on two primary layers: network security as our core platform and our recently announced expansion into data security," he said.