Why Check Point should buy RSA

Well, things have changed from almost 10 years ago, but I was taking a trip down memory lane with the new HP – Arcsight acquisition and came across this. I suppose nowadays perhaps RSA (EMC) should be buying Check Point, and clearly OPSEC is nothing like what it was back then, but I found it intriguing. It was a Hurwitz Group Trend Watch.

Security Strategies – January 31, 2002

Why Check Point should buy RSA

By: Pete Lindstrom, Director — Reply to:plindstrom@hurwitz.com [not active anymore]

It is no secret that the security space is highly fragmented. Hundreds of companies vie for market share and mindshare amidst hundreds of others, all with a bit of a unique spin – operating within the Four Disciplines of security management (Identity, Configuration, Threat, and Trust Management). Even within Operational Security (Authentication, Access Control) choices and configurations abound. There is no true “security” company because there is so much to do and so many ways to do it.


The company that can consolidate solutions and provide broad coverage in the areas described above will own the security market. But who will that be? Right now, Symantec has a strong story in the Threat Management and Configuration Management space, with ISS close behind. Tivoli has a strong presence in Access Control and is working on mindshare in Identity Management and Threat Management. Netegrity and Verisign have interesting plays in Access Control and Trust Management, respectively. CA has products in just about all of these areas, but no solid mindshare. That leaves Check Point and RSA.

Check Point and RSA – at its most basic level, there doesn’t seem to be too much in common. But a second look reveals plenty of similarities, in both their businesses and solutions:

n Both Check Point and RSA own the markets and the minds in firewalls and authentication, respectively.

n Both have strong indirect channels. In fact, they share many of the same resellers.

n There are two basic prerequisites to selling a security solution – if you support authentication, you must support RSA’s SecurID; if you have a network security solution, you must join Check Point’s OPSEC Alliance.

n Check Point provides Access Control at the network layer. RSA provides Authentication at the network and application layers. Authentication and access control are always linked, with the common denominator for networks being the VPN.

But wait, there’s more. From that position, they could roll up the authentication space by adding biometrics and dedicating effort toward smart cards and single sign-on (with RSA’s RADIUS server). They can take the Securant solution that RSA acquired and integrate it with firewalls –increasingly important in the continual blend of the network and application layers.

There are other reasons to consider this, but the end result is the same: A Check Point – RSA merger would result in an operational security powerhouse that could own and define the security space in years to come.