ZoneLabs: The Hot Stuff in Firewalls


By Alex Salkever Can you give something away and still make money? That was the way of the early Web, and few companies that charted that course in those treacherous waters lived to tell the tale. Then there's ZoneLabs, which started out in 1997 handing out free downloads of an advanced personal firewall.

Today, CEO Gregor Freund, a former executive at Borland Intl., has 168 employees and claims 1.6 million paying customers that buy either a basic or enhanced version of his firewall or a management program that can be used to upgrade and configure thousands of ZoneAlarm firewalls from a central location. About 25% of customers are corporations, up from none three years ago. Prices range from $50 for consumer versions to up to six figures for high-end corporate systems.

According to Freund, revenues are vaulting 25% per quarter, which would make this the fastest-growing computer-security outfit around. In the first quarter of 2002, the San Francisco-based ZoneLabs tallied $6 million in gross sales, almost half of the $12.8 million it collected for all of 2001. That might explain how Freund managed to raise $24.5 million in third-round venture-capital financing on May 21, despite the reluctance these days of Silicon Valley moneymen to sign deals.

COMPANY IS COMING. Success for Freund and ZoneLabs is hardly assured, of course. Microsoft (MSFT) included a firewall in its latest operating system, Windows XP. If it follows up on this by including more advanced firewall features as standard in future releases, ZoneLabs and others could get crunched. Big corporate firewall aces NetScreen (NSCN) and Check Point Software (CHKP) are swimming downstream from large servers to the single-user desktop market, ZoneLabs' territory. Meanwhile, chief competitor Symantec (SYMC) can't be expected to stand still while Freund attacks one of its more lucrative franchises in the consumer market.

ZoneLabs is worth watching, though. Freund -- a serious coder in his own right -- holds several of the key patents that power the company's ZoneAlarm firewalls. And he has lots of credibility in the software field as a result of helping tech visionary Phillipe Kahn build Starfish Software, which created programs to help wireless devices synch with networks.

Freund's desktop software is arguably the most advanced consumer firewall on the market today. ZoneAlarm asks a user to validate all connection requests, incoming or outgoing. That differs from many personal firewalls, which demand only that users validate incoming requests from external networks or the Internet. It means ZoneAlarm protects users from so-called Trojan Horse programs that surreptitiously nest on an unsuspecting Web surfer's computer and use it as a launchpad for attacks on other computers.

REMOTE CONFIGURATION. As an added bonus, ZoneAlarm gives users the capability to assign different risk levels to software they use. This added protection could prevent a rogue program mistakenly downloaded off the Web from spawning further problems by altering the basic registry system at the heart of the Windows OS.

The biggest selling point ZoneLabs has right now for corporations, however, is its Integrity Server. This system allows a network administrator to download and configure personal firewalls for thousands of desktops or laptops. Previously, administrators would have to install personal firewalls one-by-one, in most cases. Otherwise, they could allow users to do it themselves, something that often leads to problems.

ZoneAlarm also allows the administrator to set configurations that allow only the user to access the Internet when the firewall is up and running. By forcing users to run a firewall before they log on, systems administrators ensure that a minimum level of security is running regardless of where the user happens to be located. "If I use my Ethernet adapter in a hotel room, I have to make the decision. Sometimes you trust the LAN [local-area network] and sometimes you don't," says Freund.

"APPLICATION AWARENESS." Better still, ZoneAlarms can hook into some Cisco Systems (CSCO) virtual private network (VPN) products and force users to run the firewall before a network will sanction an encrypted VPN connection. The Cisco connection is golden for ZoneLabs, since the data-networking company is usually considered first or second in the VPN market.

Advanced technology and ease of use is what convinced Adobe Systems (ADBE) to use ZoneAlarm to lock down its employees' remote connections to the corporate network. "We liked that it had application awareness and could be hooked to the VPN. Overall, we have been quite pleased with the feature set," says Ed McCreigh, the principal computer scientist at Adobe who managed the ZoneLabs program.

Like many other enterprise products aimed at serving thousands of users, a corporate license for Integrity Server isn't cheap -- depending on the customization, it can easily run well up into five figures. And with annual maintenance and per-seat charges, it could prove to be the most lucrative product in the ZoneLabs lineup.

REDMOND'S LONG SHADOW. On the consumer side, 90% of ZoneLabs' sales are over the Web. That means hefty margins compared to Symantec and other competitors, which still sell a significant chunk of their product off the shelf. "We're starting out with 90% profit margins on our product," says Freund. "It's hard for anyone with a traditional retail outlet, where you have to give middlemen and others a cut of the pie, to touch that."

As firewall competition heats up, though, the next year could be crucial for ZoneLabs. Prices on dedicated firewall appliances such as SonicWall (SNWL) and WatchGuard (WGRD) -- products targeted at small to midsize businesses -- are coming down fast and already competitive with ZoneLabs. The big boys of the firewall market, Check Point and NetScreen, are both actively selling products in the desktop market, in part due to slower sales growth for larger firewalls. And there's always the long shadow of the Colossus of Redmond.

Freund hardly seems worried, though. Many more companies want protection on every desktop due to the fluidity of corporate networks and the mobile workforce. The big guys are not accustomed to selling desktop products, let alone to smaller businesses, which should be responsible for much of the growth in the segment, he figures. As for Microsoft, "We think the future of the XP firewall is going to be roughly the future of NotePad when it started out in Windows 95. There's a lot of stuff MS has just put in there as a basic need," Freund says.

BROADBAND BUNDLES. A bigger problem might be convincing the significant majority of ZoneAlarm's users, who run the free software, to upgrade to pay versions. Only 8% of the 20 million users are paying for their product. Freund might make up for the freebie shortfall with new customer initiatives. He has targeted the always-on broadband market.

That's why ZoneLabs inked a March, 2002, deal with Motorola to include a free 90-day version of ZoneAlarm's pro product with Motorola's cable modems -- something that Freund says will put ZoneAlarm at least in the hands of 2.6 million Web surfers. The Motorola move comes on top of a September, 2001, deal with router giant Linksys to market ZoneAlarm software to broadband users. And Freund says he has a couple more deals in the pipeline with big Internet service providers, but he won't divulge the details yet.

So when's the IPO? "My investment bankers say the current window is when we are cash-flow positive and grossing $10 million per quarter," he says. Cash flow-positive will likely happen in the next two years, he adds. ZoneLabs might be one of the last of the dot-com freebies to make it to the big show. Still, it looks like a model for how to cross over in the software biz. Salkever covers computer security issues weekly in his Security Net column, only on BusinessWeek Online


The Good Business Issue
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus