ZoneAlarm ForceField delivers a unique approach to security – not just another take or enhancement of something already out there, but something genuinely new. So how did this come about? Here is a rough, high level, story line about how we first decided to build a product like ZoneAlarm ForceField.
- Philosophy: We started as a firewall company, not an antivirus company. That gave us the perspective of _preventing_ harm from coming to your computer in the first place, which is what firewalls do, rather than only _detecting and removing_ threats that have already gotten onto your PC, which is what antivirus does.
- Need for innovation: Hackers were innovating, finding new ways to attack, but there hadn’t been any truly significant innovations on the security side recently. We were looking for an innovation that could combat these new attacks as well as attacks that haven’t been invented yet – an innovation that rivaled our initial Firewall and our more recent OSFirewall (mid-2005).
- Use the web: We became more and more interested in using the web to improve our security – to think “beyond the PC” and the bits on the PC. We have always been a leading edge Internet company: our free ZoneAlarm firewall got more downloads than Napster at one point, and our DefenseNet community helps us identify threats more quickly, more quietly. In June of 2006, we launched the Identity Protection Center with online services to help prevent and recover from identity theft.
- Web evolution: The web continued to develop as a more sophisticated platform (“Web 2.0”, AJAX) and hackers were using new technologies and the web in news ways to attack customers: more sophisticated malware, rootkits, botnets, phishing sites, spyware, drive-by downloads, tools to quickly create new viruses, and more.
- Other technologies: We looked at lots of technologies and trends, like “on demand” software as a service, virtualization, communities and social networking, mobile, and much more. We also looked at internal technologies including things from the enterprise side of Check Point, particularly ICS and virtualization. We brainstormed with development, marketing, others – we proposed, reviewed and discussed a variety of different technology and company directions we could take.
- Bubbled up: A concept we internally called “Secure Browsing” clearly started to distinguish itself. One of the enterprise PMs on ICS was particularly interested in a consumer solution with that technology. Development became more and more interested in using virtualization in new ways to provide protection. Check Point had already built some impressive technology in that area that we could build on.
- Definition: We needed to narrow and more clearly define what we wanted to do. Product Management created scenarios to show how these technologies could deliver customer benefit. We concluded that we needed to narrow specifically to the web session itself, not something broader, to provide very strong protection and a great user experience. Research of this “web only approach”, including flat surveys and some more sophisticated conjoint analysis work done for us by our friends at Incyte Group, showed tremendous customer interest in this concept.
So we decided, in the second half of 2006, to go for it. And then the real work began (if you don’t count all of that technology that had already been developed) and grew, with teams from Minsk and California joining forces to deliver the first public beta that launched today.
Enjoy.
Perhaps, you have something interesting to say?