Tuesday, September 29, 2015

Stateful Inspection, who invented it, really?

In my first Check Point video nugget one of the questions is about inventors of Stateful Inspection.

I thought it was a simple one. Surprisingly, I have received some unexpected answers. Most of them were about Nir Zuk being the actual inventor. That made me thinking, what if I myself was mistaken, and the guy actually did that? So I have started researching this.

Here are some results.

I was actually right. Patent rights to Stateful Inspection belong to Check Point and Gil Shwed, according to US patent 5,606,668. The patent application was filed in 1993.

So, what about Nir then?

Well, here it is quite interesting. Nir Zuk does not hesitate crediting himself for developing Stateful Inspection.

Here is the quote from Palo Alto web site: "Nir was... a principal engineer at Check Point Software Technologies, and was one of the developers of stateful inspection technology."

It is very accurate, isn't it? "One of the developers..." Of course he was, he worked with Check Point from 1994 till 1999. He could not possible invent it, considering half a year gap between filing the patent application and his start in Check Point.

Should not confuse us much, right? It must be something else.

In Nir's interview to IT World in April 2010 when talking about his Check Point years he says:  "We invented a technology called stateful inspection, on which all network security technology today is based." This is a bigger statement, but again, if by "we" he means "we, Check Point", there is probably nothing wrong there.

The article itself is peculiar. There he also claims he single-handedly developed Floodgate product in 1999 and then was practically pushed out of the company by Israeli developers for doing so. I will not comment on that, as we are discussing Stateful Inspection topic only.

There is one more article from 2008 published by InformationWeek. The title is very promising: "Who invented the firewall".

Believe it or not, the very first sentence credits Nir Zuk. It says: "Nir Zuk says he developed the technology used in all firewalls today." The article is brilliant, it its own way.

The author, Kelly J. Higgins is apparently not fluent with FW technical terms. I would not blame her much, although her attempt to crack the case does not deserve full marks, in my humble opinion. She quotes one of the experts in the article though, saying: "Zuk was the father of the stateful firewall product at Check Point…"

Funny, Check Point is only mentioned in the article if if referenced to Nir Zuk. Here is another example: "Meanwhile, Zuk, who helped build Check Point's firewall technology, isn't shy about taking credit for the first commercial firewall."

If I would read this without any background, it would be clear to me: Nir does it all. He is the father, developer, inventor and, finally, helper. All praise Nir.

Well, the whole story is a very good example of bold PR (If you have ever seen Palo Alto marketing presentation, you know what I am referring to) and inaccurate journalism.

Nir Zuk was one of the developers, all right. The rest is just noise on the channel.

If you have spotted anything inaccurate this, please let me know. It might be possible (although unlikely) I am still missing some parts of this puzzle.  


  1. Nir Zuk is listed as an inventor on US Patent 5,835,726, along with Gil Shwed and various other team members at Check Point Software Technologies.

    A system for securing the flow of and selectively modifying packets in a computer network


    1. Thanks, of course Nir has some inventions, his own and as part of CP development team. That was not the point

  2. See this press release from 1997. Check Point was awarded the patent for Stateful Inspection for US Patent 5,835,726, which was developed by Gil Shwed, Shlomo Kramer, and Nir Zuk.


    This is also referenced on Wikipedia: https://en.wikipedia.org/wiki/Check_Point_VPN-1

    Nir joined Check Point in 1994, the same year that Check Point 1.0 was released.

    1. what I have made already.

      Yes, Nir joined Check Point in 1994, three month after patent 5,606,866 was filed. His name is not in the application, that patent has only name of Gil Shwed on it.

      I am quoting from your own link, Check Point press release:

      The patent, U.S. Patent #5,606,668, issued on February 25, 1997, covers, among other things, Check Point Software's implementation of "Stateful Inspection" technology for controlling network traffic, which includes a flexible, easily-alterable network security method for examining the information flow into and out of a network and making security decisions based on previously stored results.

      If you can read that, patent 5,606,668 is about stateful inspection and not one that you mentioned above. You do see the difference between 5,606,668 and later one, 5,835726, with Nir's name in it?

      What are you trying to say, actually?

    2. Damn it, I cannot edit my own comment, grrrr. The very first sentence should be: I am not sure if you are trying to make a point different from what I have made already.

      Sorry for the inconvenience,

    3. Good catch Valeri! There's no disputing that Gil Shwed was the inventor of Stateful Inspection, or that he founded Check Point Software Technologies back in 1993 prior to other team members joining.

    4. I did state this in the actual post, didn't I? :-)

  3. This conversation has a lot of parallels to Thomas Edison vs Nikola Tesla. You'll enjoy this cartoon strip:


    In this example, Shwed is Edison and Zuk is Tesla

    1. Surely that hold be the other way around?
      With Schwed as Tesla and Zuk as Edison.

      This is coming from an SE who is tired of going to meet customers after they have seen PAN and desperately trying to explain that PAN did not invent the term UTM, or the term NGFW.

  4. Nir was credited with developing a large portion Check Point FloodGate if I'm not mistaken. NOT Stateful Inspection. Typical PAN FUD.

    1. Second link, Nir's interview from 2010, he tells takes about floodgate

  5. Was the typo in your text intentional? It mentions "Fooldgate" rather than "Floodgate" ?

    1. No, it was not. Thanks for bringing this up, I will fix it at once.