"It's a challenge to get awareness in the mid-sector," McKinnel says. "There's an attitude of: 'We don't need tight security. We're not a bank' or, 'Yes, we need it, but we can get everything in one box'."

The one-point solution, usually a basic firewall and intrusion detector, plus virus scanning, is probably inadequate for a sizeable company which is exposed both to an always-on internet and to personal devices that are used in the outside world by staff and then brought into the company and attached to the network, McKinnel says.

But guarding against viruses and worms is not the end of the story, he says. "Trojans and key loggers are far more insidious." While the typical business focuses on the traditional cracker who creates a nuisance or tries to cripple the system, "increasingly, the real issues are industrial espionage and identity management," McKinnel says.

The challenge involves making companies aware of the changing nature of the problem, as much as supplying and implementing security systems, McKinnel says. As a result, Check Point is tending to concentrate on education and consultancy these days, while its local partners do the actual selling. These partners, in turn, need to have their training kept up-to-date. Accordingly, Check Point is revising its accreditation procedures for resellers.