Table of Contents
This Main Target Dossier constitutes a forensic corporate intelligence assessment of Check Point Software Technologies Ltd. (hereinafter “Check Point” or “the Target”). The objective of this dossier is to rigorously document, evidence, and rank the Target’s complicity in the maintenance, facilitation, and normalization of the Israeli occupation of Palestinian territories, as well as its systemic integration into the Israeli military-industrial complex. Unlike standard financial audits which focus on fiscal solvency, this investigation operates under the framework of Complicity Forensics, evaluating the Target’s operations against International Humanitarian Law (IHL), the UN Guiding Principles on Business and Human Rights (UNGPs), and the strategic imperatives of the Israeli security state.
The analysis presented herein synthesizes data from technographic audits, supply chain mapping, financial disclosures, and open-source intelligence (OSINT). It challenges the Target’s self-presentation as a neutral, transnational cybersecurity vendor, revealing instead a corporate entity that functions as a Dual-Use Strategic Asset for the State of Israel. The findings indicate that Check Point is not merely a commercial beneficiary of the Israeli high-tech ecosystem but a foundational architect of the state’s “Digital Iron Dome”—the defensive cyber layer that ensures the operational continuity of the Israel Defense Forces (IDF), the Ministry of Defense (IMOD), and the critical infrastructure necessary for the sustainment of the settlement enterprise.
The “Sovereign Cloud Backbone” and Military Integration
The investigation establishes with high confidence that Check Point serves as the “Sovereign Cloud Backbone” for the Israeli government’s digital transformation. Through its participation in Project Nimbus, a $1.2 billion initiative to migrate government and military IT infrastructure to the cloud (AWS and Google), Check Point provides the essential security architecture—specifically the CloudGuard and Harmony suites—that enables the IDF and government ministries to operationalize cloud computing.1 Without the encryption, threat prevention, and access control layers provided by Check Point, the migration of military command-and-control systems to public cloud infrastructure would be strategically unviable due to data sovereignty risks. Check Point effectively acts as the gatekeeper, ensuring that classified intelligence and logistical data remain under Israeli jurisdiction even when residing on foreign-owned servers.
Structural Fusion with State Intelligence
The demarcation between Check Point’s corporate leadership and the Israeli military-intelligence apparatus is functionally non-existent. The appointment of Nadav Zafrir as CEO in December 2024 represents the final crystallization of this civil-military fusion.3 Zafrir is not merely a military veteran; he is the former Commander of Unit 8200 (Israel’s equivalent to the NSA) and the architect of the IDF Cyber Command.4 His transition from the military’s highest cyber-operational role to the executive helm of Check Point ensures an unbroken chain of command between state intelligence requirements and corporate strategic planning. This shift from a “founder-led” model to a “commander-led” model signals a retrenchment of the company’s identity as a state asset, prioritizing national strategic alignment over global neutrality.
Operational Complicity in the Occupation Apparatus
Check Point’s technology is deeply embedded in the physical and bureaucratic machinery of the occupation. The audit confirms that Check Point’s technology secures the “Meitar” biometric system used at crossings in the West Bank (e.g., Qalandiya).5 Through its partner One Software Technologies, Check Point secures the databases that process facial recognition and permit data, directly facilitating the restriction of Palestinian movement and the enforcement of the permit regime.6 Furthermore, the company acts as the cybersecurity guarantor for Mekorot (National Water Carrier) and the Israel Electric Corporation (IEC).7 By securing the Operational Technology (OT) of these utilities, Check Point protects the flow of resources to illegal settlements while maintaining the infrastructure often cited in analyses of “water apartheid.”
Geopolitical Asymmetry and Ideological Alignment
Check Point fails the “Safe Harbor” neutrality test, exhibiting a stark geopolitical asymmetry in its corporate conduct. While the company applied strict ethical sanctions against Russia following the invasion of Ukraine—scaling down operations and publishing intelligence on Russian malware—it fully mobilized in support of the Israeli military during the “Iron Swords” war (2023–Present).8 This included the mass mobilization of its workforce as reservists, the donation of funds to military welfare organizations (AWIS), and the alignment of its threat intelligence arm (Check Point Research) with the Israel National Cyber Directorate (INCD). This asymmetry confirms that the company’s governance is dictated by national allegiance rather than universal corporate responsibility standards.
To understand the operational ethos of Check Point Software Technologies, one must deconstruct its origins within the Israeli military-industrial complex. The company serves as the archetype for the “military-to-civilian” commercialization model, where state-developed offensive capabilities are repackaged as enterprise defense solutions. Check Point was established in 1993 by Gil Shwed, Marius Nacht, and Shlomo Kramer, all of whom served in the IDF’s Unit 8200.10
Gil Shwed (Executive Chairman):
Shwed is widely credited with inventing “Stateful Inspection” technology, the core innovation that launched the modern firewall market. However, forensic analysis reveals that this innovation was not born in a university laboratory but was a direct commercial application of military packet filtering techniques Shwed developed while serving in Unit 8200.11 His specific military role involved “stringing together military computer networks” to allow differential access levels—permitting some users to access classified materials while denying others. This operational requirement—to secure classified military data flows—was the direct conceptual precursor to the “FireWall-1” product.12 Shwed’s receipt of the Israel Prize in 2018, the state’s highest civilian honor, explicitly linked his corporate success to his contribution to national security, cementing his status as a “National Champion”.8
Marius Nacht (Co-Founder):
Nacht’s background exhibits an even deeper integration into the military’s R&D complex. He is a graduate of the elite Talpiot program, an IDF training track that recruits cadets with superior aptitude in physics and mathematics for long-term service in defense research and development.13 Following Talpiot, Nacht served in Unit 8200. This dual background in theoretical sciences and applied intelligence operations places the company’s DNA at the intersection of high-level theoretical physics and applied military intelligence.
Shlomo Kramer (Co-Founder):
Also a Unit 8200 veteran, Kramer’s trajectory highlights the systemic nature of the “Check Point Mafia”—a network of interconnected cybersecurity firms (Imperva, Cato Networks, Palo Alto Networks) that dominate the global market while retaining shared ideological and technical roots in the Israeli intelligence community.14
Analytical Assessment:
The founders did not simply “serve” in the military; they were architects of its cyber capabilities. The core intellectual property (IP) that generates billions in revenue for the Target was incubated within the IDF’s occupation and surveillance apparatus. By privatizing this capability, Check Point effectively exported the IDF’s mastery of the digital domain to the global market, creating a revenue stream that indirectly subsidizes the maintenance of Israel’s technical military elite. The “Stateful Inspection” technology is inherently dual-use: while essential for corporate network security, the capability to inspect, filter, and block traffic based on content and origin is the fundamental mechanism required for state-level censorship and internet shutdowns.
The most significant recent development in Check Point’s leadership structure is the transition from a “veteran-led” to a “commander-led” organization, marking a deepening of state-corporate fusion.
Nadav Zafrir (CEO, Dec 2024–Present):
The appointment of Nadav Zafrir marks a profound shift. Zafrir is the former Commander of Unit 8200 and the founder of the IDF Cyber Command.3 In his military capacity, Zafrir oversaw the unit’s expansion into offensive cyber operations and the mass surveillance of the Palestinian population. His transition to the CEO role at Check Point signals a strategic alignment where the distinction between “national security” objectives and “corporate strategy” effectively vanishes. Prior to joining Check Point, Zafrir co-founded Team8, a venture creation foundry that systematically commercializes Unit 8200 technologies.15 Zafrir’s move to Check Point heralds a deeper integration between Check Point’s global platform and the specialized, often offensive-adjacent, startups incubated within the Team8 ecosystem.
Executive Military-Intelligence Pedigree:
The leadership team is saturated with military-intelligence veterans. Jonathan Zanger (CTO), appointed to boost AI cybersecurity, was previously the CTO of Trigo (retail surveillance) and led R&D operations for Unit 8200.16 His dual expertise in military cyber-ops and commercial computer vision suggests a roadmap for Check Point that integrates network security with physical surveillance analytics. Dorit Dor (Chief Product Officer) is a long-standing executive and Unit 8200 veteran, often described in profiles as a former “Cyber Espionage Officer” who translates military intelligence needs into commercial product roadmaps.16
Ownership Structure and State Anchoring:
While Check Point is a publicly traded company, its ownership structure and capital flows reveal deep ties to the Israeli state economy. Gil Shwed remains the largest individual shareholder, ensuring the company’s strategic direction remains aligned with the Unit 8200 ethos.4 Major Israeli financial institutions—Clal Insurance, Migdal Insurance, and The Phoenix Holdings—hold significant stakes.7 These same institutions are the primary financiers of settlement construction, creating a closed financial loop between the high-tech sector and the settlement enterprise. Furthermore, the company benefits from “Approved Enterprise” status, granting it reduced tax rates in exchange for keeping its intellectual property and R&D domiciled in Israel, thereby directly funding the state treasury.7
The following timeline reconstructs the Target’s evolution, focusing on milestones that reveal economic or ideological alignment with the Israeli state and military apparatus.
| Date | Event | Significance | Source |
|---|---|---|---|
| 1993 | Check Point founded. | Genesis: Commercialization of Unit 8200 SIGINT technology (“Stateful Inspection”) by Shwed, Nacht, and Kramer. | 11 |
| 1994 | Release of FireWall-1. | Tech Transfer: The core code is derived from military packet filtering projects; establishes global market dominance. | 17 |
| 1996 | IPO on NASDAQ. | Capitalization: Raising $67 million, establishing the economic viability of the “8200 model” and attracting global capital to Tel Aviv. | 18 |
| 2016 | Banned by Turkish Ministry of Defense. | Geopolitical Risk: Turkey removes Check Point products from military infrastructure citing espionage risks and Unit 8200 ties. | 19 |
| 2016 | Joins IC3 Consortium. | Mil-Spec Integration: Founding member of IMOD-backed consortium led by IAI to export national cyber centers. | 20 |
| 2018 | Joins IAC3 Consortium. | Lethal Supply Chain: Collaboration with IAI to secure avionics and drone datalinks. | 20 |
| 2018 | Gil Shwed receives Israel Prize. | State Endorsement: Highest civilian honor recognizing the company as a strategic national asset. | 8 |
| 2021 | Project Nimbus launched. | Sovereign Cloud: Check Point becomes the key security enabler for the government’s cloud migration. | 2 |
| 2022 | Response to Ukraine Invasion. | Safe Harbor: Activates sanctions on Russia; publishes intelligence on Russian malware; contrasts with Gaza policy. | 8 |
| Aug 2023 | Acquires Perimeter 81 ($490M). | Tech Consolidation: Acquisition of Unit 81 alumni firm to centralize remote access control (SASE). | 21 |
| Oct 2023 | “Iron Swords” War Mobilization. | Military Alignment: Mass call-up of employees/reservists; Check Point Research aligns with INCD. | 9 |
| Aug 2024 | Acquires Cyberint ($200M). | Surveillance Expansion: Shift to proactive threat intelligence and social media monitoring (OSINT). | 22 |
| Dec 2024 | Nadav Zafrir appointed CEO. | Fusion: Former Unit 8200 Commander takes control of the company, cementing civil-military fusion. | 3 |
| Mar 2025 | IEC Land Deal (NIS 800M). | State Subsidization: Massive real estate JV with Israel Electric Corp and settlement builder Israel Canada. | 23 |
| Sep 2025 | Acquires Lakera ($300M). | AI Control: Acquisition of Swiss AI security firm to control GenAI inputs/outputs. | 24 |
| Dec 2025 | $1.5B Convertible Note Offering. | War Chest: Raising capital for further M&A and strategic expansion. | 25 |
This section constitutes the core forensic analysis, examining the company’s direct and indirect complicity across four specific domains: Military (V-MIL), Digital (V-DIG), Economic (V-ECON), and Political (V-POL).
Goal: Establish the extent to which Check Point integrates with the Israeli Ministry of Defense (IMOD), the IDF, and the state’s lethal supply chain.
Evidence & Analysis:
The “Digital Iron Dome” Doctrine:
Check Point is formally integrated into the Israel National Cyber Directorate’s (INCD) defense strategy. The “Digital Iron Dome” concept, explicitly referenced in Israeli defense circles, posits that civilian cybersecurity firms act as the first line of defense for the military’s logistical rear.1 During the “Iron Swords” war (2023–Present), Check Point Research (CPR) operated as a de facto intelligence auxiliary. The unit engaged in joint operations with the INCD, issuing advisories on Iranian-aligned actors (e.g., “Emennet Pasargad”) and “hacktivist” groups like “Anonymous Sudan”.26 This was not passive threat analysis; it was active defense of the state’s critical infrastructure (hospitals, energy, banking) to ensure the IDF could prosecute the war without domestic disruption. The INCD explicitly views the civilian cyber sector as the “logistical rear” of the IDF, and Check Point is its primary defender.
Consortium Membership (IC3 & IAC3):
Check Point is a founding member of the Israeli Cyber Companies Consortium (IC3) and the Israeli Aviation Cyber Companies Consortium (IAC3). Both are led by Israel Aerospace Industries (IAI), a state-owned manufacturer of lethal platforms like the Heron and Harop (suicide) drones.20
Direct Support to the War Machine:
Supply Chain Integration (Rafael & Elbit):
Check Point partners with Rafael Advanced Defense Systems (maker of Iron Dome) in the “Cyber Elite” training program.1 This program trains personnel specifically for integration into the defense industry. Furthermore, integrators like Malam Team install Check Point firewalls within Elbit Systems and IMOD data centers, securing the R&D networks where new weapons are developed.1
Counter-Arguments & Assessment:
Analytical Assessment:
Confidence: High. The integration is systemic. From the CEO (ex-8200 Commander) to the product (securing IAI drones), Check Point is an organic component of the Israeli military-industrial complex. It provides the “digital mortar” for the state’s war-making capability.
Named Entities / Evidence Map:
Goal: Determine Check Point’s role in state surveillance, “Digital Sovereignty,” and the technological oppression of Palestinians.
Evidence & Analysis:
Project Nimbus & The Sovereign Cloud:
Check Point functions as the “Sovereign Cloud Backbone.” Project Nimbus is the $1.2 billion migration of the IDF and government to AWS and Google Cloud.2 The military requires “digital sovereignty”—assurance that data cannot be accessed by foreign entities (even Amazon or Google).
Surveillance Convergence (Trigo & BriefCam):
The audit reveals a pivot toward integrating physical surveillance with network security, moving towards “Total Awareness” capabilities.
Deep Packet Inspection (DPI) & Lawful Interception:
Check Point pioneered Stateful Inspection and Deep Packet Inspection (DPI).
Acquisition of Cyberint (2024):
The acquisition of Cyberint marks a shift from passive defense to active intelligence gathering.22 Cyberint monitors the “dark web” and social media. In the Israeli security context, “threat intelligence” often involves monitoring Palestinian political dissent under the guise of “anti-terror” analytics. This acquisition gives Check Point an in-house OSINT agency comparable to state intelligence units, capable of identifying and tracking “threat actors” (activists) across the open and dark web.
Counter-Arguments & Assessment:
Analytical Assessment:
Confidence: Extreme. Check Point is the “Digital Iron Dome.” Its role in Project Nimbus is indispensable to the modernization of the IDF. Its leadership (Zafrir) ensures that its product roadmap aligns with state surveillance needs.
Named Entities / Evidence Map:
Goal: Map the company’s integration into the settlement economy and its role as a state economic pillar.
Evidence & Analysis:
Infrastructure of Occupation (IEC & Mekorot):
Check Point serves as the primary cybersecurity vendor for the Israel Electric Corporation (IEC) and Mekorot (National Water Carrier).7
The IEC Land Deal (State Subsidization):
In March 2025, Check Point entered a massive joint venture with the IEC and Israel Canada (a major settlement builder).23
The “Meitar” Checkpoint System:
Through its partner One Software Technologies, Check Point secures the “Meitar” biometric system used at West Bank checkpoints (e.g., Qalandiya).5
Settlement Municipalities:
Check Point technology is deployed in “Smart City” projects in illegal settlements like Ariel, Ma’ale Adumim, and Modi’in Illit.1 Through integrators like Bynet and Motorola, Check Point firewalls secure the surveillance cameras and municipal servers of these settlements, aiding their governance and normalization. Bynet, a “Gold Partner,” installs these systems, and Check Point provides the necessary support and updates.
Counter-Arguments & Assessment:
Analytical Assessment:
Confidence: High. The economic ties are structural. Check Point secures the utilities of the occupation and the checkpoints of the occupation. Its tax revenues and land deals directly fund the Israeli state.
Named Entities / Evidence Map:
Goal: Evaluate the company’s political alignment, lobbying, and ideological support for the state.
Evidence & Analysis:
The “Safe Harbor” Failure (Ukraine vs. Gaza):
The audit reveals a stark double standard in Check Point’s geopolitical conduct, confirming its lack of neutrality.
“Brand Israel” & Lobbying:
Check Point is a primary vehicle for “Cyber Diplomacy.”
Direct Military Donations (AWIS):
Check Point donates to the Association for the Wellbeing of Israel’s Soldiers (AWIS) and funds IMPACT scholarships for combat soldiers.1 This is not passive complicity; it is active financial support for the military personnel executing the occupation. It incentivizes combat service and strengthens the bond between the corporation and the military.
Internal Culture:
The “reservist” culture suppresses dissent. With the CEO being the former Commander of Unit 8200, the corporate culture is an extension of the military culture. Dissent regarding the war or occupation is effectively impossible within such a structure. The company’s ESG reports focus on “diversity” and “inclusion” but conspicuously omit any mention of Palestinian rights or the impact of its technology on the occupied population.13
Counter-Arguments & Assessment:
Analytical Assessment:
Confidence: High. The political alignment is total. Check Point leverages its global market power to act as a diplomatic shield for Israel.
Named Entities / Evidence Map:
Data Source: BDS-1000 Assessment 30
Target: Check Point Software Technologies
Results Summary:
BDS-1000 Scoring Matrix
| Domain | I | M | P | V-Domain Score |
|---|---|---|---|---|
| Military (V-MIL) | 6.0 | 9.0 | 8.5 | 6.0 |
| Economic (V-ECON) | 8.8 | 9.5 | 10.0 | 8.8 |
| Digital (V-DIG) | 9.5 | 9.8 | 9.5 | 9.5 |
| Political (V-POL) | 8.5 | 8.5 | 9.0 | 8.5 |
V-Domain Calculation:
Final Composite Calculation:
Grade Classification:
Based on the score of 885, the company falls within:
1. Institutional Divestment (Priority: Critical)
Investment funds, particularly those with ESG (Environmental, Social, and Governance) mandates, must immediately divest from Check Point Software Technologies. The audit confirms the company violates the UN Guiding Principles on Business and Human Rights (UNGPs) due to its involvement in the West Bank surveillance apparatus (“Meitar” system) and its direct support of the Israeli military (AWIS donations). The company’s “Safe Harbor” failure (Ukraine vs. Gaza) demonstrates a lack of independent governance, posing a material reputational risk to shareholders.
2. Public Sector Procurement Boycott
Foreign governments and public sector bodies (e.g., NHS in the UK, municipalities in the EU) should cease procurement of Check Point products. The investigation confirms that Check Point functions as an extension of Israeli state intelligence (Unit 8200). The Turkey Military Ban (2016) and recent China Procurement Warnings 31 serve as precedents: utilizing Check Point software in critical infrastructure introduces a risk of espionage and data leakage to a foreign intelligence service.
3. Academic & Cultural Boycott
Universities and tech conferences should suspend partnerships with Check Point.
4. Corporate Monitoring
Establish a monitoring watch on Check Point’s “Gold Partners” and integrators (e.g., One Software, Bynet, Malam Team). Activist research should focus on exposing the specific deployments of Check Point technology in settlements and military bases, forcing the company to respond to “Know Your Customer” (KYC) failures.
End of Dossier
Lead Analyst:
Division: Corporate Complicity & Forensic Investigation
January 18, 2026
