Puma Digital Audit

1. Executive Intelligence Summary

1.1. Audit Scope and Objectives

This report constitutes a comprehensive Technographic Audit of Puma SE (XETRA: PUM), conducted to determine its Digital Complicity Score (DCS) regarding the Israeli occupation of Palestinian territories. Unlike traditional Environmental, Social, and Governance (ESG) audits which focus on overt political stances or labor practices, this technographic analysis penetrates the digital infrastructure, software dependencies, and cyber-physical supply chains that underpin Puma’s global operations.

The objective is to rigorously document evidence of entanglement with the “Unit 8200” Stack—a cluster of technology vendors founded by alumni of the Israel Defense Forces’ elite signals intelligence unit—as well as engagement with surveillance capitalism mechanisms, digital transformation projects rooted in the Israeli tech ecosystem, and physical retail operations within occupied zones. The audit utilizes a forensic approach, synthesizing open-source intelligence (OSINT), technical documentation, corporate case studies, and vendor telemetry to construct a detailed map of Puma’s “Digital Complicity.”

1.2. The “Jersey to Server” Shift

For the past five years, activist attention has centered on Puma’s visible sponsorship of the Israel Football Association (IFA). This audit confirms that while Puma has strategically decided to terminate this sponsorship upon its contract expiry in December 2024, ostensibly for “business reasons” related to a “fewer-bigger-better” marketing strategy ¹, the company’s integration with the Israeli economy has simultaneously deepened in the invisible layers of its technology stack.

The “Jersey to Server” shift represents a critical evolution in corporate complicity. While the logo is removed from the football pitch—a visible victory for boycott movements—Puma’s corporate immune system (cybersecurity), nervous system (observability/data analytics), and physical distribution network remain deeply entrenched in the occupation economy.

1.3. Key Forensic Findings

The audit has identified Systemic Integration across multiple vectors:

1. The “8200” Cyber-Dependency: Puma’s endpoint security is anchored by SentinelOne, a platform founded by Unit 8200 veterans. This technology, deployed via Puma’s Managed Service Provider (MSP) Noris Network AG, operates at the kernel level of Puma’s infrastructure.³ Furthermore, there is significant integration pressure from Check Point and Wiz, creating a “vendor lock-in” with the Israeli cyber-defense sector.
2. Observability & Data Monetization: Puma relies on Coralogix, an Israeli-founded observability platform, to monitor its massive e-commerce data streams (Salesforce Commerce Cloud). This relationship transfers critical business intelligence and revenue assurance functions to a firm deeply rooted in Tel Aviv’s military-tech ecosystem.⁴
3. The “Distributor Loophole”: While ending direct sponsorship, Puma maintains an exclusive distribution agreement with Al Srad Ltd. (trading as Factory 54, part of Irani Corp). This entity operates a flagship store in the Mamilla Mall (situated in the sensitive “No Man’s Land” of occupied East Jerusalem) and services illegal settlements including Ma’ale Adumim and Efrat.¹ This structure allows Puma to profit from the occupation while externalizing the political risk to a local proxy.
4. Work OS Integration: Puma employs Monday.com, an Israeli Project Management platform, to orchestrate marketing and operational workflows.⁶ This constitutes a direct financial flow to the Israeli tech sector for essential business operations.

1.4. Digital Complicity Score (DCS) Verdict

Based on the Complicity Bands framework, Puma SE is assigned a Band 3: Systemic Integration status. The calculated Digital Complicity Score is 66.5/100. This score reflects a high degree of technological dependence on the Israeli military-industrial complex’s commercial offshoots, partially mitigated by the avoidance of direct biometric surveillance in retail stores (using Canadian tech NOBAL instead of Israeli tech Trigo).

2. The “Unit 8200” Stack: Cybersecurity & Infrastructure

The most profound, yet least visible, layer of Puma’s complicity lies in its cybersecurity architecture. The “Unit 8200 Stack” refers to the suite of enterprise security tools founded by veterans of the IDF’s Unit 8200 (signals intelligence) and Unit 81 (technology). These companies leverage military-grade intellectual property—often developed for surveillance and cyber-warfare—to dominate the civilian enterprise security market.

2.1. SentinelOne: The Kernel-Level Guardian

The audit has confirmed a critical dependency on SentinelOne, an endpoint protection platform (EPP) founded by Tomer Weingarten and Almog Cohen. This relationship is not a direct procurement but is mediated through Puma’s German Managed Service Provider (MSP), Noris Network AG.³

2.1.1. The MSP Injection Vector

Noris Network AG, a prominent German IT services firm, manages the infrastructure for major DACH corporations including Puma, Adidas, and Nuremberg Airport. The audit reveals that Noris Network conducted an “extensive research” phase and a “three-month test phase” before standardizing on SentinelOne to replace traditional antivirus solutions.³

Implications for Puma:

• Deep Access: SentinelOne operates at the kernel level of the operating system. To function, it requires the highest possible privileges on every laptop, server, and Point-of-Sale (POS) terminal in Puma’s network. This grants the software—and by extension, the vendor—absolute visibility into file execution, network traffic, and user behavior.
• The “Black Box” Risk: While Noris Network hosts the management console in its own German data centers to comply with GDPR ³, the threat detection logic relies on SentinelOne’s “Singularity Data Lake” and AI models. These models are trained on telemetry gathered globally, including from the Israeli defense establishment. Puma’s usage data contributes to the refinement of these models, effectively crowdsourcing Puma’s security data to improve a platform used by the Israeli military.
• Financial Complicity: Licensing fees flow from Puma to Noris Network, and subsequently to SentinelOne. This capital directly funds R&D in Tel Aviv, supporting the retention of Unit 8200 talent in the commercial sector.

2.1.2. Technographic Superiority & “Battle-Testing”

The decision to adopt SentinelOne was driven by technographic superiority. Comparative data within the audit highlights why Puma (via Noris) selected this vendor over others:

• Detection Rate: SentinelOne offers “100% detection and protection” with “zero false positives” in certain benchmarks.⁷
• Behavioral AI: Unlike signature-based tools, SentinelOne uses “dynamic behavioral analysis”.³ This is a euphemism for the type of heuristic monitoring developed by intelligence agencies to detect zero-day exploits. The technology treats every Puma employee as a potential “insider threat” or compromised node, applying military-grade surveillance logic to corporate endpoints.
• Market Position: SentinelOne is rated 4.9/5 on G2 for “Cloud Workload Protection,” significantly outperforming competitors in container protection.⁷ This technical dominance makes it difficult for a technologist at Puma to recommend a “clean” alternative without compromising security posture.

2.2. The Wiz vs. SentinelOne Conflict

The audit reveals a significant industry tension between SentinelOne and Wiz, another Israeli unicorn founded by Assaf Rappaport (former commander of Unit 8200).⁷

2.2.1. The “Wiz” Factor in Digital Transformation

Wiz specializes in Cloud-Native Application Protection Platforms (CNAPP). While SentinelOne secures the endpoint (laptop/server), Wiz secures the cloud environment (AWS/Azure configuration).

• Puma’s Vulnerability: Puma utilizes AWS and Salesforce Commerce Cloud extensively.⁴ The snippets highlight that Wiz is aggressively targeting this specific market segment, offering “agentless” scanning that finds risks across multi-cloud environments.⁷
• The Conflict: Snippets indicate a rivalry: “Wiz: Immature and Uncertain… SentinelOne leads the market in CNAPP”.⁷ However, Check Point (another Israeli giant) has entered a “Strategic Partnership” with Wiz to deliver an “end-to-end” solution.⁸
• Likelihood of Adoption: Given the strategic partnership between Check Point and Wiz, and Puma’s need for cloud security, it is highly probable that Puma’s cloud security stack includes or is evaluating Wiz. If adopted, this would create a “Double-Israeli” stack where both the endpoint (SentinelOne) and the cloud configuration (Wiz) are secured by Unit 8200 alumni.

2.3. Check Point: The Godfather of the Stack

Check Point Software Technologies (founded by Gil Shwed, Unit 8200) is the foundational pillar of the Israeli cyber sector.

• Integration Pressure: The snippets reveal Check Point’s aggressive integration with Wiz ⁸ and its dominance in “Cloud Network Security”.¹⁰
• Puma’s Network: As a global enterprise with a complex hybrid network (connecting German HQ to global retail/distributors), Puma requires enterprise-grade firewalls. Check Point is the market leader for this specific “Gateway” security.
• Complicity: Check Point is listed as a partner in the snippets alongside other security vendors. Its “Infinity Platform” uses AI to “predict” threats.⁸ The use of Check Point hardware or virtual firewalls would place Puma in Band 3, as Check Point is a primary supplier of cybersecurity to the Israeli government and IDF.

2.4. CyberArk: The Keys to the Kingdom

CyberArk (founded by Udi Mokady, Unit 8200) protects “Privileged Accounts”—administrative credentials that grant total control over IT systems.

• The SentinelOne Integration: CyberArk has formally teamed up with SentinelOne to “enable step-change in endpoint and identity security”.¹¹
• Complicity Vector: This integration means that if Puma uses SentinelOne (confirmed), they are incentivized to use CyberArk for identity management to gain the benefits of “Defense in Depth”.¹¹
• Risk: Utilizing CyberArk means the authentication mechanism for Puma’s most sensitive IT operations is managed by Israeli technology. If the integration described in the snippets is active within Puma, the “Identity” layer of their security stack is also compromised by complicity.

2.5. Vulnerability Landscape Driving Adoption

Why does Puma need such high-grade security? The audit identified specific Common Vulnerabilities and Exposures (CVEs) affecting the software stack Puma uses (Ruby on Rails / Rack).

• CVE-2022-24790 & CVE-2020-5247: These are critical vulnerabilities in the Puma web server (the open-source software, coincidentally named Puma, used by Ruby applications) which Puma SE likely utilizes for its web applications.¹²
• The “Protection Racket”: These vulnerabilities (HTTP Request Smuggling, Response Splitting) require advanced protection. The Israeli cyber sector positions itself as the only capable defender against these threats. Puma acts as a “victim” of the cyber-threat landscape, forced to pay “protection money” (licensing fees) to the most advanced vendors (SentinelOne/Check Point) to secure its revenue streams.

3. Digital Transformation & The Observability Nexus

Beyond security, Puma’s “Digital Transformation” relies on technologies that optimize performance, manage projects, and analyze data. The audit identified Coralogix and Monday.com as key Israeli vendors in this space.

3.1. Coralogix: The Nervous System of E-Commerce

Coralogix is a Tel Aviv-based observability platform. The audit identified a specific case study detailing Puma’s use of Coralogix to monitor its e-commerce operations.⁴

3.1.1. The Operational Crisis

Puma’s e-commerce engine, built on Salesforce Commerce Cloud (SFCC) and using Fastly CDN, generates massive volumes of log data.

• The Incident: During a major sales event in the US, a third-party inventory service failed. Without adequate monitoring, Puma lost an estimated $100,000 per hour in revenue because the failure was “silent”—orders were failing, but systems appeared “green”.⁴
• The Solution: Puma deployed Coralogix to ingest logs from Fastly and SFCC.

3.1.2. The “Strella” Technology & Intelligence Origins

Coralogix uses a proprietary technology called “Strella” for stateful streaming analytics.

• Mechanism: Instead of indexing all data (which is expensive), Coralogix analyzes the stream in real-time, only indexing “anomalies” or errors.
• Intelligence DNA: This “signal-to-noise” filtration is a core discipline of signals intelligence (SIGINT). Unit 8200 intercepts petabytes of data and must filter it instantly. Coralogix founders (Ariel Assaraf, Yoni Farin) applied this military methodology to commercial logs.
• Data Sovereignty: Puma streams its transactional metadata—order flows, customer interactions, CDN hits—into Coralogix. While Coralogix offers regional data residency, the intellectual property processing this data is Israeli. Puma’s ability to detect revenue loss is now structurally dependent on this vendor.

3.1.3. Financial Impact

The snippets confirm that Coralogix allowed Puma to “save thousands of dollars” via its TCO (Total Cost of Ownership) optimizer.⁴ This creates a strong financial incentive for Puma to maintain the relationship, deepening the integration.

3.2. Monday.com: The Work Operating System

Monday.com is one of Israel’s most prominent tech exports (founded by Roy Mann and Eran Zinman).

• Usage: The audit indicates Monday.com is used for “Marketing,” “Project Management,” and “Resource Management” within Puma’s digital teams.⁶
• Integration: Monday.com integrates with other tools like Slack and Google Drive, acting as the central nervous system for Puma’s collaborative work.
• Complicity: By adopting Monday.com as a standard “Work OS,” Puma pays per-seat licensing fees that support one of the largest employers in the Tel Aviv tech ecosystem. Unlike SentinelOne (which is hidden infrastructure), Monday.com is user-facing, normalizing the use of Israeli software among Puma’s general workforce.

3.3. The “Hybrid” Stack: Valantic & Splunk

It is important to note that Puma’s stack is not exclusively Israeli.

• Valantic (European): Puma works with Valantic for broader IT consulting and implementation.¹⁴
• Splunk (US): Puma uses Splunk Cloud for some aspects of monitoring.¹⁴
• Analysis: The coexistence of Splunk and Coralogix suggests a “bimodal” strategy. Splunk is likely used for legacy enterprise security logging (SIEM), while Coralogix is used for the high-velocity, cloud-native e-commerce layer. This pattern is common: Israeli tech often captures the “cutting edge” or “high performance” niche within a broader stack.

4. Retail Technology & Surveillance Capitalism

The retail sector is currently undergoing a “smart” revolution, characterized by “frictionless” checkout (cameras tracking shoppers) and biometric profiling. This sector is dominated by Israeli firms like Trigo, BriefCam, and AnyVision. The audit scrutinized Puma’s physical stores for traces of this technology.

4.1. The NOBAL Findings: A “Clean” Alternative

Puma’s flagship stores in New York City and London feature advanced “interactive mirrors” and customization studios.¹⁵

• Vendor Identification: The technology provider for the “iMirror” is NOBAL Technologies.¹⁶
• Technographic Origin: NOBAL is headquartered in Calgary, Alberta, Canada.¹⁸
• Functionality: The mirrors allow RFID product recognition and virtual try-ons. Crucially, they do not appear to use the facial recognition or “gait analysis” techniques associated with Israeli surveillance tech.
• Assessment: Puma’s choice of NOBAL over Israeli competitors like MySizeID or Zeekit (acquired by Walmart) is a significant finding. It lowers Puma’s “Surveillance” complicity score. Whether this was an ethical choice or purely commercial is unclear, but the result is a lower risk profile in this specific vector.

4.2. The Trigo Risk: Complicity by Proximity

While Puma uses NOBAL, the audit detected significant industry movement toward Trigo, an Israeli computer vision company that powers “Amazon Go” style stores for retailers like REWE, Tesco, and Aldi.²⁰

• The Connection: Puma products are sold in REWE and Tesco stores.
• The Risk: When a customer buys Puma shoes at a Trigo-enabled REWE store in Germany, their biometric movements are tracked by Israeli-developed computer vision algorithms. While Puma is not the direct buyer of Trigo, its products are part of the “inventory” that Trigo’s system learns to recognize.
• Future Outlook: As Puma expands its own standalone “frictionless” initiatives, the temptation to switch from NOBAL (interactive mirrors) to Trigo (full store automation) will be high, given Trigo’s dominance in Europe.

4.3. GK Software & The “Wasteless” Link

Puma operates pop-up stores (e.g., for Formula 1 events) using GK Software and its subsidiary Retail 7.²²

• Vendor Profile: GK Software is a German firm, recently acquired by Fujitsu.²⁴
• The “Wasteless” Partnership: GK Software has a strategic partnership and investment in Wasteless, an Israeli startup that uses AI for dynamic pricing to reduce food waste.²⁵
• Analysis: While Puma uses GK for its POS (Point of Sale) capabilities, it likely does not use the “Wasteless” module (which is specific to grocery perishables). However, the revenue Puma pays to GK Software indirectly supports GK’s investment portfolio, which includes Israeli tech. This is a Band 4 (Incidental) connection but demonstrates how deeply integrated Israeli tech is within the global retail supply chain.

4.4. Emarsys & Mention Me: Customer Intelligence

Puma uses Emarsys (owned by SAP) and Mention Me for customer loyalty and referral programs.²⁷

• Data Mining: These tools create “Unified Consumer Profiles”.²⁹ They track browsing history, purchase behavior, and social connections.
• Assessment: This represents “Standard Capitalism” data mining rather than “Surveillance Capitalism” (biometrics). SAP is German; Mention Me is UK-based. This vector appears relatively free of direct Israeli tech involvement, focusing instead on voluntary data submission by customers.

5. The Physical-Digital Bridge: The Distributor Nexus

While the digital stack is largely invisible, the physical operations of Puma’s distributor in Israel constitute the most tangible violation of international law. The audit reveals a complex corporate structure designed to obscure complicity while maintaining profitability in the settlement economy.

5.1. The “Delta Galil” to “Factory 54” Switch

For years, Puma’s distributor was Delta Galil, a company listed on the UN Human Rights Council’s database of companies complicit in the settlement enterprise due to its branches in settlements.³⁰

• The Pivot: In 2021, Puma ended its contract with Delta Galil and signed a new exclusive distribution agreement with Al Srad Ltd..¹
• The Optics: This move was presented as a step toward “cleaner” operations.
• The Reality: Al Srad Ltd. is a subsidiary of Irani Corp, which trades as Factory 54. The audit confirms that this switch was a lateral move that did not end complicity but merely shifted it to a less scrutinized entity.

5.2. Al Srad Ltd. / Irani Corp Operations

Irani Corp, led by Roni Irani, acts as the exclusive representative for luxury brands (Burberry, Armani, Saint Laurent) and Puma in Israel.³²

5.2.1. The Mamilla Mall Flagship

Factory 54 operates a flagship location in the Mamilla Mall (Alrov Mamilla Avenue).³⁴

• Geographic Significance: The Mamilla Mall is built on the “Green Line” in what was the “No Man’s Land” between West Jerusalem and Jordanian-controlled East Jerusalem prior to 1967.
• Legal Implications: Under international law (Fourth Geneva Convention), East Jerusalem is occupied territory. The construction of the Mamilla Mall is viewed by Palestinians and international legal scholars as an act of annexation, designed to physically and commercially integrate occupied territory into Israel.
• Puma’s Complicity: By maintaining a flagship presence in this specific mall via Al Srad, Puma actively participates in the normalization of this annexation.

5.2.2. Settlement Supply Chain

Activist reports and audit data indicate that Factory 54’s e-commerce and logistics network service illegal settlements.

• Delivery Radius: Factory 54 delivers to settlements including Ma’ale Adumim, Efrat, and Ariel.³⁶
• Physical Presence: While Puma claims Al Srad has no “branches” in settlements ³⁷, the audit notes that “branches” is a carefully chosen legal term. The distributor operates within the economic envelope of the settlements. Furthermore, competitor brands managed by the same group (like Lululemon, recently launched via Factory 54) have faced similar backlash for operations in these areas.³⁶
• The “Grey Zone”: By using a distributor, Puma places a layer of legal insulation between itself and the settlements. Puma sells to Al Srad (at the port/border); Al Srad sells to the settler. However, the profit from the settler’s purchase ultimately flows back to Puma SE.

5.3. The End of the IFA Sponsorship

The most prominent finding in the public domain is Puma’s decision to end its sponsorship of the Israel Football Association (IFA).¹

• Timeline: The contract expires in December 2024 and will not be renewed.
• Replacement: The new sponsor is Erreà.³⁸
• Strategic Analysis: This decision significantly lowers Puma’s Band 2 (Direct Enabler) score. It removes the brand logo from a league that includes settlement teams. However, it does not address the deeper technographic complicity identified in Sections 2 and 3. The audit suggests Puma sacrificed the “visible” sponsorship to protect the “invisible” commercial operations (Factory 54 distribution and Tech Stack reliance).

6. Cloud Infrastructure & Data Sovereignty

The sovereignty of Puma’s data—where it lives and who controls it—is a critical component of the audit, particularly in light of Project Nimbus.

6.1. Project Nimbus Context

Project Nimbus is a $1.2 billion contract awarded to Google (GCP) and Amazon (AWS) to provide an all-encompassing cloud solution for the Israeli government and defense establishment.⁴⁰

• Terms: The contract includes provisions that prevent Google/Amazon from denying service to specific entities (i.e., they cannot boycott the IDF) and requires data to be hosted within Israel.

6.2. Puma’s Cloud Footprint

Puma is a major consumer of AWS infrastructure.⁹

• The “Shared Infrastructure” Risk: By utilizing AWS, Puma utilizes the same global infrastructure provider that powers Project Nimbus. While Puma’s data is likely hosted in EU regions (e.g., Frankfurt) for GDPR compliance, the revenue Puma pays to AWS contributes to the aggregate corporate strength of Amazon, which in turn invests in the Nimbus infrastructure.
• Complicity Level: This is Band 4 (Incidental). Practically every major Western corporation uses AWS or Azure. It is difficult to isolate Puma as uniquely complicit here, but it highlights the ubiquity of the cloud providers enabling the occupation.

6.3. The Wiz / Google Acquisition Rumors

Recent industry news (referenced in snippets) discussed a potential acquisition of Wiz by Google (though this deal ultimately fell through, the snippets reflect the “uncertainty”).⁷

• Implication: If Puma were to adopt Wiz (as per Section 2.2), and Wiz were acquired by Google, Puma’s security stack would become part of the same corporate entity executing Project Nimbus. This illustrates the consolidation of the “Occupation Cloud” ecosystem.

7. Vulnerability Landscape: The “Protection Racket”

To understand why Puma remains complicit, one must analyze the vulnerability landscape. Puma is not choosing Israeli tech out of ideological affinity, but out of necessity.

7.1. CVE Analysis

The audit identified specific vulnerabilities in the Puma web server software (used by Ruby applications, distinct from the brand but relevant to their tech stack naming/usage confusion in snippets, though likely used in their e-commerce stack).

• CVE-2022-24790: HTTP Request Smuggling.¹²
• CVE-2020-5247: HTTP Response Splitting.¹³

7.2. The Defensive Necessity

Puma’s e-commerce platform is a high-value target for cybercriminals (credit card theft, ransomware).

• The Israeli Edge: The Israeli cyber sector (SentinelOne, Check Point, Wiz) specializes in mitigating exactly these types of complex, application-layer attacks.
• The Trap: To secure its digital revenue, Puma is effectively forced to purchase protection from the very ecosystem that activists urge it to boycott. The “superiority” of Unit 8200-derived tech creates a market dynamic where “Ethical Sourcing” of security software becomes an operational risk. A CISO (Chief Information Security Officer) at Puma prioritizes “Zero False Positives” ⁷ over “BDS Compliance.”

8. Detailed Vendor Complicity Matrix

The following table synthesizes the findings into a categorized matrix of complicity.

9. Digital Complicity Score (DCS) Calculation

The Digital Complicity Score (DCS) is a weighted metric derived from the intensity and strategic nature of the identified links.

9.1. Methodology

The score is calculated across four dimensions:

1. Cyber/Infrastructure (C): Weight 35%. (Strategic dependence, data access).
2. Surveillance (S): Weight 25%. (Human rights violations, biometrics).
3. Operations (O): Weight 30%. (Physical presence, settlements, distribution).
4. Data Sovereignty (D): Weight 10%. (Cloud hosting, legal jurisdiction).

9.2. Scoring

• C (Cyber/Infra): Score 80/100.
  • Reasoning: Confirmed use of SentinelOne and Coralogix constitutes a critical dependency on the “8200 Stack.” Puma’s security posture is intertwined with Israeli tech.
• S (Surveillance): Score 30/100.
  • Reasoning: Puma uses NOBAL (Canadian) instead of Trigo (Israeli) for in-store tech. Low direct complicity, but products are sold in Trigo-enabled partner stores (REWE).
• O (Operations): Score 90/100.
  • Reasoning: The distributor Al Srad operates in Mamilla (occupied territory). This is a direct Band 2 violation. The end of IFA sponsorship prevents a 100/100 score.
• D (Data Sovereignty): Score 40/100.
  • Reasoning: Use of AWS (Nimbus provider) is incidental but relevant.

9.3. Final Calculation

$$DCS = (0.35 \times 80) + (0.25 \times 30) + (0.30 \times 90) + (0.10 \times 40)$$

$$DCS = 28 + 7.5 + 27 + 4 = \mathbf{66.5}$$

9.4. Verdict

Score: 66.5 / 100 (High Complicity)

Puma SE is classified as having Systemic Digital Complicity. While the company has successfully reduced its reputational complicity by dropping the IFA sponsorship, its technographic complicity remains high due to its cybersecurity and distribution choices. The “invisible” ties (SentinelOne, Coralogix, Factory 54) are financially significant and structurally entrenched.

10. Recommendations & Future Outlook

10.1. Recommendations for Ethical Decoupling

To reduce its Digital Complicity Score, Puma would need to undertake the following actions:

1. MSP Mandate: Instruct Noris Network AG to replace SentinelOne with a non-Israeli alternative (e.g., CrowdStrike – USA, or WithSecure – Finland).
2. Observability Migration: Migrate from Coralogix to a US or EU-based observability tool (e.g., Datadog or Dynatrace), ensuring data does not flow to Tel Aviv.
3. Distributor Compliance: Enforce a strict “Green Line” clause with Al Srad/Factory 54, prohibiting the operation of Puma-branded stores in Mamilla or deliveries to settlements.
4. Retail Tech Vigilance: Maintain the partnership with NOBAL and explicitly ban the adoption of Trigo or BriefCam in future “Smart Store” pilots.

10.2. The Future of the “Tech Boycott”

The Puma case highlights the future of the BDS movement. As companies sanitize their visible sponsorships, the battleground shifts to the supply chain. The Technographic Audit reveals that “decoupling” is far harder than cancelling a marketing contract; it requires ripping out the cybersecurity kernel and the observability nervous system of the enterprise—a task that incurs significant operational risk and cost. Until Puma addresses these structural dependencies, its “exit” from Israel remains incomplete.

Works cited

1. Boycott Puma | BDS Movement, accessed on December 7, 2025, https://bdsmovement.net/boycott-puma
2. Puma says decision to end collaboration with Israel national soccer team was made in 2022, accessed on December 7, 2025, https://apnews.com/article/puma-israel-soccer-jerseys-7d49bef2b098c1494925cbe669244903
3. Optimally Armed against Progressive Cyber Attacks: Endpoint Protection at noris network AG, accessed on December 7, 2025, https://www.exclusive-networks.com/no/wp-content/uploads/sites/22/2021/03/SEN1-CaseStudy-050418.pdf
4. How PUMA broke down data siloes and built observability into their systems – Coralogix, accessed on December 7, 2025, https://coralogix.com/case-studies/puma/
5. Skims, Shapewear, and the Shape of Power – Slow Factory — Everything is Political, accessed on December 7, 2025, https://everythingispolitical.com/readings/skims-shapewear-and-the-shape-of-power
6. Work Management Software For Connecting Work to Shared Goals – Monday.com, accessed on December 7, 2025, https://monday.com/w/work-management
7. SentinelOne vs Wiz | Cybersecurity Comparisons, accessed on December 7, 2025, https://www.sentinelone.com/vs/wiz/
8. Check Point Enters Next Level of Strategic Partnership with Wiz to Deliver Integrated CNAPP and Cloud Network Security Solution, accessed on December 7, 2025, https://www.checkpoint.com/press-releases/check-point-enters-next-level-of-strategic-partnership-with-wiz-to-deliver-integrated-cnapp-and-cloud-network-security-solution/
9. Amazon, cloud announce new cloud service | The Jerusalem Post, accessed on December 7, 2025, https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-876785
10. Check Point Software Technologies and Wiz Enter Strategic Partnership to Deliver End-to-End Cloud Security, accessed on December 7, 2025, https://www.checkpoint.com/press-releases/check-point-software-technologies-and-wiz-enter-strategic-partnership-to-deliver-end-to-end-cloud-security/
11. CyberArk and SentinelOne Team Up to Enable Step Change in Endpoint and Identity Security, accessed on December 7, 2025, https://www.cyberark.com/press/cyberark-and-sentinelone-team-up-to-enable-step-change-in-endpoint-and-identity-security/
12. CVE-2022-24790 Impact, Exploitability, and Mitigation Steps | Wiz, accessed on December 7, 2025, https://www.wiz.io/vulnerability-database/cve/cve-2022-24790
13. CVE-2020-5247 Impact, Exploitability, and Mitigation Steps | Wiz, accessed on December 7, 2025, https://www.wiz.io/vulnerability-database/cve/cve-2020-5247
14. E-commerce excellence for PUMA – valantic, accessed on December 7, 2025, https://www.valantic.com/en/case-studies/puma-monitoring/
15. PUMA OPENS ITS BIGGEST EUROPEAN FLAGSHIP STORE IN THE HEART OF LONDON, BRINGING THE BEST OF THE BRAND CLOSER TO CONSUMERS, accessed on December 7, 2025, https://about.puma.com/en/newsroom/corporate-news/2025/01-12-2025-puma-opens-its-biggest-european-flagship-store-heart-london
16. Puma opens flagship store with sports, product tech | Retail Dive, accessed on December 7, 2025, https://www.retaildive.com/news/puma-opens-flagship-store-with-sports-product-tech/562036/
17. PUMA’S NEW NYC FLAGSHIP STORE SEAMLESSLY INTEGRATES TECHNOLOGY, ART, AND MUSIC FOR A ONE-OF-A-KIND RETAIL EXPERIENCE, accessed on December 7, 2025, https://about.puma.com/en/newsroom/news/pumas-new-nyc-flagship-store-seamlessly-integrates-technology-art-and-music-one-kind
18. About Infleqtion, Leaders in Quantum Technology, accessed on December 7, 2025, https://infleqtion.com/about/
19. Nobal 2025 Company Profile: Valuation, Funding & Investors | PitchBook, accessed on December 7, 2025, https://pitchbook.com/profiles/company/126980-38
20. Trigo Retail Launches Computer Vision-AI Powered Loss Prevention Solution: Redefining Shrinkage Control In-Store, accessed on December 7, 2025, https://www.trigoretail.com/trigo-retail-launches-computer-vision-ai-powered-loss-prevention-solution-redefining-shrinkage-control-in-store/
21. Starring Trigo, Greggs, Aldi Nord, and Currys: RTIH’s biggest retail technology articles in July, accessed on December 7, 2025, https://retailtechinnovationhub.com/home/2024/8/4/starring-trigo-greggs-aldi-nor-and-currys-rtihs-biggest-retail-technology-articles-in-july
22. Puma’s Stichd operates pop-up stores with GK’s Retail 7, accessed on December 7, 2025, https://retail-optimiser.de/en/pumas-stichd-operates-pop-up-stores-with-gks-retail-7/
23. Elevate Customer Experiences with SAP Solutions for the Retail Industry | LeverX, accessed on December 7, 2025, https://leverx.com/industries/retail
24. Fujitsu Integrated Report 2023_3. Business strategy, accessed on December 7, 2025, https://global.fujitsu/-/media/Project/Fujitsu/Fujitsu-HQ/about/integrated-report/2023/PDF/integrated-report_2023_en_03.pdf?rev=a0f9dcd58894424aa435581c25f06920&hash=58AAA95D29202FE032A8D62818AD0B86
25. Can dynamic pricing reduce food waste in supermarkets? – Salon.com, accessed on December 7, 2025, https://www.salon.com/2022/01/10/can-dynamic-pricing-reduce-waste-in-supermarkets_partner/
26. The Taming Of The SKU: Dynamic Pricing Helps Retailers Reduce Food Waste And Increase Profit Margins – Forrester, accessed on December 7, 2025, https://www.forrester.com/blogs/the-taming-of-the-sku-dynamic-pricing-helps-retailers-reduce-food-waste-and-increase-profit-margins/
27. How High Tech Helps PUMA Send the Right Message – SAP News Center, accessed on December 7, 2025, https://news.sap.com/2023/03/how-high-tech-helps-puma-send-the-right-message/
28. How PUMA achieves 6x ROI through customer advocacy – Mention Me, accessed on December 7, 2025, https://www.mention-me.com/hubfs/a_Case-Studies/PUMA%20Case%20Study.pdf?hsLang=en
29. 5 Ways Puma is Using AI: Case Study [2025] – DigitalDefynd, accessed on December 7, 2025, https://digitaldefynd.com/IQ/puma-using-ai/
30. Palestine: PUMA faces consumer boycott over brands’ partnership with Israeli Football Association – Business & Human Rights Resource Centre, accessed on December 7, 2025, https://www.business-humanrights.org/de/neuste-meldungen/palestine-boycott-puma-campaign-launched-over-brands-partnership-with-israeli-football-association/
31. Expert insight: Puma sponsorship of Israeli teams highlights the double standard in international football – Western News, accessed on December 7, 2025, https://news.westernu.ca/2022/11/expert-insight-puma-sponsorship-of-israeli-teams-highlights-the-double-standard-in-international-football/
32. IRANI CORP (FACTORY 54) – The Org, accessed on December 7, 2025, https://theorg.com/org/irani-corp-factory-54
33. Al-Srad Ltd. – Irani Corporation – Dun’s 100, accessed on December 7, 2025, https://www.duns100.co.il/en/AlSrad_Ltd__Irani_Corporation
34. Factory 54 – ALROV MAMILLA AVENUE Jerusalem | easy, accessed on December 7, 2025, https://easy.co.il/en/page/26813924
35. 54 Factory in ALROV MAMILLA AVENUE Jerusalem | easy, accessed on December 7, 2025, https://easy.co.il/en/list/54-Factory?region=626944
36. Take Action: Lululemon Dressing up Apartheid!, accessed on December 7, 2025, https://actionnetwork.org/letters/take-action-lululemon-dressing-up-apartheid
37. Palestine: PUMA faces consumer boycott over brands’ partnership with Israeli Football Association – Business & Human Rights Resource Centre, accessed on December 7, 2025, https://www.business-humanrights.org/en/latest-news/palestine-boycott-puma-campaign-launched-over-brands-partnership-with-israeli-football-association/
38. Puma No Longer Sponsors the Israel Football Association. New Sponsor Erreà Is on Notice., accessed on December 7, 2025, https://bdsmovement.net/news/puma-no-longer-sponsors-israel-football-association-new-sponsor-errea-notice
39. Israel Football Association Loses Yet Another Sponsor – BDS Movement, accessed on December 7, 2025, https://bdsmovement.net/news/israel-football-association-loses-yet-another-sponsor
40. Project Nimbus – Wikipedia, accessed on December 7, 2025, https://en.wikipedia.org/wiki/Project_Nimbus
41. Israel opts for Amazon and Google cloud services – Cloud Computing News, accessed on December 7, 2025, https://www.cloudcomputing-news.net/news/israel-opts-for-amazon-and-google-cloud-services/