The Chinese government is instructing domestic companies to stop using software made by cybersecurity companies from the United States and Israel, according to Reuters.
Reuters [paywalled] named more than a dozen companies targeted by the directive, including CrowdStrike, Palo Alto Networks, Fortinet, Wiz, Check Point, Broadcom (VMware), SentinelOne, Recorded Future, Claroty, McAfee, Rapid7, Google (Mandiant), Orca, CyberArk, Imperva, and Cato Networks.
It’s unclear how many Chinese companies received the order banning American and Israeli security software.
China’s move is not surprising, considering that the US has been gradually banning China-made software and hardware over espionage and other national security concerns. Chinese AI has also been the target of recent ban proposals.
SecurityWeek has reached out to a majority of the security firms named by Reuters. While many did not respond to our request for comment, a few have provided initial clarifications.
“Unlike our competitors, CrowdStrike does not sell into China, we don’t have offices, hire people or host infrastructure there, so we could only be negligibly affected,” a CrowdStrike spokesperson said in an emailed comment.
Recorded Future pointed out that it does not do business in China, and has no intention of doing so.
SentinelOne provided a similar statement, saying it has no direct revenue exposure to China. “We do not sell to Chinese entities nor do we have offices there,” the company noted.
A representative of Check Point for the APAC region commented, “We haven’t received any government notification nor are we aware of any restriction on our operations in China, which are focused on supporting international companies and some local entities. We’ll continue supporting our customers in this region.”
A McAfee spokesperson pointed out that the company provides cybersecurity products for consumers.
“McAfee is a global consumer cybersecurity company and our technology protects individuals and families; it is not built for government or enterprise use. We continuously monitor regulatory developments worldwide and ensure that our products comply with all applicable laws and requirements in the geographies where we operate,” the McAfee representative said.
The spokesperson continued, “We’re always monitoring feedback from our customers around the world and will continue to do so to make sure we’re meeting needs and keeping people safe.”
China has over 5,000 cybersecurity companies
Organizations in China have plenty of local cybersecurity vendors to choose from.
According to threat intelligence firm Natto Thoughts, China has more than 5,000 cybersecurity companies. Some of the top security products and services providers — many known in the West for their threat research — are Qihoo 360 (360 Security Technologies), Topsec, Sangfor, NSFOCUS, Venustech, and Qi An Xin.
A recent analysis by Natto Thoughts shows that the top 20 Chinese cybersecurity firms all have, to varying degrees, a connection to the government.
Some companies provide their products and services to the Chinese government, while others assist with vulnerability and threat research, network reconnaissance services, and incident response, including to cyberattacks attributed to the US. Security firms may also be indirectly involved in China’s espionage campaigns, such as Volt Typhoon.
An Internet Society of China report reviewed by Natto showed that the top 20 Chinese security firms saw an average revenue growth of 5.4% in 2024, but the sector faces pressure to make a profit, which has resulted in staff cuts.
Related: China’s Cyber Silence Is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says
Related: China Accuses US of Cyberattack on National Time Center
Related: Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations
