Check Point vs. the world – firewall giant stays faithful to engineering roots
A decade ago this would have been an inarguable orthodoxy and yet with younger US rivals such as FireEye, Fortinet and Palo Alto snapping at its heels pushing newer ideas angled more towards real-time detection and response, there is more explaining to do. Check Point's response has been to return to evolutionary, engineering-driven messages it believes network administrators respond to.
So which threats keep Check Point's pugnacious techie founder and CEO Gil Shwed awake at night
"I'm concerned about the ones we don't know about not the ones we know about," he says during a quick interview granted to Computerworld UK as he flitted from room to room meeting partners and developers.
A former programmer, Shwed always talks to journalists at these events, often alone in a side room, something not every CEO of a publically-quoted company is keen to do without PR backup to hand. In person, he is confident and unblinking in his answers. It feels almost impertinent to ask at all.
"Right now we're seeing attacks that are trying to use fake identities and do wire transfers or large amounts of money. But it's not that there's one type of attack. The same spectrum of malware that has been on the Internet for 15 years is not dead."
Surely, I counter, the staying ahead of attackers is now impossible. They can buy every security firm's equipment or anti-malware system, work out how it works and adjust their attacks accordingly. The attackers are always ahead of the defenders and there's no way around that.
"It depends which attackers. There are a few attackers in the world like governments that have access to huge resources but even for them we don't give up," shoots Shwed.
He references Check Point's SandBlast Threat Extraction technology, introduced in 2015, which goes one step beyond simple sandboxing by disassembling data sources such as documents, reassembling the bits it deems safe into a PDF or, if preferred, the original data format. The systems' claim to fame is that it can defend against zero-day attacks
"The threat extraction does generate, in our experience, 100 percent threat prevention," he says. "Many security companies are putting a lot of energy on pure detection without the ability to stop the problem. I don't think that is the right strategy. I am holding a different flag that says that 'yes you can block the attack' and not just deal with the damages."
The logical conclusion of Check Point's faith in engineering is that technology is the answer, not the problem. Users can be educated for sure but the saviour of organisations in the age of cybersecurity will be automated, machine-driven security underpinned by technologies that both gather intelligence, block, react, remediate.
According to Shwed, the user will always click on links and open files. This is a given. The security company's job is to react to that event. As long as security is embedded in more places than it has been in the past, the defenders have a chance.
The CEO's steadfast self-belief comes at an important moment for the company. At a conference only a few weeks ago, Shwed reportedly raised the possibility that the company might incorporate outside Israel to escape high local taxes. That wouldn't take it out of Israel, where its engineering base is still anchored but it does reinforce the belief that technology firms, even Israeli ones governed by strong tribal loyalties, cannot afford to be too sentimental if they want to stick around.
At CPX, proof of Shwed and Check Point's faith arrived in the form of new appliances - lots of them. Every security firm shows these from time to time on a defined annual or bi-annual upgrade cycle but what stands out with Check Point's ambition to fill every possible niche from small to extremely large.
Appliances matter because they are the platform that generates the upgrades and partner support that give the firm's established ecosystem presence and profits. The pressure for Check Point and all its rivals is that customers now expect more and more features as standard so the opportunity to sell upgrades diminishes.
Small offices and branch offices get the 'UTM on steroids' 1400 appliances which extend the core firewalling to include IPS, VPN, application control, and a raft of filtering and anti-malware options. There is nothing new in bundling up these options for smaller networks but buyers agree now being offered security without apparent compromise. Check Point claims 1800Mbps throughput, up to 18 copper connections with 802.11ac Wi-Fi and the ability to get the box up and working using a simple wizard. Enterprises can also deploy these remotely.
For mid-sized businesses, the firm announced the 3000 and 5000 Series appliances featuring encrypted traffic inspection (now an important way for attackers to dodge detection) that not long ago would have been considered an enterprise-only requirement. Check Point even claims this is delivered without a performance hit. Together with the 15000 and 23000 Series appliances announced earlier in 2016, this means that Check Point has within a short space of time overhauled it's the core of its entire security fleet.
Near-term developments mentioned at CPX include a browser extension due in the summer of 2016 to protect endpoints from phishing websites, an old-style attack that remains the number one headache for organisations of every size. There will also be a lot more emphasis on emerging mobile attacks - the company bought Israeli mobile security firm Lacoon in 2015 - now maturing into more systematic rather than opportunistic hazards.
It was once said that large vendor conferences are like religious conventions for people who step into the room not believing but leave with faith restored. At CPX 2016, there was plenty of that to see and hear from the 2,000 or so attendees. But they'll be back next year for a refill and Check Point will need to keep its engineering story just as convincing.