Congratulations to our CheckMates Champions for 2022:
Q&A below.
How would you articulate the Check Point value proposition to customers?
We are the leading provider of cybersecurity solutions, protecting businesses, critical infrastructure, and governments from cyber-attacks by providing the best security solutions.
- Our advanced threat prevention technologies leverage AI-based engines to prevent known and unknown attacks, in real time, including malware, ransomware, phishing, and network-based attacks – at the highest level of catch rate.
- We offer comprehensive protection across networks, user and access, devices, SaaS, and the cloud. Our security solutions are designed to work seamlessly together, helping organizations to consolidate and unify their security posture, with the most efficient and easy to manage security
- Our products are highly scalable and agile, able to meet the growing needs of our customers - and be deployed in a variety of environments, including on-premises, in the cloud, and in hybrid environments. From the smallest companies to the largest data-centers in the world, we are committed to protecting organizations of all sizes.
Can you comment on the XDR space and how Check Point will be competitive in it?
- Prevention-first approach. Since Check Point's enforcement points are set to prevention, what eventually get into the XDR are only the events that were detected in low-med severity. by that we significantly reduce the number of incidents the SOC analyst needs to address and we also have built-in automatic responses to prevent these from propagating in the organization.
- We aggregate all of Check Point products - network, endpoint, email, cloud, mobile under one roof, but also ingest third-parties like AD, Azure AD, Windows logs, Microsoft Defender, and more. in a way we enable also them to apply the prevention first approach with us.
- More services, more value - Threat Intelligence, IOC management
Many customers have large rulebases that are untenable to manage. Any thoughts to including a “rule wizard” that would analyze the requested rule and suggest placement/combination with existing rules?
We have plans for new capabilities to help customers manage their policy. The focus will be on better visibility & understanding of what is happening in your policy plus suggestions to tidy it up and tighten rules by analyzing actual traffic patterns. We may also include suggestions for new rules, based on applications or users we see in the network.
It's not currently in our plans to provide a generic wizard to add/modify rules. It is very challenging to provide good recommendations in a complex rulebase that will not make it bloated with many rules. It's something we tried in the past ("rule assistant"), but we were not satisfied with the results to make it GA.
When will Web SmartConsole have full feature parity with Windows SmartConsole?
We are hard at work in adding more features and capabilities to Web SmartConsole, which is supported in Quantum Security Management from R81.
New features are actually written directly into Web SmartConsole and hosted in the full Windows SmartConsole. In 2023, we have more content planned such as a new Gateway editor.
Since Windows SmartConsole is a huge application with many features, this is a journey that will take time and we cannot yet give a definitive ETA. That said, we are open to feedback from the field on which features they want to see first.
Is full IPv6 Only support for management traffic on the roadmap? (meaning no IPv4 will be used)
In R82, we are planning to add support for IPv6-only support for the management traffic (policy installation, logs, monitoring, ...). The Management machines themselves may still use IPv4 for some things such as HA sync. Note that this is a plan and not yet a hard commitment.
Skyline is a great tool, but it only support Check Point own environment. Do you have plans to include any third-party telemetry capabilities? Alternatively, are you considering APIs and tools to become compatible with various telemetry solutions from other vendors?
The deliverable for Skyline is an OpenTelemetry Collector, which will send the data to any server capable of consuming OpenTelemetry data. We have tested our integration with Promethus and Grafana and provide some basic instructions for installing these servers. We also provide sample dashboards for Grafana in the Skyline SK.
OpenTelemetry itself provides a number of tools, APIs, and SDKs which make it possible to integrate with other solutions.
Can we expect Skyline for CloudGuard and Harmony product families?
Yes.
While it clear that HTTPS Inspection is needed to inspect traffic up fully, there are challenges with both implementation and the fact not all traffic can be inspected. What are we doing to improve these challenges?
We are addressing both performance and usability challenges during the coming year, some of which will land in the next major release (R82). We are also developing a "learning mode" which will help identify potential issues during deployment and provide recommendations.
With all the vulnerabilities found in our competitors products, what steps are we taking to ensure the cybersecurity of our own products?
We follow secure coding best practices and implement tools in our development pipeline to catch vulnerabilities before they are released. We react quickly to reported security vulnerabilities, both in Check Point developed code and open source code that we include as part of our products.
How Did Dorit Get Into Cyber Security?
A love of math, computer science, and riddles. All of which are very complementary in Cyber Security. Was exposed to Cyber Security in the army.
Certain features still require the legacy SmartDashboard. When will you fix it?
We continue to work on moving SmartDashboard content into SmartConsole. We try to handle the features that are used by many customers, so some legacy features that aren't frequently used will not be migrated.
In R80.40 we moved much of the HTTPS Inspection configuration (such as the rulebase), and in R82 we plan to move much of the remaining HTTPS inspection functionality.
Last year we heard about nano-agents for IoT protection. Are they widely available? What are you plans for this tech?
Check Point’s Nano-Agents is a technology that allows organizations to protect and prevent threats targeting a wide spectrum of platforms and systems. Nano Agents enforce security best-practices on the platform and context on which they are installed and run, for within IOT device firmware, on web servers, and more.
Here are several examples of how we leverage Nano agents today, to prevent threats:
- Nano agents embedded into IOT Firmware – to prevent unknown threats targeting IOT devices, such as IP cameras, routers, car charging stations and more. IOT firmware protection is already offered today through integration with several IOT vendors.
- Nano agents on web servers offer pre-emptive prevention of web and API based threats (Cloud Guard AppSec)
- Nano agents embedded in Quantum Gateway Titan (R81.20) enable discovery of enterprise IOT devices and enforce autonomous access-control policies
We will continue expand our nano agents technologies – to protect more platforms and offer further security capabilities
It's currently difficult to set up different types of authentication and different levels of assurance/verification for different types of users (corporate users vs authorized third parties accessing specific resources) for remote access. Are we doing anything to simplify this?
Yes, we're planning to introduce the concept of a "Trust Profile". This will allow our customers to setup different trust requirements such as device, authentication level, geo location, posture and more. We also plan to allow trust mitigation and on-demand ask users for a step-up authentication. There is also an aspect of building such a policy that we plan to automate for our customers so this will not be a massive project.
What is Check Point doing to better protect its Industrial Control Systems/Operational Technology Customers ICS/OT?
3 key aspects: first, the ability to inspect SCADA protocols and provide IPS signatures for ICS. second, ruggedized appliance that can withstand the harsh environmental conditions and third, partnership with 3rd party vendors that specialize in ICS and OT.
When will Quantum SD-WAN be released?
We expect to release the solution during Q1 this year. More specifically, we're aiming at the first week of February during our CPX events.
What are the Top 3 asset type to protect in 2023?
If you consider the stats from our IoT Protect, the top ones will be VoIP phones, IP Cameras and printers (based on popularity).
How can Systems be Recovered Quickly?
I would start with understanding the ways to backup and the best practices around it. See:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Will DevSecOps replace traditional networking security support?
They will co-exist in many environments.
What are the main components of the Check Point solution?
It's a very wide topic but I will say:
- Quantum for network security
- CloudGuard for securing cloud environments
- Harmony for securing users and access
- All are managed with Horizon and powered by security provided by ThreatCloud
What is the future of SASE? and How CheckPoint is implementing SASE?
We see SASE continuing to evolve and gain popularity, as businesses aim to adopt cloud-based network security that is delivered as a service, to protect their roaming users, and to implement zero-trust network access. Another key driver is the adoption of SD-WAN and the move to direct internet breakout from branch offices.
Check Point's SASE solution is Harmony Connect, which provides a complete solution. We continue to rapidly expand end enhance the Harmony Connect service in multiple ways. Some examples of things we are working on: unified management of Harmony Connect gateways from Smart-1, advanced zero-trust policy enforcement, new scalable network-as-a-service back-bone and tight integration with the upcoming Quantum SD-WAN.
Will Check Point implement a security fabric for automatic response to infected host in the network?
This is already addressed today by ThreatCloud, but... specifically for more flexible and granular response scenarios we do work on something exciting as part of the Horizon family called 'PlayBlocks'. we will further elaborate on it during CPX event. stay tuned!
When will NSaaS (Network Security as a Service) be available?
NSaaS will be available on top of AWS in Q1. More specifically we aim to have it ready for CPX.
How will new IoT evolve in light of existing tech partnerships with OT security vendors?
We're expanding the number of IoT/OT partners we will integrate with. The new technology is API based and allow other vendors to provide their OT intelligence as well as read data discovered by our gateways.
Will the CloudGuard CNAPP be covered in CPX?
Yes
What’s the roadmap around unknown Threat Prevention?
There is a significant roadmap for 2023 around Threat Prevention with a strong focus on zero day unknown threats and AI. This includes adding new capabilities to our DNS security offering, web security, file security and some very exiting and important new domains. Much of this will be covered as part of the upcoming CPX events - so I strongly recommend attending!
Is Check Point planning to provide more managed services?
We added MDR and we have many more services - we look at make more clarity around all the wide services we have
How does Check Point AppSec compare to traditional WAF products?
Traditional WAF products are based on signatures, and given that it's their nature they can't many sophisticated attacks and zero-days. AppSec is AI Based - it has proven time after time that it's AI security engine can protect against zero days like log4shell / spring4shell / sqlite json bypasses...
Moreover - AppSec can be deployed within modern platforms as it uses the nano-agent I/S - can be Kubernetes/Docker/Embedded Linux Agent and soon as a service as part of Check Point NSaaS.
Where all other vendors had to develop signatures, Appsec was preemptive to all of the above due to its superior technology.
Are there any improvements around general performance? Current performance hit with IPS signature scope expansion comes to mind.
Yes, we already improved the performance in R81.20 with HyperFlow and we plan to continue improving during 2023. We put a focus on improving our TLS inspection -- we plan for this to be software only so ALL of our customers can enjoy the benefits.
Using Web SmartConsole, is it mandatory first to onboard security gateway or we can directly add security gateway in cluster object like we did in traditional SmartConsole?
We plan to add the ability to add gateways and clusters through web smart console. In parallel, we're simplifying the way to connect gateways to Smart-1 Cloud via Zero Touch.
Is Harmony Email available for private mail server?
Harmony Email is cloud-based. We are now working to attach some of its features and functionality to our Quantum Security Gateway MTA.
What is Check Point's goals and features plans for providing security on cloud platforms?
We secure our customers in the cloud today in a viraiaty of ways (network / appsec, posture, intelligence, containers, serverless, dev 2 cloud and more. We think that too many customers are using detection more than prevention in teh cloud and we aspire to make it easy enough to place full security and prevention thru all the vectors of entry to cloud.
Are active-active (LB) clusters officially supported in R81.20? What is the best practice - HA or LB?
Yes, clustering is supported for active/standbay, active/active and Maestro hyper scale. All methods are valid and have their advantages so it is hard to comment specifically. I am sure your local Check Point SE would be happy to discuss the deployment most suitable for your requirements.
Any news regarding Sandblast as Advanced Threat Prevention? Is it on the agenda at CPX?
Check out the next-next-gen of AI and Threat Prevention session.
Have you seen customers replace their traditional WAF with AppSec? Also, can AppSec do the traditional whitelisting of traffic as well with the additional features?
Some of our big customer replaced traditional solutions with appsec.
AppSec can do two things in relates to whitelisting:
- AppSec learning mechanism learns the traffic and based on it creates a usage baseline and identify anomalies.
- For APIs we can enforce and whitelist traffic using api schema validation.
On our roadmap - is to build the schema based on the traffic we see.
Is there any threat prevention blade involved in IOT devices traffic monitoring?
On top of the dedicated IOT security features, IOT device traffic undergoes inspection by our various threat prevention blades including IPS, Anti-Bot and others. For example IPS will be able to block attacks targeting vulnerabilities in IOT devices and anti-bot will be able to prevent C&C traffic using our advanced AI detection engines and with ThreatCloud.