Q&A below the video, the list of winners below that.
With SASE + AI as future, some orgs have already paradigmed to next level security spends. How does Check Point stand out vs its competition who are offering something similar?
We have recently revved up our SASE offering with the acquisition of Perimeter 81, which bring an amazing SASE platform with over 3,500 customers.
SASE is strategic for us. We are in the process of integrating all of Check Point network security and threat prevention capabilities, and many of our AI innovations into our SASE offering. Stay tuned!
How long is CPX? Could you provide details on registration fees for CPX, packages, and what each package includes? Are there discounts available for early registrants or group registrations? Topics that will be covered at CPX?
CPX is 3 days for partners and 2 days for customers. There are many tracks covering a wide range of topics, including customer use cases. All the necessary details are on https://checkpoint.com/cpx
Are there specialized training tracks or workshops focused on specific Check Point solutions or cybersecurity skills, and how can participants enroll in these sessions? "All CPX details are on https://checkpoint.com/cpx
Where do we stand in regards to DNS Security or DNS tunneling attacks as compared to the competitors?
For the sophisticated DNS tunneling attacks we are definitely competitive, mainly given the AI Deep Learning engines we have in ThreatCloud AI in 2023. See our Check Point Research article on this topic: https://research.checkpoint.com/2023/tunnel-warfare-exposing-dns-tunneling-campaigns-using-generativ...
We don't provide all capabilities of legacy DNS security tools like logging and retaining of legit DNS traffic requests.
AI for cyber security, can you provide more info and this topic?
Yes, this will be discussed at length in CPX.
With the increase of Home Office and systems in Cloud, the amount of secure connections that the Firewall has to manage is increasing a lot. I would like to know about your plan to improve numbers and throughput on your boxes for IPsec and/or VPN-SSL traffic.
As I mentioned we got a performance boost in R81.20 already. The roadmap we have includes improving TLS inspection experience for both admins and end-users. We are also hard at work in leveraging the HW acceleration introduced in Quantum Lightspeed to support IPSec acceleration.
Any plans to stream CPX for us that can't show up in person?
Keynotes from the Europe and Americas CPX are expected to be streamed via YouTube. Content will be made available on-demand on CheckMates after CPX is over.
Does Check Point offer something for Managed Darknet Monitoring Services?
This is something we can offer together with a business partner through our Infinity Global Services program.
Do you have a recommendation on quic protocol if not inspected?
The QUIC (UDP/443) protocol should be denied by your Firewall/Network policy. Chrome will fall back into TCP/443/TLS which can then be inspected. Using Reject instead of Drop for QUIC will ensure the fallback happens with a minimum of latency.
What are some challenges that come with integrating AI into security tools?
One of the biggest challenges in my opinion is to train LLMs to give you good, reliable and accurate answers.
Are there any plans to increase performance when starting smart-view client or opening policies ? maybe a web-interface can increase performance? What about the old UI for desktop policy, any improvement upgrades planned?
We have web-based versions of SmartView and Web SmartConsole already. More features will be added to this over time in future versions.
Does Check Point has plan to support SSPM? If yes, it would be a standalone solution or new features on existing solution?
Yes we do. SaaS Security Posture Management (SSPM) is a key part of the platform we have from our recent acquisition of Atmosec. We are investing significantly in a broad SaaS security - and CASB - SSPM is just a part of that. The SSPM capabilities will be released in the comming months. They will be available as a standalone, but we are also planning to integrate it with our SASE and with our Email & Collaboration solutions
When will Check Point release a new generation of FW appliances?
Soon. Stay tuned.
Is Smart-1 Cloud option available in India region?
Not yet but this is on our plans. We are planning to expand the pops for Smart-1 Cloud.
Regarding Smart-1 Cloud, any plan to support MDS / global DB environments or should we play with multi tenants and layers also in the future?
We will be adding features that will enable "MDS like" capabilities including sharing policies, admins, etc.
Are you working on a vpn debug feature on maestro?
All features available in the regular gateway should be in Maestro too and we also working on the Maestro VPN debugging experience.
Is there a timeline for Infinity Portal to become FedRAMP authorized?
We are currently on track to meet FedRamp (Moderate) certification. if there is a specific need, feel free to contact emanor@checkpoint.com with more information.
Can you please explain how existing Harmony customers will switch to the new system, including setting up remote access VPN and branch offices? Will they move to Quantum SASE on their own, or do we have to set everything up manually?
Right now, this is done manually. We are working to improve this process. Please discuss your requirements with your local Check Point office.
How about SOAR with Integrated AI on the Automation on the MITRE Framework?
It's on the roadmap
Are R82 EA is available for partners?
Yes, more details here: https://community.checkpoint.com/t5/Product-Announcements/R82-EA-Program-Production/ba-p/198695
Will the WEB3 protection be part of the Harmony suite at some point?
It's a bit early to discuss which of our product pillars will have this functionality.
Will the SmartConsole be supported on Windows for ARM?
Windows on ARM features emulation for x86 apps so SmartConsole should work. Also we're investing in Web SmartConsole that will obviously work on ARM. We are investigating native ARM support for SmartConsole.
When we try and see Quantum SaSe in Infinity we get a screen to schedule a meeting.
Indeed. Our goal is to have close touch with prospects who want to experience the platform, in order to make sure they get an optimal experience. With that said, we will be enhancing the first encounter experience with the service in the coming months.
Are you planning to launch R82 for the Embedded OS as well?
R81.10.08 is the latest release for SMB appliances. We expect to release an R82-based version for Quantum Spark sometime after we release R82. The precise timeline has not been finalized.
Is there an incident response simulation planned, allowing participants to experience and respond to simulated cybersecurity incidents using Check Point solutions?
We offer Incident Response and Training as part of our Infinity Global Services program.
Is there any option for firewall rationalization...iS AI can help us unused rule based ?Is there any way automate some task by AI in the firewall?
Yes ... this is certainly on our mind as well.
Check Point has any roadmap for enabling blades (IPS, AV) per security policy?
The policy and the blades enabled on the Security Gateway are currently separates. Through the use of both the Access and Threat Prevention policies, you can make sure the blades do not inspect any traffic. However, the blades would still be enabled.
I would discuss your precise requirements with your local Check Point office.
Does SSL inspection require a specific license?
SSL/TLS inspection is not separately licensed and ins included with every gateway, however you need the license for the underlying blade(s) you wish to inspect (IPS, AV, APCL, etc) with SSL/TLS inspection.
There are many false positives in Endpoint and XDR/XPR, how are you working to reduce that?
We have a dedicated research team focusing on adding more security value and improve its accuracy all the time. If you experience false positives, please share it with the XPR team and we will prioritize a fix.
Is there a roadmap for managing gateways and EndPoint in one management?
You can actually have Endpoint and Network management on the same system and we’ve supported this for years. However, they have different requirements that don’t mix, which is why the management consoles are different. If you have specific requirements, please consult with your local Check Point office.
Where can I get the automation and orchestration practice labs?
The Check Point Certified Automation Specialist (CCAS) class has been updated for R81.20 is doing its beta. The class has numerous Automation/Orchestration labs and should be available from an ATC near you soon.
When will XDR/XPR have connectivity to SMB Quantum Gateways (locally managed)?
lanned to Q2 2024
Regarding IA, as far as I understand it's only possible to use Entra ID SAML with a captive portal. Is there any plan to integrate it even more so no captive portal is needed?
SAML requires Captive Portal to be used because of how SAML works.
How does Check Point address cloud-native security challenges, and what features within its cybersecurity solutions cater specifically to cloud environments?
Our various products in the CloudGuard product pillar do this in various ways. More details: https://www.checkpoint.com/cloudguard/
When will Playblocks have connectivity to SMB Quantum Gateways (locally managed)?
This is important and we're planning to address this not don't have a committed timeline yet.
When a VPN client for Linux OS?
We’re working on the VPN client for Linux but do not have a committed timeframe for delivery.
Fest Winners
We would like to congratulate the following people who were chosen in a random draw to receive a $100 gift card. The following winners will be contacted directly:
- Ken Dickey from the United States
- Aung Myint Than from Singapore
- Refik Osmani from Albania
- Marcos Kuhn from Brazil
- Oliver Kalscheuer from Germany
- Sean Goodell from the United States
- Tina Buop from the United States
- Fanis Tsomis from Greece
- Alex Nunez from Honduras
- Dwain Rash from the United States
