Create a Post
Showing results for 
Search instead for 
Did you mean: 

I am Dorit Dor, VP of Products for Check Point, Ask Me Anything!

22 100 181K

CheckMates members can WATCH A VIDEO of the event with special commentary here: Ask Me Anything with Dr. Dorit Dor and Team 

I am Dr. Dorit Dor, Vice President of Products at Check Point. I lead the company’s product management, business development, research and development (R&D) and quality assurance (QA). Together with the amazing product team at Check Point, we lead the initiatives from concept to delivery and oversee the roadmap.


Leading the Check Point R&D since 1995, I saw the industry evolution from static networks into modern IT, leveraging mobility and cloud alongside threats evolution with modern attack methods. While all of us are worried about the next attack, more than 93% of organizations have not put in place the fundamental cyber security technologies to prevent modern attacks. Attacks that can be avoided. My fear is that the world is adopting mobility, cloud, and IoTs without taking measures to secure them.


Our mission is to deliver protections against these modern threats in a way that is easy enough to consume, and for that we need your feedback. We are committed to being open, share our knowledge and expertise, and we hope this will lead to continued dialog and collaboration.


My team and I are delighted to invite you to Ask Us Anything!

How to Participate

  • Event is over, no further questions can be asked.
  • Questions asked during the event are posted with responses as comments below.
  • CheckMates members can also view an exclusive video of some of the questions and answers with special commentary here: Ask Me Anything with Dr. Dorit Dor and Team

With Me In This Session Are:

Tags (2)

Thanks for crating this cool initiative.

Q: What challenges do you foresee quantum computing will bring along in terms of how we perform sand-boxing and cryptography today. With these new compute capabilities is Check Point adopting technologies such as predictive security in combination with machine learning against the next generation highly evasive and zero-day exploits.

Thanks, Michel Markusevic


Hi Dorit. One of the main concerns on the field is the Gaia kernel version, which is quite aged now. Any chance to move to a higher Linux kernel any time soon? 

Thanks a lot



I get a ton of requests for a Social Login feature from SMB clients. Are there any plans to support social login in SMB appliances? 



I don't understand the way you are managing hotfixes, jumbo patches and version.

We got a hotfix on our 41K chassis in R76SP30. This hotfix is never part of a standard release or jumbo. Why?

Each time we want to upgrade to a new version SP40, SP50 we have to wait for a new version of the hotfix provided in SP30.

Even now that we are in SP50 we cannot install the take16 because hotifxes are not included.


Employee Alumnus
Employee Alumnus

What will be the next big thing / pillar in the check point infinity architecture and R80 architecture ?

When is threat Extraction is going to be available for the http and https on the gateway? 


1. DLP and HTTPS on the R80 Manager?  Is there new develops for the DLP blade ?

2. Vsec for Oracle Cloud?


Are there any plans to release a SmartConsole for Mac?


After our most recent Checkpoint contract renewal, I was convinced that we didn’t need to use WebSense anymore and could use Checkpoint Smart Event for my reports. WebSense gave us some really nice Browse Time reports where a manager could quickly and easily see where their staff were spending time on.


I am using Smart Event NGSE and have spent hours trying to create a useable management type report and are not able to. Are there any plans for changes to SmartEvent so I can create reports on browse time?


Ideally the report would list the site and the amount of time on the site…   8.4 hours 5.2 hours 3.2 hours


Something like the above. The busiest first and least busiest last. Of course I need filters for date ranges and IP addreses.



What's your plans about client-less VPN access?

Do you plan to develop SNX software further; or may be find any alternative, that can be used only with browsers?

Or VPN clients is the only vector you are looking for now?




In sk98348 under 3-10 - Application Control best practices, I found "Remove the "Any - Any - Allow" rule, if such rule exists (because the behavior of Application Control & URL Filtering Blades is different from that of the Firewall Blade)." - what exactly does that mean?

Is it discouraged/causing unneccessary load to have a rule like below?


Hi Dorit

Many customers are asking about running a virtual border firewall (on-prem) on Hyper-V or ESXi. They think it's more flexible to grow with this setup because of per CPU core licensing. What is your oppinion? What are the benefits and drawbacks of such a setup?

best regards


In Global Properties, I can set "Non Unique IP Address Ranges". There are very few documents refering to this value in combination with Remote Access VPN.

Are these values used in any other Product/Software Blade?

Legend Legend

1) The Application Control Blade is one of the few features that does not have an ATRG available for debugging and such, any chance we can get one?

2) Can you please provide an update on the Linux Kernel update project for Gaia and can you reveal the exact Linux kernel version that is being targeted?


Hello Dorit,

here are my questions:

  • Are there any plans to migrate to new Red Hat version with 64 Bit in the near future?
  • When will CP use real snaphots via btrfs or equivalent to get a snapshot and a fallback in seconds?
  • When will CP support OpenServer with Intel Skylake-SP CPUs (like Fujitsu RX2540 M4 or Lenovo sr650)?


BTW: Your presentations during CPX are great!


Thanks in advanced!




Why Java inside Check Point products? What's the reason of choose Java to develop some features? Do you believe that is working as expected?!


Are you looking into adding a function where you'd dynamically block connections from IP addresses known to belong to bad actors/bad reputation?  Threatcloud tend to have this information, it would be good to get some automation on feeding this type of information into some automatic rules on the security gateways.



Will Check Point ever reach that advanced level when administrators can configure everything from 1 management interface? (Currently: GAiA CLI, GAiA GUI, SmartConsole, Expert mode, GUIDBEdit, manually edit files on the underlying Linux)

Will Check Point ever support IPSec VPN like other vendors in the industry? Like more than 1 encryption domain per gateway? Like SAs created as encryption domains configured, and not something that a poorly designed algorithm thinks to be the best?

These are the topics that are most frustrating for our clients.

Kind regards,



Interested to know if the functionality to see object count within a rule will ever be added? There is now whole industry dedicated to this (Tufin, Firemon, etc..), but checkpoint is still not adding this info into the smartdashboard.. 


Hi Dori,

many thanks for the opportunity to send you questions directly. I have one regarding Smart Event Intro. It is a blade which we use at some customer side. But unfortunately it is not support yet within R80.10, allthrough all relevant parts seems to be there. What are your plans about this module? Or what is your strategie, what should we tell customers, who use this function?

Many thanks and kind regards



Hi Dorit,

My Question is about the Remote site Client VPN.

When we configure the Remote site VPN and connect through Remote site VPN, then routes will be automatically added in the system (PC/Machine). Can we customize those routes and can we also do the setting for DNS. Its like once you connect to remote site VPN, Use mentioned routes and use this DNS.

Warm Regards,

Gaurav Pandya



1) is it possible to create FQDN in R80.10? fqdn must resolve automatically all related IPs, install policy and usefull for all protocol traffic (not http only)

2) when will be possible to manage policy via webui and not via GUI?

3) when will be possible create different encryption domain for site-to-site vpn tunnels?

4) how can we block TOR IPs/traffic without https inspections?

Stefano Marchetti



TLS Security has become increasingly difficult to manage.  We have hundreds of bypasses because of all the things that are broken when we inspect the HTTPS traffic.  How is Check Point preparing to handle the explosion of encryption, allow functionality but protect corporate assets?  Is there a special "TLS" team and are they thinking about the future?  Not just on the endpoints but at the gateways as well?


I have a question that is not related to current technologies Checkpoint is supporting. After being on top of Network security I recognized that checkpoint has now discovered mobility and cloud services as a potential market. My questions are

a) What is the latest status of supporting NFV and SDN?

b) Are there are any plans to participate in IoT and Industry 4.0./Industrial Internet Consortium? If so – where are you with that today?





I have a concrete case regarding sk39555 globally and more precisely in VSX environment .

I would you like you explain/show us how a firewall (classical or VS) manage if the actual concurrent session reached the maximum allowed :

 - what is its comportment (and at what OSI level ? In case of a classical FW : the limitation is likely related to physical performance issue whereas in case of a VS the limitation is set manually ; BTW : maybe in next R8* the VSX Gateway will manage differently and allowing dynamically the maximum number of sessions ? Or maybe not because it's better to define manually this value ? So : why ?)

 - how we can be alerted ('fw tab -t connections -s' CLI ; SNMP using fwNumConn  and fwConnTableLimit) or - I don't know - by viewing /<somewhere>/<someLogFile>.log or in SmartLog ?

- how we can understand what it is needed and how we can adjust (what is the math we need to do and in VSX environment : does the SUM of all memory space allowed for all VS' hash table shall not exceed the total memory available on a VSX Gateway ?)

As I said this is a concrete case

But I assume that many admin are not aware about such problematic.

Thanks in advance,

Best regards,

Xavier Bensemhoun.


Hello --   will the R8x REST API be updated to include ability to query and manage URLF?

We are trying to replace Websense/Forcepoint in large customer that has leverages their API to build self-help web interface for employees.   We are currently unable to replicate because no REST API functions includes URLF.


query classification for particular URL (again -- via REST API to SmartCenter -- not public CP site).

check policy for (a) user, and (b) URL

query threat level/reputation for URL  (more antibot but you understand the question).


hello  --  we need to ability to quickly and easily "divorce" gateway and endpoint management components for a SmartCenter.

You want reseller community to push endpoint products yet don't give us platform that allows easy PoC setup that would accomodate growth.

We have larger customer of both multiple Gateways and 3k +  seats of FDE.  

The customer has experienced SEVERE ongoing issues with incompatibility of hotfixes for gateway and endpoint management components.


R77.30 HFA are typically incompatible with R77.30.01 / .02 / .03 endpoint packages.

We found that most endpoint server hotfixes (R77.30.02) had specific incompatibilities with R77.30 HFA.

We need the R77.30 HFA in place for various reasons (stability and reliability). 

Due to these ongoing issues and direct end-user blue-screens (and whatever the equivalent is for Mac OS_X), the customer likely dropped CP FDE.      We have engaged CP proserv but signoff and execution of project has taken so long that the endusers have suffered extensively.

The point:  there is no way to "easily" divorce the two modules.   Of course, CP professional services happy to help for sizeable sum money.   A reminder these are your products and a development REQUIREMENT should be for gateway and endpoint to be modular and easily separated and/or relocated.

Example:     customer expands and grows so initial SmartCenter will full gateway services expanded with endpoint mgmt as well for endpoint PoC.    Now customer wants to expand beyond their 100 seats of XYZ endoint and move management to cloud (yes, CP needs to provide this as well.  I understand on roadmap anyway).   

There should be EASY way to relocate service management services that don't require large and/or complicated proserv engagements.


Hi Dorit,

What Life tip can you give a high-school graduate looking to get into Cyber Security , in terms of whats "hot" today in specific cyber fields? (Mobile/Pen-testing/dockers/deep learning  ....)  ?

Is Check Point planning to address security challenges in Docker Containers ?

Is Infinity something I can install ? How is it different than other security vendor's platform approach such as Palo Alto and Fortinet ?

Is SandBlast Agent supported on Mac OS X ? If no , when ?


My Question is about Check Point APIs. We are making use of automated procedures to create network environments, currently within AWS, but also planning Azure and Cisco ACI.

Our automated processes are quite far. But we are missing a number of functions where currently no API is available. Let me give you three examples:

1. Create an "Interoperable Device"

2. Setting the "VPN-Domain" for a gateway

3. Perform a "Get Topology" / "Get Interfaces" for a gateway

It is totally clear to me that the number of available APIs is increasing and that Check Point is constantly working on extending the APIs available. My question is: Can we as a customer get information about which APIs are currently being developed, or even better, is information available which API will be available when (with which HFA or release) ?

Matthias Hoppe


Inspired by Never Stop Challenging Yourself - It's the Best Way to Add Value |  

same question : What advice would you give to your 18-year-old self?


Hi Dorit,


We currently see a lot of new vendors pushing into the Endpoint Market, with no common approach to secure them.

- AI based solutions, Application Isolation, Application Whitelisting etc. 

At the same time Microsoft offers Credential Guard, AppLocker, Device Guard, Control Flow Guard, Bitlocker and Windows Defender or even further - Windows Defender Advanced Threat Protection.


We see now customers moving partially into the Microsoft direction for Endpoint Security but asking for different vendors for the "Advanced Malware"


Also we see frustrated developers recommending to disable all AV except Microsoft (Eyes Above The Waves: Disable Your Antivirus Software (Except Microsoft's) 


While the Sandblast Agent is clearly positively ahead within the security industry, we also see Check Point Products which compete with Microsoft (e.g. Anti-Malware and Full Disk Encryption)


What are Check Point future plans with Endpoint Security Suite?

Will the existing products develop further?

Will we see additional modules in the future? (e.g. Isolation Engine, or Meta AV Engine or CIS / DISA compliance checker / enforcer [to my expirience, very important for security, but no vendor provides tool assistance today...])


Many thanks and Kind Regards



I would love to know what the QA process is for checkpoint.  What testing is done with newly released checkpoint versions and patches?  What process is done to verify that functionality of the new version is still there and that old bugs have not been re-introduced to checkpoint?

Is there any automated checking done to verify common bugs like crashing when a log file reaches a certain size limit?


Dorit are there any plans to accelerate the communication of bugs back to R&D at a faster pace?  It seems that this process is currently very long even for small bugs.


Is Check Point working on a solution for organizations to use vSEC to get insight into Microsoft Azure PaaS environments?


Hi Dorit,

1. Does Check Point still work with Kaspersky?

2. Here in the US, we are also hearing giving your cell phone # is becoming like your Social Security Number. There are some concern if hackers have access to your mobile #, they can do damage, is this true?


I would like to know if you see security solutions move there focus to endpoints and if so, to what extend will Check Point play a role?


Second question;

What features will become available in on the short term.


1. Thanks for undertaking this. I see a lot of customers now are utilizing VDI solutions. With the recent changes in Endpoint licensing, it is now a viable solution to replace other endpoint solutions.  The main issue now is getting information on whether or not VDIs are supported. It is something that is possible or is even on the roadmap?

2. and one for fun

If you could have a billboard anywhere in the world, where would it be and what message would you put on it?


Wha have many customer R77.30 https inspection issues that are resolved in On Going Take 280, however we do not want to install an On Going Take due to previous issues after installing On Going Takes.

The latest GA Take is 216 which is very old now. We have asked Check  Point TAC when the next GA will be available but the answer is not forthcoming.

Please can you say when the next GA take for R77.30 will be available. 


Hi, Thanks for arranging this program!!

Do we have any possibility of intermediate version of built in rule base analysis tool / feature in CP Mgmt server itself. As of now customers need to buy the 3rd party tools to do the same. It would be really helpful if we get this feature as a built in tool.




Hi Dorit:

Proxy servers are becoming obsolete because many http sites switch to https as soon as the initial page loads, and this is an increasing trend. Since the proxy server doesn't have the SSL keys, the encrypted traffic is invisible to the proxy server (and the firewall). Needless to say, it's not a good day to be a proxy server sales guy.

On the other hand, Check Point's firewalls have simply allowed this traffic as ESP around the http security servers if it matched a rule in the rule base. Today's appliances don't have the hardware resources to store the SSL keys and decrypt and inspect every https connection the firewall processes. Will this be changing in the future, and can Check Point provide https security servers that can store the keys and inspect all the https traffic at a cost competitive with proxy server technologies using a single device with both the firewall and the https security server?

Thanks for taking time for this Q&A.
Thomas Fortner, CCSA, CCSE, CCSE+, CCMA

Employee Alumnus
Employee Alumnus

What is the roadmap for IoT security? 

Thank you


Hi Dorit,

Some SKOs earlier I asked to CP's people about Internet traffic distribution by Application without an answer.

My doubt is about CP's future support to distribute Application (Layer 7) Traffic among multiple ISP Links on a policy basis. For example, create a rule to allow Facebook through ISP A, another rule to allow YouTube through ISP B and another rule to allow Dropbox through ISP C.

This question is linked to another one, support for more than two ISP Links for ISP Redundancy?? We all known that CP support more than two Internet Connections with PBR, but this technology does not have a fallback in case the ISP link is down (continues to send all traffic to dead link). So the big picture, if my link to facebook through ISP A is down, the traffic should be rerouted to ISP B or ISP C.

There is any plans for any of this topics???



  1. What are the plans for Open server support and compatibility with the old GAiA kernel? We mainly use HP Gen 9 servers and while they are on the CP hardware compatibility list they either come with updated firmware versions or need firmware updates that require newer software drivers which can’t be installed.
  2. When will software testing improve? We update the software in order to solve an existing issue but too often the new versions introduce more issues. The software stability and reliability is becoming a concern for us and our customers.
  3. Better software updating methods have been promised many times over the years but somehow this doesn’t happen; not even with R80
  4. Yes, it is great to have all the features in one box but this takes a big hit on performance even with SecureXL and CoreXL enabled which do have a bunch of limitations and are infamous for the number of caused issues. Also they are fairly complicated to optimize.
  5. I’ve been working a lot with the Support and I can see there’s a lot of room for improvement. Especially when we discover new bugs we should be able to easily report them and sometimes the resolution time is very lengthy. Some problems weren’t solved even after a year.
  6. The documentation and numerous SKs are often outdated and provide misleading information.

What are the plans for GAIA  ?

Recommendation from my field experience

- better HW support ( new kernel - as already said in another comment )    for open server

- more intelligent partition layout    ( do not use  /var/log  as a separate partition; very bad implications , ask your support engineers  !)

  - increase /var/log/messages  and number of rotates ( why only 64k  and 4 rotates ?) 

 - remove "backup" partition on VM systems  ( lose a lot of diskpace, snapshots are done on VM)

 - set expert mode during installation.

 - replace embarrassing backup tool with a better approach.


1. You have been with Check Point for more then 20 years. Can you give us a brief overview of how the security landscape has evolved and what's your gut feeling for the next 20 years?

2. These days we see more use cases of customers requiring more openness and interoperability with other systems. What's Check Point approach toward this trend?


Your question combines many market buzz words and could be the basis of many write-ups. I chose therefore, to focus my response on few elements of the question that I find most commonly asked:

Machine Learning, Highly Evasive, and Zero-Day Exploits

Yes. We have developed strong & modern capabilities to stop sophisticated attacks and we utilize the most advanced tools including machine learning to achieve the best protections. By the way, we also invented and use non-machine learning advanced tools such as CPU Level Prevention and Push Forward emulation for Adobe Flash.

You can see thru 3rd party validation as well as POCs that we offer the best catch rate in the market.

You can find our machine learning capabilities in both SandBlast and SandBalst Agent as well as in our back end threat analysis deployed as part of ThreatCloud.

Campaign Hunting

One innovative usage of predictive security that worth mentioning is campaign hunting - identification and prevention of planned campaigns before they start, based on threat and market analysis.

Machine Learning, Predictive Security, and Check Point

Machine learning (and data science as a whole) depends mainly on one thing – data. The key element allowing a data driven system to prevent the next unknown evasive attack and distinguish it from yet another normal traffic (or benign anomaly) is a gigantic corpus of data, featuring elements from many different angles.

We use machine learning as the key component, leveraging the data we get in ThreatCloud into actionable models, taking into consideration all of the attack dimensions. Unlike others, we do not rely solely on any single element – let it be file detection, DNS request reputation, or anything else. We factor all of the relevant information. Taking all of the dimensions of a transaction into consideration enables us to provide the best possible protection for evasive and zero day attacks.


Quantum Computing and Cryptography

Experts believe that in 8-15 years quantum computers will reach the capabilities needed to break existing public key based encryption. Fortunately, this does not mean you need to hurry up with your Amazon orders before it is too late – quantum-resistant algorithms that can run on traditional computers are currently known, and will replace the existing encryption based on (quantum computing vulnerable) integer factorization or discrete logarithm problems.

Quantum computing allows dramatically more secure key distribution vs. the situation today. While we see it as positive outcome, I don’t believe that this will dramatically improve the state of non-quantum cryptography. The vast majority of the attacks on cryptographic systems today don’t try to attack the algorithm, but attacks flaws in the protocol, implementation, or the overall system. It is much easier to infect a machine with Trojan using phishing or zero day exploit, rather than trying to break modern key exchange algorithms. Furthermore, quantum computing does not allow better authentication nor prevent MITM attacks – a major part of the attack surface.


Indeed, more and more traffic is encrypted these days. Handling such traffic as well as modern Internet protocols like HTTP/2 has high priority. We do have a dedicated effort for handling all TLS inspection aspects including performance and functionality/user experience (as well as looking ahead into future standards implementations).

We see increase in usage of TLS inspection on our gateways and we have introduced many improvements over the past years. As performance becomes increasingly important, we are planning TLS to be one of the focus performance scenarios when using the future accelerator cards (as shared as part of the roadmap during CPX this year).

We also see the gateways as a potential focal point for other consumers of decrypted traffic and therefore, we have delivered relevant functionality such as decrypt & forward and ICAP client.

Finally, our unique combination of Endpoint and Network provides a very strong end to end solution.


1. The strongest tip I can give any high-school graduate looking to get into Cyber Security is to learn the fundamentals of math and computer science (theory and practice including attack-methods). As “buzz” and “hot” evolve very fast, it is more important to learn how-to-learn, to evolve your knowledge and skills, and have the ability to jump into new spaces quickly.

2. It is definitely an item we are pursuing and intend to address. Please stay tuned 

3. Check Point Infinity is primarily an architecture that offers a single, cohesive security system across all your enforcement points, bolstered with comprehensive and timely threat intelligence, driven by unified management across your entire IT infrastructure of network, cloud and mobile. Check Point Infinity is deployable and available as a set of products and will soon be available as an enterprise license agreement.


Compared to other vendors, Check Point Infinity is currently the only consolidated cyber-security architecture in the industry that future-proofs your business and IT infrastructure across all networks, cloud and mobile.  In comparison’s other vendor’s platform  lack in both the full 360 degrees coverage (e.g, mobile), lack in ability to offer real-time preemptive threat protection(competitor’s focus on detection) and lack the sophisticated consolidate security management that is vital for today’s modern IT security networks .

4.  SandBlast Agent for Mac is in development. We expect to announce it during H1 2018.


I would like to provide 3 different angles in my response:

  1. I am personally quite happy with the choices I made at 18. It was clear to me then, that I am result driven person and that I love math & computer science. Over the next years I became interested in information security and software. I was luckily able to leverage all these during my career (e.g., leading the products of Check Point).
  2. Consulting a friend, he pointed out that if I had a time machine to go back to when I 18-years-old, it would made sense that I would share with myself the list of rising companies, technologies and hence stocks so that I would leverage this time machine financially (after all, I assume it is expensive to build a time machines) 
  3. Last but not least, I would advise my 18-year-old self to follow their passion as they are more likely to excel doing that. Moreover, I would advise to ignore street perceptions and I would have attempted to convince many women around me to go this direction as it’s a great career for women as well.

The process depends on urgency and criticality. In critical cases there was immediate involvement of R&D in the task and in some other cases it continues to be handled by support.

The first challenge is usually to identify that it is indeed a wide bug and not an issue that is local or configuration. In my experience, the cases that are taking longer are also the cases that are harder to handle (some times the problems duplicates on customer side easily but we are unable to see it in other environments). To improve experience, we are trying to leverage remote access as well as improving the collection tools so that we analyze the cases faster (even before R&D gets involved). You can see this with the cpm and log doctors written for R80 as well as the CPview (that always-on collects analysis data so that in case of a problem we can “go back in time” and see what could have been the issue). In addition we are trying to be proactive with support (look at Check Point PRO) and with CPDiag automatically collecting crashes which we are trying to address before a ticket gets open. 

In some cases I saw miscommunication along the way (between R&D and support or between support and the customer) and our goal is to improve communication, learning from cases. If you see cases that are mishandled, please help us improve by reflecting this by escalating the case or by providing real feedback in the post-resolution-survey.


1. Our Sandblast Agent solution can run on Several VDI solution like  Xendesktop that is in final stages of certification. In case you have a need to certify additional VDI solution it is a process that can be done with Solution center

2. In front of the United Nations headquarters building in New York. It would say: "Cybercrime is a World Issue. Attacks can be prevented."

I challenged some colleagues at Check Point and one of them proposed this:

I challenged some colleges at Check Point and one of them, proposed this