Feeds

Check Point boss looks beyond 'weapons' for security defence

Right said Shwed

Seven Steps to Software Security

Interview De-perimiterisation and the move to cloud computing will not alter the central place the firewall occupies in corporate security architectures, according to Check Point chief exec Gil Shwed.

Check Point is advocating a three-phase strategy of security policy enforcement centred around the firewall, user education and enforcement as a means of reducing costs while improving security for corporates. The technology part of this combination comes from Check Point in the form of the latest version of its firewall platform – the R75 – and software blades to carry out functions such as URL-blocking or intrusion prevention.

Check Point is pushing the architecture as a means for customers to reduce the number of point products they support. "Having 10 different types of weapons is useless unless you have a strategy for what you want to do," Shwed, who founded Check Point shortly after leaving an elite technology unit of the Israeli army, told El Reg at a conference last week.

Cornerstone

Simplification to save costs is a sound enough idea but we questioned whether the firewall – rather than systems management or logging technology – was the right hub for information security.

"Our technology is broader than just a firewall but it's a great platform," Shwed told El Reg. "Management software collects and presents information, but it's not the best place to manage security policy.

"Years ago I thought systems management firms would become either competitors or partners but this never happened. Managing a system and event analysis, which is what the likes of Tivoli and HP do, is different from developing and enforcing a security policy," he said.

Although Shwed said that Check Point is seeing "nice growth from its core market" of firewalls, it is also trying to get into adjacent security markets, sometimes by acquisition. The company wants to stay focused as a pure-play information security supplier.

Questions in Congress

Check Point could hardly be described as acquisitive, especially in comparison to the likes of Symantec and McAfee, and we wondered whether its abandoned bid to buy Sourcefire back in 2005 had anything to do with this. The Israeli firm's plans to buy the intrusion-prevention pioneer for $225m were withdrawn after it became clear that US authorities would attempt to block the acquisition.

The Committee on Foreign Investments in the US had concerns about a foreign firm getting hold of technology used to protect US government systems.

Shwed said a deal might have been agreed, but only if Check Point had agreed to US government terms that didn't suit its interests and agreed to turn over source code for its technology, a move he was loathe to make. "We've done four different acquisitions in the US since then," he said. "The reason there was concern about Sourcefire was down to a bad coincidence. The Port of Dubai was buying US ports at around the same time. Both deals got blocked, but the US Congress eventually approved the Dubai deal."

Rather than deal with the uncertain and undoubtedly delayed outcome of the deliberations of US politicians, Check Point walked away from the deal. It eventually got into the intrusion-prevention market with the purchase of NFR, another US developer, a year later.

Cyber-intrigue and the Stuxnet worm

The concerns expressed by politicians over security deals have been heightened by the perceived increase in threats stemming from government agencies as well as criminal hackers, particularly over the last two years or so.

The Operation Aurora attacks against Google and other high-tech firms last year, to say nothing of targeted attacks against finance agencies in France and EU ministries more recently, go a long way toward explaining why BT's decision to source its kit from Chinese supplier Huawei raises concerns about possible backdoor snooping.

We wondered whether the publicity about the recent Stuxnet worm, a sophisticated and targeted worm blamed for sabotaging Iranian nuclear power plant control systems, might make it more difficult for Check Point to do business. Nobody knows for sure, but Stuxnet is widely rumoured to be a joint US-Israeli operation.

It's possible to think Check Point, whose founders started their careers in the Israeli army, might encounter the same sort of concerns from politicians as have been raised by Huawei, which was founded by a former Chinese PLA officer. Shwed said such concerns are misplaced, and stem from a misunderstanding of Check Point's history.

"We established Check Point as a civilian firm with no ties to the military and not based on government contracts," Shwed said.

"The Israeli government doesn't share with us what it's doing and we don't ask. We'd like to think if it had elite people trying to compromise firewalls that the last one it would compromise would be ours but that's more because it wouldn't be an easy target rather than any sense of patriotism."

Shwed concluded by saying that the threat landscape was changing with the increased prevalence of targeted attacks – a development he described as "unsurprising". Government-sourced attacks might be either more sophisticated or less sophisticated than those attempted by criminal hackers, Shwed said, adding that the tendency would be towards more sophisticated assaults that require a different approach than simply applying a new security gizmo.

"You don't need an anti-Stuxnet or anti-Aurora product, you need a security strategy," he concluded. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.