How Check Point is keeping pace with the cyber security landscape

Having invented the modern firewall that enterprises still use today to keep threat actors at bay, Check Point Software’s founder and CEO, Gil Shwed, cuts an influential figure in the cyber security industry.

He wrote the first version of FireWall-1, the company’s flagship offering that became the world’s first commercially available firewall product in 1994, and patented stateful inspection, now a de facto standard security technology.

Under his leadership, Check Point has broadened its portfolio, offering a wide range of security capabilities from cloud and network security to a unified security management tool called Infinity that consolidates security capabilities into a single platform.

In a wide-ranging interview with Computer Weekly, Shwed spoke about how Check Point is keeping pace with the cyber security landscape, the company’s key growth areas and approach to cloud security, as well as how generative artificial intelligence (AI) will impact cyber security.

Could you give me a sense of the growth areas for the company, particularly in the Asia-Pacific region?

Shwed: I think the growth areas are almost unlimited because our business is multi-dimensional, especially in Asia, where not all the countries are in the same stage of development. Clearly, there is more potential everywhere.

For those in less developed countries, there’s plenty of potential to catch up and get to a reasonable level of security and those in developed countries will keep investing because they know how important it is.

In terms of technology, I think the real challenge today is from a product perspective. While we can sell more products to secure the cloud, networks and users, it’s important to create a collaborative platform for security architectures to work together.

Now, if you look at traditional defence, when a fire alarm goes off, we’re not going to sit around and say we don’t care. The doors will close, and we will all take care of it to make sure the fire doesn’t spread to the entire building.

The average cloud application has about 15 connections to other applications, and not all of them are owned by your company, so the risk level on the cloud is very high

But you look at what’s going on with cyber security, it’s very different. Companies use a dozen different security systems – one system may notice an attack and stop it, but the other 10 systems will ignore that attack. And so, for security to be better, we need to get these systems to work together, address all the attack vectors, and we need to have unified management systems and reduce the number of suppliers.

About having fewer vendors – is this something that any one company can solve or does the industry need to come together to address the issue?

Shwed: I think we can provide the platform that can do pretty much the entire security stack and secure all the vectors. But I’m realistic – while we can do it, we’re not expecting customers to reduce 30 to 40 systems to five. It’s big change and we’re not expecting them to throw out everything and replace it with one system. But I do see more customers doing it, even in Asia, where they rely on our Infinity architecture to consolidate many systems and it works extremely well.

Check Point is known for best of breed security products like firewalls and intrusion detection systems, but how you taking those capabilities into the cloud where you might compete with the likes of Cloudflare and Zscaler?

Shwed: There are different aspects of the cloud. We have three major product lines – network security, which we’re very well known for; Harmony, which takes care of everything on the user side, such as securing users and endpoint devices; and CloudGuard, which is a full security stack for the cloud.

Zscaler and Cloudflare are in an area that’s very interesting for us, but they don’t secure the cloud. They use the cloud to secure your network. In many cases, Zscaler is mainly providing you with remote access from your PC to the internet. That’s an area we’re also active in and we call it SSE [secure service edge].

Companies that are more about securing the cloud take the entire datacentre and move it to the cloud. They make it even more complicated because there are more new services on the cloud that behave differently.

And worse, you put them in a public place and here’s the big challenge for security on the cloud – you need to secure servers and the network and make sure that the cloud is configured properly. If a server in my datacentre is not properly configured, the risk level is very low, because it’s secured by multiple layers of security.

But if I have a server on the cloud, it’s immediately connected to the backbone of the internet, and it will be taken over within a matter of minutes if I don’t secure it. That’s a huge risk that exists on the cloud, more so than in your datacentre.

The cloud is open to the world and cloud applications tend to be far more interconnected. The average cloud application has about 15 connections to other applications, and not all of them are owned by your company, so the risk level on the cloud is very high.

And so, we need to build an environment that secures every single workload on the cloud in real-time to ensure that we are not falling behind. It’s not easy to do by the way – the competition and a few startups do portions of it but there’s nobody that does it all.

Companies like Microsoft and AWS are trying to compete in that space and provide you with security services. But those services are usually basic and not cross-platform, because one of the issues with cloud is that you want to connect the database which must exist on-premise with the new application on the cloud. So, you need something that connects them using the same policy and that’s a huge opportunity for us.

I’m sure you’ve heard about Google Cloud’s acquisition of Mandiant. Increasingly, cloud providers are trying to bolster their security credentials – what are your thoughts on that?

Shwed: It’s very valid move and all of them – AWS, Microsoft and Google – are all building better security. But there’s a little bit of confusion about that – they all claim that the cloud is secure, but their security model is what we call shared responsibility. So, while they’re doing a very good job in securing their infrastructure, it’s your responsibility to secure your own application.

At the technical level, it will become much easier to create malware. And if you're talking about social engineering, ChatGPT can be used to write the perfect phishing email in just a few seconds. You can also ask it to write the code that collects information by connecting to the infrastructure you want to attack without being a real expert

Now, that’s very confusing, because when people say it’s a secure cloud, it means the infrastructure of the cloud is secure. But if you leave your door open, it’s your responsibility to decide what and who is coming in and out.

I think the fact that the hyperscalers understand that security is important is not a bad thing. We’ve always seen it by the way. In the history of cyber security, platform vendors always try to provide better security. For us, it’s small competition and a big opportunity because our security starts where the platform ends. Our solutions also span multiple vendors and environments, but Microsoft’s and Amazon’s focus is always going to be primarily around their platforms. Even though they say they want to support multiple environments, their number one priority is to sell more cloud, not sell more security.

We have a lot of experience in this over the years. We saw the same thing with networking. Cisco got into our industry about a year or two after we started. And everybody was saying that if Cisco owns the network, they can secure the network. And 28 years later, Cisco is this strong company that exists on almost every account of ours. We exist on these accounts because we provide an added level of security on top of what Cisco routers and switches do.

I’m sure you talk to chief information security officers (CISOs) and there are many things going on in their minds right now. Obviously, they can’t secure everything and have to take a risk-based approach to security as they don’t have unlimited resources. What would you say to a CISO today who has to grapple with these issues, including the challenge with telling one security vendor apart from another?

Shwed: It’s very, very challenging and what they see with every security system is that they don’t work together. It’s not always easy to solve it and when you’re in a large organisation, it’s very hard to change the environment because every change is very complicated to do. It’s much easier if you are smaller, but you don’t always have the resources.

I think CISOs react well when they hear our vision and they are more open to consolidation, especially with economies showing some signs of weakness. The good thing is that by consolidating, we can get the better security. Instead of having 20 solutions that don’t work together, you get one or two that work very well.

Let’s say we have an engine that knows how to analyse files and find zero day attacks. If you apply the same engine on all attack vectors, not just email and endpoints, I think we can elevate the level of security in a major way.

There’s been a lot of chatter about the implications of generative AI like ChatGPT on cyber security in recent weeks. What are your thoughts on that?

Shwed: It’s a very important tool and I think what we’re seeing now could be a revolution. Some things come and go but this has the potential to stay with us. I think what it does to security is a few things. At the technical level, it will become much easier to create malware. And if you’re talking about social engineering, ChatGPT can be used to write the perfect phishing email in just a few seconds. You can also ask it to write the code that collects information by connecting to the infrastructure you want to attack without being a real expert.

But if you put it in the right hands, you can use it to prevent attacks. By the way, we are also using AI to find malicious activities and detect, prevent and identify a lot of things that are critical. The brain behind our system is called ThreatCloud, which has 75 security engines, of which 42 are AI-based.

What’s your take on zero trust security? We’ve heard a lot about it, and it makes sense as a concept, but there’s so much confusion out there with different vendors pitching it from different points of view.

Shwed: It’s very typical in cyber security to use one buzzword in many ways to mean different things. By the way, it’s been like that for 30 years when we talk about encryption. What does encryption mean? Encryption may mean you encrypt your hard drive, or it could mean encrypting your files or encrypting your data when you visit a website. And which encryption algorithm do you use? In the 90s, people started saying that everything needs to be encrypted, but encryption by itself doesn’t achieve security.

If your servers are wide open, and I can run any query to get any data, then it doesn’t matter if the data is stored encrypted or gets sent to me, because that’s an issue of authorisation. Zero trust addresses that and says you need to elevate the level of authorisation which the system needs to check while communicating with me.

I’m very much in favour of it, but what it actually means can vary a lot. I think we are the perfect place to do that because of how some of the authorisation is done. We have agents which can go on every server, every subsystem and on the cloud to do that. In many cases, the authorisation can also be done on the network and in the firewall. Couple that with authentication and micro-manage all of that per application and you will get better security.