Check Point co-founder on AI, quantum and independence
Gil Shwed, Check Point’s co-founder and executive chairman, discusses the company’s focus on artificial intelligence-driven security and his commitment to remaining an independent force in the cyber security market
Two months into his new role as executive chairman, Gil Shwed, the co-founder of Check Point Software Technologies, is looking towards the future with a clear vision.
Shwed’s transition follows the appointment of Nadav Zafrir as CEO, a move that marks a new chapter for the company known for building the industry’s first commercial stateful firewall. In his new role, Shwed is expected to focus on strategic direction and long-term innovation while entrusting the day-to-day operations to Zafrir.
In an interview with Computer Weekly on the sidelines of Check Point’s CPX 2025 conference in Bangkok, Shwed outlined his priorities for the company and delved into the role of security analysts in an artificial intelligence (AI)-driven world, as well as the opportunities presented by emerging technologies like blockchain and quantum computing.
Editor’s note: This interview was edited for clarity and brevity.
It’s been two months since you became executive chairman, and you mentioned to the audience at CPX 2025 in Bangkok that you will start thinking about the future and invest in bigger things. What’s top of mind as you think about the future and where the company is heading?
We’re in a unique position now in cyber and everything we’re doing is very relevant, whether it’s building the hybrid mesh or security architecture to fight against fifth-generation cyber attacks. There’s also the generative AI revolution, which I think is super important. Just like the internet, generative AI can change everything. It may or may not happen, but right now, the odds are that it will be relevant and can affect every part of our lives. It may threaten some economies and take away some jobs, but I think it has potential.
But just like the internet, which can be used to steal money and data, AI can also be used for bad things which we need to minimise and prevent. We need to make sure that everything we do will be smarter and more efficient by using AI – and in cyber security, that potential is unlimited.
AI is very good for tasks performed by a typical security analyst who looks at logs to find events such as intrusion attempts. That’s a job that computers can do much better. Computers can analyse much more data and do a better job of consolidating it to find attack patterns. Then, they can either stop the attacks and or present the information to the security analysts in charge.
Computers can also define policies and implement them, so there’s a lot that AI can do. So, at least for me, I think Check Point should continue everything it is doing and go into the AI era.
My pride is in making Check Point successful as an independent company and I want that to continue. I’m just busy making that happen. I’m not busy looking for another company to merge with or be acquired by another company
Gil Shwed, Check Point Software
How do you think the role of security analysts will evolve over time with increasing use of AI?
Security analysts can become much more sophisticated. It’s one of those jobs that computers can do better, but will still need human supervision. It’s hard to say how quickly this will happen. These sorts of changes can happen overnight, or it could take a long time, because while the computer is doing a good job, it could be missing 10% of critical elements, so you still need to have people. But one day, if the computer is doing a good enough job, or a much better job, we can empower people with it.
But does that mean we won’t need humans anymore? If you look at the last 100 years or more, you can see that, almost always, when there was a revolution, the world became more productive. The unemployment rate went down. As human beings – and maybe it’s unfortunate – we work more hours today than we did 30 years ago. But maybe with AI, we can do our jobs in fewer hours. That’s also a possibility.
Check Point has a network security product called Quantum. What are your thoughts on quantum security? It is something that Check Point should pursue in the longer term?
Our Quantum shouldn’t be confused with quantum computing. We’re investigating quantum computing, which can affect data security and algorithms for encryption. We already have some features to enable quantum encryption algorithms and so on. We are kind of quantum-ready, but I don’t know yet about the impact that quantum computing will have.
AI took centre stage and put quantum computing aside. But again, like every technology company, we are ready for technologies that are expected to change the industry.
Still, there are concerns that quantum computers could be used to crack sophisticated encryption algorithms like AES 256
You’re right that it’s a concern, but as someone who has followed the market for over 30 years, I remember when people spoke about how to secure connectivity on the internet, they often talked about encrypting everything. Encryption is not the solution for everything, and it’s also not the problem. Encryption is one way, but the main method is to make sure your data is kept safe by you.
It’s a challenge today, with the cloud, because now your data, which used to be safe physically, is less safe and easier to get to. So, you use things like encryption and other systems to make sure fewer people can access it, but still, the risk is higher. We need to make sure we are doing all the right things to preserve and protect our data.
How do you see Check Point’s portfolio evolving, particularly with the growing convergence of network, cloud and endpoint security?
Today, we probably have the broadest portfolio in cyber security. We’re going to narrow our focus a little in some areas and partner with others such as Wiz, a leader in cloud security posture management, to build better offerings. We look at our portfolio all the time, and from time to time we will be thinking if there’s something we should be doing, or if we should add something that’s completely independent or partner with others.
I think we will continue to do all the above. We have an amazing endpoint product, but we will continue to partner with other endpoint vendors. I think it’s important for security vendors to collaborate to make security products work better together. It’s one of the key elements to building better security, but there’s not a lot of that today.
Check Point has made acquisitions over the years, but in other cases you build products from scratch. How do you decide if you should build or acquire a company to plug gaps in the portfolio or get to a certain market faster?
We’ve acquired over 20 companies in the last few years, and that’s working well. By the way, 95% of our innovations come from within the company. We invest in a lot of the things we do inside, and we also look at what other companies have to offer. Now, it’s very important to understand that with over 4,000 companies and startups in cyber security, we’re not going to have all that innovation inside the company. And it’s not just the technology – it’s a very long path of testing and seeing what works when you try to translate an idea into a product.
It’s very likely that we will find more ideas from small companies, and I’d like to see us acquire not just small companies, but also bigger companies that have turned ideas around. Very few startups get it right the first time. Most startups struggle and try two or three times before they get it right. So, if at that point you can acquire them, you’d save yourself five years in getting into the market. At the same time, we have amazing people in our R&D [research and development] organisation who continue to innovate.
If we can build a firewall that allows good guys on the network and blocks the bad guys, then we can do the same for blockchain – though the way we do it from a technology standpoint is quite different
Gil Shwed, Check Point Software
I understand that Check Point is working on a project to build a firewall for blockchain applications. What’s the thinking behind that project?
This project came from the innovation that our people did inside the company. It can be part of our core portfolio or it can be outside of our core, depending on what the world would look like. It’s a very important lab project and close to my heart. It shows that we can bring our expertise to adjacent areas like blockchain. If we can build a firewall that allows good guys on the network and blocks the bad guys, then we can do the same for blockchain – though the way we do it from a technology standpoint is quite different.
While blockchain is gaining momentum, it still hasn’t found its way into the typical enterprise which doesn’t use cryptocurrency. They might use blockchain in some applications, but they may not know about it. So, there’s a huge question of whether blockchain will take off in the enterprise, and if so, when it will happen. That said, it’s a very interesting business opportunity. We can target the crypto market as an independent market or enterprise customers who may use blockchain contracts that can be secured by Check Point which they already trust and use.
Organisations in the Asia-Pacific region tend to invest less in cyber security despite facing more threats, especially on mobile devices, than their counterparts elsewhere. Why do you think that’s the case?
It’s a good question, and I think it varies across the region where there are big differences within and across countries. One organisation may be doing everything right, but there could be another organisation in the same industry that doesn’t do what it needs to do.
Generally, developed countries like Singapore have the same or higher security standards, while others are behind. Take India, which is leapfrogging other countries in technology adoption, but doesn’t necessarily have enough money to invest in the security and quality of its platforms. India is an extreme example because it’s the largest country, but there are many others that are in between. In some industries, we see a lot of catch-up – we’ve had great successes with customers in the Philippines that use our technology to a big extent.
It’s clear that you won’t be as much involved in the day-to-day running of the company in your new role. Is there anything that still keeps you up at night compared to the time when you were CEO?
First, I learned how to sleep at night. It’s great to see Check Point becoming independent and doing things on its own. And I’m saying this as a proud father. It’s great to see your kids becoming independent but it doesn’t make them less of your kids and it doesn’t make you care less about them.
Check Point still belongs to me in every aspect you can imagine, both from the fact that I care about it and because I still own a big part of the company. I’m not giving that away, but I’m very proud and confident that Check Point can make it. It took me many years to find the right person to take care of Check Point and I’m very happy now that Nadav is taking care of my baby because I think he can be a very good parent.
That’s a good point to make about being independent because, with the consolidation in the security market, some customers may not like their suppliers to be part of another company that they might not be as invested in. What are your thoughts on that? How long would you expect Check Point to remain independent?
My wish is for Check Point to always stay independent. I don’t want that to change. For years, I’ve been asked, why wouldn’t you sell the company? Why wouldn’t you merge it with a bigger company? That’s not what I want. My pride is in making Check Point successful as an independent company and I want that to continue. I’m just busy making that happen. I’m not busy looking for another company to merge with or be acquired by another company. I’m busy making Check Point strong and capable of running itself and building the skills we need to be independent.
Read more about cyber security in APAC
CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help enhance analyst efficiency and tackle cyber security challenges.
The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access.
The chairman of Ensign InfoSecurity traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem.