in his 18 years of experience our next speaker has been a customer of partner a trainer and a competitor today he is a spectacular ping-pong player and Check Points Head of Strategic Marketing & Intelligence ladies and gentlemen please welcome Moti Sagey very handsome okay so I’ll start with a personal story I’m gonna start with a personal joke that my daughter Liah told me the other day she said dad did you ever see an elephant hiding behind a flower I said “no dear” then she said Do you know why? I said no because It was hiding really really well so she already knows about evasion obfuscation and deception so that was my personal touch now I was talking to a customer today from Chicago working at a law firm and he told me “Listen, I’ve been to many security conferences I have like around once a month network security vendors coming to visit me to preach their product you’re more or less sounding the same You’re talking about the same threat landscape you more or less talking about the same solution so if one vendor call it the security fabric or the other vendor call it the power of the platform you call it the future cyber security or now infinity but what does it really mean? do you have any hard data to back it up? to back up your superiority? why are you different than the other solutions so this is what I’m going to discuss in the next 17 minutes and 20 seconds now I want to talk to you about trust when we’re talking about entering or accepting the security vendor into our our domain it’s all about trust and there are different elements main elements that we’re looking at a security vendor at a security partner and it boils down to three main elements the first one having uncompromised security so as Amnon mentioned yesterday today the solution must be effective it has to stop threats this is what security solutions should and are supposed to do !! the second part is that security should not only be on the network or on the endpoint it should be able to run everywhere meaning on the cloud on the mobile infrastructure on IoT on industrial control etc etc and not only that, it needs to be managed through a unified management console with superior operational efficiency so those are the three pillars that I’m going to provide you with some publicly verifiable hard data that supports it but when we look at those three elementors one thing that unites them all there’s one common element that I like to call the vendor DNA that has it and it’s called commitment to your success commitment to the customer or to the partner success now that by itself sounds like a marketing fluff what does commitment to your success it sounds like something that’s like I’m trying to sell you a used car or something so I want to give you a few pragmatic steps of what it means commitment to your success the first one being the right focus so the security vendor must have the right focus when it’s developing a security product. it was said about Napoleon that said that “God is with the larger battalions” meaning whoever has the larger army wins the battle and when we’re talking about security vendors it’s the R&D that develops the security technology and when you look at specifically at Check Point we have 1337 by the way also spells out for the geeks among us as leet or elite and it comprises to 31% of the employees now is that number high? low? let’s see how it compares to the other network security vendors in the industry and you can see that it’s more than double than the green vendor and when you think about it if you as a customer would want us the security vendors if we have an extra dollar what would you prefer? would you prefer that we invested in this the next generation of security or invested in a billboard on an airport? something to think about… another thing when we’re talking about commitment to customer success is the right philosophy when developing product and the right philosophy I believe when choosing the right security architecture is everything that you develop when you develop a security product should be about preventing the threats not responding or remediating or dealing with the elements of responding to incidents but prevent preemptively prevent the threats from entering the network and this is what we do we try in anything that we develop to have prevention in the fundamentals at the bare bones of the things that we develop so technologies like CPU-level Advanced Threat Prevention the ability to hold the file before we deliver it whether it’s through email or through web, the ability to extract threats, zero phishing, anti ransomware all of those defense technologies and innovations are around one thing to prevent the threats from entering your network. and when you look at other players in the industry we see that it’s not always the same case though they try their best to prevent threats they do not do it in real-time so this is an example of a vendor let me just read the description that it says it says “wildfire then generates signatures to recognize the newly discovered Malware and makes the latest signature globally available every five minutes” meaning it lets the malware traverse the gateways when emulated in the background and only after five at least five minutes if you add to that the emulation time it’s more or less around 12 minutes it gives you the verdict meaning it tells you that you’ve been screwed and it’s thanking you for contributing to the industry as a whole now I’m not only picking on that vendor it’s also other vendors that has the same technology the same detect first prevent after .for example the vendor on the bottom it says “sending file to the fortisandbox cloud does not block further it upload other vendors do it once an hour so it kind of reminds me of this advertisement “oh I’m not a security guard I’m a security monitor I only notify people if there’s a robbery there’s a robbery” yep you can’t do a thing okay another important element of commitment to customer success is unparalleled sense of urgency and when I say that I mean that sometimes also us also security vendors are vulnerable security solutions such as our solution such as competing network security solution also have code and those caught in this code sometimes have vulnerabilities and when it has vulnerabilities customers want to be exposed the least amount of time as possible so if you look at 2016 the past year Check Point had two vulnerabilities it was around OpenSSH we use OpenSSH libraries we had two vulnerabilities and it took us one day to release an operating system patch to mitigate those vulnerabilities and if we compare the same Apple to Apple the same metrics of vulnerabilities we see that other vendors did not respond that fast to those vulnerabilities I’m not even discussing or judging the amount of vulnerabilities trust me Microsoft and Apple has more vulnerabilities I’m just saying that the amount of time it takes let’s look at the green vendor for example it says it took them 170 days on average to remediate those vulnerabilities and if it sounds like fake news or alternative reality scan this QR code it’s all publicly verifiable it’s all from the vendor security advisory website and you can check it for yourself this I think is one of the key elements that shows commitment to customer success when basically making sure they’re not exposed as they should be so just to recap the commitment to customer success the commitment to your success prevention philosophy sense of urgency and the right focus you got to have the people that develop those security products now let’s discuss the three pillars so the first one was uncompromised security so the most important thing when having an uncompromised security in your technology is to have security that have a proven track record a third-party proven track record of excellence of security efficacy so this is an example of a security test lab third party to attest up calld NSS Labs it evaluated all those vendors that you see on the screen in front of you and it basically gave them a rating so you see that Check Point was tested from 2011 13 times 13 out of the 13 times we got the highest rating which is “recommended” other vendors though they did get some recommended ratings we see that they also had not so proven a track record of excellence they also had “neutral” rating or “caution” ratings and if you look for example at this vendor you see that it was recommended seven times but six times it got a “neutral” rating this vendor even though it got five times “recommended” it got two times “caution” rating and it did not get any “recommended” rating for its next generation firewall product since 2013 that is four years ago for those who can’t count another element that involves a product with uncompromised security is security shortcuts sometimes vendors take this is an example of four vendors that have in their default settings all kinds of shortcuts that allows them to achieve better performance in competitive bake-off let’s look at this one for example this one has a feature called Content ID and it’s a it has a feature that says forward segments exceeding TCP content inspection queue what are the admin guide says about it by default when the TCP or UDP content inspection queue is full the firewall skips Content ID just like why would I need it? let’s skip it disabling these options can result in performance degradation and some application inquire loss of functionality so you have to choose between secure and not functional and fast and if you don’t believe me go to this address this is from their documentation now luckily enough those features those settings are configurable so when you go to competitive the POC you got to make sure that you deploy you cofigure those devices as best practices because if you don’t it’s a child’s play to bypass those products a little bit like this in case you’re evaluating network security products I highly recommend that you download this white paper that basically gives you pragmatic tips on which setting you got to make sure that are configured that have the best and optimized security by the way it’s all quoted from the specific vendors website and best practices recommendation this is just to make sure that you’re running a leveled playing field testing bed . okay another element that I’d like to discuss around uncompromised security is something that sometimes we as customers as the industry look and should not be so concerned about or should not be focusing only on that and that’s the “checkbox syndrome” or the “compliance syndrome” sometimes we all want to just pass the audit we all want to have the check box on firewall IPS application control URL filtering that will know that we are compliant but we’re missing the most important part is that we need to be secured against breaches so when you focus on the wrong part you might miss the important things a little bit like this [Music] yeah so something about the check box the checkbook syndrome is around the efficacy of IPS so this is an example of the latest next-generation firewall test that was conducted by NSS Labs on 2016 and you see the catch-rate throughout the years of different security vendors now that was a test that was run they fired like 1999 exploits against different solutions and measured the security efficacy according to the year of the years like they had like attacks and exploits from 2015 2014 2013 and 2012 and when we look at those catch rates it looks ok if we look at the last vendor for example ninety four point six ninety seven point five eighty three and eighty seven point one I wouldn’t mind getting a report card for my daughter that looks like this like looks okay no? but when you look at it from the attacker approach meaning in in how many exploits did the security solution missed all of the sudden the math looks much more different you see here that the last vendor that I just mentioned that had a pretty good report card missed like 27 times more exploits than Check Point or the second vendor missed around the same thing even the third this is the fourth vendor that had like almost perfect grades missed fourteen exploits so this is something that you need to be concerned about and you need to make sure that you have the best catch rate when evaluating a security product now it’s not it’s not by chance that we have this superior catch rate when you look at the amount of CVEs the amount of threats that we cover you see that it’s superior when comparing it to other security vendors that offer the same solution so this is for example a very good competitor that I very much respect they have an IPS it’s called Sourcefire very very good IPS but you see that in terms of catch rates which is of coverage on attacks Check Point is superior when comparing amount of CVEs in Microsoft, Adobe and total number of CVEs and let’s not forget about everywhere architecture every architecture basically means that once you have the best security you want to make sure that it runs everywhere so the challenge of securing borderless networks is once you have an infection on one part of the of the network all of the sudden all of the networks with public cloud private cloud infrastructure is exposed and this reminds me a little bit of focusing your efforts on blocking the perimeter the main gate while being blind to other aspects passing like this [non-english Language] [non-english Language] [non-english Language] [non-english Language] [non-english Language] [non-english Language] [non-english Language] we shouldn’t miss the blind spots we should have the ability to block attacks on any environments on all business platforms and when you look at specific operating system, cloud infrastructure hypervisors, mobile security operating systems… we see that it’s imperative to have security that runs on both now we’re lucky enough that we have a software based architecture Check Point “Software” Technologies all of our intellectual property are in software all of our acceleration such a secureXL coreXL other elements of code are embedded into software we are not relying on ASICs or FPGAs or caviums so our intellectual property makes it very easy to port our in our systems into other platforms we choose the superiority in terms of broad coverage on software security and on specific platform and last but not least is the operational efficiency and in operational efficiency you have to make sure that all of this is managed with a unified system that have the best operational efficiency the best experience. this is a research that was done by NSS Labs it measured how many hours it takes to manage an estate with 50 gateways and it shows that Check Point competitors need twice the headcount in order to manage the same estate this is something that we’re very scarce off in terms of headcount something that was mentioned by Gabi and by Gil that we as an industry need to have more headcount of skilled headcount in order to manage those things and to have a unified security solution unified management gives that ability to run it in a very efficient way and if there’s one image that explains the why, why is that? why is it so efficien?t why does it take less man-hours? is this one with one unified access policy you can manage users, devices, applications, data, you can install the security policy on gateways, on mobile devices, on your private cloud and on your public cloud all from one single pane of glass now since I don’t really have time left I want to equip you with this guide that has more than 200 requirements that you can insert inside test plans and RFP’s of what the right security architecture should have when you’re evaluating one very very highly recommended so to summarize what you trust is you trust a solution a network security solution with uncompromised security that runs everywhere and that has operational efficiency and together is I would call it the core of the vendor DNA that is commitment to your success with the right focus with prevention philosophy and with sense of urgency and in Check Point we do it across all of our product portfolio and ofcourse all of the specific and different platforms and how we do it we do it with the best people in the industry with the right investment and the focus on the people. I’d like to close with a life lesson from a Jewish rabbi called the “Lubavitcher Rebbe” He says that every morning a person has a choice whether to become a fan or a player he was talking about baseball by the way what’s the difference between a fan and a player? the difference between a fan and a player is that fan watches the game from the sidelines and the player gets to play on the field now as long as the team plays very well the fans are happy, when the team is winning the fans are saying “we won we won” Jerry Seinfeld says about that “No, They won you watched” now when you look at that when the team doesn’t really play according to the fans liking all of the sudden the “We” turns into “you” or “they” oh “they lost” “you suck” and you have to decide when you wake up in the morning and when you go to work on when you evaluate stuff and when you’re choosing the security architecture “do I want to be part of the solution or part of the guys that are sitting on the sidelines and basically sharing their “constructive criticism” that’s it for today I would like to wish you all to be more of players and fans thank you very much

Choosing The Right Security Architecture | Cyber Security | Network Security

Leave a Reply

Your email address will not be published. Required fields are marked *