In his recent India vist, we received an opportunity to interview Gil Shwed, Chairman, Chief Executive Officer & Founder, Check Point Software Technologies Ltd, in presence of Bhaskar Bakthavatsalu, Country Manager, Check Point Software India. Where Gil unfolded his vision for India and company’s some significant global strategies, there Bhaskar uncovered India specific strategies in this interview.
 |
Gil Shwed, Chairman, Chief Executive Officer & Founder, Check Point Software Technologies Ltd |
Q1. Is Indian security market matured enough?
Bhaskar Bakthavatsalu: In the past few years the overall growth and potential of the Indian security market have been tremendous. From a traditional and basic security market, India has evolved to a security conscious market. Local customers have begun to understand the need for a comprehensive security infrastructure to ensure the sanctity of their network and data, while organizations, initially worried over about the primary costs, now understand and embrace the concept of TCO. This is clearly a sign of a market that has started maturing. Though these are mainly seen in the larger enterprises, it will not be too long before others follow.
The SMB segment will emerge as an important contributor consolidating the growth of the security market in the coming years. SMBs would need to look up at larger enterprises and learn from their example and their evolution. This would enable these enterprises to make more sense out of each dollar spent on securing their enterprise, and also help the market mature at a faster pace.”
Q2. Securing remote branch offices have been a challenging task for CIOs. How can Check Point help them in this regard?
Gil Shwed: Remote offices, branches or satellite offices form a critical component of modern businesses facilitating essential business functions, such as sales support, distribution, customer service, etc. The employees in these locations need to access critical business resources and applications like ERP, CRM and supply chain management. This necessitates connectivity between remote locations and the larger offices that host these resources. It is not just about connectivity only: a high degree of security and reliability is necessary as well.
Our UTM-1 products provide comprehensive security to remote sites while enabling efficient and effective connectivity, manageability, and reliability. This purpose-built appliance consolidates proven enterprise-class technology into a single solution and eliminates the remote site as the weakest link, without compromising the corporate network.
In addition to remote offices, Check Point also provides solutions for secure remote access addressing the needs of road warriors, teleworkers, contractors, and Extranet partners to connect to information they need, with the security they need.
Q3. Recently forged SSL certificate attacks have become a serious threat to industry. How Check Point does address this issue and what do they do to prevent this?
Gil Shwed: Check Point is putting forth a great amount of efforts to develop preemptive protections and build protective functionality for both its enterprise and consumer security solutions to keep its users safe from new threats, including this forged SSL certificates attack.
Just a few weeks ago, a team of security engineers produced a SSL certificate attack, manipulating an official Certificate Authority (CA) to forge a rogue CA that becomes trusted by all common browsers, and can thus be used to impersonate any secure Web site on the Internet including banking and e-commerce sites. Check Point responded to this potential new threat very quickly and came up with a specific defense to safeguard its customers. Real time updates were immediately created and posted to our SmartDefense and IPS-1 products through SmartDefense Services, while Check Point consumers using ZoneAlarm ForceField browser security solution, beneficiated from an new added functionality to protect them against the threat.
Q4. To make security management easier, single management console has been always a priority for CIOs. How does Check Point meet this challenge?
Gil Shwed: Managing multiple, disparate applications and consoles has always been a difficult challenge to the operational efficiency and budgets of most IT organizations. Check Point's unified security architecture that centralizes policy configuration, monitoring, logging, analysis and reporting within a single control center and single installation, easily deployed and managed by a single administrator, has considerately helped CIOs deflate this burden and minimize their TCO.
One of the core components of this unified security architecture is the Check Point Security Management Architecture (SMART). This object-oriented architecture maps real-world entities, such as networks and users, to graphical representations that can be manipulated in a database. In order to further reduce the management cost and complexity of these large security data volumes, Check Point developed the Eventia Suite: a powerful, easy-to-use security information and event management (SIEM) tool that automates and centralizes security log data analysis and reporting.
As a recent innovation, we extended this concept into endpoint security management with Check Point Endpoint Security, the first and only single agent for total endpoint security that combines all essential components for total security on the endpoint: highest-rated firewall, antivirus, anti-spyware, full disk encryption, media encryption with port protection, network access control (NAC), program control and VPN. Check Point’s single management console is best of class. With its easy interface, it fits the advanced security staff of large organizations, as well as basic users in medium size companies. Not only does it centralize all network security management functions (including IPS) but also the end point, as more and more network and endpoint security are colliding.
Q5. Authentication has traveled several phases in its long journey (from single to two factors to multi factor). What is the next level?
Gil Shwed: Through our OPSEC program, Check Point maintains active partnerships and interoperability with all industry leading authentication vendors. This partnership allows our customers to utilize the most advanced authentication technologies with all of Check Point products.
Check Point introduced DynamicID in 2008—a unique authentication method that sends OTP tokens to users’ phones using SMS messages. Using DynamicID, our customers can deploy secure two-factor authentication with minimal rollout and maintenance costs.
Our products are beginning to introduce the notion of machine identity and compliance to augment the user identity into a much richer security context that can be referenced by our various access policies. The challenge is to get all this information in a scalable and maintainable model, and integrating with existing infrastructure. With Check Point’s unified architecture we are ideally positioned to handle this.
Q6. Virtualization has been a discussion among CIOs currently. But full length security is still unaddressed. How seriously does Check Point look at it?
Gil Shwed: Virtualization is in most companies’ plans for a simple reason. It enables them to reduce server expenses as well as the ongoing operational expenses associated with servers. But researchers have predicted that in the coming year, over 60% of Virtual Machines will be less secure than the equivalent physical servers. This makes them the target of choice for potential malware or hacking exploits. There is a need to bring down this security gap between virtual and physical deployments.
Virtualization is an area where Check point has been playing for a long time and developed a clear leadership. Check Point VPN-1 VE (Virtual Edition) for VMware enables them to deploy the same technology used to secure their network to secure their virtual environments. Our VPN-1 Power VSX provides a secure platform for virtualizing your VPN-1 security gateways, enabling quick provisioning and consolidation to reduce costs.
Just recently, Check Point further consolidated its position as leader in the security virtualization with a new line of appliances VSX-1, that provides businesses with dedicated devices for multi-layer, multi-domain virtualized security and allows enterprises, data centers and service providers to consolidate up to 150 security gateways with firewall, IPsec and SSL virtual private network (VPN), intrusion prevention, VoIP security and URL filtering on a single device.
Q7. Unification and simplification of security solutions are current effort from vendors. What is Check Point's effort in this regard?
Gil Shwed: Check Point is the only Total Security vendor that provides its customers with network, data and endpoint security against both known and unknown threats for businesses and individuals who want complete and unified information security. Today, businesses need a solution that reduces complexity, simplifies management and delivers comprehensive network, data, and endpoint protection through a battle-tested Unified Security Architecture.
Our UTM-1 Total Security appliances are all-inclusive, turn-key solutions that include everything an administrator needs to secure its network. Each appliance includes integrated centralized management, along with complete security updates, hardware support, and discounted customer support for up to 3 years.
In addition, our newly innovated Software Blade architecture offers enterprises a common platform to deploy independent, modular and interoperable security applications or “software blades”—such as firewall, URL filtering, virtual private network (VPN), intrusion prevention system (IPS), policy management or provisioning blades. The architecture lets a customer select the exact security software blades they need for a site, which are then combined into a single, centrally managed gateway.
Q8. What is the rationale behind acquiring Nokia's Security Appliance business?
Gil Shwed: Check Point and Nokia have been working together for almost a decade. As a pioneer in security appliances, the Nokia security appliance business has been an important strategic partner for Check Point.
Adding Nokia’s security appliance portfolio into Check Point’s broad range of security solutions is the natural conclusion of our long collaboration, and will assure a smooth path forward for our mutual customers. The acquisition will enable Check Point to gain significant hardware capacities and to expand its security expertise and product value, providing partners and customers with the industry's most comprehensive and integrated line of security appliances and creating greater value for them. Building on this collaboration, we will offer a large range of integrated gateway solutions, with a single source for development, delivery and service.
Q9. Where is the current security R&D thrust from Check Point?
Gil Shwed: Check Point has a long history of innovation and we plan on keeping investing on innovation. Roughly one-third of our company is dedicated to R&D, which we refer to as our “product organization”—as opposed to R&D - because we bring products to market and don't merely do research.
Today Check Point’s R&D efforts support our total security strategy. Our main areas of research include endpoint security, data security, security management and, of course, all network security, with a strong focus on Intrusion Prevention Systems (IPS). We are starting 2009 already with a very exciting technology roadmap that will revolution the security market and extend the reach of our Total Security vision.
Q10. How do you see India in future global security market?
Bhaskar Bakthavatsalu: In spite of the global economic downturn, information security is one area that shows tremendous potential in India. We also see enterprises focusing on reducing overall CAPEX and OPEX costs and therefore we expect that there will be more scrutiny on the value of each dollar spent. The SMB segment who would continue to develop its IT infrastructure is expected to contribute a major chunk of the total IT spending in the country.
With the global economy moving at snail pace, governments across geographies would also contribute by stimulating their economies and this would have a positive effect on Information security market. Criminalization of cyber space and increased focus of terrorist organizations on utilizing cyber space for their nefarious activities will also prompt government agencies to invest in protecting the cyber space and public IT infrastructure.
—By: 'InfoSecurity' Bureau. |
