Something Old
In my previous blog I took you through Software Defined
Protection, which in many ways was both something new (in terms of messaging
and forthcoming changes to the management) and something old (in that the
messaging referred to layers of technology that exist today and have existed
for some time). The messaging around SDP
is on the whole a smart marketing move to encourage customers to revisit some
of the technology Check Point have been bringing out the last few years:
·
The Control Layer is an amalgamation of many of
the threat prevention blades like Anti-Bot, Anti-Virus and Threat Emulation
(which have all either come out or had massive revamps in the last two years)
and then ThreatCloud which emerged last year as Check Point finally dipped into
the intelligence they could source from having the largest global footprint of
enterprise firewalls.
·
Then the Enforcement Layer. Really just a reminder that Check Point are
not just a hardware or software firewall company but have endpoint and virtual
security solutions too.
So then we’re left with the management and after a later
session with Avi Rembaum (who is a fantastic presenter by the way) in which he
talked about How to Implement
Software-Defined Protection in Your Network, my Russian companion –
remember him from blog 1? – summed it up best.
“Half an hour of bullsh*t, then three interesting slides at
the end. But then they didn’t even go
into detail!”
Eloquently put.
He then proceeded to hijack Avi and absolutely grill him
(whilst ironically the sounds of Ice Cube’s 90’s rap diss “No Vaseline” played
in the background – for those of you who know the song, you can imagine it was
quite the surreal montage to be witnessing).
Advised by Avi to go and speak to one of the experts in the Technology
Rooms, off he went in search of answers.
And I’m not sure he got them.
Our own Check Point engineering team are one of a select few
who get access to EA code as part of our partner programme and we work directly
with the Check Point EA Engineers from Israel and what I can tell you is that they’re
very excited about everything they’ve seen in R80 (the version in which this management revolution will begin). Unfortunately there didn’t seem to be that
level of visibility at the conference.
It became clear that whilst it’s exciting, the cornerstone of the SDP
initiative – the management – appears to be a work in progress, known by a
select few who are locked within the deepest vaults of the Check Point
fortress, walls of marketeers separating us common folk from the knowledgeable
ones.
Something new
Going back to Gil’s opening address, whilst SDP merged the
old and the new, he did then go on to announce something brand spanking new and
quite exciting.
ThreatCloud Mobile.
So what is it? It’s
basically a cloud infrastructure they’re building to be able to handle
customers who want to send all of their mobile device traffic to the
ThreatCloud. The ThreatCloud features
all of the Check Point software blades you know and love – IPS, Threat
Emulation, Anti-Bot – so potentially Check Point are onto a real innovation in
the mobile space here. I’ve not really
seen anyone else go to these lengths (basically everything you can do on a
gateway, for your mobile!). I’ve seen
impressive cloud infrastructures and innovative approaches from the likes of
Zscaler to provide global coverage but that's only really been for web security and with 10 data centres already built that
host ThreatCloud as it is today, don’t think Check Point doesn’t have the
resources to do this. The devil will be
in the detail. This technology is on
BETA testing right now and is estimated to be on general release by the end of
the year so we’ll be seeing more of it no doubt in the coming months. How well will it scale? How will latency be? How easy will it be to implement? These unfortunately are all still open
questions but I’m intrigued at the very least as to how this will take off, to
supplement the Mobile Device Management solutions many people have in place today (and that Check Point have with Mobile Enterprise).
And if we’re to buy into this vision of Software-Defined
Protection, again this technology will be one of the big bets Check Point makes
to ensure that it's the success story they’re hoping for.
Something borrowed
“Can I have some threat feeds please?”
“Sure. Which ones do
you want? I’ve got all these.”
Check Point open the proverbial rain coat to reveal
IntelliStore, a marketplace for Threat Feeds.
And because this is the ‘something borrowed’ section, you can trial them
for 30 days via your Check Point user centre.
Something I’ve been discussing with some of my customers as
part of our Security Simplified strategy is how we can take the third party
threat intelligence or fraud intelligence feeds and feed that information in to
dynamically update security tools. As
always with Check Point though, this is geared toward their own software blades
and looks like it only supports Anti-Bot and Anti-Virus out of the box (not
IPS?). This is unconfirmed at the time
of writing as there’s actually scant detail at the moment. Get on those 30 day evals now because there’s
also currently no pricing for IntelliStore (again, at time of writing) so they
genuinely can’t charge you for it yet!
Something Blue(Coat)
So Blue Coat were at the conference as the main sponsor (the
relationship between Check Point and Blue Coat seems to be ever blossoming at
the moment). Unfortunately I didn’t see
their presentations or visit their stand in the sponsor hall. So basically they were only part of this blog
because I wanted to use the pun in the title.
I’m sorry, I really am.
In the Final Part……other
highlights and a final summary of CPX and I then visit the Tufin Partner
Conference to see how they are responding to major industry shifts. Coming soon!