Wednesday 11 June 2014

Something old, something new, something borrowed and something Blue(Coat)

Every year at CPX, Check Point announce something new.  Levels of excitement can vary depending on that “something new”.  They also take the opportunity to cover some old ground.  To remind customers of all this great stuff they haven’t been buying enough of.  Alongside that this year, we had something borrowed and something Blue…though Blue Coat’s new logo has actually got no blue on it and my colleague Sean Doggett assures me that the new appliances have also lost their blue sheen in favour of a sleek black design…but anyway, blue in name.  So was it all going to come together and be a marriage made in heaven?  Or would Check Point customers feel jilted at the altar when they looked under the hood.

 
Something Old
In my previous blog I took you through Software Defined Protection, which in many ways was both something new (in terms of messaging and forthcoming changes to the management) and something old (in that the messaging referred to layers of technology that exist today and have existed for some time).  The messaging around SDP is on the whole a smart marketing move to encourage customers to revisit some of the technology Check Point have been bringing out the last few years:

·         The Control Layer is an amalgamation of many of the threat prevention blades like Anti-Bot, Anti-Virus and Threat Emulation (which have all either come out or had massive revamps in the last two years) and then ThreatCloud which emerged last year as Check Point finally dipped into the intelligence they could source from having the largest global footprint of enterprise firewalls.

·         Then the Enforcement Layer.  Really just a reminder that Check Point are not just a hardware or software firewall company but have endpoint and virtual security solutions too.

So then we’re left with the management and after a later session with Avi Rembaum (who is a fantastic presenter by the way) in which he talked about How to Implement Software-Defined Protection in Your Network, my Russian companion – remember him from blog 1? – summed it up best.

“Half an hour of bullsh*t, then three interesting slides at the end.  But then they didn’t even go into detail!”
Eloquently put.
He then proceeded to hijack Avi and absolutely grill him (whilst ironically the sounds of Ice Cube’s 90’s rap diss “No Vaseline” played in the background – for those of you who know the song, you can imagine it was quite the surreal montage to be witnessing).  Advised by Avi to go and speak to one of the experts in the Technology Rooms, off he went in search of answers.  And I’m not sure he got them.

Our own Check Point engineering team are one of a select few who get access to EA code as part of our partner programme and we work directly with the Check Point EA Engineers from Israel and what I can tell you is that they’re very excited about everything they’ve seen in R80 (the version in which this management revolution will begin).  Unfortunately there didn’t seem to be that level of visibility at the conference.  It became clear that whilst it’s exciting, the cornerstone of the SDP initiative – the management – appears to be a work in progress, known by a select few who are locked within the deepest vaults of the Check Point fortress, walls of marketeers separating us common folk from the knowledgeable ones.

 
Something new
Going back to Gil’s opening address, whilst SDP merged the old and the new, he did then go on to announce something brand spanking new and quite exciting.

ThreatCloud Mobile.

So what is it?  It’s basically a cloud infrastructure they’re building to be able to handle customers who want to send all of their mobile device traffic to the ThreatCloud.  The ThreatCloud features all of the Check Point software blades you know and love – IPS, Threat Emulation, Anti-Bot – so potentially Check Point are onto a real innovation in the mobile space here.  I’ve not really seen anyone else go to these lengths (basically everything you can do on a gateway, for your mobile!).  I’ve seen impressive cloud infrastructures and innovative approaches from the likes of Zscaler to provide global coverage but that's only really been for web security and with 10 data centres already built that host ThreatCloud as it is today, don’t think Check Point doesn’t have the resources to do this.  The devil will be in the detail.  This technology is on BETA testing right now and is estimated to be on general release by the end of the year so we’ll be seeing more of it no doubt in the coming months.  How well will it scale?  How will latency be?  How easy will it be to implement?  These unfortunately are all still open questions but I’m intrigued at the very least as to how this will take off, to supplement the Mobile Device Management solutions many people have in place today (and that Check Point have with Mobile Enterprise).

And if we’re to buy into this vision of Software-Defined Protection, again this technology will be one of the big bets Check Point makes to ensure that it's the success story they’re hoping for.

 
Something borrowed

“Can I have some threat feeds please?”

“Sure.  Which ones do you want?  I’ve got all these.”

 

Check Point open the proverbial rain coat to reveal IntelliStore, a marketplace for Threat Feeds.  And because this is the ‘something borrowed’ section, you can trial them for 30 days via your Check Point user centre.

Something I’ve been discussing with some of my customers as part of our Security Simplified strategy is how we can take the third party threat intelligence or fraud intelligence feeds and feed that information in to dynamically update security tools.  As always with Check Point though, this is geared toward their own software blades and looks like it only supports Anti-Bot and Anti-Virus out of the box (not IPS?).  This is unconfirmed at the time of writing as there’s actually scant detail at the moment.  Get on those 30 day evals now because there’s also currently no pricing for IntelliStore (again, at time of writing) so they genuinely can’t charge you for it yet!

 
Something Blue(Coat)

So Blue Coat were at the conference as the main sponsor (the relationship between Check Point and Blue Coat seems to be ever blossoming at the moment).  Unfortunately I didn’t see their presentations or visit their stand in the sponsor hall.  So basically they were only part of this blog because I wanted to use the pun in the title.  I’m sorry, I really am.

 
In the Final Part……other highlights and a final summary of CPX and I then visit the Tufin Partner Conference to see how they are responding to major industry shifts.  Coming soon!
 
 
 

Tuesday 3 June 2014

Software Defined Something...Reflections on CPX 2014


It is an unusually grey morning in Barcelona.  Having left behind the hottest temperatures of the year in the UK at 27 degrees, I’m wondering if it wasn’t just the taxi driver who went the wrong way last night but the pilot of the plane too.

To explain that note…

I arrived late in Barcelona with my Russian companion for the trip; a little tired but hoping to have a sneaky pint once safely arrived at the hotel.  Having been assured by the taxi driver (despite some trepidation) that there was “only one Hotel Princesa” in Barcelona, we had put our faith in him.  It was, alas, misplaced.  For there are two Princess Hotels – the Hotel Princess at one end of Avenue Diagonal where we were supposed to be and then the hotel we were actually taken to, the Hotel Princess Sofia, almost 8km straight across the Avenue Diagonal (yes on the exact same road to enable the confusion) the other side of Barcelona.  Having tried to check in and figured out we were at the wrong hotel and that the taxi driver was long gone, the concierge was nice enough to call us a cab to the other Hotel Princesa.  I didn’t want a pint, I just wanted to go to bed!

Back to the next morning.  There was an air of confusion it seemed as the delegates gathered for CPX 2014.  Was it the weather and general lack of sunshine?  Or was it that they were trying to figure out what Software Defined Protection is?  Well to varying degrees, the two days ahead would represent some illumination on both fronts.

As is tradition, the conference began with some completely unrelated interpretive dance.  To compound the weirdness this year though, this was interspersed with videos of Gil Schwed and Amnon Bar-Lev encased in futuristic cubes and delivering one word statements about the future of security.  On top of that, the video (which seemed to be playing the music track too) got all jerky and juddery.  Fair play to the dancers for improvising and slowing down their movements but somebody at Check Point forgot to pay their Netflix bill.

Onto the presentations then and the opening address by Gil Schwed, Check Point CEO.  Whether he was proud of seeing himself on video in a dystopian vision of the future or just more excited than usual at what was to come, he certainly had a spring in his step.  I myself was looking forward to seeing what SDP (Software Defined Protection) was all about.  I had purposely ignored everything I could possibly have read prior to this event about SDP.  I wanted to come here to CPX with an open mind and find out if they really were revolutionising security all over again or if it was just another vendor to jump on this year’s buzz word.  Or rather buzz words, plural.  For it seems that if you want to show innovation this year all your marketing needs can be met by saying what you do (e.g. Protection or Networking) and simply adding two words in front – Software Defined.
 
Sometimes in technology (and particularly in Security) things snowball to the point of absurdity.  In the midst of all this, very good concepts can be lost.  Like a song you loved when you first heard it but now it’s been played to death.  So what did Gil have to say?  He did indeed touch on SDP.  He was clearly excited by the concept and reinventing security all over again.  He talked about the 3 layers of infrastructure behind SDP:



The management layer, the control layer and the enforcement layer.  All things that, on the face of it, exist already today within the Check Point portfolio.  Gil alludes to more detail around this in the sessions to follow over the next two days but in essence the only thing they’re really changing is the management to accommodate this new model.

The control layer is basically software blades, plus Threat Intelligence (ok so there are some developments on that front too).

Then the enforcement layer is simply a Check Point firewall.  Or a Check Point virtual firewall.  Or a Check Point endpoint agent.  And so on.

So are Check Point simply that ahead of the game or are they trying to capitalise on the latest craze and fit their messaging around it?  This became my new aim for the next two days.  That and eventually getting that pint in somewhere.

 
In Part 2……Check Point announce two major new services and I get more insight into SDP!

Read Part 2 by clicking here