Check Point boss looks beyond 'weapons' for security defence

Right said Shwed


Interview De-perimiterisation and the move to cloud computing will not alter the central place the firewall occupies in corporate security architectures, according to Check Point chief exec Gil Shwed.

Check Point is advocating a three-phase strategy of security policy enforcement centred around the firewall, user education and enforcement as a means of reducing costs while improving security for corporates. The technology part of this combination comes from Check Point in the form of the latest version of its firewall platform – the R75 – and software blades to carry out functions such as URL-blocking or intrusion prevention.

Check Point is pushing the architecture as a means for customers to reduce the number of point products they support. "Having 10 different types of weapons is useless unless you have a strategy for what you want to do," Shwed, who founded Check Point shortly after leaving an elite technology unit of the Israeli army, told El Reg at a conference last week.

Cornerstone

Simplification to save costs is a sound enough idea but we questioned whether the firewall – rather than systems management or logging technology – was the right hub for information security.

"Our technology is broader than just a firewall but it's a great platform," Shwed told El Reg. "Management software collects and presents information, but it's not the best place to manage security policy.

"Years ago I thought systems management firms would become either competitors or partners but this never happened. Managing a system and event analysis, which is what the likes of Tivoli and HP do, is different from developing and enforcing a security policy," he said.

Although Shwed said that Check Point is seeing "nice growth from its core market" of firewalls, it is also trying to get into adjacent security markets, sometimes by acquisition. The company wants to stay focused as a pure-play information security supplier.

Questions in Congress

Check Point could hardly be described as acquisitive, especially in comparison to the likes of Symantec and McAfee, and we wondered whether its abandoned bid to buy Sourcefire back in 2005 had anything to do with this. The Israeli firm's plans to buy the intrusion-prevention pioneer for $225m were withdrawn after it became clear that US authorities would attempt to block the acquisition.

The Committee on Foreign Investments in the US had concerns about a foreign firm getting hold of technology used to protect US government systems.

Shwed said a deal might have been agreed, but only if Check Point had agreed to US government terms that didn't suit its interests and agreed to turn over source code for its technology, a move he was loathe to make. "We've done four different acquisitions in the US since then," he said. "The reason there was concern about Sourcefire was down to a bad coincidence. The Port of Dubai was buying US ports at around the same time. Both deals got blocked, but the US Congress eventually approved the Dubai deal."

Rather than deal with the uncertain and undoubtedly delayed outcome of the deliberations of US politicians, Check Point walked away from the deal. It eventually got into the intrusion-prevention market with the purchase of NFR, another US developer, a year later.

Cyber-intrigue and the Stuxnet worm

The concerns expressed by politicians over security deals have been heightened by the perceived increase in threats stemming from government agencies as well as criminal hackers, particularly over the last two years or so.

The Operation Aurora attacks against Google and other high-tech firms last year, to say nothing of targeted attacks against finance agencies in France and EU ministries more recently, go a long way toward explaining why BT's decision to source its kit from Chinese supplier Huawei raises concerns about possible backdoor snooping.

We wondered whether the publicity about the recent Stuxnet worm, a sophisticated and targeted worm blamed for sabotaging Iranian nuclear power plant control systems, might make it more difficult for Check Point to do business. Nobody knows for sure, but Stuxnet is widely rumoured to be a joint US-Israeli operation.

It's possible to think Check Point, whose founders started their careers in the Israeli army, might encounter the same sort of concerns from politicians as have been raised by Huawei, which was founded by a former Chinese PLA officer. Shwed said such concerns are misplaced, and stem from a misunderstanding of Check Point's history.

"We established Check Point as a civilian firm with no ties to the military and not based on government contracts," Shwed said.

"The Israeli government doesn't share with us what it's doing and we don't ask. We'd like to think if it had elite people trying to compromise firewalls that the last one it would compromise would be ours but that's more because it wouldn't be an easy target rather than any sense of patriotism."

Shwed concluded by saying that the threat landscape was changing with the increased prevalence of targeted attacks – a development he described as "unsurprising". Government-sourced attacks might be either more sophisticated or less sophisticated than those attempted by criminal hackers, Shwed said, adding that the tendency would be towards more sophisticated assaults that require a different approach than simply applying a new security gizmo.

"You don't need an anti-Stuxnet or anti-Aurora product, you need a security strategy," he concluded. ®


Other stories you might like

  • To cut off all nearby phones with these Chinese chips, this is the bug to exploit
    Android patches incoming for NAS-ty memory overwrite flaw

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

    The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

    Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

    Continue reading
  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • Clipminer rakes in $1.7m in crypto hijacking scam
    Crooks divert transactions to own wallets while running mining on the side

    A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

    The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.

    The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

    Continue reading

Biting the hand that feeds IT © 1998–2022