Check Point spreads AI goodness throughout its security portfolio
Evolving threat environment means preventative AI – and SmartNICs – are needed to improve protection
GTC Check Point Software has put Nvidia GPUs and artificial intelligence techniques to work across its broad portfolio of security tools in order to address and adapt better to an increasingly sophisticated and rapidly changing threat environment.
"In the last one year and a half, the threat landscape has evolved very, very fast," Dorit Dor, chief product officer at Check Point, said during a session at Nvidia's GTC conference this week. "It's exceptionally dangerous these days. We see extreme attacks. APTs [advanced persistent threats] from nation-states. We see it coming through supply chain and leveraging ransomware. We see amazing software vulnerabilities across the board and we see attacks on [digital] wallets and cryptocurrency."
The escalation in threats started with the supply-chain attack on software maker SolarWinds in late 2020, Dor said. That attack saw the Russia-linked group Nobelium insert malicious code into the vendor's Orion monitoring platform, which users then unwittingly ran once they installed updates of the product. Dor pointed to another supply-chain hack – on developer tools maker Codecov early last year – and the flaw in the widely used Log4j open-source logging tool last year that has been exploited dozens of times.
We want security to evolve and change all the time
The Log4j vulnerability – dubbed "Log4Shell" – sent a shockwave through the industry, but was also a proof point for Check Point, showing how well its AI-enabled products were able to push back against the threat.
"Log4j started as an innocent software vulnerability, but every such software vulnerability calls for attackers, so an amazing number of attacks were based on Log4j," Dor said. "With our own AI, we were able to provide a guarantee of protection [to enterprises]."
Dor also pointed to the rapid rise in the number and complexity of ransomware attacks, noting that ransom demands in 2013 were as low as $300 per incident. In 2021, attackers demanded a total of $14 billion or more. The threat groups also are using more sophisticated methods, including double- and triple-extortion demands – such as threatening to leak the captured sensitive data onto the internet or erasing the data that has been encrypted – if the victims don't pay the ransom.
Check Point is using AI to make life harder for those bad actors.
"It helps keep us up-to-date and [evolving] for the changes of the threats and the malware," Dor said. "We want to do prevention first. It's a challenge because we want to really stop the attacks at first sight. We do this with more and more advanced AI with very low false positives and the best catch rate in the industry, as well as other methods that help us [erase] the threats before they reach the customers."
- Nestlé says it leaked its own test data, not Anonymous
- Biden says Russia exploring revenge cyberattacks
- CISOs face 'perfect storm' of ransomware and state-supported cybercrime
At the same time, the company's zero-trust architecture increasingly relies on AI to drive the autonomous capabilities that are key to the platform. Zero-trust architectures rely on the premise that anything and anyone trying to access a network can't be trusted and must be verified – and continuously verified throughout the transaction – and given access only to those resources they need.
Demand for zero-trust is growing as organizations' IT environments extend from central datacenters to the cloud and edge.
"We want to be autonomous," Dor said. "We want security to evolve and change all the time to adapt to the latest threats. It has to be identity-based because identity plays a major role. It has to have a unified policy in order to make sure you are secure and it has to have the scalability to scale up."
Check Point has been partnering with Nvidia for several years, integrating the GPU maker's products with its own. One example of the relationship at work is the Maestro Hyperscale network security product, which uses Nvidia's Spectrum switches to help the system scale to protect the largest datacenters and networks. At GTC, Nvidia launched its new Spectrum-4 Ethernet networking platform and a 51.2 terabit Spectrum-4 switch.
In January, Check Point launched its Quantum Lightspeed firewalls, which uses Nvidia's ConnectX SmartNIC adapter card – inherited when Nvidia bought high-speed interconnect vendor Mellanox in 2020 for $7 billion. Lightspeed delivers from 200 to 800Gbit/sec throughput, and can scale up to 3Tbit/sec with Maestro.
"We leverage the Nvidia ConnectX NIC by offloading some of the functions of the security [including stateful inspection] into the secure architecture of accelerated packet processing that exists in the Nvidia technology," Dor said. "This is a really exciting collaboration that enables our customers to deploy the security at the line rate that they need."
Check Point also uses AI for such jobs as addressing zero-day malware and the roadmap includes expanding its use to threat protection for encrypted traffic and DNS in the network. In addition, the vendor will continue to bring Nvidia's GPUs and data processing units (DPUs) into its products as well as Nvidia's Morpheus AI framework. ®