We asked Check Point Software Technologies Amnon Bar-Lev about the current key issues in data security and why having up-to-date threat information is becoming increasingly important, in what way malware attacks can be prevented, and how this intelligence can be harnessed and applied to the mobile and cloud environments.
We also learn about Check Point Software’s new security architecture, Software Defined Protection, and how it can be used to control your security environment by combining intelligence with segmenting your network.
What do you think are the key issues in security at the moment?
Amnon believes there are three major trends. One is technology, which causes a lot of security problems, particularly with more and more IP networks and fewer proprietary systems. Even though they are not connected to the internet they are a bit more open.
Secondly, the threat landscape has matured dramatically causing a significant increase in the number of attacks we see today, and now we see everyone participating in this game from countries to hackers in the basement.
Finally, IT environments have become a lot more complex. People are using the cloud, people are using mobile devices and people are spreading their business around the globe.
Why is having up-to-date threat information an increasingly important issue?
A key thing to have is threat prevention and there are different technologies that can help with this. There are three ways to categorise threats; threats that we know and we know how to protect against them. We know about viruses, we know about malicious malware inside a document, we know how to identify them, we have a signature or specific URL or hash file, and we know how to block them.
The second category are things that we know but we don't know. What does it mean? Well, it means we know there might be malware inside a document but we don't know about the specific malware. There are technologies available that are currently solving this, which are using mostly sand boxing.
The last category is things that we don't know and don't know how to protect, such as things that might be existing today but it's going to take a bit of time to solve them. We are focusing on the first two categories and it is important that systems are updated as there are so many indicators. Indicators are able to identify new malware and we have to be updating systems all the time.
What can be done to reduce the number of malware attacks?
Amnon highlights an architecture, a concept, what he calls a blueprint that Check Point Software have developed for organisations called Software Defined Protection. It's not about a specific product or a specific technology, it's an architecture. There are three layers; the very basic one is the enforcement point. We have many ways to enforce things that stop the traffic. For example, it could be a gateway or a simple software on a laptop, desktop or the smartphone, or in the cloud. Those are enforcement points and we need all of them. They have to be fast, reliable and know how to handle a lot of traffic.
The major question about enforcement is where do I put them. Many years ago it was very simple; we had a parameter and everything that was connected to the outside world we would just block. But today, where are the band widths? Where are the parameters? We have cloud so, is it inside my organisation or out? A mobile user; are they part of my organisation or already out?
One of the important parts of security is knowing how to segment your network. If you take your network and segment it, if something happens, if there is a malware inside, it will not go outside it will remain in the same place and be contained. The risk will be contained and its important to contain it in the same area.
The second thing is if once you have those enforcement points, you can put more protection on those enforcement points. Most people, when we talk about enforcement, ask about access control and who can have access where? So, we need to add another component to this control layer - the protection layer, which is threat prevention.
A very important part of threat prevention is that if you want it to be very, very efficient, it needs to be fed with a significant amount of intelligence. So, you need to create a big data of intelligence. When you receive a lot of information, it can be translated into big data information, protected and pushed to the enforcement points that are already in the network.
The last layer is how to manage the whole environment. Check Point Software's architecture, Software Defined Architecture, allows you to decouple the control from the enforcement, meaning that control is much more agile, or enforcement has to be much more stable.
View Amnon’s full Executive Interview to learn how Check Point Software’s new architecture and other security solutions can be of benefit to your organisation.