We asked Check Point Software Technologies Amnon Bar-Lev about the current key issues in data security and why having up-to-date threat information is becoming increasingly important, in what way malware attacks can be prevented, and how this intelligence can be harnessed and applied to the mobile and cloud environments.
We also learn about Check Point Software’s new security architecture, Software Defined Protection, and how it can be used to control your security environment by combining intelligence with segmenting your network.
What do you think are the key issues in security at the moment?
Amnon believes there are three major trends. One is technology, which causes a lot of security problems, as more and more IP networks and less proprietary systems. Even though they are not connected to the internet they are a bit more open.
Secondly the threat landscape has matured dramatically which has caused a significant increase in the amount of attacks we see today and now we see everyone participating in this game from countries to hackers in the basement.
Finally the IT environments have become a lot more complex people are using the cloud, people are using mobile devices and people are spreading their business around the globe.
Why is having Up-to-Date threat information an increasingly important issue?
A key thing to have is threat prevention and there are different technologies that can hep with threat prevention. There are three ways to categorise threats, threats that we know and we know how to protect against them, we know about viruses, we know about malicious malware inside a document, we know how to identify them, we have a signature or specific url or hash file and we know how to block them.
The second category are things that we know but we don't know. What does it mean? Well it means I know there might be malware inside this document but I don't know about the specific malware and again there are technologies that are solving that using mostly sand boxing.
And the last category is things that we don't know and don't know hot to protect. Things that might be existing today but it's going to take a bit of time to solve them. And we are focusing on the first two categories and for them it is so important that the systems that are updates as there are so many indicators, indicators are the ability to identify new malware, and we have to be updating systems all the time.
What can be done to reduce the number of malware attacks?
So, I want to come up for a second with an architecture, a concept, a blueprint that Check Point Software have developed for organisations, its called software defined protection. It's not specifically about specific product or a specific technology,its an architecture. There are three layers the very basic one is the enforcement point we have many ways to enforce things that stop the traffic, it could be a gateway or a simple software on a laptop, desktop or the smart phone or in the cloud those are enforcement points and we need all of them. They have to be fast reliable, know how to handle a lot of traffic.
The major question about enforcement is where do I put them, many years ago it was very simple I had this parameter everything thats connected to the outside world I would just block it. But today where are the band widths? Where are the parameters? I have cloud so is it inside my organisation or out? A mobile user are they part of my organisation or actually already out?
One of the important parts of security is knowing how to segment your network. If you take your network and segment; and we have a clear methodology on how to segment it. If something happens, if there is a malware inside, it will not go outside it will remain in the same place it will be contained, the risk will be contained and its so important to contain it in the same area.
The second thing is if once you have those enforcement points you can put more protection in those enforcement points. Most of the people when we talk about enforcement talk mostly about access control who can access where? So we need to add another component to this control layer - the protection layer which is threat prevention.
A very important part about threat prevention is that if you want it to be very very efficient it needs to fed with significant amount of intelligence. So you need to create a big data of intelligence. Getting a lot of information and then translate that big data information into protection and push to the enforcement points that you have already put in the network.
Then the last layer is how to manage the whole environment. So this architecture is called software defined architecture allows you to decouple the control from the enforcement. So control can be much more agile or enforcement has to be much more stable.
View Amnon’s full Executive Interview to learn how Check Point Software’s new architecture and other security solutions can be of benefit to your organisation.