At CPX360, Check Point CEO Gil Shwed warned the audience that the fifth generation of cyber threat is upon them. Gen V, as Shwed referred to it, is the era of mega attacks. Cyber attackers are using large scale attacks across both countries and individuals.
These attacks are helped by users who recycle security credentials across different systems. To obtain credentials, attackers are no longer relying solely on traditional attacks such as trojans and keyloggers. Instead, they are using tools developed by government agencies such as the NSA tools that were leaked online last year. They also use vulnerabilities and attacks developed by private companies. These are sold to law enforcement and other agencies around the world and eventually end up in the hands of hackers.
Are companies able to deal with these attacks?
In a word, no! Shwed told attendees that enterprises were far behind the attackers when it came to their defences. He lamented the poor state of corporate cybersecurity defence saying that organisations are: “10 years behind in protection.”
To put that in perspective, Shwed said all enterprises had deployed technology to deal with Gen I (virus) and Gen II (network) attacks. After that, however, the numbers get progressively worse. When it came to Gen III (applications) only 50% had effective solutions. Only 7% have effective defences against Gen IV (polymorphic content) attacks.
In effect, while the attackers are on Gen V, enterprises are on, at best, Gen 2.8. Given the billions of dollars spent each year on cybersecurity, this is a major problem.
What tools do companies need?
According to Shwed, companies need to rethink their security. Too many are still in reactive mode. They need to move away from reports and logs and instead deploy preventative security. Even then, it can only be effective if it works in real-time and is deployed across all the possible attack vectors such as data centre, networks, mobile and cloud.
Much more needs to be done around threat intelligence. Not only do companies need to start consuming it to help shape their defences but it must also be shared more widely. Shwed’s comment here is interesting. Orli Gan also took to the stage and talked about the challenge of AI in cybersecurity. One of the big problems she says is that the entire industry has to deal with is a lack of training data for cybersecurity. Valid threat intelligence data is part of that training materials. Enterprises therefore need to work out how to share this data with cybersecurity vendors.
Shwed acknowledged that one of the bigger problems facing security teams is the complexity around what products they need. Organisations look at Check Point and its competitors and see tens and even hundreds of products. This creates a massive deployment nightmare for IT security teams.
Check Point Infinity Total Protection
No keynote is complete without the announcement of new software. Shwed didn’t disappoint. The latest solution from Check Point is Infinity Total Protection. Described by Shwed as “a game-changing new consumption model” it is available as a per-user, per-year subscription. It protects hardware, software and services. The latter allows it to protect cloud-based assets no matter where they are stored.
The press release for Check Point Infinity Total Protection lists six key features:
- Real-time Threat Prevention: Protection against APTs and unknown zero day malware, using real-time sandboxing; ransomware protection; and anti-bot technologies, powered by integrated, real-time cloud-based threat intelligence and machine learning for identifying new threats.
- Advanced Network Security: The most advanced firewall, intrusion prevention and application control, supporting networks of any size – from branch offices to global enterprises, and across both private and public cloud security offerings.
- Cloud Security: Advanced threat prevention security in public, private and hybrid cloud, and SDN environments, with micro-segmentation for east-west traffic control inside the cloud.
- Mobile Security: Malware prevention on iOS and Android mobile devices, rogue network identification, secure containers, data protection and document encryption, and EMM integration.
- Data Protection: Anti-ransomware for known and unknown ransomware, data protection and seamless document encryption, browser security, a fully integrated endpoint protection suite and security forensics.
- Integrated Security & Threat Management: A unified security management environment supporting multi-device, multi-domain and multi-admin management, with complete threat visibility supporting collection, correlation and attack analysis, and reporting tools for compliance and audit.
What does this mean?
The security threat landscape is changing constantly. The advantage is to the attacker who can vary their attack and introduce new tools whenever they want. Security teams have to abide by enterprise software deployment rules. What is clear from Shwed’s keynote is that something has to change.
This is not just about buying Check Point’s solutions. If Shwed is right, and enterprise protection is barely at Gen 2.8 while attackers are at Gen V, something is very wrong. The investment in tooling and the focus on dealing with the skills shortage in cybersecurity are both paying off although more does need to be done. Improvements in threat intelligence sharing are happening but this also requires organisations be able to use that intelligence.
Shwed thinks that cybersecurity is at an inflection point. Gen V is already upon us and we are underprepared. With Gen VI likely to hit in the next few years, security teams need to up their game.