Welcome to this new edition of Techzine Talks on Tour . I'm Sander . I'm at the RSA conference in San Francisco . I'm here with Itay Greenberg . He's the Chief Strategy Officer at Checkpoint . Itay welcome . Thank you very much thank you for having me . What's your opinion on the general vibe at the moment in the security industry ?
What I see right now is definitely , first of all , the cybersecurity market is growing so much it's like crazy . Now is definitely , first of all , the cyber security market is growing so much it's like crazy . The number of vendors , the number of companies in this space , the number of investment investors that are coming to be here it's , it's insane .
But when you talk to the customer side , they they also look all around and they get confused . Yeah , they feel like it's it overwhelming .
Even if you are in this industry for 30 years and customers are looking to obviously build a secure environment , for their environment is moving to the cloud , their environment is AI , their environment is mobile and SaaS and many , many things .
What are the biggest pain points that they have in terms of their estate or what's happening in their organizations ?
So I think that , first of all , the challenge of securing a growing environment , distributed environment , is a big challenge . The fact that it's very hard for them to find expertise , people that are experts from higher than that stays in the company for a while and not jumping from one company to another is a big , big problem .
Some of them are looking to outsource and move out of their some of their security practitioners into MDRs , into MSSPs and things like that . So this is a very , very big concern and challenge for many of the customers . I hear it a lot it's okay , we have the product , we get all the things that we need , but what ?
do we do with this ?
It's very , very hard . So , as vendors , we need to make sure that , first of all , we deliver a product that's extremely easy to operate to install . I think that's one thing that we're here .
That's always been quite a challenge , right , always been a challenge . The cybersecurity industry is a bit guilty of making it a bit too complicated every now and again , and it doesn't have to be like this it doesn't have to be like this .
I think that if I'm here in San Francisco , I I think that if I'm here in San Francisco , I can see right now autonomous cars driving in a very condensed city . We can come up with products that are easy to deploy and easy to use and doesn't generate too many alerts , doesn't generate too many Asking the security people . Okay , we think it's a problem .
Can you check it ? We think it's a problem , Can you fix it ?
It's not the right way to go , and I think technically it's possible to have it fully automated as well if you want .
But that may not be the desire of the customers to fully automate your cybersecurity infrastructure . So I think the question is , how do you make your security products and your security environment to the customers simpler ? And I think there are three ways to approach it .
One is automation , and I'll talk about automation , and automation is part of the deployment , that automation is part of scripting things very important but I think there are two other things that we often time ignores .
I think that one thing is to make sure that the product learns the environment , understand the environment , understand the topology and fits itself into the environment . That's one thing . Another thing is to build a platform .
Now , platform is a big word for many , because if you go to every customer , they will tell you I have 30 different vendors , that I'm working . What is a platform ? Do you want me to go to one vendor ?
There's also a definition problem when you talk about platforms , right ? So there are lots of security companies that offer a platform , but they're not the same platforms , if you know what I mean . A platform is not necessarily a platform .
So I think let's zoom in to what is a platform and for different customers , a platform would be a vendor that is significant enough there are strategic vendors for the customer .
Yeah , they may have three or four of them , not just one of them , even in the cybersecurity , and they want to create platforms around domains a platform around network security , a platform around endpoint security , a platform around SOC , a platform around cloud .
And when you think about this way , okay , it's not one platform for all vendors , for all products in one place , because then it becomes way too complicated . But I think the last one thing I will tell you on a platform platform should also be very open to integrate with other security products , with other security vendors with other tools that IT has .
Does that get enough attention in the cybersecurity industry ? Huge , they talk a lot about it , right ? I've been getting lots of emails and requests to meet on integration , all that stuff , but are they putting their money where their mouth is right ?
Is there a ?
genuine interest in cooperation between even competitors of each other in the cybersecurity . Look at us .
Checkpoint . We declared and we are doing exactly that . We have tight integrations today with Microsoft Defender . We have tight integrations today with CrowdStrike , with SentinelOne , definitely with all the SIEM vendors .
But also on your firewall business as well .
On the firewall business , listen , we have today the ability to augment data from other vendors , but I think that that's less what the customers are asking .
What the customers are asking is , if you are giving me today a platform for network , you as a vendor and I'm trusting you as a vendor I want you to integrate between yourself and to integrate to other platforms that I have . I'll give you an example .
On the cloud side , I think we provide a platform on the cloud security , but then we've seen that there's a very good two vendors in the DSPM space , and even though that we have our own DSPM solution in our own product , but customers have decided to go with another vendor for DSPM , so we integrate with them . We announced it just right now in our state .
So I think having those type of integrations will eventually benefit the customers .
I mean because then you can actually get one environment to actually manage everything and even though they're different products , you can still ingest everything into one single environment .
Exactly I love the way you describe it . It's not only about consolidating vendors . It's about putting everything in one platform . So if they choose Checkmode to be the cloud security platform , they will use it to get information from CrowdStrike . Maybe they will use it to get information from DSPM vendors like Centra and others , and then this becomes their platform .
They do have the other products as well .
And it's not only about ease of use , right . It's also about this pure necessity as well to do this , because it gets more complicated by the minute or by the hour the entire world we live in , in IT in general and in cybersecurity as well .
So you need integration and ingesting it into one central location , otherwise , you're not going to be able to keep up with what's happening , right .
I think the problem is that the attacks themselves become more sophisticated . So attack starts in the front door of the cloud , moving into your cloud . Sometimes it moves even outside your cloud . It can start with your endpoint or your email and from your email it gets into the endpoint , from the endpoint it gets into your network and then to your data center .
So if you do not connect the dots , if you don't understand how the attack is actually evolving and transforming inside your organization and the products do not communicate with each other , then it's hard to actually prevent it yeah , yeah , that's I think it was a key word , right , because I get the impression that , uh , checkpoint is one of the um very few that
are left in the in the industry that are focusing heavily on prevention . Maybe , maybe , I'm wrong , but a lot , but a lot of times you hear , well , the old chestnut it's not a matter of if or but , when , all that stuff , but you still focus very heavily on prevention . Does that have a ?
I mean , you would probably say yes , but does that have a future right ? Because I think there's a lot of chatter and a lot of talk about moving away from prevention . How do you see that , based on the discussion you have with your customers or potential customers ?
I think it depends on the customers . But if we look at the large enterprise customers , they probably will invest about 70% of their security budget into prevention type of product . Trying to put it , it could be endpoint network email as an example , and 30% give or take on their remediation and things like that .
I think that as you go to more mid-sized market , you would find that they don't have the ability to build their own stocks , so they will go with MDR and most of their direct investment will be on trying to put some type of prevention approach .
I think that prevention is a big word and then we in Checkpoint we are very , very religious about prevention , believing that when we think about simplicity , going back to how we started everything , if we do not prevent the attack and we tell you , listen , we did a very good job in detecting , but you need to now go and remediate it after , then we are adding
complexity to the customers .
And for prevention , I would imagine the platform approach also is very important , right ? Because if you want to do real-time prevention , I would imagine the platform approach also is very important , right ?
Because if you want to do real-time prevention not even real-time detection , but real-time prevention then you need to have very tight integration with your entire security stack , I would imagine , right ?
Absolutely . And let me give you a good example . If I'm a hacker and I already developed my malware file , it's a document , malwareware file that I need you to open this document . How can I bring you to open this document ? I can send it to you over your corporate email . I can send it to you via your Gmail account . I can send it to you .
Maybe I will put it in some Dropbox and I will send you a link to download it . I can give it to you via Facebook or whatever . I can find multiple ways to bring this file to you .
So ask yourself do you have the same level of prevention against the same type of male wars in all the attack vectors on your endpoint , in your emails , in your Gmail , on your mobile device ? So a platform will know how to give you the same level of prevention for the same attack vectors , regardless how it gets into your computer .
But then you have to do it on a risk-based kind of way as well , right ?
So in that platform you also need some sort of a risk analysis of which are the most important factors to protect more than others , maybe even because you can't protect everything , right so at the end of the day , as the customers , you need to prioritize and you just need to decide what do you invest more and where do you are putting it aside ?
I think it's this is you , as a customer , are prioritizing your environment and putting risks , but that's quite a hard decision to make .
Maybe right , maybe they don't really understand what the riskiest . I mean you can work your way back from what are my crown jewels . So that's top priority number one . But then you still don't know the attack factor of how you can get to those crown jewels . So you need to have a discussion internally as well .
But the common logic will bring you to understand that securing your PII data and your medical record is more important than securing maybe , your security , than your cameras , like your IOTs or things like that .
Everything is important to secure , but there are things that are more important than others and a common sense will help you to prioritize and if you see it and you define a strategy for security , you will find out where you want to start and what's next . Yes , there are things that you can bring some consulting , you can bring someone to help you out .
I think that , from a vendor standpoint , when we think about risk , the risk should go back into . Should we block it or not ?
Yeah , and and that's difficult the problems to solve , and and again , I think that if you , if you are not compromising on on just detection and you're going all the way to prevention , then you really really need to understand is this a real risk that you need to prevent or is it something that you should allow to go through ?
Yeah , but then you also need to be able to see which is an exploit path and which is only an attack path , which is only theoretical , right . So there are lots of theoretical vulnerabilities that don't really matter all that much , but some of them actually are very , very , very important , and I think that's something that is very hard to determine .
I think as something that is very hard to determine , I think as a customer , which ones are more important than the others .
So we less care . It's not that we less care . We understand that you have in your environments tons of risks and vulnerabilities and issues . We cannot fix it all . You cannot , no one can fix it .
So in a world where I'm trying to keep your environment only hygienic , believing that to keep your environment only hydrants , believing that by keeping your environment hydrants it will be secured , it won't be enough . The prevention side says I don't know if you have vulnerabilities or not .
I don't know if you have risks or not , I will just prevent them when someone tried to attack you . And that's the philosophy of prevention .
Now I think that there is a good practice also to scan your application , the endpoint , and try to clean all the risks that you have , the vulnerabilities , the misconfigurations , the secrets that you leave , the entitlements that are too open . All those kind of things are very important , but they are not enough if this is the only strategy .
The strategy should start with prevention and then you go to hygiene and configuration and posture . So that's my recommendation for customers .
And , in general , do you think basic hygiene is on a good enough level , basic security hygiene in the market ? Because we're still talking about patching right , it's 2024 . I mean you would have liked to have solved that problem , but it's still . It's a problem that is almost impossible to solve , because you as a developer today .
You are very , very lazy . So you use 70% of your code you take it from open source and the rest of the 30% probably use OpenAI . So now ask yourself , how much do you really work to clean all this code from vulnerabilities and from risk , and how often do you go to your production environment and you update the code ?
It happens , but you still have in your production environment thousands , if not hundreds of thousands , of vulnerabilities and risks . So one yes , you want to clean those that are the most critical one , but the hackers will find even ones that are less critical to hack you .
So the prevention again will make sure that if we know how to do it well , if the solution knows that , you can still stay secure even if you didn't clean it all . And then it doesn't really help that there .
if the solution knows that you can still stay secure even if you didn't clean it all , yeah . And then it doesn't really help that there are also some security vendors that have unsecured code themselves as well , right , yeah , all the supply chain .
We've seen .
So , you do everything in your power to clean your code and to keep yourself hygienic , but then you put some third-party vendors that either runs inside your cloud or maybe connect to your Office 365 , kind of a plug-in that is connected to your Office 365 , and here he steals all your emails , your contact list or even walls , your PII data and things from your
cloud .
So if you have to make a priority list as a company at the moment is third-party software attacks , Should it be very high up on that list ?
It's quite high today . The supply chain type of attacks is quite high . I won't say it's the number one but ransomware is still the number one . And you know how ransomware gets into your environment .
Phishing emails .
Phishing an email . It always goes back to the fundamentals . Like you need to protect your emails , do a good job protecting your emails , then hackers will not be able to get the credentials of your power users and without credentials of your power users , they will have a hard time for them to get into your cloud .
But it's also especially when you go towards sort of an overarching platform and you put all your eggs in one or maybe two or three baskets .
There's also this thing called trust that comes into the equation right , and I think we've seen a little bit of an erosion of trust in cybersecurity , because there are several high-profile cases where the cybersecurity providers themselves weren't very secure . Do you see that as having an impact on the market ?
Absolutely what happened to Microsoft right now with their breaches and the problems they had . I heard it from several customers this week about that . It became a bold discussion about the situation .
So , yes , I think that if you are a serious company thinking about securing banks , financial organizations , securing critical information , critical infrastructure , you need to take those things extremely seriously , and we've seen it also with other vendors in this market that have been breached or had critical security vulnerabilities .
I would go back and I would say this is the number one thing that I'm so proud about Check Point . We almost have zero not almost zero zero type of vulnerabilities , security vulnerabilities and if we had one over the last several years and it's only one we woke up in the middle of the night to fix it immediately .
Why is that ? Because you're less lazy than the others ? No , no , when you develop your own code , we are very religious .
We are very religious , you know , like a checkpoint employee sometimes will complain , listen , you put security everywhere here , like on our mobile device , on our emails and everything , like guys give us the code and everything . So , yes , this is the way we , we develop our code . We are very religious , you know . And and it has a cost .
Because it has a cost sometimes of agility , if you want your developers to move time to market , probably time to market and things like that , but we do not compromise on those kind of things all right , it's smart .
I at least , uh from from an outside perspective . I mean maybe you will lose some deals every now and again because you don't have the functionality .
Yet we do lose some customers because we're missing the features or some of the products , but on the other hand , we're winning a lot of other customers that respect those kind of customers . Vendors do not have vulnerabilities .
So the trust issue that's around now doesn't really .
I could also imagine especially the people that you talk to when it's a board discussion that the conclusion of one of the conclusions is going to be we're going to hedge our bets and we're not going for the big platform , we're going for many separate kind of things so that we know that we're not relying solely on one provider .
Can that be a conclusion as well ?
No , not at all . The other way around . I think that customers have today way more product and feature and capabilities that they are able to use . So adding more product and more vendors will not make them more secure . It will make them even less secure because they will have tons of products in the drawers that they are not using .
They need to have a simple product . We go back to simplicity . It's simple to add additional features , simple to configure , simple to deploy , simple to scale . And , yes , some customers , if you go back into , if you go up to large enterprise , they may have another layer of defense , but it doesn't mean that they won't go with the platform .
Okay , they go from , I don't know , 50 , 60 , 70 tools to 10 or 80 . Yeah , so , for example , in Check Point case .
I can tell you that , for instance , many of our customers use Microsoft for the email security , but they will use us as a second layer of defense for the email . So today we have about 30,000 customers use Checkpoint for email security . Almost most of them are deploying us right after Microsoft .
Okay , but that's an added cost as well , right ? So at the end of the day , it must be affordable for organizations to do right . You don't want to add cost on top of cost . True .
You don't do it everywhere you don't do it but email is still considered the number one attack vector . So if you use Microsoft and eventually hackers understand that most customers of the world use E5 to secure their emails , so they will target E5 to go through E5 . They will deploy , they will use it , they will find a way to go to path it .
We put our security right after E5 and we know everything that E5 will miss . We will catch .
Yeah , but then the stock analyst gets no alert from one solution and does get alert from another solution . That's also quite confusing sometimes , maybe . Unless you're never wrong , that could also be the case . If you're never wrong , then no we're rarely wrong .
Very rarely , our false positive is zero to none .
Yeah , really , then it makes sense .
It's not that every once in a while we find a situation where we block an email that we were not supposed to block , but it's quite rare .
And just pivoting a little bit to obviously one of the big topics that I'm a little bit sick and tired of at the moment , but AI in security . Everybody's talking about it .
Ai Never heard about it . No , good , good .
So you're on the record saying that Checkpoint does nothing with AI . That's good , no , no .
So you know about three years ago , when AI is here . For many years , but AI was not a topic that they used to talk everywhere . And then three years ago , I had a presentation in front of a large audience and the name of the presentation , my presentation was ITAI , which is my name Itai . Itai , that's actually .
So you've always had it .
Yeah , I always had it .
It's built in but especially when it comes to simplicity and being able to react quickly and having an inner platform . Ai must be able to play an interesting role in terms of automation , but also maybe in resolution of things . How do you see that happening ?
So I think there are three angles for AI . There is the angle of how hackers are using AI . There is the angle of how hackers are using AI , there is an angle of how you can use AI to make your products better , more secure , and there is the angle of how do you secure AI systems .
I think that , yes , hackers definitely are using way more AI to attack you , especially on the phishing spear phishing things like that . It becomes way more easy .
Do you see that as well in your threat intelligence ? It's crazy , because I hear from other vendors that they don't see it at all .
No , it's great because what they use today , right now , they are looking at your social media and they use AI tools to scan your social media and then they can generate a phishing campaign that is very targeted , just for you , based on what you did .
They see what you did on Facebook , on LinkedIn , on Instagram , and then , when they send you the email , you go wow , how do they know all of this ? And I've seen it in real .
But then you need to be able to detect that it's actually a phishing AI generated phishing email , right ? So if you don't see them now in your threat intelligence , as a security vendor , you're probably missing them .
You need to block phishing . It doesn't matter if it's coming from AI-driven or human-driven .
Okay , so then they use AI to actually harvest all the information we use .
AI to block phishing , no matter what , and there are so many different . I won't get into the technology behind it , but there are so many different parameters and algorithm and AI that we use in order to come up with the right verdict .
So this is one aspect is how hackers use AI and they're using it in many , many other ways to generate codes that will hack into your computer and things like that . We use AI today in products , and Checkpoint came up with a co-pilot that will help administrators to interact better with our products . We use AI way , way before .
We have more than 45 different AI engines in our threat cloud , but the new AI that we are talking about the CGPT type of the AI is something that will allow our administrator to interact way better with the security product .
But the most interesting part is about how do you secure AI , and that's what the announcement that we did today with our AI guard is the fact that AI is a system that almost every organization will deploy in their environment . They will use , obviously , the public one , but also the one in-house . So how do you protect it ?
And that's a huge concern from customers and again that came along again and again Some customers trying to block their employees from using AIs in different ways , and it's extremely hard because it's not only about chat GPT , it's chat GPT and thousands of other AI systems that use chat GPT or other , or BERT or other A lot of parallels with the rise of the
cloud , the public cloud .
Right , you had the same kind of split between customers saying you're not allowed to use it , Some said you're not allowed to use it , Some said you're allowed to use a little bit and others say go ahead , do whatever you want .
Yeah , the vast majority are in the middle . They will say , okay , I want you to use it , I think it's very important because this is how you move fast , but I want to control it . Many of them are now running fast to deploy their own AI system in-house , so their employee will not have to go outside . But then how do you secure the prompt ?
How do you secure that when AI interacts with other systems inside organizations via APIs ? How do you secure this type of attack vector ? How do you scan and tell me , as a CISO , which AI systems my employees are using ? How do they use it For what purpose ? For marketing , for sales , for financing , for coding ?
Think about developers , think about CICD systems that will try to take advantage of AIs .
We need to put those kind of guardrails of AI firewall for AIs , and that's exactly where it's quite hard to do right , because you don't really know what you're up against , because AI is changing so quickly that it's quite hard to predict what it's going to be like in , I don't know , three months , six months , a year .
It's moving extremely fast .
So you have to move very fast as well .
We have to move extremely fast . Customers are moving very , very fast . The whole industry of AI . We announced our partnership with NVIDIA to protect now the NVIDIA AI systems and many , many new AI data centers will be .
So then , basically , you bring security down the stack even further .
We're looking to put our security all the way from the AI system themselves in NVIDIA , in our firewalls , inside the browser , in the cloud , protecting whatever cloud is trying to communicate AI outside .
So we're trying to find all the different logical places to put AI and , again , without asking you to put too much new products , we're trying to take advantage of your install base that you have . Sometimes we'll have to ask you to do additional things , but we already have the footprint .
Now the question is do we have the intelligence to come up with the right security in ?
place ? Yeah , because you need to . As Checkpoint , you also need to invest heavily in your AI that helps customers make sense of their ai . If you know what I mean , right so if you ever have to keep up with , that is that ? Is that a is that is that ? Is that realistic ?
maybe it's not the right word , but that's going to be a lot of hard work to uh to get there you know , the c-sales are are having at least 30% of the time free , so now they have another things to deal with they just need to get their hands dirty and do something themselves . They were waiting for something to do more things .
So here's more things for them to do . Yes , it's , it's . It's quite chaotic , and I think many organizations , all the way to boards and CEOs , woke up one day and said okay , ai is here , we have to use it . We don't know how , but we have to use it . But there's such a lack of knowledge Now we have to protect it as well .
But there's such a huge lack of knowledge when it comes to AI , even at board level . I mean , I heard somebody say yesterday to me that he had somebody say to him it's like this Chinese whisper game now that he was afraid that his ex-wife could get his social security number by asking it to an LLM or to a foundation .
That's not how it works , but that was a high-level guy in a very big company that thought that AI worked like that .
So there's such a huge lack of understanding of how actually these things work , what it can do and what it can't do , that even on the educational side , organizations need to educate themselves so much before they can actually make a sensible decision on what to do with AI . Right , right , right .
So I think that what I heard and again , I met several big CISOs of some of the largest financials last week and this week , last week in New York and now here telling me they are building right now a committee of people from multiple departments in the organizations , assigning either head of AI or head of AI security , sometimes reports to the CISO , sometimes
reports to what they are assigning VP of AI in the organization , which is responsible for anything that AI and security does is part of it , and they are looking how to take advantage of AI for their own business , but also how to secure it .
It's going to be an interesting topic to follow in the coming weeks . Nobody really knows where it's going right , and that must be .
But the funny part is that every company that you see out there changed their name from whatever x66 to x66.ai . Yeah , yeah , yeah .
I think I read something last week that there is a country that has that as a top-level domain , ai . I don't remember which one it was , but they had a .
Ah , the country with the ai . Yeah , yeah , they have the ai . All right , you should jump and buy all those domains . They're having a field day there now . They're making a lot of money , so that's All right .
So , yeah , I think we're at the end of this episode . I think it was an interesting discussion . Thank you for being on the show and I look forward to catching up with you in the future .
Thank you very much . I appreciate that .