This document discusses network security and compares different generations (Gens) of security products. Gen V security is defined as being effective, efficient, and everywhere. Check Point is presented as providing Gen V security through real-time prevention innovations, an unparalleled sense of urgency in responding to vulnerabilities, proven security with third-party tests, no security shortcuts, and an efficient software-based architecture that allows security everywhere. Check Point is said to have the best security through these factors and fighting FUD with facts.
Moti Sagey CPX keynote _Are All security products created equal
1. 11
MOTI SAGEY | HEAD OF STRATEGIC MARKETING & INTELLIGENCE
CREATED EQUAL
ARE ALL SECURITY PRODUCTS
?
[Protected] Distribution is subject to approval
2. 2
FOR THE IMAGINATION OF MAN'S HEART IS EVIL FROM HIS YOUTH
THE STATE OF CYBER SECURITY TODAY
Mostly Gen I-III Deployed (AV, FW, IPS)
Genesis 8:21
Gen I security - AV Gen II,III security - FW + IPS
4. 4
THE CHALLENGE
EVERY VENDOR WILL TELL YOU
THEY HAVE THE BEST SECURITY
WHAT IS THE BEST SECURITY ?
HOW DO WE TEST IT?
IN GOD WE TRUST,
ALL OTHERS MUST
BRING DATA”
“
W.H DEMING
5. 5
WHAT IS THE BEST SECURITY ?
GEN V SECURITY THAT IS :
effective
efficient
everywhere
7. 7
TO KEEP YOUR BUSINESS
PROTECTED
1402R&D ENGINEERS
31% OF EMPLOYEES
16% OF TOTAL
25% OF TOTAL
31% OF TOTALCHECK POINT
FORTINET
PALO ALTO
1402
1225
787
Source: SEC Data: Palo Alto Form 10-Q | Fortinet 10-K | Check Point 20-F
9. 9
HENRY FORD
“IF I HAD ASKED PEOPLE
WHAT THEY WANTED,
THEY WOULD HAVE SAID
FASTER HORSES”
CHECK POINT REAL-TIME PREVENTION INNOVATIONS
10. 10
CHECK POINT REAL-TIME PREVENTION INNOVATIONS
“IF I HAD ASKED PEOPLE WHAT THEY WANTED, THEY WOULD HAVE SAID FASTER HORSES”
“Check Point has gained ground
from an innovation standpoint
and can boast one of the most
complete offerings in the
network security market today.
“Perhaps the most impressive
element of Check Point’s malware
analysis approach is the ability to
capture an email attachment,
analyze it, and render the
content for the end user or
security team while the malware is
mitigated.
16. 16
TO MAKE SURE YOUR SYSTEMS ARE NOT EXPOSED…
1.02
Mature SW Code
Swift response to
SW vulnerabilities
221.3
62
183.6
93
48.2
99
# Total of SW vulnerabilities(2016,2017) Average fix time (days)
Source: vendors security advisories web pages & http://tiny.cc/urgency
17. 17
AVERAGE RESPONSE TIME FOR TOP VULNERABILITIES(IPS) IN 2017
Source: vendors security advisories web pages & http://tiny.cc/urgency
18. 18
EFFECTIVE SECURITY MUST HAVE 3RD PARTY
PROVEN TRACK RECORD OF SECURITY EXCELLENCE
Source: http://tiny.cc/nss_stats NSS Labs Network Security tests (FW/NGFW/IPS/NGIPS/DCIPS/BDS) * PAN NGFW solution have not been recommended since 2013
Neutral Caution Recommended
19. 19
EFFECTIVE SECURITY MUST NOT HAVE SECURITY SHORTCUTS
FORWARD SEGMENTS EXCEEDING
TCP CONTENT INSPECTION QUEUE
INTELLIGENT-MODE :ENABLE
HTTP CLIENT BODY EXTRACTION DEPTH 4000
20. 20
VULNERABLE (BYPASSED MORE THAN 100 DIFFERENT
WAYS WITH VENDOR BEST PRACTICES CONFIGURATION)
GOOGLE “HTTP EVADER”
AND TEST FOR YOURSELF
http://tiny.cc/httpevader
30. 30
WHAT IS THE BEST SECURITY ?
GEN V SECURITY THAT IS :
effective
efficient
everywhere
31. 31
OPERATIONAL EFFICIENCY
MAN HOURS REQUIRED FOR YEARLY MANAGEMENT OF 50 GATEWAYS PER SITE
“The Check Point management remains the de facto “GOLD STANDARD”
against which other consoles are measured” Gartner
1000
1500 1500
2000 2000
Source: Shadow Peak INC.
32. 32
THE WHY - UNMATCHED UNIFIED ACCESS POLICY
ONECONSOLE.ONEUNIFIEDPOLICY.
37. 37
THE PEOPLE
WHO WILL GET YOU THERE
1402R&D ENGINEERS
31% OF EMPLOYEES
1402
1225
787PALO ALTO
FORTINET
CHECK POINT 31% OF TOTAL
25% OF TOTAL
16% OF TOTAL
Source: SEC Data: Palo Alto Form 10-Q | Fortinet 10-K | Check Point 20-F