2012 CPX Review

Greatings CPX’ers.

I attended 2012 CPX in Orlando this year and I personally learned a TON. I approached it differently this year and basically bypassed the presentations and hunted down CP internal people to get answers (see my other discussion on CPX).  They were all very accommodating and I hope I can share the Best Of CPX that I learned.

The most significant things I got from the conference (so you don’t have to read my cryptic notes) are:

–          GAIA is released

–          R75.40 is released with MDM (But no MDM on GAIA for a month or so)

–          SmartLog!!!!! The most exciting product in the CheckPoint suite next to MDM!! You HAVE to check this out. And its FREE!!!

–          Hit counts in SmartConsole!!!! Finally!!!

–          GRC regulatory info will be integrated into SmartEvent. So you could get PCI compliance information in the future

–          No plan for 64bit MDM

–          No plan to put MDM database into a real database (bummer for many reasons)

–          Edges are getting whacked, replaced by Series-80

–         Licensing will never be fixed. They don’t even think its a problem.

Forgive the general rambling nature…I’m trying to remember from my cryptic notes what I extracted from my conversations.

=====================  Gill Schwed CEO and founder ===================================

Gil Swed (CEO and founder):  Similar to last year but the vision speech has changed again. Last year GRC was big, this year more product oriented mapping it to GRC.  Last year I thought (mistakenly??) that CP wanted to become a big security player in software && services with purchase of GRC, but I didn’t get that this year.

He spent some time on the CP Threat Cloud that gateways from all customers report into and then distribute back to gateways and used by IPS, App Control, AntiBot  (not sure what else) to report threats back to gateways to shutdown attacks.  This should approach real-time as we progress.

Best part was Gil talking about his Tesla and he listens to Arab music on his MP3.

======================Anon Director of 3D =============================================

Talked about 3D and how CP is now taking it seriously.  CP said they would share their policy with whoever asks.

======================= Kelman – Directory of Support Toronto Canada====================

I’d say the hit of the conference. Great mapping of policy, procedures technology, politics to the Star Wars background. Hilarious. Great job.

====================== App Control ==================================

Couldn’t hear nor understand this one, but I think these are some of the upgrades:

–          Bandwidth limits

–          Can be accelerated by SecureXL and Core XL

–          Rule Time limit

–          Granular user check (not sure what they mean)

–          Support HTTP proxy config (not sure)

  • Transparent mode (not sure)
  • Per interface (not sure)
  • Safe search (not sure)

==================== R75.40  =======================================

–          Was released during conference

–          https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk67581&js_peid=P-114a7bc3b09-10006&partition=General&product=Security#Downloads

–          No P1 on GAIA, maybe May

–          GAIA is released;

–          SMARTLOG: I think the most exciting, revolutionary product next to MDM/P1

–          All the other products have incremental improvements

–          Hit counts in SmartConsole!!!! Finally

==================== GAIA =======================================

Cool things from GAIA:

–          It is released here:

–          https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=14900

–          Large customer has in production so theoretically it works

–          Has auto update

  • Notify
  • Schedule update
  • Verify update occurred

–          NOTE: the configuration data is now stored in a database. So if you update files they will get overwritten when you do a database save. This is from IPSO days.

–          NOTE: Several configuration items are not stored in database and won’t be migrated. RSA in /var/ace, cron, SNMP, $FWDIR/local.arp, and any custom modified commands/data.

–          DANGER: GAIA may remap network ports, make sure you label them!!!

–          64 bit GAIA is limited to 24gig is the tested service support. But it should recognize as much memory as you put in. Need 6 gig of memory as a base for 64 bit.

–          Very cool, will share VMware shared folders with a host.

–          Once installed you can switch between 32 and 64 bit GAIA, it is a configuration item and reboot. So no reinstall to go to 64 bit

–          No support for IPV6 to IPV4 NAT gateway. Bummer

–          SPLAT to GAIA upgrade is 1 command that will translate into GAIA commands

–          GAIA is mainly based on SPLAT and some of it was already in R75? (not sure)’

–          NOTE: There is no plan for 64 bit P1/MDM.

–          SmartProvisioning improvements—One can only pray

–          VRRP is preferred HA mode – but he couldn’t tell me why. Not sure what conversion will be like

–          Like cisco, you can dump GAIA commands into a file for its configuration, and then change the template to roll out to different gateways (like modify IP address and host name)

–          NOTE: R75.40 P1 cannot! Run on GAIA yet. Late Q2????

–          Why do you need 64bit GAIA?? Was told that concurrent connections take a ton of memory. Much more than IPS, AppControl, etc. (I’d like to see more data on this)

–          OPINION: I”d let it bake a bit (1 more year) and let things settle down. Unless you have some need for high connection throughput via 64bit memory – if its not broke don’t fix it.

==============================P1 MDM=============================================

–          Overall, very disappointing. Not much in roadmap

–          R75.40 out 4/18/2012

–          MDM on GAIA is very close in 32 bit mode

–          No plans for 64 bit MDM

–          Not working on back end database

–          Will be 2-3 years before big new features are delivered (not sure what they are)

–          They are working on some multi-threading to enhance performance

–          SmartCenter is going away, all will be Domain in MDM. No more standalone SmartCenter

–          Renaming global objects:

http://fireverse.org/?p=144

===================Product Roadmap =====================================

–          I missed 75% of this

–          COOL thing is they are planning on having Smart Even report PCI regulatory compliance, somewhat similar to Tufin/Algosec/Firemon, etc. This is part of the GRC purchase they did last year.

–          FYI: Edges are history, replaced by Series80

======================Random Gossip ==========================================

–          Edges are going away, will be merged into Series-80 a flash based system with GAIA

–          Floating IP addresses are being worked on for VMotion support

============================ E80.40 Endpoint Client

–          Management is finally in SmartCenter

–          SCV (secure compliance verification) is old, Endpoint compliance is new system “Policy Server”

–          Will have its own blades for ; malware, encryption,vpn, webcheck, firewall, compliance, usb encrypt

–          Endpoint VPN and Endpoint E8040 will merge In 2013

============================ SmartLog=======================================

==============è STOPç=======================

==============è STOPç=======================

==============è STOPç=======================

Everything you are doing. Stop looking at other products. Stop all your paper work.

SmartLog is revolutionary. It is the iPhone of SIM products. And they are giving it away for free. This product could replace all your SIM products like RSA Envision (which is horrible unless you like to wait 10 minutes and construct database queries).

SmartLog puts a google like face on Tracker. It is super fast. Get this: You can direct ALL your logs to one platform now!!! Did you hear that MDM crowd. No more hunting through log servers, its all in 1 place!!!!

I am still amazed they are giving it away for free.!! I was almost child-like giddy laughing when I listened to Dudi (head developer) give me all the details. This product is amazing, I’m not sure CP knows what they have created.

So STOP what are doing and download and install NOW!!!

Here are the tidbits:

–          You can suck in your old logs

–          You can search through billions of records quickly. We saw ½ billion in a couple seconds

–          32 or 64 bit, doesn’t matter (I didn’t get this part, should be 64 bit)

–          Can be installed on almost any platform: GAIA, splat, windows

–          Works with MLM environments. You can check off what DLM you want to query. 1 or all.

–          Give it TONS of memory, it will gobble all you give it. That’s why I thought it should be 64-bit

–          Make sure it is on a kick ass box, otherwise it can fall behind real-time and never catch up.

–          MAX: 1 billion logs per day

–          FIFO for delete when disk gets full.

–          It will gobble up 70% more disk space for the index file.

–          Admin manual is only 17 pages!!!

–          SmartLog is part of all SmartManagers or Domain Log Servers. You have to Enable it in SmartConsole

–          3 pieces: SmartLog console, SmartLog Index Server, SmartLog aware Log Servers.

–          If you install SmartLog Index Server on a standalone platform, it has to use LEA to suck logs from the log servers. NOTE: This can be slow (3K-10K records/sec) and so you might fall behind real-time. You might want to have 2 SmartLog servers. One for old records and One for real-time recording.

–          SmartConsole Install
https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=14885

–          If you install the SmartLog Index Server on the same box as the Log Server, then the indexes will be built fast, but you lose 70% of your disks to the index. Classic time vs. space….DISK IS CHEAP!

–          WIP: Index server is in the SmartConsole ISO? Not sure how to put the Index Server on a MLM? VMware lab!!!

Advertisements
Post a comment or leave a trackback: Trackback URL.

Trackbacks

  • By 2013 CPX Questions | DreezSecurityBlog on March 8, 2013 at 8:57 pm

    […] out to 2013 CPX in DC this year again. If you ever read my posts from 2012 How to Attend CPX  and CPX review, the conference is mostly rah-rah but the true value is getting to The Developers! If you […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: