CPX DC – Day 1

So returned to DC and just finished Day 1 of CPX…and the results are in.

Same as last year. 1:1’s awesome – I’d sell my kids schoolbooks to attend (OK, i have not kids but if I did). Worth every penny. Love all the CP folks sitting in a room talking over resolving issues. They really really want to hear the good bad and ugly and I just love them for it. No attitude, just blunt (polite) discussion on how to improve the product. THANKS!!! We are all on the same team.

CPX as a conference in general. I agree with http://blog.lachmann.org/?p=1950. Maybe they should get a professional to run it. Topics are just not interesting to me anyways.

Here are my summary notes so far:

———————————————————————–

Remember 3D 2011? History. I saw it in one slide

Remember CP The Security Company 2012 ? History. Never mentioned.

Remember GRC 2012? Boring. Time to move on. Briefly mentioned.

CP is a product company and just will always be that way. And they have some awesome products – MDS and Smartlog and SmartDashboard. I really wish they would focus on these.

Gil mostly talked about Threat Cloud. Anti Bot, AV, IPS, etc. Not too exciting,same security speech.

So the biggest news for me was the new MDS coming out in mid 2014. As Gil said – Customers when asked say the #1 thing they like is Centralized Management and Tracker. Then he showed 1 slide of the new MDS and about 1 minute of features and moved on. Period. End of show. Nothing was ever mentioned again about one of their coolest products. I just don’t get why the continue to bury the product that has kept them alive. Oh well, I’m just a lowly firewall monkey.

They had this super duper talk on zero-day hacks with live demos. WOW. One of the best hacking demos I’ve seen, much better than my mine and I thought mine was good.

After that I hit the trenches. The prepared talks didn’t seem to exciting.

——————————   MDS ——————————

MDS: Sounds really cool. I talked to a developer that left the project 1 year ago but this was the effort last year.

– Simplify migrations between domains
– One merged GUI between SmartDashboard and SDM(kinda) with ACL stuff in one Window and threat prevention in another
– SQL backend supporting rumors of 50 million objects
– Fine grained controls on admin access, so now 1 admin can’t lock everyone out of domain
– A rule can be constructed in one place using IP ACL, application control, IA, etc. You dont
have to hunt through tabs
– Person didn’t realize that SmartDashboard has Admin install ACL, and MDS eliminated it (where its most needed)
– Release is mid 2014 so probably usable in

So the gossip is going in the right direction. Hopefully the features and the code follow through.

So my advice is to upgrade to R75.46/7 and stay there until late 2014. R76 is going to be buggy and a new environment you will have to learn without any real new features. Stabilize your environment during this time and then start to upgrade end of 2014.

————-Smart Log——————-

My favorite product. So be aware that for a standalone environment they have this really cool feature of display response statistics (20% of responses are from this IP). They don’t display them in MDS environment because each domain computes its own and they don’t share. Ugh. That is what a enterprise environment does so hopefully they fix this. Still log smartlog, great job!

——————-  Identity Awareness —————–

I will write up next. Got some info to help you debug better

——————— Licensing ——————————–

Basically anyone with a CP shirt on I would go up to them and say “Licensing sucks, when are you going to fix it?”. Best response I got is they now have a team on it that will merge SmartUpdate and UserCenter. OK, so know I’m really scared….two of their worst products merged into one.

CP needs to eject licensing all together and just do auditing blade usage. SmartLicenseAudit should discover the blades you are using on how many systems, generate an email that you approve and then send. If you hack it and they catch you, $100K per violation.

Stay tuned,

fw unloadlocal

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Pedro Madeira  On April 26, 2013 at 9:13 pm

    Thanks for the info.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: