CPX Day 1 – Drinking from the firehose

My scratchy notes: Not sure this all makes sense…..

CP Geeks, I declare this years CPX a victory. Summary: It feels like that last 5 years (of pain) they have been laying the groundwork for a  really cool platform and this year is the first year I can see this happening.  Everything is looking good on paper.

9am: The disco starts,( the bass is still ringing in my head and its 10pm at night as I write this).

GIL Shwed, Amon Bar:


 

– Guess what?  hackers are still out there
– Make sure you turn on your antivirus/antibot/IPS,etc
– Buy CP stuff

2012 3D security rah rah- that’s all history
2012 CP as security company vs product company- history

1400 attendees, 30% more than 2013. 600 in 2012. Conference is growing hugely

This years theme: Software Defined Protection based on:

– Enforcement Points: gateways, mobile,
– Control – 1) Access Control and 2) Threat Cloud set your policy
– Centralized Unified Mgt: to management the environment

If the above is confusing, basically they are coming back to their core strengths: Management, logging, enforcement through a single pane of glass.

Threat Cloud: Is basically virtual machine where they run attachments to see if they modify system files. Then distribute to all gateways to make enforcement decisions real time. They are now opening the threat cloud to other parties so they can contribute. All the data will be anonymized. This is an excellent decision. Hackers share info, why shouldn’t the defenders. Two Thumbs Up.

OPINION: This is CP’s strength. One platform for analyzing and enforcing decisions near real time. Although as a separate product not a market leader, the full package of management logging enforcement is alone in the marketplace. Very cool. I’m a believer. Just hope they QA it before they release it.

Announcement: Threat Cloud is now Open Threat cloud so other organizations can contribute to it. Very cool,

Announcement: R80 Management in EA. Sign Up. Looks REALLY !!! cool. Only the SmartDashboard version right now working on the MDS version. But two thumbs up on features. Hope they do QA on it.

Observation: MDS, SmartDashboard, SmartLog, SmartEvent, Smart Monitor are being merged into a single product which makes data analysis so much easier. Not sure why people pay for Envision, Arcsite, Mcafee Security Manager as separate products.

Mobile Enforcement: Endpoint will perform Secure Document, Isolated Sandbox and Cloud Filter to filter data sent to device: OPINION: Jury is out. Feels like a really heavy client waiting for the hardware to catch up to support it. Not much experience with it at this point.

Brian Krebs


Amusing talk about work monitoring the underground.  He broke the Target story. He noticed that hackers where selling credit cards with zip codes and figured out that the zip codes were to bypass the geo-location lockouts the banks put on use of stolen credit cards.

His summary was dead on and I’ve been saying for years. Buying a bunch of blinking lights is useless:

1) Figure out who wants to get you
2) Know your enemy
3) By talent not just tools to do the analysis
4) Go past compliance basics

PERFORMANCE LAB:


 

61000/41000: Good presentation by Marco on the power of these systems. Really expensive but I think it is the architecture of future CP products. Basically in your SmartDashboard GUI you see 1 standalone firewall but the hardware appliance is running 120?? CPUS and all hot swappable so you just plug in more boards if you need more throughput. They decide to throw CPUs at the performance problem vs ASICs. So clustering and CoreXL are fairly invisible to you at the dashboard. Great concept hope they QA it.

21000: has a secureXL accelerator card based on the Tilera processor that is V2 of the NOKIA accelerator card. Only available in 21000.

MultiQueue

There are two semi-new features to improve performance on the gateways:

1) HyperSpec: Turning on Hyperthreading on the processors to double the number of processors. Best used for assisting IPS/ThreatEmulation/etc CPU intensive work and NOT I/O

2) Multi-Queue: Assign multiple CPUs to a NIC where each CPU handles a unique src/dst session for that one NIC. Only enhances I/O performance throughput and NOT CPU intensive performance and NOT more individual sessions.

Multiq MultiUse

CoreXL and SecureXL admin are going into the GUI to simplify admin. Here are samples:

MultiQGUI

 

Corexlgui


 

VERY impressed.

  1. – Everything in the GUI has command line equivalent that can be scripted. You can even type in command lines at the GUI instead of mouse click. VERY critical for huge installations that need to script large operations. CONGRATS: not sure anyone competitor gets this concept of trying to manage huge number of objects with flexbility. Love it.
  2. – SmartMonitor, SmartLog and soon others will all be integrated into a single GUI. 100% double thumbs up.
  3. – Objects can now be tagged. Very cool once again for managing huge number of objects.  You can now perform operations on these tagged objects. 100% Two Thumbs Up
  4. – Rules of another comment for Change Control. Two thumbs up.
  5. – Hit count on Object Use. 100% for maintenace. Two Thumbs Up.
  6. – Instant message others from GUI. Two THumbs Up for collaboration.
  7. – You can push ACLs, separated from IPS, separate from AV now. Two thumbs up.
  8. – They are still debating what will go into the MDS version. All the above is for a single management station. They think that global/local policy will stay the same which is kinda a bummer. But they understand that we need to share objects and trying to figure out the best way to do that. Just hope they send it through QA, don’t care what they decide.
  9. See DAY 2 post for more detail.

 

QA and Training


 

– QA now has 230 people doing testing. Development has QA sessions every week.  But he cautioned that it is a very complex product and will take a while to see results but R77.10 is good start. Run away from R76

– Training: Taken away from sales and embedded into R&D. So training will be on par with software releases. Some very cool classes on Advanced Debug and VSX.  Hope they send it through QA.

Met Pete and friends overlooking Potomac: Thanks for getting to know you all there!

Going to bed with a CPX buzz.

dreez

 

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Jason  On May 12, 2014 at 10:39 pm

    Working on getting EA for R80 now. Pumped based on your preview.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: