2015 CPX – R80 and CapsuleH

Summary: 2015 CPX was like a continuation of 2014 CPX. No big announcements, usual rah-rah. R80 and Capsule were the focus. As always highlight was talking directly with developers. Lunch was great.


R80: Dorit says its out now, techies say Q3. MDS version is still up in the air. R80 firewall in EA. So basically I can’t say when its coming out but I hope to god the QA people are busy. I actually bought some CP stock based on R80 release.

Capsule: Funny: Gil says “How many people have threat prevention on your mobiles?” about 2 people out of 1300 raise their hands. “See, we can’t even get CP people to use it…that’s why its a 5 year plan”. Crowd roars. (not direct quote but something like that).

True Story: I was in Costa Rica on guided tour on steep path on sheer cliff. Guy ahead of me asks his wife to take a picture of him with his iPhone. Wife steps back and almost falls off cliff. He yells “MY IPHONE!!!!”

My read of Capsule is that people care more about their mobile phones than they do their partners. Reduce their battery usage, screw up texting, block mobile data access and they will hunt you down and burn you in your bed. I agree with Gil. Until the bad guys trash your phone and the pain is worse then the impact of the security software, the market has yet to develop. Technology needs to catch up to support the additional load  on the device.

I spent most my time tracking down their progress on Software Defined Networking which I think looks exciting and hopefully will be CP’s next ride to the top with R80 management.

The tofu and quinoa warm dish was fantastic. The tofu had a bit of crunch to it.

So the rest of the show was a 2014 repeat telling you to turn on more security stuff, the end of the world is near,  the cemeteries of full of people that had computer viruses, we are all going to die.

Random Details in Random Order with Random Comments:


CP Strategy over the years:

  • 2012 CP as security company vs product company- history
  • 2013 3D security rah rah- that’s all history
  • 2014 Software Define Protection
    • Management
    • Control
    • Enforcement
  • 2015 Software Define Protection – 2 years in a row

I actually saw SDP described in several talks 2 years in a row by some of top management…so maybe it will stick. I just don’t get how the title has anything to do with the content and how it makes CP standout from the rest of the hoard. Everyone has management, control, enforcement. CP’s edge is Great Centralized Management.

So my frustration with Gil is he does not set CP’s strategy as “Centralized Security Management” and then follow up to say “Last year we said we’d do X, Y,Z and we did X and Y. By 2017 we will do 1,2,3,4. Capsule is good example, everyone and their mothers will have mobile protection…but imaging trying to centrally manage security on 100,000 mobile phones. Who is going to do that best? Why is CP better than competitors? By when? What does it look like? What do the analyst think? What kind of revenue numbers? What is the sales strategy?

(To be fair Dorit did some of this, but from a operation point of view not a visionary point of view)

But then again he does have a private jet and I drive a 2006 Scion.

Who is Check Point this year.

Some guy gave talk trying to prove with statistics that CP is the best.

  • Best prevention software – Everyone says this, software is still maturing.
  • Best management platform – Agree: but competitors are very close. Needs quality R80 release
  • Best security DNA – Everyone says this but he was right – most people in CP have military backgrounds with the enemy 20 miles from your child’s bed so they do have a security mindset.

Featured Speakers:

  • Michael Morell – FBI director: End of world is near, Chinese hacked his email and wife figured it out, he saw scary stuff
  • Michael Chertoff Former Homeland Security Guy:End of world is near, he saw scary stuff

Threat Prevention: 

  • AV is now useless, too many zero day attacks
  • IPS going the way of AV
  • Threat Emulation is the rage….until hackers put a “sleep(till Tuesday)” in their code
  • AntiBot is OK, but using encrypted channels so look for known DNS and IP addresses
  • Threat Cloudiness is a must to stay on top of zero-day attacks
  • They bought Hyperwise and Lacoon because the above are pretty iffy, but no one could tell me what they do.

My read: CP’s blades are still maturing but their edge is single pane of glass centralized management. Threat Prevention is not a technical problem, its a people management problem. When the sh*t hits the fan, you want all silo’s in the organization looking at a single pane of glass…not 10 different “Best of Breed” solutions. Single pane of glass security management increases detection rates because people are familiar with a single product, reduces response times, and lowers TCO.  This is the value CP brings to the security marketplace.

R80

  • Everyone I spoke to has a different release date. I’m OK with being late, it just has to have the quality this time. I even bought some stock betting on R80.
  • I can’t get 2 people to give me the same picture on R80 MDS. Latest speech is it will be 1 executable, but you can sign into either MDS or SmartDashboard. Last year they said it was all merged…we’ll that ain’t merged. MDS is long on the tooth and needs more integration with SmartDashboard. Only 2 big differences are
    • you are suppose to be able to have multiple sections of global policy instead of just top and bottom.
    • global objects are broken into chunks instead of one big database
    • you can import chunks of objects into the domains
  • Hit counts on objects
  • Logging integrated into Dashboard
  • I couldn’t get an answer if you can seamlessly copy between domains
  • They realize the future is all about scripted access, so REST API and associated tools is huge
  • Software Defined Networking integration looks cool

Dorit – President

  • Roadmap – Nothing really new just bigger faster
  • I thought this was impressive. A person in our group asked a question about some innocuous technical point on Amazon cloud. Dorit hunted her down 1 hour later to give her an answer…and there were 1300 people at the conference.
  • Dorit also was very responsive to my issues. I heard from internal people that she was pushing buttons trying to make things happen.

Developers

  • As always one goes to CPX to talk to the developers. The afternoons are were you really can connect with the muscle of CP and get the real story. And they can see your pain and try and make a difference.
  • I spoke with several developers from Threat Prevention, SDN, R80, They really want to hear your pain and make a difference which is a  great feel.

SDN, Clouds

  • Spent 1/2 the show tracking down SDN demos which I am excited about.
  • R80 will integrate into SDN products. Saw some cool demos
  • Separate blog coming

Tufin – Talking the Right Talk

  • Tufin gave a pitch on Cloud Security Management and how big an issue it will be.
  • They are dead  on with identifying the problem, Rubin was great
  • In cloud and SDN objects/rules are created by scripts so the scalability and speed of deployment will be mind boggling. Imagine having a script that deploys 1000’s of servers and firewalls and rulesets in seconds. Next there is a network problem and you have to go find it.
  • I’m not sure what their solution is about but they are only ones that can talk about management complexity we are weaving for ourselves.
Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Weaver, Rick  On May 18, 2015 at 12:54 pm

    Michael,

    What’s the pw for the latest post? Keep up the great blog.

    THX,

    Rick Weaver, CISSP
    Security Architect
    Information Technology Services
    County of Ventura
    805-662-6866
    rick.weaver@ventura.org

  • Ashish  On May 20, 2015 at 12:42 pm

    Once again awesome writing.

    I dont know if I should love CP or hate it cause they are concentrating towards SDN where I think Juniper is much ahead and doing good.

    I don’t know if this question worth your attention and time : Why checkpoint does not make standalone firewall management an option like Juniper,Cisco,or PA (no need of management server though I love the idea but independent FW is good to have), is it really that difficult ?

    • Dreezman  On May 20, 2015 at 1:07 pm

      Juniper is dead. CheckPoint 1100’s have management on them. I’m a big believer in centralized management so if the firewall level policy can be sync’d with a centralized mgt station I am for it. Thanks for input.

  • Jonathan  On May 21, 2015 at 12:55 pm

    Every Check Point appliance can have local management. That’s always been the case. I believe it’s called a Standalone deployment/installation. I never recommend it, but it can do it. 🙂 I only never recommend it b/c every one always eventually wants to move to a centralized management and it’s not the easiest to separate functionality once you’ve done a Standalone. It can be done, but it’s a hassle.

    • Dreezman  On May 21, 2015 at 2:09 pm

      Yeah, good point. But I think he means firewall policy like Palo Alto and Juniper has.

      Firewall only objects and policy
      Domain/Zone only objects and policy (that wraps the firewall one)
      Global objects and policy (that wraps the Domain/Zone)

      dreez

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: