Let’s face it: 2014 has been a miserable year for IT security professionals.
Every week, it seems, an organization somewhere around the world confesses its systems have been broken into and data has been taken.
In an interview at IT World Canada’s office Amnon Bar-Lev, president of Check Point Software Technologies, described it as “very bad year” for intrusions. In large part its because malware kits are so easily available. “If you have enough money and bad intention you can do whatever you want,” he sighed.
Check Point has grown from an Israeli maker of stateful firewalls to having a wide range of security gateways, software blades and threat prevention appliances for small, medium and large sized enterprises. Its profit last year was US$652 million on sales of about US$1.3 billion.
Responsible for the company’s worldwide sales, global partner programs, business development and technical services, Bar-Lev was in Canada to meet customers and reseller partners in Toronto and Montreal. Check Point also has sales offices in Calgary and Ottawa.
Despite the fact that IT security pros are seemingly always constantly fighting fires, Bar-Lev is optimistic.
“No all attacks are brain surgery,” he said, “A lot of them are done by robots.
In fact he believes 80 per cent of attacks can be blocked with standard IT security strategies.
“You need to segment your network, you need to have AV, patch systems … If you do those things you’re protected from the majority of attacks.” It’s the “very, very top sophisticated ones” – the other 20 per cent of attacks — that need special defence mechanisms.
But there are no promises. Check Point touts a three-tier architecture is has created with an enforcement layer based on physical and virtual security enforcement points that segment the network so an attack on one network component can’t undermine all security; a control layer that analyzes threat information from a variety of sources and generates policies for the enforcement layer; and a management layer.
Build an infrastructure like that and your organization will be “dramatically safer,” he says. But, Bar-Lev admits, “there’s no silver bullet. If you want to really be secure, don’t buy a computer. If you buy a computer, don’t turn it on. From there on, there is a risk.”
Interestingly, he doesn’t believe ideal IT security blocks users from doing things. “Security is really about enabling. Security officers always need to think about how can we make things happen, versus how can be block things from not happening. That’s a much better way of looking at security.”
So, for example, Check Point will shortly release ThreatCloud Mobile, which links to its cloud security service. A small client on mobile devices regularly checks the service for vulnerabilities. Meanwhile, organizations can extend their policies to the cloud so devices with the client have the same security where ever they are.
Also coming is a mobile container that creates a secure environment for running business apps.
“Security is the only place in IT where you don’t fight technology,” Bar-Lev observed. “Networking, storage, you fight physics — how can I do it faster, easier, whatever it is.” But in security, “somebody else has come up with new technology, and new ideas of how to penetrate, and you need to block it.”
