Speaker 1: 0:22

Welcome to this new edition of Techzine Talks on Tour. I'm Sander. I'm at the RSA conference in San Francisco. I'm here with Itay Greenberg. He's the Chief Strategy Officer at Checkpoint. Itay welcome. Thank you very much thank you for having me. What's your opinion on the general vibe at the moment in the security industry?

Speaker 2: 0:41

What I see right now is definitely, first of all, the cybersecurity market is growing so much it's like crazy. Now is definitely, first of all, the cyber security market is growing so much it's like crazy. The number of vendors, the number of companies in this space, the number of investment investors that are coming to be here it's, it's insane. But when you talk to the customer side, they they also look all around and they get confused. Yeah, they feel like it's it overwhelming.

Speaker 2: 1:06

Even if you are in this industry for 30 years and customers are looking to obviously build a secure environment, for their environment is moving to the cloud, their environment is AI, their environment is mobile and SaaS and many, many things.

Speaker 1: 1:26

What are the biggest pain points that they have in terms of their estate or what's happening in their organizations?

Speaker 2: 1:34

So I think that, first of all, the challenge of securing a growing environment, distributed environment, is a big challenge.

Speaker 2: 1:44

The fact that it's very hard for them to find expertise, people that are experts from higher than that stays in the company for a while and not jumping from one company to another is a big, big problem. Some of them are looking to outsource and move out of their some of their security practitioners into MDRs, into MSSPs and things like that. So this is a very, very big concern and challenge for many of the customers. I hear it a lot it's okay, we have the product, we get all the things that we need, but what?

Speaker 1: 2:20

do we do with this?

Speaker 2: 2:20

It's very, very hard. So, as vendors, we need to make sure that, first of all, we deliver a product that's extremely easy to operate to install. I think that's one thing that we're here.

Speaker 1: 2:32

That's always been quite a challenge, right, always been a challenge. The cybersecurity industry is a bit guilty of making it a bit too complicated every now and again, and it doesn't have to be like this it doesn't have to be like this.

Speaker 2: 2:42

I think that if I'm here in San Francisco, I I think that if I'm here in San Francisco, I can see right now autonomous cars driving in a very condensed city. We can come up with products that are easy to deploy and easy to use and doesn't generate too many alerts, doesn't generate too many Asking the security people. Okay, we think it's a problem. Can you check it? We think it's a problem, Can you fix it?

Speaker 1: 3:04

It's not the right way to go, and I think technically it's possible to have it fully automated as well if you want.

Speaker 2: 3:19

But that may not be the desire of the customers to fully automate your cybersecurity infrastructure. So I think the question is, how do you make your security products and your security environment to the customers simpler? And I think there are three ways to approach it. One is automation, and I'll talk about automation, and automation is part of the deployment, that automation is part of scripting things very important but I think there are two other things that we often time ignores. I think that one thing is to make sure that the product learns the environment, understand the environment, understand the topology and fits itself into the environment. That's one thing. Another thing is to build a platform. Now, platform is a big word for many, because if you go to every customer, they will tell you I have 30 different vendors, that I'm working. What is a platform? Do you want me to go to one vendor?

Speaker 1: 4:08

There's also a definition problem when you talk about platforms, right? So there are lots of security companies that offer a platform, but they're not the same platforms, if you know what I mean. A platform is not necessarily a platform.

Speaker 2: 4:20

So I think let's zoom in to what is a platform and for different customers, a platform would be a vendor that is significant enough there are strategic vendors for the customer. Yeah, they may have three or four of them, not just one of them, even in the cybersecurity, and they want to create platforms around domains a platform around network security, a platform around endpoint security, a platform around SOC, a platform around cloud. And when you think about this way, okay, it's not one platform for all vendors, for all products in one place, because then it becomes way too complicated.

Speaker 2: 4:54

But I think the last one thing I will tell you on a platform platform should also be very open to integrate with other security products, with other security vendors with other tools that IT has.

Speaker 1: 5:04

Does that get enough attention in the cybersecurity industry? Huge, they talk a lot about it, right? I've been getting lots of emails and requests to meet on integration, all that stuff, but are they putting their money where their mouth is right?

Speaker 2: 5:22

Is there a?

Speaker 1: 5:22

genuine interest in cooperation between even competitors of each other in the cybersecurity. Look at us.

Speaker 2: 5:29

Checkpoint. We declared and we are doing exactly that. We have tight integrations today with Microsoft Defender. We have tight integrations today with CrowdStrike, with SentinelOne, definitely with all the SIEM vendors.

Speaker 1: 5:46

But also on your firewall business as well.

Speaker 2: 5:48

On the firewall business, listen, we have today the ability to augment data from other vendors, but I think that that's less what the customers are asking. What the customers are asking is, if you are giving me today a platform for network, you as a vendor and I'm trusting you as a vendor I want you to integrate between yourself and to integrate to other platforms that I have. I'll give you an example. On the cloud side, I think we provide a platform on the cloud security, but then we've seen that there's a very good two vendors in the DSPM space, and even though that we have our own DSPM solution in our own product, but customers have decided to go with another vendor for DSPM, so we integrate with them. We announced it just right now in our state. So I think having those type of integrations will eventually benefit the customers.

Speaker 1: 6:40

I mean because then you can actually get one environment to actually manage everything and even though they're different products, you can still ingest everything into one single environment.

Speaker 2: 6:52

Exactly I love the way you describe it. It's not only about consolidating vendors. It's about putting everything in one platform. So if they choose Checkmode to be the cloud security platform, they will use it to get information from CrowdStrike. Maybe they will use it to get information from DSPM vendors like Centra and others, and then this becomes their platform. They do have the other products as well.

Speaker 1: 7:15

And it's not only about ease of use, right. It's also about this pure necessity as well to do this, because it gets more complicated by the minute or by the hour the entire world we live in, in IT in general and in cybersecurity as well. So you need integration and ingesting it into one central location, otherwise, you're not going to be able to keep up with what's happening, right.

Speaker 2: 7:38

I think the problem is that the attacks themselves become more sophisticated. So attack starts in the front door of the cloud, moving into your cloud. Sometimes it moves even outside your cloud. It can start with your endpoint or your email and from your email it gets into the endpoint, from the endpoint it gets into your network and then to your data center.

Speaker 1: 7:58

So if you do not connect the dots, if you don't understand how the attack is actually evolving and transforming inside your organization and the products do not communicate with each other, then it's hard to actually prevent it yeah, yeah, that's I think it was a key word, right, because I get the impression that, uh, checkpoint is one of the um very few that are left in the in the industry that are focusing heavily on prevention. Maybe, maybe, I'm wrong, but a lot, but a lot of times you hear, well, the old chestnut it's not a matter of if or but, when, all that stuff, but you still focus very heavily on prevention. Does that have a? I mean, you would probably say yes, but does that have a future right? Because I think there's a lot of chatter and a lot of talk about moving away from prevention. How do you see that, based on the discussion you have with your customers or potential customers?

Speaker 2: 8:59

I think it depends on the customers. But if we look at the large enterprise customers, they probably will invest about 70% of their security budget into prevention type of product.

Speaker 2: 9:10

Trying to put it, it could be endpoint network email as an example, and 30% give or take on their remediation and things like that. I think that as you go to more mid-sized market, you would find that they don't have the ability to build their own stocks, so they will go with MDR and most of their direct investment will be on trying to put some type of prevention approach. I think that prevention is a big word and then we in Checkpoint we are very, very religious about prevention, believing that when we think about simplicity, going back to how we started everything, if we do not prevent the attack and we tell you, listen, we did a very good job in detecting, but you need to now go and remediate it after, then we are adding complexity to the customers.

Speaker 1: 10:02

And for prevention, I would imagine the platform approach also is very important, right? Because if you want to do real-time prevention, I would imagine the platform approach also is very important, right? Because if you want to do real-time prevention not even real-time detection, but real-time prevention then you need to have very tight integration with your entire security stack, I would imagine, right?

Speaker 2: 10:19

Absolutely. And let me give you a good example. If I'm a hacker and I already developed my malware file, it's a document, malwareware file that I need you to open this document. How can I bring you to open this document? I can send it to you over your corporate email. I can send it to you via your Gmail account. I can send it to you. Maybe I will put it in some Dropbox and I will send you a link to download it. I can give it to you via Facebook or whatever. I can find multiple ways to bring this file to you. So ask yourself do you have the same level of prevention against the same type of male wars in all the attack vectors on your endpoint, in your emails, in your Gmail, on your mobile device? So a platform will know how to give you the same level of prevention for the same attack vectors, regardless how it gets into your computer.

Speaker 1: 11:14

But then you have to do it on a risk-based kind of way as well, right?

Speaker 2: 11:18

So in that platform you also need some sort of a risk analysis of which are the most important factors to protect more than others, maybe even because you can't protect everything, right so at the end of the day, as the customers, you need to prioritize and you just need to decide what do you invest more and where do you are putting it aside? I think it's this is you, as a customer, are prioritizing your environment and putting risks, but that's quite a hard decision to make.

Speaker 1: 11:48

Maybe right, maybe they don't really understand what the riskiest. I mean you can work your way back from what are my crown jewels. So that's top priority number one. But then you still don't know the attack factor of how you can get to those crown jewels. So you need to have a discussion internally as well.

Speaker 2: 12:08

But the common logic will bring you to understand that securing your PII data and your medical record is more important than securing maybe, your security, than your cameras, like your IOTs or things like that. Everything is important to secure, but there are things that are more important than others and a common sense will help you to prioritize and if you see it and you define a strategy for security, you will find out where you want to start and what's next. Yes, there are things that you can bring some consulting, you can bring someone to help you out. I think that, from a vendor standpoint, when we think about risk, the risk should go back into. Should we block it or not? Yeah, and and that's difficult the problems to solve, and and again, I think that if you, if you are not compromising on on just detection and you're going all the way to prevention, then you really really need to understand is this a real risk that you need to prevent or is it something that you should allow to go through?

Speaker 1: 13:05

Yeah, but then you also need to be able to see which is an exploit path and which is only an attack path, which is only theoretical, right. So there are lots of theoretical vulnerabilities that don't really matter all that much, but some of them actually are very, very, very important, and I think that's something that is very hard to determine. I think as something that is very hard to determine, I think as a customer, which ones are more important than the others.

Speaker 2: 13:28

So we less care. It's not that we less care. We understand that you have in your environments tons of risks and vulnerabilities and issues. We cannot fix it all. You cannot, no one can fix it. So in a world where I'm trying to keep your environment only hygienic, believing that to keep your environment only hydrants, believing that by keeping your environment hydrants it will be secured, it won't be enough. The prevention side says I don't know if you have vulnerabilities or not. I don't know if you have risks or not, I will just prevent them when someone tried to attack you. And that's the philosophy of prevention. Now I think that there is a good practice also to scan your application, the endpoint, and try to clean all the risks that you have, the vulnerabilities, the misconfigurations, the secrets that you leave, the entitlements that are too open. All those kind of things are very important, but they are not enough if this is the only strategy. The strategy should start with prevention and then you go to hygiene and configuration and posture. So that's my recommendation for customers.

Speaker 1: 14:34

And, in general, do you think basic hygiene is on a good enough level, basic security hygiene in the market? Because we're still talking about patching right, it's 2024. I mean you would have liked to have solved that problem, but it's still. It's a problem that is almost impossible to solve, because you as a developer today.

Speaker 2: 14:57

You are very, very lazy. So you use 70% of your code you take it from open source and the rest of the 30% probably use OpenAI. So now ask yourself, how much do you really work to clean all this code from vulnerabilities and from risk, and how often do you go to your production environment and you update the code? It happens, but you still have in your production environment thousands, if not hundreds of thousands, of vulnerabilities and risks. So one yes, you want to clean those that are the most critical one, but the hackers will find even ones that are less critical to hack you. So the prevention again will make sure that if we know how to do it well, if the solution knows that, you can still stay secure even if you didn't clean it all. And then it doesn't really help that there.

Speaker 1: 15:43

if the solution knows that you can still stay secure even if you didn't clean it all, yeah. And then it doesn't really help that there are also some security vendors that have unsecured code themselves as well, right, yeah, all the supply chain.

Speaker 2: 15:54

We've seen. So, you do everything in your power to clean your code and to keep yourself hygienic, but then you put some third-party vendors that either runs inside your cloud or maybe connect to your Office 365, kind of a plug-in that is connected to your Office 365, and here he steals all your emails, your contact list or even walls, your PII data and things from your cloud.

Speaker 1: 16:18

So if you have to make a priority list as a company at the moment is third-party software attacks, Should it be very high up on that list?

Speaker 2: 16:26

It's quite high today. The supply chain type of attacks is quite high. I won't say it's the number one but ransomware is still the number one. And you know how ransomware gets into your environment.

Speaker 1: 16:38

Phishing emails.

Speaker 2: 16:38

Phishing an email. It always goes back to the fundamentals. Like you need to protect your emails, do a good job protecting your emails, then hackers will not be able to get the credentials of your power users and without credentials of your power users, they will have a hard time for them to get into your cloud.

Speaker 1: 16:56

But it's also especially when you go towards sort of an overarching platform and you put all your eggs in one or maybe two or three baskets. There's also this thing called trust that comes into the equation right, and I think we've seen a little bit of an erosion of trust in cybersecurity, because there are several high-profile cases where the cybersecurity providers themselves weren't very secure. Do you see that as having an impact on the market?

Speaker 2: 17:27

Absolutely what happened to Microsoft right now with their breaches and the problems they had. I heard it from several customers this week about that. It became a bold discussion about the situation. So, yes, I think that if you are a serious company thinking about securing banks, financial organizations, securing critical information, critical infrastructure, you need to take those things extremely seriously, and we've seen it also with other vendors in this market that have been breached or had critical security vulnerabilities. I would go back and I would say this is the number one thing that I'm so proud about Check Point. We almost have zero not almost zero zero type of vulnerabilities, security vulnerabilities and if we had one over the last several years and it's only one we woke up in the middle of the night to fix it immediately.

Speaker 1: 18:23

Why is that? Because you're less lazy than the others? No, no, when you develop your own code, we are very religious.

Speaker 2: 18:28

We are very religious, you know, like a checkpoint employee sometimes will complain, listen, you put security everywhere here, like on our mobile device, on our emails and everything, like guys give us the code and everything. So, yes, this is the way we, we develop our code. We are very religious, you know. And and it has a cost. Because it has a cost sometimes of agility, if you want your developers to move time to market, probably time to market and things like that, but we do not compromise on those kind of things all right, it's smart.

Speaker 1: 18:58

I at least, uh from from an outside perspective. I mean maybe you will lose some deals every now and again because you don't have the functionality.

Speaker 2: 19:04

Yet we do lose some customers because we're missing the features or some of the products, but on the other hand, we're winning a lot of other customers that respect those kind of customers. Vendors do not have vulnerabilities.

Speaker 1: 19:20

So the trust issue that's around now doesn't really. I could also imagine especially the people that you talk to when it's a board discussion that the conclusion of one of the conclusions is going to be we're going to hedge our bets and we're not going for the big platform, we're going for many separate kind of things so that we know that we're not relying solely on one provider. Can that be a conclusion as well?

Speaker 2: 19:50

No, not at all. The other way around. I think that customers have today way more product and feature and capabilities that they are able to use. So adding more product and more vendors will not make them more secure. It will make them even less secure because they will have tons of products in the drawers that they are not using. They need to have a simple product. We go back to simplicity.

Speaker 2: 20:10

It's simple to add additional features, simple to configure, simple to deploy, simple to scale. And, yes, some customers, if you go back into, if you go up to large enterprise, they may have another layer of defense, but it doesn't mean that they won't go with the platform.

Speaker 1: 20:26

Okay, they go from, I don't know, 50, 60, 70 tools to 10 or 80. Yeah, so, for example, in Check Point case.

Speaker 2: 20:33

I can tell you that, for instance, many of our customers use Microsoft for the email security, but they will use us as a second layer of defense for the email. So today we have about 30,000 customers use Checkpoint for email security. Almost most of them are deploying us right after Microsoft.

Speaker 1: 20:52

Okay, but that's an added cost as well, right? So at the end of the day, it must be affordable for organizations to do right. You don't want to add cost on top of cost. True.

Speaker 2: 21:03

You don't do it everywhere you don't do it but email is still considered the number one attack vector. So if you use Microsoft and eventually hackers understand that most customers of the world use E5 to secure their emails, so they will target E5 to go through E5. They will deploy, they will use it, they will find a way to go to path it. We put our security right after E5 and we know everything that E5 will miss. We will catch.

Speaker 1: 21:33

Yeah, but then the stock analyst gets no alert from one solution and does get alert from another solution. That's also quite confusing sometimes, maybe. Unless you're never wrong, that could also be the case. If you're never wrong, then no we're rarely wrong.

Speaker 2: 21:43

Very rarely, our false positive is zero to none.

Speaker 1: 21:46

Yeah, really, then it makes sense.

Speaker 2: 21:52

It's not that every once in a while we find a situation where we block an email that we were not supposed to block, but it's quite rare.

Speaker 1: 21:56

And just pivoting a little bit to obviously one of the big topics that I'm a little bit sick and tired of at the moment, but AI in security. Everybody's talking about it.

Speaker 2: 22:07

Ai Never heard about it. No, good, good.

Speaker 1: 22:10

So you're on the record saying that Checkpoint does nothing with AI. That's good, no, no.

Speaker 2: 22:14

So you know about three years ago, when AI is here. For many years, but AI was not a topic that they used to talk everywhere. And then three years ago, I had a presentation in front of a large audience and the name of the presentation, my presentation was ITAI, which is my name Itai. Itai, that's actually.

Speaker 1: 22:36

So you've always had it.

Speaker 2: 22:37

Yeah, I always had it.

Speaker 1: 22:39

It's built in but especially when it comes to simplicity and being able to react quickly and having an inner platform. Ai must be able to play an interesting role in terms of automation, but also maybe in resolution of things. How do you see that happening?

Speaker 2: 23:00

So I think there are three angles for AI. There is the angle of how hackers are using AI. There is the angle of how hackers are using AI, there is an angle of how you can use AI to make your products better, more secure, and there is the angle of how do you secure AI systems. I think that, yes, hackers definitely are using way more AI to attack you, especially on the phishing spear phishing things like that. It becomes way more easy.

Speaker 1: 23:24

Do you see that as well in your threat intelligence? It's crazy, because I hear from other vendors that they don't see it at all.

Speaker 2: 23:31

No, it's great because what they use today, right now, they are looking at your social media and they use AI tools to scan your social media and then they can generate a phishing campaign that is very targeted, just for you, based on what you did. They see what you did on Facebook, on LinkedIn, on Instagram, and then, when they send you the email, you go wow, how do they know all of this? And I've seen it in real.

Speaker 1: 23:56

But then you need to be able to detect that it's actually a phishing AI generated phishing email, right? So if you don't see them now in your threat intelligence, as a security vendor, you're probably missing them.

Speaker 2: 24:09

You need to block phishing. It doesn't matter if it's coming from AI-driven or human-driven.

Speaker 1: 24:15

Okay, so then they use AI to actually harvest all the information we use.

Speaker 2: 24:19

AI to block phishing, no matter what, and there are so many different. I won't get into the technology behind it, but there are so many different parameters and algorithm and AI that we use in order to come up with the right verdict. So this is one aspect is how hackers use AI and they're using it in many, many other ways to generate codes that will hack into your computer and things like that. We use AI today in products, and Checkpoint came up with a co-pilot that will help administrators to interact better with our products. We use AI way, way before. We have more than 45 different AI engines in our threat cloud, but the new AI that we are talking about the CGPT type of the AI is something that will allow our administrator to interact way better with the security product.

Speaker 2: 25:10

But the most interesting part is about how do you secure AI, and that's what the announcement that we did today with our AI guard is the fact that AI is a system that almost every organization will deploy in their environment. They will use, obviously, the public one, but also the one in-house. So how do you protect it? And that's a huge concern from customers and again that came along again and again Some customers trying to block their employees from using AIs in different ways, and it's extremely hard because it's not only about chat GPT, it's chat GPT and thousands of other AI systems that use chat GPT or other, or BERT or other A lot of parallels with the rise of the cloud, the public cloud.

Speaker 1: 25:56

Right, you had the same kind of split between customers saying you're not allowed to use it, Some said you're not allowed to use it, Some said you're allowed to use a little bit and others say go ahead, do whatever you want.

Speaker 2: 26:07

Yeah, the vast majority are in the middle. They will say, okay, I want you to use it, I think it's very important because this is how you move fast, but I want to control it. Many of them are now running fast to deploy their own AI system in-house, so their employee will not have to go outside. But then how do you secure the prompt? How do you secure that when AI interacts with other systems inside organizations via APIs? How do you secure this type of attack vector? How do you scan and tell me, as a CISO, which AI systems my employees are using? How do they use it For what purpose? For marketing, for sales, for financing, for coding? Think about developers, think about CICD systems that will try to take advantage of AIs.

Speaker 1: 26:53

We need to put those kind of guardrails of AI firewall for AIs, and that's exactly where it's quite hard to do right, because you don't really know what you're up against, because AI is changing so quickly that it's quite hard to predict what it's going to be like in, I don't know, three months, six months, a year.

Speaker 2: 27:15

It's moving extremely fast.

Speaker 1: 27:17

So you have to move very fast as well.

Speaker 2: 27:19

We have to move extremely fast. Customers are moving very, very fast. The whole industry of AI. We announced our partnership with NVIDIA to protect now the NVIDIA AI systems and many, many new AI data centers will be.

Speaker 1: 27:38

So then, basically, you bring security down the stack even further.

Speaker 2: 27:43

We're looking to put our security all the way from the AI system themselves in NVIDIA, in our firewalls, inside the browser, in the cloud, protecting whatever cloud is trying to communicate AI outside. So we're trying to find all the different logical places to put AI and, again, without asking you to put too much new products, we're trying to take advantage of your install base that you have. Sometimes we'll have to ask you to do additional things, but we already have the footprint. Now the question is do we have the intelligence to come up with the right security in?

Speaker 1: 28:18

place? Yeah, because you need to. As Checkpoint, you also need to invest heavily in your AI that helps customers make sense of their ai. If you know what I mean, right so if you ever have to keep up with, that is that? Is that a is that is that? Is that realistic?

Speaker 2: 28:34

maybe it's not the right word, but that's going to be a lot of hard work to uh to get there you know, the c-sales are are having at least 30% of the time free, so now they have another things to deal with they just need to get their hands dirty and do something themselves.

Speaker 2: 28:52

They were waiting for something to do more things. So here's more things for them to do. Yes, it's, it's. It's quite chaotic, and I think many organizations, all the way to boards and CEOs, woke up one day and said okay, ai is here, we have to use it. We don't know how, but we have to use it. But there's such a lack of knowledge Now we have to protect it as well.

Speaker 1: 29:15

But there's such a huge lack of knowledge when it comes to AI, even at board level. I mean, I heard somebody say yesterday to me that he had somebody say to him it's like this Chinese whisper game now that he was afraid that his ex-wife could get his social security number by asking it to an LLM or to a foundation. That's not how it works, but that was a high-level guy in a very big company that thought that AI worked like that. So there's such a huge lack of understanding of how actually these things work, what it can do and what it can't do, that even on the educational side, organizations need to educate themselves so much before they can actually make a sensible decision on what to do with AI. Right, right, right.

Speaker 2: 30:03

So I think that what I heard and again, I met several big CISOs of some of the largest financials last week and this week, last week in New York and now here telling me they are building right now a committee of people from multiple departments in the organizations, assigning either head of AI or head of AI security, sometimes reports to the CISO, sometimes reports to what they are assigning VP of AI in the organization, which is responsible for anything that AI and security does is part of it, and they are looking how to take advantage of AI for their own business, but also how to secure it.

Speaker 1: 30:45

It's going to be an interesting topic to follow in the coming weeks. Nobody really knows where it's going right, and that must be.

Speaker 2: 30:54

But the funny part is that every company that you see out there changed their name from whatever x66 to x66.ai. Yeah, yeah, yeah.

Speaker 1: 31:03

I think I read something last week that there is a country that has that as a top-level domain, ai. I don't remember which one it was, but they had a.

Speaker 2: 31:15

Ah, the country with the ai. Yeah, yeah, they have the ai. All right, you should jump and buy all those domains. They're having a field day there now. They're making a lot of money, so that's All right.

Speaker 1: 31:27

So, yeah, I think we're at the end of this episode. I think it was an interesting discussion. Thank you for being on the show and I look forward to catching up with you in the future.

Speaker 2: 31:37

Thank you very much. I appreciate that.