Mr Andrew Vogues is the Threat Prevention Sales Leader, Middle East & Africa, at CheckPoint. In this interview with Daily Sun’s Tech & Gadgets, he speaks on cyber security and the company’s sundry services.
READ ALSO: Cyber security: Reactive measures can’t check attacks –Dizengoff
What Checkpoint is doing in cyber security space
This is a very wide question. Cyber security is on the uprise and it has been for the last few years. What we focus on at Checkpoint is prevention particularly from cyber security perspective. Traditional security was only at the perimeter, if you look at the different generations of cyber security, generation (1) was the Antivirus which was in the mid 90s. 100 percent of customers globally have some sort of antivirus. Next generation is generation (2) which is the internet coming into the perimeter, that was the firewalls and gateways and also globally, 100 percent of customers have some sort of protection around that. Generation (3) deals with applications, which is Intrusion Prevention System IPS type of attacks and globally we have seen about 7-15 percent of customers using IPS. So there is still a lack of security with regards to applications and how to protect applications. In generation (4), we are dealing with attacks that are evasive and polymorphic. With our solutions, you can actually take a file put in the sandbox and inspect the elements of the file and determine if they are malicious or not. Again 7 percent of customers are using sandboxes today. So there is a big gap with regards to how customers actually secure their current environment. If you look at the various endpoints mobile, network, cloud, and surfaces, we can contain all attacks on these fronts. At Checkpoint, we have got the Checkpoint Infinity Architecture which means we can offer the same multilayered security architecture plus all of those services which prevents against all those attacks.
Infinity Architecture means that you get the multilayered security approach, if it is an email, an official link, these are different victims and it differs from region to region but the solutions we provide from the infinity perspective allows for all of those protection across the board, different surfaces, different victims so we protect against all of that. For email region for instance, you get phishing campaigns and you just want to protect against that, that is a point solution and we do not believe in point solutions. Security is a holistic approach; we have to look at the holistic view of security – what is happening at the endpoint, the network, mobile and cloud. If something happens on the network and it is something related to what is happening on mobile you will want to know that these two attacks are related because that is a campaign attack. If you do not have intelligence between your technologies, it will also lack in security posture. This is what Infinity Architecture also provides.
If you look at Checkpoint, we have got probably 2000 to 3000 research and development personnel that does the research and creates the solutions. If you look at what has happened, what we have learnt from the network and how we improve in that, it comes with time but we can do is look at what is currently happening today and then determine if the solution that we currently have can prevent against that and the answer is yes, it can. You can do research at the backend and you can think ahead to say how can this evolve, what can protect us against phishing, specifically if it comes from the endpoint where it originated now they are also targeting the mobile devices, what services are we using in cloud and how can we prevent them. Those are the type of questions we need to ask ourselves clearly because we are a peer place security vendor and we are serious about security, we have done this homework. So if we have got over 150,000 gateways across the globe, the cloud is connected to all of these gateways, so that we can determine what is good and what is bad and based on that we can start researching on new types of attacks and victims. This is how we are able to prevent dangers.
Tell us about fake Apps
Our researchers look for vulnerabilities in applications and we have got different teams of R & D that look at certain networks, some look at IPS, mobile devices and they are searching for vulnerabilities in our end-products. Specifically with Whatsapp, we took the algorithms, reversed it, then we started to look at the security and the issues surrounding that and started manipulating that and what we saw is the traffic between the application itself and the web version is transparent. So Whatsapp can even see their own data in-between. So, once we did the reversal of the algorithms and manipulated the security we were able to see the messages in between.
What this enables and this is all just vulnerability, we do not know if there have been attacks like these before. We have reported it to WhatsApp/Facebook to say that you have vulnerability; we do not know what they are going to do about it. It is our responsibility to let them know first before we go public. Then we went public and we say there is vulnerability with this, it is not secure and they have to do something to secure that. Last year, we discovered the same thing with Facebook Messenger with respect to the application and the web version; and then manipulate it to get the actual messages. It is not encrypted, so we can see it. It is more of social re-engineering.
If you look at the intention of bad players, it could be a lot of things, could be the campaign manager trying to manipulate messages going to a different campaign, putting things in peoples mouth, etc which is also reputational damage. There are different agendas for using this type of vulnerabilities. But, the intent for us was to discover the vulnerability, report it so that Whatsapp can actually do something about it because there is an issue with their data imaging.
Solutions for SMEs
We cater for all customers, irrespective of their size. Infinity Architecture is basically where you can actually have everything for a fraction of the price per user, so it is a consumption model. We can sell them solutions they require, if they require point solution, we have got solutions for big enterprises up to SMEs. We also have the consumer division that actually provides consumer products. We offer a very wide range of solutions and the stack, security remains exactly the same because we believe you cannot go for less because then you will be exposed.
When a customer buys into Infinity Architecture it means that he is protected on all surfaces, the endpoint, desktop, network, Mobile, if they are got Office 365 they have the same level of security. They can leverage all that security in one place with one license; they do not have to invest at the network and then endpoint. It is a consumption model.
Measures to prevent recurrence of Cambridge Analytica
During election time, you need to secure infrastructure and the best way to do that is through a Zero-Day protection, because the attackers are not going to use known type of attacks to get that data, they are going to use social media vulnerabilities to try and get inside. If there is a campaign running, two different parties running, one party is going to try and put words in the other party’s mouth, if it allows them to do that, they will try it or if it is state owned, a different country trying to get some else in power that can also happen. So you have to secure all the way through, look at all your surfaces, make sure you have got the same security across all the surfaces that can actually give you some feedback on what is happening in your environment, that is the only way you can be secure.
You also need to look at automated remediation, you do not want to allow anything bad onto your network not even for a second because then it will be too late. That’s a Zero-Day function. If something is on the network already then you will have to mitigate but you need something to tell you that something is wrong and what to do to mitigate as soon as possible.
So the two things are to focus on are – make sure you have the same security multilayered security architecture across the different surfaces, network, endpoint, mobile, cloud and also get automated forensics to do the automated remediation for you.
Does Checkpoint have early warning detection system?
What we have as a pre-service is what we call Insight, it’s our intelligence team and so what we ask from customers is assets IP, Domain, CFO details and then we do and investigation of the dark web which is where all the bad guys are planning stuff like big data breaches, ransomwares. Once we get the assets from the prospective client, we run them for a week or two via Insight to see if there are planned threats against the company. With banks, we can also see if there have been data leakages, credit card, passwords breaches because they are on the dark web. We then provide feedback to the customer and help them to tie up loose ends closing loops if there has been data exposure, take downs of replicated websites that use command and control servers both onsite. Therefore organizations must have Incident Response plans that can detect upfront emerging threats.