Veteran firewall vendor Check Point Software Technologies (hereafter Check Point or CP) held the US edition of its 2020 CPX 360 conference this week in New Orleans. The event gave industry analysts a chance to see what Check Point has been up to.

The theme of this year’s CPX 360 is “Secure Your Everything,” a narrative to stitch Check Point’s existing portfolio to three recent acquisitions:

  • ForceNock was an AI/machine-learning (ML) WAF and API security acquisition. Now it is literally two checkboxes in CP’s security profiles. It’s too early to tell if there’s any room for efficacy, especially when other “checkbox” WAF (web application firewall) vendors have been dimly viewed in the past. True, the main complaint against legacy WAFs has been how to configure and maintain policy, but the jury is still out on whether the answer can be AI/ML and a checkbox. But anyway, if you need WAAP-like checkboxes (WAAP being short for web application and API protection), there you go!
  • Cymplify was a startup that had an idea for a nano-agent for protecting the internet of things (IoT). The premise was simple: a small agent that could be embedded in an IoT device to provide cybersecurity. Check Point says that it is talking with major device manufacturers to get it included in next year’s internet-connected TVs, toasters, and toenail clippers. Haha, there is no such thing as internet-connected toenail clippers — yet.
  • Protego was a security control for serverless functions such as AWS Lambda. The acquisition is another example of traditional firewall vendors extending their reach into adjacent technologies. We did hear customers asking about when the technology would be integrated into Check Point’s Infinity management plane. That’s a good sign.

Drone enthusiast (and Check Point founder) Gil Shwed still does his own keynotes.

Other quick takes:

  • Web security done differently. Most other firewall vendors promote cloud-based forward proxies. CP’s new web security is achieved with browser extensions in Chrome, Firefox, and Internet Explorer. Extensions allow access to the plaintext web payloads and don’t export web content to the cloud for scanning, which keeps latency and privacy intact. Browser extensions have a long history of fragility, which CP thinks it can overcome with its frequently updated endpoint. Props to Check Point for being bold enough to try a different approach.
  • No direct SD-WAN. CP is among the last of the big firwall vendors to *not* have a direct SD-WAN component. It is relying on the SD-WAN vendors to complete the puzzle: Silver Peak, Aruba, Microsoft, VMware, etc. — basically everyone except Fortinet. All were sponsors at CPX 360.
  • Threat intelligence. CP’s threat intelligence team had some impressive cases over the last year, including two nation-state cases. CP claims 25 researchers on staff, which, if you think about it, is a decent investment, especially if they’re based in expensive Tel Aviv. They did a lunchtime talk about how the team bought the Azure “cloud-in-a-box” and disassembled it to find microservice breakouts that also worked in the Azure cloud — responsibly disclosed and already fixed, of course. CP announced that it will be making its threat intelligence data available to threat hunters, though not as a feed. Regarding the team’s recent article — “Tik or Tok? Is TikTok secure enough?” — other analysts may think it frivolous, but this analyst enjoys a break from Sturm und Drang every now and then.
Dorit Dor does 145 slides in 40 minutes
Dorit Dor does 145 slides in 45 minutes.

Big thanks to the Check Point analyst relations team for inviting and shepherding us industry analysts for two days. Looking forward to the next one.

Forrester clients: I have pages of more notes and observations but have run out of juice to blog about them; schedule an inquiry with me if you’d like to know more about what I saw at CPX 360.