[ISN] Word to the wise: Buckle up

From: InfoSec News (isnat_private)
Date: Fri Aug 24 2001 - 01:44:07 PDT

  • Next message: InfoSec News: "[ISN] Re: Microsoft MCSE training faulted"

    http://news.cnet.com/news/0-1014-201-6954321-0.html?tag=bt_bh
    
    By Robert Lemos
    Special to CNET News.com 
    August 23, 2001, 1:25 p.m. PT 
    
    When it comes to Internet security, Jerry Ungerman knows perhaps
    better than most that it's a rough world out there.
    
    The president of Check Point Software Technologies spends his days
    counseling information-technology executives on the benefits of
    firewalls and virtual private networks. Actually, he does a lot more
    than offer disinterested advice. Even amid the dot-com implosion and
    the general malaise affecting IT spending, Check Point has had a
    better story than most to tell to Wall Street.
    
    The company beat earnings estimates for its June quarter, with revenue
    up 57 percent from the same period the year before. Meanwhile,
    management told analysts that it expects profits to be up 50 percent
    this year. That good news is primarily due to the veritable explosion
    in cybercrimes and hacking, a trend that has given a needed boost to
    the Internet security sector.
    
    Once a mainframe maven, Ungerman has helped Check Point establish
    itself over the last three years as the de facto standard for
    firewalls, considered the second-most-popular Internet security
    technology after antivirus software, according to a 2001 survey by the
    Computer Security Institute.
    
    To be sure, the company finds itself in a business where all the trend
    lines are pointing north. Market researcher IDC recently predicted
    that the Internet security market would grow an average of 23 percent
    annually for the next five years, hitting $14 billion in 2005.
    Business consultancy Gartner expects companies to spend 10 times more
    of their IT budgets on security by 2011.
    
    Ungerman spoke in a recent interview about developments in the
    Internet security business and his plans for Check Point.
    
    
    Q: How did you get into security?
    
    A: I joined Check Point almost three years ago. I had been in the
    computer business for many years--primarily on the mainframe and
    storage side, high-end services and solutions--and we just happen to
    run into each other.
    
    
    Coming from the mainframe area, where there is also an interest in
    security, what do you see as the big difference between that era and
    today?
    
    Then it was very much internal to the IT department...(authorizing)
    who could or could not get to the mainframe. And now it's about the
    network and the Internet, so it is much more of an external vs. an
    internal view. You are still trying to protect the same assets but at
    a different point. It used to be about putting a perimeter up. But now
    it's about allowing access but doing it securely. Because of the
    Internet and networks, that has made it a much different and much more
    important focus.
    
    
    Check Point has been a darling of the security market for quite a
    while. What do you think you do that others don't do?
    
    There is a broad umbrella that is called Internet security. It
    encompasses a lot of different technologies: content filtering, URL
    filtering, intrusion detection, PKI authentication and authorization.
    We're in what is considered the core of the most fundamental piece of
    the security business, which is firewalls and virtual private
    networks. First and foremost, it is the only one of all the different
    security technologies, in a macro sense, that provides true security.
    It decides who gets in and out of a network. So it provides all the
    access control necessary to provide the security for an enterprise.
    
    
    The tech slump has hit many security companies as well, but Check
    Point is expecting 50 percent profit growth this year. Why is that?
    
    I think that gets back to the same point. It's because we are bringing
    out firewalls and VPNs. Firewalls are must-have, not as discretionary
    as the other kinds of technologies. Also, our VPN technology saves
    companies a lot of money. So I think those two products combined
    together is what helping us, relative to the others.
    
    We don't have the same growth rate that we had a year ago, and we find
    the market very challenging, very difficult. And we don't think
    anything is totally immune to the macroeconomic environment we are in.
    But we do seem to be on a relative basis doing better than most
    everyone else.
    
    
    Do you think companies now saying, "We don't need new computers, we
    don't need to expand our information-technology budget," are instead
    coming around to saying, "Let's get our security straightened out"?
    
    Yes, they are. This is all about using the Internet--gaining the
    efficiencies and effectiveness of communicating to your employees,
    your partners, customers and suppliers, while using the Internet as
    your communication backbone. To do that, you need to focus on securing
    those connections. So this is about saving money, increasing your
    overall corporate productivity, but you can't do it unless you secure
    those connections to the Internet, which is why there still is a focus
    on security. It is important to note that although security is among
    the top few issues that CIOs or corporate executives are focused on,
    even with that, we probably only make up 2 to 3 percent of an IT
    budget.
    
    
    Do you think it also points to some housecleaning? A lot of companies
    saying, "If we are not going to grow, at least do it right"?
    
    I don't know about doing it right, but the more they open it up, the
    more they need to secure it. Eight years ago, after we started in the
    business, securing your network meant shutting it down, not letting
    anyone into it. Well, today it means opening it up if you are going to
    be effective in the e-business world, but opening it up securely,
    which is why people are adding so much more security technology than
    anybody thought would happen in as little as four years ago. Because
    now they have to protect more and more nodes, connect more offices,
    allow more remote access connections, and protect the network down at
    lower levels as they have opened it up.
    
    
    Do you think the security situation is getting worse?
    
    It's getting a lot worse. Reported hacking attempts in the year 2000
    went up 77 percent over 1999. That's a pretty sizable increase and,
    again, most of the experts will tell you that the vast majority of
    hacking is not yet reported. There are too many negative implications
    associated with that. The companies don't acknowledge that they had
    their network hacked. So, yeah, it's on the increase.
    
    As corporations continue to use the Internet--and I think the growth
    will continue to explode, especially as we move into wireless--and you
    start tying in partners, customers and suppliers, it's even a bigger
    issue to focus on. Fortunately, the technology is in place to allow
    them to actually secure the data much more effectively than they could
    in a traditional private network.
    
    
    You mentioned that a lot of hacking is not reported because of the
    stigma. Yet, on the other hand, companies can't really secure
    themselves. Do you think that we will get to a middle ground where
    people might say, "Yes, we were hacked, but we were able to mitigate
    the damage," and thus remove that stigma?
    
    I don't know if it's a stigma as much as they don't want the rest of
    their constituents to know that their data is vulnerable (because)
    they might not want to do business with them. There are always going
    to be attempts, and if you have the right security architecture,
    you'll see that, you'll know that, but you will have prevented it.
    
    
    Are we a long way away from being able to deal well with network
    attacks?
    
    The technology is in place; it's just a matter of people spending the
    money, putting people in place, and taking it seriously. But there are
    millions of businesses out there that could be vulnerable. There are
    going to be millions of businesses that are going to need the
    Internet, and they will need to be secure.
    
    
    What do you think needs to be done policy-wise to help large
    corporations and those forming the backbone of the economy?
    
    I don't think they need the help of the government. I am very
    impressed with enterprises. They understand it. They get it. In fact,
    I think they get it better than the government. Usually, when the
    government gets involved, it's how to catch people, not how to prevent
    it. You can't do this through legislation. IT just needs to be more
    aware and understanding of the importance of security.
    
    A lot of people focus on privacy and privacy policies, but they don't
    ask, How are you going to secure that data that you said you won't
    give to anybody? It is up to the individual businesses and consumers.
    There is a whole awareness philosophy that the government could get
    into, could help foster.
    
    
    What are the big challenges for security and for Check Point?
    
    The biggest challenge is the pervasiveness of the Internet and the use
    of it as we are moving into broadband with cable modems and DSL. What
    everybody loves about (broadband) is it's always on and (has) high
    performance, but if it's always on in a shared environment, it's
    always vulnerable. So that is exposing some new concerns for both
    corporations and consumers that they may not have had before. Wireless
    is another very big opportunity that if you are going to connect a
    wireless device into a network, it is going to again have to be a
    secure connection.
    
    I think we're going to be moving into (a period) where the Internet is
    going to play a bigger and bigger role as a communications backbone
    for consumers as well as businesses. If you get a smart home of the
    future that has multiple IP devices in it, you are going to want to
    protect that home; that's going to require a firewall at the
    residential gateway to protect everything in there, especially when
    you are gone. And corporations are the same way. If they are going to
    take advantage of these broadband, high-speed connections for their
    employees, whether they are in a hotel, in an airport, or at
    home...that's going to be the new perimeter--every individual desktop.
    
    
    Is there still a lot of room to grow in the firewall space?
    
    Oh, yeah. We have about 80,000 customers today, and there's an
    opportunity to secure 10, 20, 30 million customers. We can see
    firewalls and VPNs as a market opportunity in a good economy of 50 to
    60 percent growth opportunities for many, many years to come. We are
    at the very early stage of deploying the type of technology that we
    have.
    
    
    In the end, do you think a firewall is going to be something that
    anyone on the Internet is going to need?
    
    Yes. With every kind of device. So, it's not just everybody, but every
    kind of device that is going to connect to the Internet--so every PC,
    every PalmPilot, every cell phone. We are very confident in where we
    are today in development, when third generation is here, which is the
    bandwidth necessary to make it a viable data device, that we do have
    the security technology that will fit both at the gateway as well as
    on the device itself.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 05:44:34 PDT