CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

Check Point Road Map

What do we know about it?

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

About authorValeri Loukine

• CCMA 0019

• Ex-Check Point

• Senior Security Consultant - Dimension Data

• Email: varera@gmail.com

• Blog: http://checkpoint-master-architect.blogspot.com/

2

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

To discuss

• Last year promises

• New and already known products

• Appliances

• What else?

3

Wednesday, September 14, 2011

CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

Before we even start

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Check Point Road Map

• Where to get it?

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Ideas

• Check Point site

• CPX

• Open press

• Local office

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

The answer is...

Nowhere

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Because

• Check Point site has nothing

• CPX materials - Road map is not published

• Open press - Zero information

• Local office - They do not know

Wednesday, September 14, 2011

CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

Remember 2010?

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Promises

• Identity Control

• Application Control

• Gaia

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Products

• ABRA

• DLP

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

We talk today

about promises keptand future to come

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

3D Security

Enforcement!

Policy!

People!

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

3D Security

• Application Control

• Identity Control Awareness

• Visibility

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Application Control

Delivered

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Identity Control

Delivered as Awareness

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Also part of3D security

• ABRA

• DLP

• Mobile Access Blade

17

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Missing features

SSL inspection

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

SSL inspection

• Comes with R75.20

• Covers IPS, Application Control and DLP

• No SFTP for DLP

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

More on R75.20

• URL Filtering unified with Application Conrol

• DLP performance boost

• DLP Exchange client agent

• Multi Certificate for Mobile Access Blade (thanks, Gil!!!)

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

More on Identity Awareness

• IPSO

• API for all blades including IPS

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Visibility and control

• Event Analysis

• SmartWorkflow

• Provisioning

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Visibility and control

• Do you see any progress?

• I do not

Wednesday, September 14, 2011

CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

Gaia

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

CPX 2010

25

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Actual situation

• Nothing ready is out yet.

• 1st and 2nd stages are merged

• Rumors - to be expected soon (EA September, delivery - end of the year)

Wednesday, September 14, 2011

CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

VSX

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

No progress this year

• Still VSX R67 - R65 based

• Lot’s of missing functionality

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Why?

• VSX to be based on Gaia

• VSX to be part of the maintrain

• VSX to be based on the next version (R76? R80?)

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Dorit Dor on CPX

• VSX R67 with IPv6 Q3 2011

• VSX maintrain 2012 (no IPv6)

• VSX maintrain + IPv6 middle 2012

Wednesday, September 14, 2011

CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011CPUG 2011 Chur Switzerland (c) Valeri Loukine 2011

Appliances

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

HW rumors

• Check Point to expand appliance lines

• SG80-like with WiFi (End of Safe@?)

• Would it be Highest End?

Wednesday, September 14, 2011

(c) Valeri Loukine 2011CPUG 2011 Chur Switzerland

Final quote

• Gartner 2010:

Check Point remains secretive about its road map and longer- term strategies, sometimes leaving its customers guessing and vulnerable to replacement by competitors.

33

Wednesday, September 14, 2011CPUG 2010 Chur SwitzerlandCPUG 2010 Chur Switzerland

Questions And Answers

Wednesday, September 14, 2011

CPUG 2010 Chur SwitzerlandCPUG 2010 Chur Switzerland

Thank You For Your Time!

Wednesday, September 14, 2011