Word to the wise: Buckle up

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1014-201-6954321-0.html?tag=bt_bh

By Robert Lemos
Special to CNET News.com 
August 23, 2001, 1:25 p.m. PT 

When it comes to Internet security, Jerry Ungerman knows perhaps
better than most that it's a rough world out there.

The president of Check Point Software Technologies spends his days
counseling information-technology executives on the benefits of
firewalls and virtual private networks. Actually, he does a lot more
than offer disinterested advice. Even amid the dot-com implosion and
the general malaise affecting IT spending, Check Point has had a
better story than most to tell to Wall Street.

The company beat earnings estimates for its June quarter, with revenue
up 57 percent from the same period the year before. Meanwhile,
management told analysts that it expects profits to be up 50 percent
this year. That good news is primarily due to the veritable explosion
in cybercrimes and hacking, a trend that has given a needed boost to
the Internet security sector.

Once a mainframe maven, Ungerman has helped Check Point establish
itself over the last three years as the de facto standard for
firewalls, considered the second-most-popular Internet security
technology after antivirus software, according to a 2001 survey by the
Computer Security Institute.

To be sure, the company finds itself in a business where all the trend
lines are pointing north. Market researcher IDC recently predicted
that the Internet security market would grow an average of 23 percent
annually for the next five years, hitting $14 billion in 2005.
Business consultancy Gartner expects companies to spend 10 times more
of their IT budgets on security by 2011.

Ungerman spoke in a recent interview about developments in the
Internet security business and his plans for Check Point.


Q: How did you get into security?

A: I joined Check Point almost three years ago. I had been in the
computer business for many years--primarily on the mainframe and
storage side, high-end services and solutions--and we just happen to
run into each other.


Coming from the mainframe area, where there is also an interest in
security, what do you see as the big difference between that era and
today?

Then it was very much internal to the IT department...(authorizing)
who could or could not get to the mainframe. And now it's about the
network and the Internet, so it is much more of an external vs. an
internal view. You are still trying to protect the same assets but at
a different point. It used to be about putting a perimeter up. But now
it's about allowing access but doing it securely. Because of the
Internet and networks, that has made it a much different and much more
important focus.


Check Point has been a darling of the security market for quite a
while. What do you think you do that others don't do?

There is a broad umbrella that is called Internet security. It
encompasses a lot of different technologies: content filtering, URL
filtering, intrusion detection, PKI authentication and authorization.
We're in what is considered the core of the most fundamental piece of
the security business, which is firewalls and virtual private
networks. First and foremost, it is the only one of all the different
security technologies, in a macro sense, that provides true security.
It decides who gets in and out of a network. So it provides all the
access control necessary to provide the security for an enterprise.


The tech slump has hit many security companies as well, but Check
Point is expecting 50 percent profit growth this year. Why is that?

I think that gets back to the same point. It's because we are bringing
out firewalls and VPNs. Firewalls are must-have, not as discretionary
as the other kinds of technologies. Also, our VPN technology saves
companies a lot of money. So I think those two products combined
together is what helping us, relative to the others.

We don't have the same growth rate that we had a year ago, and we find
the market very challenging, very difficult. And we don't think
anything is totally immune to the macroeconomic environment we are in.
But we do seem to be on a relative basis doing better than most
everyone else.


Do you think companies now saying, "We don't need new computers, we
don't need to expand our information-technology budget," are instead
coming around to saying, "Let's get our security straightened out"?

Yes, they are. This is all about using the Internet--gaining the
efficiencies and effectiveness of communicating to your employees,
your partners, customers and suppliers, while using the Internet as
your communication backbone. To do that, you need to focus on securing
those connections. So this is about saving money, increasing your
overall corporate productivity, but you can't do it unless you secure
those connections to the Internet, which is why there still is a focus
on security. It is important to note that although security is among
the top few issues that CIOs or corporate executives are focused on,
even with that, we probably only make up 2 to 3 percent of an IT
budget.


Do you think it also points to some housecleaning? A lot of companies
saying, "If we are not going to grow, at least do it right"?

I don't know about doing it right, but the more they open it up, the
more they need to secure it. Eight years ago, after we started in the
business, securing your network meant shutting it down, not letting
anyone into it. Well, today it means opening it up if you are going to
be effective in the e-business world, but opening it up securely,
which is why people are adding so much more security technology than
anybody thought would happen in as little as four years ago. Because
now they have to protect more and more nodes, connect more offices,
allow more remote access connections, and protect the network down at
lower levels as they have opened it up.


Do you think the security situation is getting worse?

It's getting a lot worse. Reported hacking attempts in the year 2000
went up 77 percent over 1999. That's a pretty sizable increase and,
again, most of the experts will tell you that the vast majority of
hacking is not yet reported. There are too many negative implications
associated with that. The companies don't acknowledge that they had
their network hacked. So, yeah, it's on the increase.

As corporations continue to use the Internet--and I think the growth
will continue to explode, especially as we move into wireless--and you
start tying in partners, customers and suppliers, it's even a bigger
issue to focus on. Fortunately, the technology is in place to allow
them to actually secure the data much more effectively than they could
in a traditional private network.


You mentioned that a lot of hacking is not reported because of the
stigma. Yet, on the other hand, companies can't really secure
themselves. Do you think that we will get to a middle ground where
people might say, "Yes, we were hacked, but we were able to mitigate
the damage," and thus remove that stigma?

I don't know if it's a stigma as much as they don't want the rest of
their constituents to know that their data is vulnerable (because)
they might not want to do business with them. There are always going
to be attempts, and if you have the right security architecture,
you'll see that, you'll know that, but you will have prevented it.


Are we a long way away from being able to deal well with network
attacks?

The technology is in place; it's just a matter of people spending the
money, putting people in place, and taking it seriously. But there are
millions of businesses out there that could be vulnerable. There are
going to be millions of businesses that are going to need the
Internet, and they will need to be secure.


What do you think needs to be done policy-wise to help large
corporations and those forming the backbone of the economy?

I don't think they need the help of the government. I am very
impressed with enterprises. They understand it. They get it. In fact,
I think they get it better than the government. Usually, when the
government gets involved, it's how to catch people, not how to prevent
it. You can't do this through legislation. IT just needs to be more
aware and understanding of the importance of security.

A lot of people focus on privacy and privacy policies, but they don't
ask, How are you going to secure that data that you said you won't
give to anybody? It is up to the individual businesses and consumers.
There is a whole awareness philosophy that the government could get
into, could help foster.


What are the big challenges for security and for Check Point?

The biggest challenge is the pervasiveness of the Internet and the use
of it as we are moving into broadband with cable modems and DSL. What
everybody loves about (broadband) is it's always on and (has) high
performance, but if it's always on in a shared environment, it's
always vulnerable. So that is exposing some new concerns for both
corporations and consumers that they may not have had before. Wireless
is another very big opportunity that if you are going to connect a
wireless device into a network, it is going to again have to be a
secure connection.

I think we're going to be moving into (a period) where the Internet is
going to play a bigger and bigger role as a communications backbone
for consumers as well as businesses. If you get a smart home of the
future that has multiple IP devices in it, you are going to want to
protect that home; that's going to require a firewall at the
residential gateway to protect everything in there, especially when
you are gone. And corporations are the same way. If they are going to
take advantage of these broadband, high-speed connections for their
employees, whether they are in a hotel, in an airport, or at
home...that's going to be the new perimeter--every individual desktop.


Is there still a lot of room to grow in the firewall space?

Oh, yeah. We have about 80,000 customers today, and there's an
opportunity to secure 10, 20, 30 million customers. We can see
firewalls and VPNs as a market opportunity in a good economy of 50 to
60 percent growth opportunities for many, many years to come. We are
at the very early stage of deploying the type of technology that we
have.


In the end, do you think a firewall is going to be something that
anyone on the Internet is going to need?

Yes. With every kind of device. So, it's not just everybody, but every
kind of device that is going to connect to the Internet--so every PC,
every PalmPilot, every cell phone. We are very confident in where we
are today in development, when third generation is here, which is the
bandwidth necessary to make it a viable data device, that we do have
the security technology that will fit both at the gateway as well as
on the device itself.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.