Jerry Ungerman, president of firewall leader Check Point Software Technologies, oversees the company’s worldwide sales, marketing, business development, product management and technical services. In this role, he helps Check Point provide its customers and partners with integrated network security solutions.
The E-Commerce Times spoke with Ungerman last week, on the eve of the company’s release of its new InterSpect intrusion prevention appliance. Here is what he had to say about today’s network security threats and the future of firewall technology.
It appears that the firewall industry has evolved from providing a stand-alone defense to something more holistic. Moreover, it seems to be converging with virtual private networks (VPNs), antivirus and other Internet security measures. To what degree do you find that assessment to be accurate?
Jerry Ungerman: We innovated and patented “stateful inspection” back in 1993. We pioneered easy-to-use shrink-wrap firewalls in 1994. In 1996, we were the first to merge VPNs and firewalls, so that’s been a phenomenon for eight years now. Joint VPN and firewall functionality is only perceived to be new because other companies are only coming to it now. But Check Point has been the technology leader in this space for over 10 years, and with InterSpect, our new family of dedicated intrusion prevention appliances, we continue to be.
In particular, how has the industry evolved over the last year, and where does your new integrated security appliance fit in with the changing environment?
Ungerman: It’s changed because of increasing use of the Internet. The need evolves for protection at wireless access points — for handhelds, laptops, mobile phones. It’s a challenge that requires new innovation: smart defense application intelligence, which is in the core technology we brought out.
We defined what the firewall is. Now we’re following up with InterSpect to take advantage of this technology at the internal security gateway, as we have with firewalls at the perimeter gateway.
What sorts of functionalities and capabilities does this new appliance offer your customers that were previously not available?
Ungerman: We’ve made InterSpect very easy to deploy. It comes with an Internet worm defender, network zone segmentation for security zones, the ability to quarantine suspect computers, and LAN support protection. And we’ve included our preemptive attack protection … to stop attacks before they even occur. Customers that had this technology already installed were protected from the Blaster worm before it was even created.
So we’ve taken all those technologies and put them inside a built-in appliance that can be connected to the internal network.
In general, with what security priorities are your customers most concerned right now?
Ungerman: Web security is what we see as the biggest concern today for our customers. The ability to … have secure authorization policies, secure connectivity [and] remote access. We recently announced our road map for these problems.
People are looking to find perimeter security, internal security [and] Web security and are looking to vendors who can handle these issues, whether at the gateway server level or at the client-side.
Who do you now consider to be your primary competitors?
Ungerman: Cisco is the most visible company. It’s the only one anywhere close to our size. They are a great networking company [but] not that strong in the security business, although they recently partnered with Network Associates and Trend Micro [to address the issue. Even so], they’re such a well-known name that we still think of them as our primary competitor.
How is your technology keeping up with the tactics of increasingly cunning attacks, both remotely and from within the enterprise?
Ungerman: It’s back to what I said. We’ve stayed well ahead of attacks by providing a high level of protection — smart defense and preemptive attack protection — [with] InterSpect.
No matter how advanced a security technology is, its effectiveness depends on the people implementing it. What sorts of training do you provide for your customers?
Ungerman: We provide extensive training through our channel partners. They provide our customers with authorized training centers and other security channels. These ATCs conduct training on the security of Check Point products. There are something like 22,000 to 25,000 engineers trained by Check Point on proper security deployments, [and] 60,000 people advising clients on the best security practices.
What is the overall outlook in the firewall industry this upcoming year?
Ungerman: I’d say very good. There’s a lot of demand. Our reselling partners say how busy they are. We’ve been limited somewhat by the economy in the last couple of years, but there’s a demand, as enterprise use of the Internet keeps expanding, to properly secure the enterprise from the worms and viruses that are spreading.
What is the biggest digital threat currently facing the world?
Ungerman The spread of worms is the big thing today because it can happen so fast. As companies conduct more of their business via the Web, their networks are quickly becoming more open and vulnerable. We recently acquired Zone Labs for its end-point security capabilities, which are already being used by over 25 million users. It’s another element, along with InterSpect, that provides our customers with integrated protection inside and outside the network.