STORY HIGHLIGHTS
- Gil Shwed is the CEO of Check Point, a leading name in computer security software
- He says Check Point provide security software used by every Fortune 100 company
- Company launching a new collaborative approach to cyber security called "ThreatCloud"
- "ThreatCloud" will share information on attempted cyber attacks between users
He got his first job
writing software at the age of 12, and by 1993, at the age of 24, he
formed the Internet security company Check Point with two business
partners and a borrowed computer in his associate's grandmother's
apartment in Tel Aviv.
Check Point
created the first firewall using "stateful inspection" -- the
second-generation of firewall technology widely used today.
In the years since,
hacking has become big business -- one of the fastest growing areas of
crime, according to Interpol, with an estimated global cost of $1
trillion a year.
As a result, his company
Check Point now has grown to boast nearly 3,000 staff and accounts for
one third of the global security software market, with its security
software used by every Fortune 100 company.
"In 1993, most people
didn't know what the Internet is all about," says Shwed, who sensed the
Internet would be big but had no idea it would grow to become as central
to modern life as it has.
"Twenty years ago, the typical hacker was like a student trying to
show his technical skills with no bad intentions. Today it's
governments, sophisticated organizations
Gil Shwed, Check Point
Gil Shwed, Check Point
"I never imagined the
Internet to have such a huge effect on the world or for Check Point to
be a company that sells for nearly a billion-and-a-half dollars today,"
he said.
But as vital as the
Internet -- and by extension, cyber security -- has become to our lives,
few of us really have a handle on how it works. Here, Shwed explains of
some of the basic concepts.
What's a
firewall?
A firewall is a piece of
software or hardware that protects the security of a computer network
-- be it a home or business network -- by controlling incoming and
outgoing traffic between the network and the rest of the Internet.
Some form of security is
necessary to protect computer networks from hackers.
"Basically, a simple
system connected to the Internet, every hacker can break in in a few
seconds. You put some layers of security; the efforts required to break
in are becoming bigger."
A firewall works by
analyzing incoming data packets and determining whether they should be
allowed through.
"It can just sit in the
entrance to the organization like a door and you block whoever goes in
or goes out," says Shwed.
"It knows how to analyze
the traffic and basically classify each type of connection."
Today, firewalls are
becoming increasingly complicated, says Shwed.
Harvesting rubber from dandelions
The bionic hand with the human touch
Invention makes objects liquid repellent
"There are multiple
layers and you need to provide... many different types of protection,
many different types of the system," he says.
"Today, the firewall
does probably ten more things: it knows how to encrypt your traffic when
you communicate with mobile devices, it knows how to scan the data for
potential leakage... It knows how to look for very sophisticated
attacks; it knows how to look for bots."
What are bots?
Also known as web
robots, bots are software applications that run automated tasks over the
Internet, and are often used for malicious purposes.
"Bots are small software
agents that sit on our personal computers. They hide there, they
communicate with their operator which tells them what bad things to do,"
says Shwed.
Bots can often be
disguised in legitimate-looking content to infect vulnerable computer
networks.
"(The firewall) knows
how to find these kinds of communications that disguise themselves in
sort of legal communications."
Computers infected with
malicious bots can be by directed by the third party controlling them --
known as a "bot herder" -- to perform tasks en masse, such as a
distributed denial of service, or DDoS attack. In a DDoS attack, massive
networks of infected "zombie" computers are directed to target a system
with traffic, overloading and effectively crashing the targeted
network.
How has the
threat environment changed?
"Twenty years ago, the
typical hacker was like a student trying to show his technical skills
with no bad intentions," says Shwed. "Today it's governments,
sophisticated organizations."
He said that "every
business today is facing hundreds, if not thousands of attacks everyday.
And these attacks can go from small things that slow you down to bad
things that will stop your business right away immediately.
"The general break-ins are not happening by targeted attacks ...
the general attacks (come through) tools that scan the Internet and find
the place to break in ...
Gil Shwed, Check Point
Gil Shwed, Check Point
"That motivation can be
political, it can be financial -- stealing data or things like that. It
can be extortion."
The extortion could take
the form of a threat to take down a network if a sum was not paid, or a
more subtle approach.
"We've seen several
cases where somebody calls an organization and says 'I'm a security
researcher, I've found that your company is being targeted. I'll let you
know how to block it if you pay me my consulting fees.' It can start
from small amounts, $5000, $15000."
But while large
companies and governments were obvious and attractive targets, home
computer users were just as vulnerable, as general attacks were aimed at
security vulnerabilities, rather than specific targets.
"The general break-ins
are not happening by targeted attacks, by somebody trying to attack you
or your organization. The general attacks (come through) tools that scan
the Internet and find the place to break in -- and wherever they can
break in, they'll break into."
It sounds
overwhelming. Are there any new approaches to the problem?
Shwed's company has a
new product called ThreatCloud, which it bills as the first
collaborative approach to fighting cybercrime.
"One of the things we
realized about two years ago is that today every company, every person
in the world fights cyber threats individually. We all install systems,
we're all being attacked, in many cases, by the same people, thousands
of times a day.
"So what we came up with
was that idea of a threat cloud. And ThreatCloud is like a
collaboration network -- whenever a customer network sees an attack or
sees something suspicious, it reports to the ThreatCloud service (which)
analyzes threats from multiple sources.
"If it finds out that
it's actually an attack, it can automatically update the rest of the
world and let everybody enjoy that intelligence, that know-how that some
attack has been happening and everybody should block that source."
No comments:
Post a Comment