Jony Fischbein, Check Point Software’s Chief Information Security Officer, has over 20 years of industry experience, and leads the company in maintaining a strong security posture, securing employees, securing partners, and securing customers.
In this interview, join Jony as he discusses how Check Point Software orchestrated the transition to remote operations amidst the coronavirus pandemic.
How did Check Point approach securely navigating the pandemic-driven transition to remote work?
This was one of the most intriguing topics for security professionals at the start of the coronavirus; how we would enable the whole organization to continue safely and securely working from home.
There were two types of workers to worry about; those with corporate laptops, and those without. The first group was easier to address, but even for those with corporate laptops, certain enterprise assets were inaccessible remotely. For example, those working with IP, finance, HR security monitoring systems, and other specific resources encountered obstacles.
Workers without corporate laptops proved more challenging to secure. These were mainly headquarters employees, such as R&D and technical support. However, in fewer than eight days, we managed to transform a remote access to desktops POC into a large-scale secured solution. This allowed for more than 1,000 employees to connect from home safely while using personal, unmanaged devices.
Leveraging existing Check Point security remote access tools, together with load balancing solutions, among others, for scalability were major assets on the path to working from home #WFH securely. #workingremote
In parallel, we implemented monitoring tools in the Security Operations Center (SOC) to mitigate unauthorized access. These tools emphasized behavioral analysis. We caught employees using TOR anonymizers on their home computers, and we even had an interesting case where two employees, from two different departments, were connecting from the same house. We later found out that the latter case was related to a wedding that took place 30 days before the pandemic.
How did Check Point navigate compliance amidst the transition to remote work?
When employees began working from home, the security team shared security policy do’s, don’ts, guidelines and best practices with everyone. Because not everyone implements policies, we also developed an integrated, innovative easy-to-use compliance scanner as a tool to validate safety of at-home computers. This tool can check that an anti-malware solution is enabled and updated, and that the home PC has a recent OS version, build, and that the browser is considered safe.
What can employees do if they receive a low grade with the compliance scanner?
They can get recommendations on how to remediate.
What advice do you have for other CISOs on the topic of compliance amidst the coronavirus?
Policies are important, but we need to help employees with solutions; like providing security tools that can be run at home (yes, including licensing). For me, security at home is easy because we deploy ZoneAlarm Extreme Total Protection to mitigate malware, keyloggers and other threats that may put working from home at-risk.
Did you gain new insights from this interview? Don’t miss our second thought-provoking piece with Chief Information Security Officer, and industry expert, Jony Fischbein. Stay tuned.