Check Point’s VP of Engineering, Jeff Schwartz, on SASE

February 23, 2021

Jeff Schwartz, CISSP, is the VP of Engineering, North America, for global cyber security company, Check Point Software. He manages a team of 200~ engineers across multi-disciplinary fields, and he’s responsible for all security engineering resources across a $700 million portion of the business in North America.

Over his 20-year career in cyber security, Jeff has consulted, designed, and overseen the implementation of the largest network security deployments across all industries, and throughout both the Fortune 500 and major government agencies.

In this interview, Jeff Schwartz discusses why SASE emerged, the SASE value-add, how to select a SASE vendor and more. Check out these outstanding cyber security insights.

What is SASE, in a nutshell?

The acronym SASE stands for Secure Access Service Edge. It’s a new operational model that Gartner has developed. It involves the consolidation of many of the traditional network security controls that organizations enjoy at the perimeter of their environments, and the extension of those controls to remote applications and remote enforcement. By Gartner’s definition, there’s a list of roughly 20 different pieces of functionality that all comprise this Secure Access Service Edge, but in its most simplistic terms, what SASE distills down to is the consolidation of remote access capabilities and endpoint security controls that would traditionally have been leveraged in network consumption models.

What does SASE deliver?

Roughly 70% of security incidents occur through the compromise of an endpoint. Organizations require an enterprise class solution to secure those endpoints. The pandemic-related, distributed working conditions that many organizations and people are currently operating under are accelerating the development of this space, as organizations need to provide remote access and the delivery of applications to larger and more diverse user populations. At the same time, businesses must deliver enterprise class security on the endpoint.

Traditionally, remote access and security were handled independently. Security for remote users would typically occur at the DMZ or datacenter perimeter. This model doesn’t really scale with applications like Salesforce, Office 365 and where application access is not really defined by what lives in the data center. These days, user access is directly to the cloud wherever those applications may live with third party user populations, unmanaged assets….etc. So now we need to extend all of that robust security that would live at the edge of a traditional data center environment to these remote user populations.

Prior to SASE, markets addressed this by offering separate endpoint detection and response (EDR), separate next generation EV, separate remote access, separate desktop firewall, separate sandboxing solutions, a separate URL filtering solution that may live on the endpoint, separate DLP and on and on and on. So, that obviously doesn’t scale, in terms of operational needs of the organization, nor from a user experience perspective, which is very important. So, SASE is the consolidated delivery vehicle for enforcement of these solutions and it also provides the operational consistency management across different user populations, different asset classes, and different security controls that live on the endpoint.

Why should organizations consider SASE?

SASE improves security through this consolidation, both on the operational side and in terms of security outcomes, because now you’re extending enterprise class capabilities in a consistent way across many different user populations, devices and enforcement characteristics on the endpoint.

What should organizations look for as they choose a SASE solution?

So, there are two different areas that I would characterize as essential in the SASE space.

If you acknowledge the trend, which shows that 70% of compromises start with an endpoint, then you need best-in-class preventative controls on those endpoint devices/users. The perception of commoditization of certain security controls like anti-malware or sandboxing is dangerous because we have quickly evolved to a place where users are not connected behind the enterprise security stack at your perimeter.

I think that because this is an evolving space and a new market category, there’s a rush to accept this perception of commoditized functionality. However, better security produces meaningfully better outcomes with reduced risk to the business.

The reality is that differentiated capabilities in terms of threat prevention are enormously important, especially reflecting on our previous conversation around lateral movement of supply chain issues. If an endpoint is compromised because of less than best-in-class security controls, that compromise can move laterally very quickly. As a result:

There needs to be priority on qualitative advantage in preventative controls.
Endpoint prevention also needs to be operationally simple. The whole concept of SASE centers around consolidated functionality. If it’s not easy to use, then it will slow down the organization and not deliver on SASE’s core value proposition.

What kinds of questions about SASE should organizations ask vendors?

At the end of the day, many organizations are exploring the space in real-time. It’s very dynamic. Many vendors are trying to get into this space and there’s a bit of an arms race in terms of functionality and features. But the important criteria that organizations should evaluate are what I just mentioned; the extent to which a vendor provides qualitative advantage around preventative controls. Because again, you’re extending application access to environments that don’t have this big security stack in front of them.

And further, organizations should ask about the vision around operational simplicity. Because this is a dynamic space, each vendor is evolving and what’s here today will be enhanced in a month. And what’s here in a month will be enhanced a month after that.

But I think SASE implementation centers around the core values of the organization. I would suggest that organizations prioritize a qualitative advantage around preventative controls and the extent to which a vendor can provide truly simplified, consolidated operational management.