Peter Sandkuijl, a resident of The Netherlands, is a senior security specialist who has operated in the security market for over 25 years. He started his career at a local Check Point distributor, where he served as a technical product manager. This responsibility for the Check Point product line was quickly expanded. In 2000, Check Point started a Benelux office, where Sandkuijl started as the Technical Manager Benelux. Later, as the region expanded, his job title changed to that of SE Manager Northern Europe. In 2007, a transfer was prepared, where the vast knowledge and experience Peter possesses could be put to good use; his role became EMEA SE High-End Solutions. In this capacity, he acted in an overlay position to serve the entire EMEA area with proactive information, development of training and workshops and visits to projects and customers. The main Check Point products Sandkuijl focused on were Provider-1, VSX, high-end firewalling and the Check Point appliances. Starting in April of 2011, Sandkuijl was promoted as the Head of Network Security solutions, Europe, heading up the team of European SEs. Themes were developing technologies and solutions and market areas of interest, such as virtualization, cloud, LTE and web 2.0. As of October 2019, Peter was appointed to lead the entirety of the SE organization in EMEA. He is now VP Engineering, EMEA.

In this interview, expert Peter Sandkuijl offers astute insights into the modern cyber ecosystem. He shares engaging stories drawn from his own industry experience and dives into what works in preventing IoT, 5G, supply chain threats and much more. This must-read cyber security content can assist you in your role, empowering you to elevate cyber security within your business.

What types of management processes are most effective in preventing evolving threats?

The most important element for a business is continuity of processes, production or whatever else makes it  flourish; the strategic process of seeing the business as a whole and mitigating any threat, ideally before it  happens. Following this logic, implementing security is not an IT matter and not a peripheral line  on a larger financial balance sheet, but an integral part of doing business to start with. The management processes most effective therefore are diagonally spread throughout an organization, from the CIO to the operator. All of these individuals  are acting on behalf of the health and wellbeing of the organization. As organizations aim to be efficient, prevention will always be better than attempting to deal with the fallout of a (security) event.

Intelligence is key. How has threat intelligence sharing improved in recent months?

Getting insights can be daunting, especially when multiple technologies are not aligned. Best-of-breed was a great approach 10 years ago, but today people are looking to consolidate. I have been seeing some really good traction in the area of extended detection and response (XDR), where sources of information are brought together and technologies such as machine learning are combined with threat intelligence databases. These are quite often cloud operated to remove complexity of upgrades and scaling while allowing a model of consumption versus ownership.

Experts must expect the unexpected. What is catching CISOs off-guard this year?

The whole pandemic has caused a landslide, metaphorically speaking. Threats and risk mitigation have sometimes be de-prioritized to allow for the continuation of production. As an example, remote access had to be rolled out in a matter of days. This fact of the pandemic and the corresponding state of mind has also been leveraged by some teams to expedite digital migration. I believe some of the CISO’s out there have allowed more to happen than they have full control over. In particular, the rush to public cloud is an area where we can all improve a lot!

How can firms better prepare themselves to be ready for anything?

As mentioned before this should be an integral part of doing business, so just like you have an insurance and a lock on the door you should have a more than appropriate cyber security policy and implementation. Security is not an IT matter, but boardroom discussion material. Right now, I see boardrooms in escalation scenarios on account of poor planning. A more proactive approach to business continuity and security at the boardroom level would benefit everyone.

Tell us about a time where you’ve seen an amazing level of cyber resilience

The stories that are best are quite often from our incident response team (IRT) as these guys come in when it’s doom and gloom and nobody knows what to do. Imagine ransomware spreading all over, complete active directory takeovers, malware explosions,…etc. That is a tip of the iceberg, however there are lot of great stories that I recall from when our engineers came in and brought a solution to an immediate challenge. In the beginning of the pandemic, we brought 15k users online in a matter of days. We often prevent massive issues from happening simply by sharing our experience and applying our “devil’s advocate” attitude.

If at all, how should organizations revise approaches to IoT and 5G security?

Let’s start with having an approach to IoT and 5G security at all. The organizations I speak with today frequently leave these topics to facilities and telecoms, respectively. The corresponding conversations are most often about functionality and deployment, not about a potential malicious entry point into an organization. Creating an up-to-date overview is imperative.

What insights can you share about mitigating supply chain risk?

It is becoming very clear that point solutions that do not offer integration and real-time analysis will not be sufficient to protect against supply chain attacks. We spent a lot of time calling customers last year to offer assistance. Guess where our engineers spent most of their time? Explaining to customers that patching alone is not enough. As an industry we have learned a lot from the event. Now we need to stay at it and drive improved procedures and practices. We simply cannot allow a detect mentality. Nowadays, zero trust network access is required, combined with identity, current connecting device compliancy and pre-defined expected behavior. All of this must coincide with full accountability. It still hurts me a lot to see how personal information gets squandered and all that follows is a simple excuse. Consequences of not doing things right should be much more grave. Our industry has a lot of work to do here and must push security out of the IT corner and right up there with financial and strategic interests.

How else can organizations stop playing catch-up and get ahead of threats? 

As described above, one could identify what exactly is required; least privilege should be a leading concept, not “simply get it to work”. In future I expect organizations will give up on the idea that they can control all threats by creating a unique company-specific policy for it, enforced per network segment. Organizations will start consuming security intelligence and it will be delivered as a service, specific to where the request and application exist , not the network. All of this should be combined with strong compliancy measures and least privileged access. That way a huge amount of daily work will be removed from operators. Application access will be the central starting point and not the device or network access point. Networks will continue to be segmented, but the enforcement points will act in a “consume and contribute” model; all policy elements will be dynamic and will be able to change at any point in time.

How can Software Defined Protection (SDP) assist with evolving attack forms?

Funny enough, Check Point wrote about SDP many years before current terminology was applied and today we see the industry starting to speak about it. Having your controls in software is a great opportunity. It makes organizations much more agile. The abstraction between the hardware that can now be considered a resource pool and the applications that run on top is a true revolution in the industry. After 25 years of Ethernet and TCP/IP we can now run entirely in software. The powerhouse called OSPF and BGP just lost quite a bit of its power. Security, because of that, no longer needs to be a chokepoint in a network and can very selectively be applied on the exact traffic flows where it needs to fit. At the same, time it also opens up new areas we never had to secure before. All orchestration and operation is now an API call. Who secures those….? If an application is no longer compiled as an executable and the code that is used is not from one in-house source but a collection of GitHub projects and some internal modelling, how do we treat that?

Anything else that you would like to share with the Cyber Talk audience?

At the risk of sounding like an old geezer reminiscing, I looked back at when I started in the world of security back in 1996 and at some point figured “how many more firewalls could we ever sell”? Fast forward to today, we still do access control but it got so much more complex. As a security professional, it became more intriguing and challenging. Don’t trust that you can recline and continue doing what you did yesterday is what I took from my experiences. Every time we seem to slow down technology-wise a new innovation arrives. Creating secure environments that are built to keep running is a fantastic journey. It never stops to challenge us. With the digital transformation era, things started going faster and decisions are being made in new areas of companies. If you have a handle on this skill, you have job security for many years to come!