Jeff Schwartz is the VP of Engineering, Americas, for global cyber security company, Check Point Software. He manages a team of 300~ engineers across multi-disciplinary fields, and he’s responsible for all security engineering resources across a $1 billion portion of the business in North America.
Over his 20-year career in cyber security, Jeff has consulted, designed, and overseen the implementation of the largest network security deployments across all industries, and throughout both the Fortune 500 and major government agencies.
Being a CISO is tough. In this outstanding interview, Check Point’s Vice President of Engineering, Americas, Jeff Schwartz, discusses how you can contend with emerging cyber security challenges, adapt your cyber security practices, effectively advance cyber security initiatives and achieve new heights of cyber security success. Don’t miss these must-have insights.
1. Given your recent conversations with other executives, clients and contacts, broadly speaking, what are the most significant obstacles in organizational achievement of cyber security excellence?
JS: There are two colliding factors that are most impacting organizations’ abilities to achieve cyber security excellence. The first one is that technical debt associated with legacy and existing technologies is a huge burden on operations teams. Supporting, maintaining and managing the existing diversity of technologies consumes a vast amount of resources (both human and capital). Additionally, organizations’ end users and BUs (business units) are pushing the operations teams to adopt more diverse technologies and assets with greater demand for “real-time” delivery. More cloud, SaaS or elastic solutions, which extend the security risk to assets with abstracted or limited visibility and oft times less preventative control. The impact of these two factors is that security outcomes are actually getting worse in many cases.
2. What are the more technical obstacles getting in the way of security excellence and how are organizations solving for these challenges?
JS: Most organizations today are taking the approach that new infrastructure and applications get deployed with more modern solutions to security, while legacy systems are supported by the existing solutions. This introduces operational challenges to support both models concurrently.
3. What should organizations do differently in order to achieve security excellence?
JS: There are really two things that organizations can do to improve their security outcomes. Firstly, to the extent possible, invest in platform-based solutions that support more traditional network security models as well as those that support more modern controls like API security, supply chain security and integrate with CI/CD solutions. Secondly, organizations should focus on solutions that provide qualitative advantage for preventative controls. The perception that detection is a “good start” or that most solutions provide “good enough” prevention is a wild generalization that is quite problematic. Small differences in security efficacy translate to a wide variance in security outcomes. A 1% difference in security effectiveness translates to many hundreds or thousands of false negatives in most environments. A false negative is something that is malicious but considered benign. It’s not practical to staff accordingly to adequately hunt down this volume of false negatives on a daily basis.
4. For established organizations seeking to upgrade security, what kinds of security features should they prioritize right now?
JS: I would suggest those solutions that provide broad platform support across network, cloud and endpoint, in addition to those solutions that focus on providing qualitative advantage around preventative controls. Check Point, of course, is keenly focused on these approaches.
5. How would you advise organizations that are newly managing the risk that distributed employees present?
JS: The most proven approaches for modernizing access for remote employees is adoption of zero trust models. More specifically, MFA, ZTNA, real-time assessment/enforcement of access privileges. In addition, as access to protected resources extends to more edge based resources, strong enforcement for anti-phishing, anti-ransomware and IoT become more critical.
6. How can organizations do the common cyber security stuff uncommonly well?
JS: The common security stuff is hard. Reducing technical debt is hard. Ensuring good backup hygiene and patch management isn’t so easy. This is why so many organizations struggle. At the end of the day is comes down to focus. Is the organization focused on getting security right? Is getting security “right” important to the company? If it is, it will come with the right investment of resources. That investment requires the right solutions, but also the right culture where doing the hard (sometimes tedious) things is accepted. That attention to detail and disciplined approach will lead to better outcomes.
7. Why is Check Point security management still the gold standard? What is the secret to Check Point’s approach?
JS: Check Point continues to be a leader partly due to focus on management. We understood many years ago, that it’s much easier to get security wrong than it is to get it right. To get it right, we needed to make it easy for organizations to adopt. That is why we spent a tremendous amount of resources to make our management easy to use and to make it so that organizations can consume security simply. Because of that “up front” investment, while we’ve often been imitated, it’s a huge challenge for others in the industry to replicate. I’ve just recently had a former employee who now works for a competitor tell me that he’s spent much of the last year submitting feature requests for functionality that we’ve had in our management for the last 20 years.
8. Is there anything else that you would like to share with the CyberTalk audience?
JS: Stay safe out there!