Artificial intelligence in the service of security was a major focus at global cybersecurity firm Check Point’s annual showcase for customers, CPX 360 2023. Besides pulling the wraps off dozens of new products and services, including Quantum SD-WAN and an Extended Cyber Attack Prevention Platform that covers network, endpoints, emails and more, the event gave stage time to Check Point’s ThreatCloud AI generative AI framework.
SEE: Artificial intelligence: 5 uses cases of AI (TechRepublic)
The global conference, anchored in NYC with simultaneous events in Toronto, Chicago, Denver, Miami and Bogota included a panel on ChatGPT that also included ChatGPT exploring AI both as a bar-lowering tool for attackers and as a tool of growing importance for fast defensive tactics.
Jump to:
- AI powers an all-points approach to security
- New “Horizon” for everything SOC
- A stitch in time saves several million
AI powers an all-points approach to security
During the opening keynote, Gil Shwed, the company’s founder and CEO, called 2023 the tipping point for AI as a security tool (Figure A).
Figure A
“We are on verge of an AI revolution,” Shwed said during the opening keynote. “We have all been working on it for over ten years, and you see that today more than half of our threat engines are AI.”
Eyal Manor, VP product management, introduced the company’s “three C’s” mantra — comprehensive, consolidated and collaborative — and how its portfolio of services and tech align with those to deliver both security prevention and detection.
SEE: Check Point vs Palo Alto: Compare EDR software (TechRepublic)
“Partners now have fewer resources and are required to do more with less,” he said. “Last year demonstrated to us that in order for us to provide the best security, we must not only detect threats, but defend the organization. Detection isn’t enough.”
New “Horizon” for everything SOC
The company, which last year launched Horizon, a comprehensive approach to prevention first, this year introduced Horizon XDR/XPR, which it called an industry-first, AI powered, extended detection, protection and response framework meant to handle complex attacks on all fronts.
Dan Wiley, head of threat management and Check Point’s chief security advisor, pointed out that the tools required to run a traditional SOC are pretty extensive, requiring a SIM or data lake to store data, intelligence to explain what’s in that data, orchestration, ticketing systems and a team of IT people to cover the clock.
“That last bit is where a lot of organizations fall short, because they can’t afford the 12 to 14 people to run a SOC 24/7 365,” Wiley said. “With Horizon, within Check Point’s ecosystem, our goal is to incorporate all of the above into one layer that you can consume with one click, because all these elements are baked in.”
Incorporating generative AI — ThreatCloud AI — with other services under the Horizon umbrella enables a real-time feedback loop of detection and prevention, according to Wiley (Figure B).
Figure B
“What we are attempting to do is drive the prevention story aggressively by using detection, but in a novel way through our AI engines,” Wiley said. “This ‘hive-mind’ approach enables us to get to the conclusion of prevention faster. Its main goal is to distribute knowledge and make it available to all of our capabilities in a scalable way.”
Wiley explained that seven years ago, the company began creating systems to automate delivery, consumption and automation through neural networks and AI.
“Now we are up to 40 some-odd engines just around AI,” he said. “We can automate in multiple areas.”
A stitch in time saves several million
In an impromptu presentation during the event, Yoav Chelouche, managing partner at Aviv Venture Capital, gave a primer on security based on his own company’s ransomware experience, which took down the company and cost millions.
“We had a low target profile, with no consumer record of credit cards,” he said. “Who would bother to attack us?”
He described the call from the firm’s COO around midnight that the entire operation was down.
“Ransom has a clock,” Chelouche said. “Time has a cost. The ransom increases, but the first task is knowing if the actors are even credible. Do we know that these guys are even the people who will put us back online?”
He offered two “stitch in time” lessons in hindsight: Perception of risk is lower than actual risk; prepare for much worse than what you may anticipate, because it’s much cheaper to prepare than to repair.
Learn the key elements of security and prevention by ramping up Infosec4TC knowledge. Check out TechRepublic Academy unlimited-access courses on GSEC, CISSP and beyond.