Check Point Adds Humans to Cloud Network Security
ThreatCloud leverages Big Data and the cloud but don't underestimate the value of the human element when it comes to incident response.
Network security vendor Check Point Software this week announced new security services that leverage the power of the cloud combined with the power of expert human response.
The ThreatCloud Security Services offering includes two components, a managed security service and an incident response service.
The ThreatCloud correlates data from Check Point users with third party sources of intelligence to help correlate potential risks and threats. While the Check Point already provides intelligence feeds to its network security gateway customer the managed security service goes a step above that.
Avi Rembaum, Director of Consulting at Check Point, explained to EnterpriseNetworkingPlanet that the managed service takes the ThreatCloud feeds and then provides monitoring for customers.
"It's humans, rather than just straight technology," Rembaum said. "The service contract is between Check Point Managed Security, actual people that work with customers and the contract provides access to that team."
With the managed service, Check Point has people that are monitoring the event feeds and they provide pro-active guidance back to customers based on that information. That guidance can include suggestions on what an enterprise should do to adjust their protections and settings.
For example, if a given customer is seeing SQL attacks against web servers, an IPS would notice the attacks and trigger the appropriate signatures. The managed services team could then inform the Check Point user of what fine tuning is required on the IPS signatures in order to optimize them.
Rembaum noted that for the managed services piece, there is a portal as well as phone and email support back to customers. The incident response piece is a parallel piece of the human equation for delivering network security.
"If there is an incident, the customer would call into the incident response hotline," Rembaum said. "Then we work with the customer, to analyze event data and provide recommendation on how to deal with the incident."
Rembaum explained that for example if there is a malware event, Check Point will help to reverse engineer the item and its payload. If there is a network breach, they will help the enterprise to understand how the breach occurred and then make recommendations regarding controls that should be in place to prevent future breaches.
In a DDoS incident, an enterprise can take advantage of the fact that Check Point can maintain logs offsite. Rembaum noted that an enterprise can forward logs to Check Point on a 30 day refresh cycle in the cloud.
"What's beneficial about sharing the log data is we will see if it’s a volumetric attack," Rembaum said. "So we will have the information leading up to the DDoS incident and can then use the log data to understand source IP information and if there are specific attack methods that are being used."
With that intelligence in hand the humans at Check Point can help an enterprise to mitigate the DDoS, enabling the normal flow of traffic.
While the new Check Point ThreatCloud services includes the use of humans, they also still leverage the power of data analytics and specifically Check Point's SmartEvent solution.
"SmartEvent includes an event analysis tool that enables a quick aggregation and correlation of events so that an analyst can look through the higher level set of incidents that are occurring," Rembaum said.