We met Gil Schwed in Prague, Czech Republic, during Check Point's bi-annual event. He tells SecurityNewsletter.com more about today's announcements and future challenges.

SecurityNewsletter.com : You announced a new firewall / IPS line aimed at the high end. Won't this put you in competition with partners like Nokia, already very present on that market ?

Gil Schwed : Yes, there is now a lapping on the high end. But I believe there are still enough differences to make a choice. Nokia is very good on the hardware, for example, while our strength is in simplicity and centralized management. 

SNL.com : Centralized management seems to be quite a focus for Check Point now, isn't it ?

It's indeed our focus for 2008. We aim to simplify and unify the management of both the gateways and the clients. We started late 2007 by introducing a single price plan that covers subscriptions for all the security functions in our appliances (antivirus, IPS, etc...). Now, we introduce a single endpoint client that integrates all the security functions the client needs (firewall, NAC, antivirus, antispyware, VPN client, USB ports control...). And, of course, our goal is to have a single management console for them all, gateways and endpoints.  

SNL.com :  You mention USB ports control on the endpoint. That's very much a "Data Leak Prevention" (DLP) thing, a market where Check Point is not really present. Do you have plans regarding DLP ?

Yes, we will have a DLP product line. So far our offer is limited to USB ports control on the endpoint, but we will clearly go above this. We will be a DLP player, and that will be at the gateway. We want real-time enforcement, in order to stop documents leaving the perimeter, and we want DLP to be much simpler. I find current solutions to be too complex.

SNL.com :  You also offer your channel partners to manage their customer's security for them. It's a step toward the Software as a Service model (SaaS), which is quite fashionable at the moment. Do you plan to go further down that road ?

I feel Check Point has the infrastructure needed for this model, and we strongly believe in it. Software as a Service will definitely play an increasing role for us. But that will always been through our channel and business partners, to whom we will provide the infrastructure while they manage their customers. Today a business partner can be up and running and start selling managed security services powered by check Point in a matter of days.

SNL.com : DLP, SaaS... that's a lot of new ventures. Will you tackle them all alone ?

I do not rule out new acquisitions.

SNL.com :  With all those new ventures, what to make of the good ol' firewall that made you famous ? Is it dead ?

Not even close ! It's not done evolving; on the technical side of course, it needs to filter higher loads. Our appliances now rely on quadcore processors, for example. But it also keeps evolving on the intelligence front. It got up the layers and need to better understand application traffic, and better interpret sessions for example. And it also needs to talk with other security equipments on the network.