Guy Lupo, Check Point

Now is the time to streamline regulatory and security compliance policy, as compliance has the greatest influence on information security costs, according to Guy Lupo, Check Point’s senior executive for MEA, speaking during the Check Point Security Tour SA, in Johannesburg, recently.

The compliance and regulatory landscape is evolving, and is extremely complex, he said.

“Today, we find out that there are more regulations, which are also becoming more frequent, that nobody really knows what is going on. Previously, we generally had new regulations per year, but now they are coming on a quarterly or monthly basis,” said Lupo.

He added that while regulatory and compliance measures are increasing rapidly, the pressure on IT security is also increasing because of the emergence of new and sophisticated threats.

Lupo noted the most influential factors putting pressure on security and compliance are industry and/or government compliance mandates, and threats and risks organisations are facing, as well as information security best practices.

According to Lupo, Check Point recently entered the governance, risk and compliance market with its Compliance Software Blade solution to fill a gap it identified.

He suggested the solution is the first integrated and fully automated security and compliance monitoring tool.

Check Point’s Compliance Software Blade complies with the Library of Over 250 Security Best Practices, he noted, adding it also offers real-time assessment of major regulations.

Furthermore, it gives instant notification on policy changes impacting compliance and provides actionable recommendations to improve compliance.

According to Lupo, the Library of Security Best Practices is capable of translating thousands of complex regulatory requirements into actionable security best practices, and constantly monitors gateway configuration with these best practices. It also generates automated assessment reports for compliance rating with top regulations.

In addition, the solution offers 360-degree visibility of an organisation’s security and compliance status, Lupo said.

“It acts as a second set of eyes for security administrators – looking over any modifications they make and alerting them to any potential compliance issues.”

The Compliance Software Blade ensures every policy adjustment is checked for compliance, including changes made to all Check Point Network Security Software Blades, such as firewall, IPS, anti-bot, DLP and application control.

CHECK POINT COMMITS TO SA

Though the South African IT security landscape is more advanced than the rest of Africa, Check Point Software Technologies sees huge opportunities in the market and intends to channel more investment into it.

This was the word from Amnon Bar-Lev, president of Check Point, in an exclusive interview with ITWeb on the sidelines of the Check Point Security Tour SA.

He revealed that Check Point has witnessed an increase in business on the local front over the past couple of years.

“We intend to continue growing our presence in the South African market. In SA, and Africa as a whole, we also intend to open more offices and continue to invest as well,” said Bar-Lev. SA, just like any other country, is at the mercy of the changing threat landscape and should therefore have solutions to mitigate these threats, he said.

Quoting the company’s 2013 Security Report, based on research of nearly 900 companies, Bar-Lev said botnets and data loss were the biggest security threats facing organisations globally.

“Many organisations (63%) suffer from botnets. A lot of organisations are using malicious applications; going to the wrong Web sites. So, clearly, we see a lot of organisations losing data.

“The security industry has become sophisticated and complicated. Smart people are getting smarter and the bad guys now have more resources. It’s no longer about individuals, but countries are also now involved. However, we have to keep innovating to stay ahead and I think this is only the beginning of it.

“But, the message is: things are happening and organisations need to be proactive; you don’t want your organisation to make headlines for the wrong reasons and you don’t want to lose your data. What you need to do is build the right architecture for that,” Bar-Lev said.

Overall, when analysing the attacks affecting organisations, there is evidence that about 90% of them could have been solved if organisations had put very basic security measures in place, he noted.

“My recommendation to organisations is not to put in place complex security systems. For example, there is no need to have different security solutions from multiple vendors sitting on the same infrastructure to protect against threats. You need something simple and straightforward.

“There is no reason to have five boxes, one after the other. This will mean different policies on things like firewall, IPS, proxy and VPN. This will lead to a complex network of many vendors.

“The problem with this is you will not have a single policy for all these. You will not have a single point of correlation; you will have less visibility – you basically lose control of what you are doing.”