Last week, I attended Check Point Experience 2014 (CPX2014) in Washington, D.C. Here are some quick highlights from the conference:

• There were around 1400 attendees, up from 650 a mere two years ago.
• Security people cannot properly capitalize VMware either.
• They also use ‘on-premise’ and make people twitch.
• There is some conflation between orchestration and automation, and even confusion on what constitutes one or the other.
• Foreign language translations can be fun! This isn’t a slight against the speakers (I certainly cannot speak their language!), I just think it’s healthy to laugh about these things, especially when the correct word is obvious and the meaning stays intact. If we weren’t always so uptight about things…

There were two more significant lessons I learned at CPX 2014, however.

The first is that Checkpoint has a lot of products that make up what they are calling Software Defined Protection. It’s a neat idea, though some of the products are not GA and hence not usable at this time, leaving the definition somewhat nebulous as far as real world examples go. However, it does define enforcement, control, and management layers (planes) and lays out products that work at each layer, plus pending integration with other tools and standards (a VMware-compatible virtual firewall, REST APIs, etc). Taken together, SDP has the potential to affect design and implementation with an end result not just of increasing security policies, but shortening the gap between malware creation and prevention.

The SDP products are, like past Check Point products, part of the vast suite of products that make up their firewall offerings. Some steps have been taken to streamline the lineup and licensing, but it is unfortunately still complicated, even to those who have used their products for years. The idea of software blades still persists and still requires you to pick your functionality in advance, though this may be changing to an on-demand model soon enough. In spite of the licensing issues, I can’t wait to start using some of the new products. The holistic approach Check Point is taking is not something I have seen with other vendors.

For instance, the Threatcloud product will allow you to benefit from threat analysis used by other Check Point customers – someone gets an email attachment, their cloud service uses sandboxing to detect the unknown malware, and then it’s identified for all Threatcloud users. That’s very significant and novel. There are other new products that they announced, though I won’t discuss them (between presentation slides labelled confidential and enhanced access as a partner, I’m not exactly sure what I can say, actually!), that expand on this idea to really create a holistic approach. If you couldn’t go to CPX 2014 and use or entertain the idea of Check Point products, I’d suggest reaching out to your account rep and ask for some information on the presentations. If any of the keynotes were recorded, check those out – particularly Amnon Bar-Lev’s keynote on datacenter segregation. He used some nice graphics to show what organic datacenter growth looks like, then detailed how to make it all manageable again without disrupting users. You can also check out #CPX2014 on twitter for what I had to say during the event.

This brings me to the second lesson. Security practitioners are insular.  Like most IT people, I’m not the most outgoing person in the world, but I do enjoy chatting and sharing stories and meeting colleagues in the industry. Not much of that happened at this conference, certainly far less that at other conferences I’ve been to. I’ll delve into this in depth in another post, but suffice to say that I was somewhat underwhelmed as far as social interactions with other attendees went. I think that can change and that doing so will make things better.

Were you at CPX? If so, I’d love to hear from you. I was not able to make all the sessions and I’m interested in what I missed. Drop a note in the comments or find me on twitter.