Gil Shwed is the CEO of Check Point, a leading name in computer security software
He says Check Point provide security software used by every Fortune 100 company
Company launching a new collaborative approach to cyber security called "ThreatCloud"
"ThreatCloud" will share information on attempted cyber attacks between users
Gil Shwed is an Israeli programmer and entrepreneur who is regarded as one of the fathers of modern Internet security.
He got his first job writing software at the age of 12, and by 1993, at the age of 24, he formed the Internet security company Check Point with two business partners and a borrowed computer in his associate’s grandmother’s apartment in Tel Aviv.
Check Point created the first firewall using “stateful inspection” – the second-generation of firewall technology widely used today.
In the years since, hacking has become big business – one of the fastest growing areas of crime, according to Interpol, with an estimated global cost of $1 trillion a year.
As a result, his company Check Point now has grown to boast nearly 3,000 staff and accounts for one third of the global security software market, with its security software used by every Fortune 100 company.
“In 1993, most people didn’t know what the Internet is all about,” says Shwed, who sensed the Internet would be big but had no idea it would grow to become as central to modern life as it has.
“I never imagined the Internet to have such a huge effect on the world or for Check Point to be a company that sells for nearly a billion-and-a-half dollars today,” he said.
But as vital as the Internet – and by extension, cyber security – has become to our lives, few of us really have a handle on how it works. Here, Shwed explains of some of the basic concepts.
What’s a firewall?
A firewall is a piece of software or hardware that protects the security of a computer network – be it a home or business network – by controlling incoming and outgoing traffic between the network and the rest of the Internet.
Some form of security is necessary to protect computer networks from hackers.
“Basically, a simple system connected to the Internet, every hacker can break in in a few seconds. You put some layers of security; the efforts required to break in are becoming bigger.”
A firewall works by analyzing incoming data packets and determining whether they should be allowed through.
“It can just sit in the entrance to the organization like a door and you block whoever goes in or goes out,” says Shwed.
“It knows how to analyze the traffic and basically classify each type of connection.”
Today, firewalls are becoming increasingly complicated, says Shwed.
“There are multiple layers and you need to provide… many different types of protection, many different types of the system,” he says.
“Today, the firewall does probably ten more things: it knows how to encrypt your traffic when you communicate with mobile devices, it knows how to scan the data for potential leakage… It knows how to look for very sophisticated attacks; it knows how to look for bots.”
What are bots?
Also known as web robots, bots are software applications that run automated tasks over the Internet, and are often used for malicious purposes.
“Bots are small software agents that sit on our personal computers. They hide there, they communicate with their operator which tells them what bad things to do,” says Shwed.
Bots can often be disguised in legitimate-looking content to infect vulnerable computer networks.
“(The firewall) knows how to find these kinds of communications that disguise themselves in sort of legal communications.”
Computers infected with malicious bots can be by directed by the third party controlling them – known as a “bot herder” – to perform tasks en masse, such as a distributed denial of service, or DDoS attack. In a DDoS attack, massive networks of infected “zombie” computers are directed to target a system with traffic, overloading and effectively crashing the targeted network.
How has the threat environment changed?
“Twenty years ago, the typical hacker was like a student trying to show his technical skills with no bad intentions,” says Shwed. “Today it’s governments, sophisticated organizations.”
He said that “every business today is facing hundreds, if not thousands of attacks everyday. And these attacks can go from small things that slow you down to bad things that will stop your business right away immediately.
“That motivation can be political, it can be financial – stealing data or things like that. It can be extortion.”
The extortion could take the form of a threat to take down a network if a sum was not paid, or a more subtle approach.
“We’ve seen several cases where somebody calls an organization and says ‘I’m a security researcher, I’ve found that your company is being targeted. I’ll let you know how to block it if you pay me my consulting fees.’ It can start from small amounts, $5000, $15000.”
But while large companies and governments were obvious and attractive targets, home computer users were just as vulnerable, as general attacks were aimed at security vulnerabilities, rather than specific targets.
“The general break-ins are not happening by targeted attacks, by somebody trying to attack you or your organization. The general attacks (come through) tools that scan the Internet and find the place to break in – and wherever they can break in, they’ll break into.”
It sounds overwhelming. Are there any new approaches to the problem?
Shwed’s company has a new product called ThreatCloud, which it bills as the first collaborative approach to fighting cybercrime.
“One of the things we realized about two years ago is that today every company, every person in the world fights cyber threats individually. We all install systems, we’re all being attacked, in many cases, by the same people, thousands of times a day.
“So what we came up with was that idea of a threat cloud. And ThreatCloud is like a collaboration network – whenever a customer network sees an attack or sees something suspicious, it reports to the ThreatCloud service (which) analyzes threats from multiple sources.
“If it finds out that it’s actually an attack, it can automatically update the rest of the world and let everybody enjoy that intelligence, that know-how that some attack has been happening and everybody should block that source.”