Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/31/2020
04:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

What It's Like to Be a CISO: Check Point Security Leader Weighs In

Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.

Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors.

"A lot of these departments … they want to drive to the same place, but they have different needs," said Fischbein in a keynote at this week's CPX 360 conference, in New Orleans. Each day he is tasked with making decisions to secure these departments and each of their employees, while also tackling his overall goal and greatest challenge in being a CISO: enabling business processes.

Tackling this challenge starts with addressing human-based issues. "People are the biggest asset and the biggest weakness in any organization," Fischbein said. "Engage them wisely."

This means knowing how employees can aid in your defenses, but more importantly the people you need to protect against. The first group includes overmotivated employees. "These employees will do stuff because they just want to promote the business," he explained, but they often do this by downloading tools and applications not sanctioned by the IT department. "Shadow IT," or the use of software without the business' consent, presents security issues.

While eager employees pose a risk, unhappy ones are considerably more dangerous. "These are the No. 1 people who will hurt the company," Fischbein added. Angry workers who are motivated to cause damage can use their access to steal contacts and code and expose internal data. "These problems are relevant to everyone," he said, noting that for every 1,000 employees, chances are five to 15 are unhappy. They may face penalties, he continued, but many unhappy employees forget about the contracts they signed when they started the job.

Cybercriminals and nation-states are the other two groups causing concern for Fischbein. As an example, he cited recent concerns of retaliation and potential cyberattacks from Iran in early January. "We have to immediately make sure our SOC was up-to-date," he said of the response. "All IP addresses from Iran are going to be immediately blocked, no questions asked."

The talk dove into two examples of how CISOs can help enable business processes. First, he said, is embracing the cloud and supporting the business' ability to use it. In the past year, Check Point's IT teams have worked in cloud environments and developed directly on them. One of their accounts is forbidden to be exposed to the Internet. If something is accidentally exposed, the team introduced a mitigation through which the incident is logged and sent to the SOC.

"The No. 1 topic that I believe is the reason for hacks or breaches in the cloud is misconfiguration," said Fischbein.

Understanding security incidents is a second example of how the CISO can support the business. It's essential to treat incidents well and thoroughly, said Fischbein, and it's equally important to not be surprised or panic when a breach hits. Be sure you know which teams will be involved in response and the steps they will take in investigating and mitigating the threat.

"What is key during the incident is to try to [record] lessons learned during that incident," he emphasized. "A month later you will not remember what happened."

Fischbein also spoke to the use of automation, which he believes will allow security teams to survive the challenges of today and the future. "All security pros, such as myself, have to open the gates to third-party solutions. We have an automated process to vet the new technologies we will connect to our systems, so [they] will be rapid and secure."

With respect to Check Point's own product line, he called himself "customer zero" for all of the company's tools.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "AppSec Concerns Drove 61% of Businesses to Change Applications."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.