Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/31/2020
04:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

What It's Like to Be a CISO: Check Point Security Leader Weighs In

Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.

Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors.

"A lot of these departments … they want to drive to the same place, but they have different needs," said Fischbein in a keynote at this week's CPX 360 conference, in New Orleans. Each day he is tasked with making decisions to secure these departments and each of their employees, while also tackling his overall goal and greatest challenge in being a CISO: enabling business processes.

Tackling this challenge starts with addressing human-based issues. "People are the biggest asset and the biggest weakness in any organization," Fischbein said. "Engage them wisely."

This means knowing how employees can aid in your defenses, but more importantly the people you need to protect against. The first group includes overmotivated employees. "These employees will do stuff because they just want to promote the business," he explained, but they often do this by downloading tools and applications not sanctioned by the IT department. "Shadow IT," or the use of software without the business' consent, presents security issues.

While eager employees pose a risk, unhappy ones are considerably more dangerous. "These are the No. 1 people who will hurt the company," Fischbein added. Angry workers who are motivated to cause damage can use their access to steal contacts and code and expose internal data. "These problems are relevant to everyone," he said, noting that for every 1,000 employees, chances are five to 15 are unhappy. They may face penalties, he continued, but many unhappy employees forget about the contracts they signed when they started the job.

Cybercriminals and nation-states are the other two groups causing concern for Fischbein. As an example, he cited recent concerns of retaliation and potential cyberattacks from Iran in early January. "We have to immediately make sure our SOC was up-to-date," he said of the response. "All IP addresses from Iran are going to be immediately blocked, no questions asked."

The talk dove into two examples of how CISOs can help enable business processes. First, he said, is embracing the cloud and supporting the business' ability to use it. In the past year, Check Point's IT teams have worked in cloud environments and developed directly on them. One of their accounts is forbidden to be exposed to the Internet. If something is accidentally exposed, the team introduced a mitigation through which the incident is logged and sent to the SOC.

"The No. 1 topic that I believe is the reason for hacks or breaches in the cloud is misconfiguration," said Fischbein.

Understanding security incidents is a second example of how the CISO can support the business. It's essential to treat incidents well and thoroughly, said Fischbein, and it's equally important to not be surprised or panic when a breach hits. Be sure you know which teams will be involved in response and the steps they will take in investigating and mitigating the threat.

"What is key during the incident is to try to [record] lessons learned during that incident," he emphasized. "A month later you will not remember what happened."

Fischbein also spoke to the use of automation, which he believes will allow security teams to survive the challenges of today and the future. "All security pros, such as myself, have to open the gates to third-party solutions. We have an automated process to vet the new technologies we will connect to our systems, so [they] will be rapid and secure."

With respect to Check Point's own product line, he called himself "customer zero" for all of the company's tools.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "AppSec Concerns Drove 61% of Businesses to Change Applications."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8423
PUBLISHED: 2020-04-02
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.
CVE-2019-14868
PUBLISHED: 2020-04-02
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those env...
CVE-2019-20635
PUBLISHED: 2020-04-02
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
CVE-2020-11452
PUBLISHED: 2020-04-02
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the f...
CVE-2020-11453
PUBLISHED: 2020-04-02
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it ...