AI and the Force: Interview with Eyal Manor of Check Point
March 2023 by Manuel Langhans, Global Security Mag
We met Eyal Manor from Check Point in Munich, where his company hosted the Cyber Security Summit "CPX 360", presented new products and a roadmap for the year to come. An interesting interview gave an insight into Check Point’s special spirit, lead to a Star Wars reference to describe the battle between the good and the bad in cybersecurity and built up to some good advice
Global Security Mag: Your CV tells me that you have been with Check Point for about 12 years before leaving, but also coming back. That’s interesting. Maybe you want to elaborate your reasoning...
Eyal Manor: I love the question. It’s the most asked question by colleagues or friends but no one else ever asked this. First, I want to say that specifically at Check Point, my case is not unique. We are having hundreds of very talented people leaving and then joining back.
Why I left is easy: I had been there for 12 years and I got the feeling that I needed to see other things, to learn another culture, to build more muscles, to create more skills. I’ve been at a start-up company and I’ve been at Microsoft, so I did small things and huge enterprise things.
At the end of the day, I understood that Check Point has a huge advantage by the way the company thinks about its product mission. It is the mission of preventing threats for customers, of offering a very wide variety of products and the ability to have an impact on organizations all over the world and also to see all of this as a mission. This is unique. At Check Point people are really passionate about what they are doing and I really missed that elsewhere. So I took the opportunity to join their team again.
GSM: Where does the passion you describe come from?
Eyal Manor: Initially, it comes from our management. You just heard our CEO Gil talking at an event, after 30 years, but with the same passion as if it would have been year one. This is leadership by example and the energy is contagious. You see that and it spreads to you and everyone else. People then take it as their personal mission to do better. So if you really want to make an impact, this energy makes Check Point the best place to be.
GSM: Do you think your hiring policy helps create this passion and energy?
Eyal Manor: We are very diverse in terms of different people, genders, cultures, and so on. This for sure helps. I think if companies are to homogenous, at the end of the day that limits thier ability to understand their costumers’ needs. Different ways of thinking make us better. For us, diversity is not a marketing stunt, it is part of our culture. I can tell you that everybody’s opinion counts. We are not a company based on a firm hierarchy. At Check Point, you will never see a situation where an employee with a strong opinion will not express it, just because his or her manager does not agree. It’s ok to step up, to disagree and to express thoughts. People are always being encouraged to speak up and to voice their opinions, whether they are at a VP level or just coming from college. Your opinion will be taken into account and that’s amazing.
GSM: So what did you learn during the time you spent away from Check Point?
Eyal Manor: We evolve all the time and we’re always learning new things. I had the chance to work both at a start-up and at Microsoft. At a start-up, you learn how to be very agile and how to respond super fast. Think about meeting a prospect in the morning, telling you what they are missing, and providing them with what they need in the afternoon of the same day.
At Microsoft, you learn from probably one of the best technology companies ever about setting standards and processes and about working in an environment with people from all over the world. So you learn how to create clarity and enable everyone to collaborate. If you don’t create clarity, everything falls apart.
Both these elements I now deploy at Check Point and these skills help me and help us to get better.
GSM: What is your favourite part of your job?
Eyal Manor: Meeting customers and listen to them, to learn about what they like, and more importantly what doesn’t work and where they fail. This is by far my favourite task because it helps me to think about solutions and how to innovate.
GSM: Speaking of innovation, how do you plan to get ahead of the risks of AI and to use it for your purposes instead?
Eyal Manor: I always go back to Star Wars and to the Force. The Jedi are taking it to a good place to bring peace to the galaxy and the Empire takes it to a negative place. They are in competition all the time. Sometimes one side is on the top and sometimes the other one.
It is the same with AI. It is a competition really. We see that attackers are not standing still. They create malware, spam, phishing, and so on. We must be ahead. In order to do so, we need to do three things. First you need to leverage AI to build more sophisticated models. We are talking about deep learning technologies and advanced and most sophisticated engines. It takes billions of examples of attacks that already happened, to understand even the most sophisticated threats and to differentiate good from bad. It’s also not enough to just detect bad, we must also be able to identify good to not also label it as bad. This differentiation is very complex. I believe though that we’re having a breakthrough thanks to the engines we are using and thanks to the huge amount of data coming from gateways and endpoints and mobile devices or the cloud. Of course it is important to say that all this data is fully anonymised and cannot be tracked. Actually it is metadata of pieces of information that our customers are sharing with our model. So we are talking about raw anonymised metadata. Our approach is helping us to stay ahead. We already started with two deep learning engines, one that stops zero phishing and one that stops DNS attacks.
Zero phishing is very interesting. In the past, somebody was creating spam and distributing it to 50.000 people. So it was very easy to say: “I have seen that”. With zero phishing, somebody is attacking you, and in context. So I need to detect by only this one instance that this is bad. There are a lot of different factors to analyze: how the e-mail looks like, the domain, the graphical elements, and so on.
GSM: So you believe in the win of the Jedi?
Eyal Manor: I must believe in the win of the Jedi, otherwise I wouldn’t do it. I believe that at the end of the day, we’re the defenders, and if we focus on that, we can get better. And if we are collaborating, we will become better again. Attackers can collaborate less, they are working as isolated groups. We can also collaborate with governments and thus have an even larger impact and run faster. This can place us far ahead in the race with the attackers. Our approach has to be collaborative. This is the only way to stop the attack, to remediate, to make sure that we are not allowing the attack to spread. Attackers are persistent. They will always try to enter from new entry points. So I don’t just have to make sure that the targeted entry point stops the attack, I also have to make sure that all other entry points are aware that this is an attacker. When that works, it is fantastic.
GSM: What’s your advice to our readers and/or to CISOs?
Eyal Manor: The times we live in require special attention. There are 2 factors, both of them are stressing. One factor is the attackers. They have a good business, it works, and so they continue to grow. The second factor is that the economical situation doesn’t allow companies to do all by themselves, end to end.
So here is my advice:
The very first thing to think about has to be collaboration. All of the enforcement points must work together. The second that something is identified as compromised or even just vulnerable, everybody needs to act immediately and fix it or prevent further damage.
The second advice is to make your world easier to manage and more protected. We recommend a consolidated solution, because when I meet a costumer and they tell me they have 50 products, no matter what you do, you can’t manage 50 security policies. At some point you will fail. Maybe not at first but after 2 years, when you have to change something or maintain something, you have to be persistent and with 50 products it is easy to overlook something.
The last advice is to be comprehensive. Think about your home. You have doors, you have windows, you have the front yard and the backyard. For the attackers, the smallest not secured window will be enough to enter. So the CISO needs to have the assurance that every attack vector is covered.
Comprehensive, consolidated and collaborative: this is us.
And I really think the Global Infinity services we announced today are extending the discussion because sometimes CISOs don’t even have the way and the tools to assess their position, to deploy their products in an optimized way or to respond. We want to help organizations to understand how they can become better.