WEBVTT 1 00:00:00.000 --> 00:00:01.890 Michael Novinson: Hello, this is Michael Novinson with 2 00:00:01.920 --> 00:00:05.190 Information Security Media Group. I'm joined today by Gil 3 00:00:05.190 --> 00:00:09.180 Shwed. He is the founder and CEO at Check Point Software. Good 4 00:00:09.180 --> 00:00:10.320 morning, Gil. How are you? 5 00:00:10.650 --> 00:00:12.990 Gil Shwed: I'm very well. Great to see you, Michael. 6 00:00:13.470 --> 00:00:15.780 Michael Novinson: It's really nice to see you as well. Big 7 00:00:15.780 --> 00:00:18.690 news today for Check Point to announce the debut of Check 8 00:00:18.690 --> 00:00:23.880 Point Horizon, which includes network prevention and response, 9 00:00:23.910 --> 00:00:27.390 as well as managed prevention and response. I wanted to get a 10 00:00:27.390 --> 00:00:30.120 sense of why those are areas of focus for you. 11 00:00:31.050 --> 00:00:33.990 Gil Shwed: So I think first in Check Point, what we've built in 12 00:00:33.990 --> 00:00:37.500 the last, I mean, over for almost three decades, we've 13 00:00:37.500 --> 00:00:40.860 built the best network security, the best firewalls in the 14 00:00:40.860 --> 00:00:43.890 industry. But actually, in the last decade, what we build is 15 00:00:43.890 --> 00:00:47.820 what we call Infinity. And that's, I believe today, the 16 00:00:48.180 --> 00:00:52.260 biggest platform to deliver almost end-to-end security for 17 00:00:52.260 --> 00:00:55.740 every enterprise. And I think we've built three pillars there, 18 00:00:55.740 --> 00:00:59.700 Quantum for network security, CloudGuard for securing the 19 00:00:59.700 --> 00:01:04.050 cloud, and Harmony to secure the user, the user on their 20 00:01:04.050 --> 00:01:06.960 endpoint, user on their mobile, and the user when they're trying 21 00:01:06.960 --> 00:01:11.760 to connect to the different corporate systems. VC grew, by 22 00:01:11.760 --> 00:01:14.790 the way, securing the user when they're doing email. So all, 23 00:01:14.790 --> 00:01:21.360 basically the entry vectors for malware into the organization 24 00:01:21.360 --> 00:01:26.790 are covered by us. And today with Horizon is the ability to 25 00:01:26.790 --> 00:01:30.450 manage all of that, and the tools with the SOC (security 26 00:01:30.480 --> 00:01:34.470 operation centers) need in order to get the value out of all of 27 00:01:34.470 --> 00:01:38.730 these tools. And the challenge today is that many companies 28 00:01:38.730 --> 00:01:41.790 that provide these tools, not only that these tools are super 29 00:01:41.790 --> 00:01:46.320 complicated and complex and hard to work with. But mainly, we 30 00:01:46.320 --> 00:01:49.590 focus on detection, they actually don't trigger an action 31 00:01:49.590 --> 00:01:52.830 and they don't prevent the attack. And what's unique about 32 00:01:52.830 --> 00:01:56.250 Horizon is that we're focusing on what we call 'prevention 33 00:01:56.250 --> 00:02:01.950 first'. When we see something, we are prioritizing, and we know 34 00:02:01.980 --> 00:02:05.220 how to stop it, and how to prevent it, not just how to 35 00:02:05.220 --> 00:02:09.000 detect and create more alerts for the SOC. 36 00:02:10.740 --> 00:02:12.300 Michael Novinson: So, what are you doing from a technology 37 00:02:12.300 --> 00:02:15.180 standpoint in order to bring that prevention to customers 38 00:02:15.180 --> 00:02:17.400 around the network and from a manager's perspective? 39 00:02:19.500 --> 00:02:22.050 Gil Shwed: So, we have all these ties, all the different pillars 40 00:02:22.050 --> 00:02:25.320 that we have the network, the cloud, the users, the endpoints, 41 00:02:25.320 --> 00:02:29.910 the email, all connecting to one system. First, one layer that we 42 00:02:29.910 --> 00:02:32.250 have is the events, is correlating the events and 43 00:02:32.250 --> 00:02:35.910 understanding what they mean. The next slider is what we call 44 00:02:37.680 --> 00:02:41.430 MDM-XDR, or what we call XPR is correlating the events and 45 00:02:41.730 --> 00:02:44.610 understanding what that means. And again, most of the industry 46 00:02:44.610 --> 00:02:50.670 call it XDR, we call it XPR, we pay for the prevention. And on 47 00:02:50.670 --> 00:02:53.850 top of that, we build the layer of managed services, because one 48 00:02:53.850 --> 00:02:58.380 of the challenges is that some of the world's largest 49 00:02:58.380 --> 00:03:04.020 organization can afford running a full 7*24 SOC, with, that's 50 00:03:04.020 --> 00:03:09.900 staffed by experts, all day and all night. But most of us can't 51 00:03:09.900 --> 00:03:13.530 afford it. Even if you're 5000-people company or a 10,000 52 00:03:13.530 --> 00:03:18.840 company, running a SOC that will have - getting anywhere from 53 00:03:18.840 --> 00:03:24.300 five to 50 analysts is not a really realistic task. And what 54 00:03:24.300 --> 00:03:27.180 we are able to do is actually to provide that as a managed 55 00:03:27.180 --> 00:03:30.360 service using the same tools, but we also provide customers so 56 00:03:30.360 --> 00:03:34.080 they can run their own SOCs. So the main service that we're 57 00:03:34.080 --> 00:03:38.700 actually providing now is manage the prevention and manage 58 00:03:38.700 --> 00:03:42.420 detection service. We've launched, we've started with 59 00:03:42.420 --> 00:03:45.060 service the beginning of the year in kind of stealth mode, 60 00:03:45.060 --> 00:03:50.700 we've got overwhelming demand, even without announcing that and 61 00:03:50.700 --> 00:03:52.560 now we are launching it for the public. 62 00:03:54.900 --> 00:03:56.400 Michael Novinson: In terms of these offerings, I know you've 63 00:03:56.400 --> 00:03:59.100 positioned it as managed prevention and response as well 64 00:03:59.100 --> 00:04:03.270 as extended prevention and response. What's the difference? 65 00:04:03.450 --> 00:04:06.300 What's the difference from a customer standpoint of using 66 00:04:06.300 --> 00:04:12.690 your MPR or your XPR versus the conventional MDR-XDR offerings 67 00:04:12.690 --> 00:04:13.800 that are already on the market? 68 00:04:15.150 --> 00:04:18.450 Gil Shwed: So first, I think the number of alerts or the number 69 00:04:18.450 --> 00:04:22.050 of events, which we're going to need to handle, is going down by 70 00:04:22.860 --> 00:04:27.300 say anything from 90 to 99%. Because most of the events are 71 00:04:27.300 --> 00:04:34.770 going to be solved by the system. Or if I see some 72 00:04:35.790 --> 00:04:38.640 endpoint, which being suspicious, it will be 73 00:04:38.640 --> 00:04:43.710 automatically disconnected from the network. We won't allow it 74 00:04:43.710 --> 00:04:47.880 to connect to our systems and we will automatically stop that 75 00:04:47.910 --> 00:04:52.770 attack. So let's evaluate talking about extreme cases when 76 00:04:52.770 --> 00:04:55.680 the malware already got to an endpoint. But let's start with 77 00:04:55.680 --> 00:05:00.030 the simplest events. You get the malicious email with a malicious 78 00:05:00.030 --> 00:05:03.930 file, almost all the other systems today in the 79 00:05:03.930 --> 00:05:07.590 marketplace, when this is, by the way, in my mind, ridiculous, 80 00:05:07.770 --> 00:05:12.120 we let malware get through, we'll analyze it and half an 81 00:05:12.120 --> 00:05:15.780 hour later, we'll give you an alert that you're under a risk. 82 00:05:15.870 --> 00:05:20.250 And now you need to start the process of remediation, call the 83 00:05:20.250 --> 00:05:22.920 user and tell them not to open the email, if they opened it, 84 00:05:22.920 --> 00:05:25.920 run an investigation and see if nothing, something bad happened. 85 00:05:26.190 --> 00:05:30.540 If it did happen, again, trying to contain it. We're the only 86 00:05:30.540 --> 00:05:33.480 one if we see that event, we will immediately stop that. And 87 00:05:33.480 --> 00:05:37.530 by the way, we will also stop that file from everywhere else. 88 00:05:37.530 --> 00:05:40.770 So even if the attacker sees, "Okay, the email doesn't get 89 00:05:40.770 --> 00:05:43.140 through, I'll send it through Gmail, and the user will 90 00:05:43.140 --> 00:05:47.220 download it, I will get it in another way," the same document 91 00:05:47.220 --> 00:05:51.120 will be blocked on all vectors. So we actually take that event 92 00:05:51.120 --> 00:05:55.950 what could have been many hours of work for a security analyst 93 00:05:55.950 --> 00:06:00.690 and potentially big damage and turn it into nothing, because it 94 00:06:00.690 --> 00:06:05.970 doesn't happen. In the extreme case, we do recognize that some 95 00:06:05.970 --> 00:06:09.240 malware got to an endpoint on the customer, we will also 96 00:06:09.240 --> 00:06:12.720 handle it. And what we've seen statistically, I mean, we've 97 00:06:12.720 --> 00:06:17.340 seen an example. Again, we took a customer over a few days, they 98 00:06:17.340 --> 00:06:23.280 got 365 events, that in a normal environment they would have to 99 00:06:23.280 --> 00:06:26.310 handle, we reduced it to two events, but they actually needed 100 00:06:26.310 --> 00:06:29.760 to handle and then we call them and notify them and tell them 101 00:06:29.760 --> 00:06:33.720 this is what you need to do in order to contain that event and 102 00:06:33.810 --> 00:06:34.950 prevent the damage. 103 00:06:36.570 --> 00:06:38.850 Michael Novinson: Interesting. I know, as part of this Horizon 104 00:06:38.850 --> 00:06:42.690 platform, you also have Horizon events. And what's the interplay 105 00:06:42.690 --> 00:06:47.010 between Horizon events and the MPR and the XPR that you also 106 00:06:47.040 --> 00:06:48.000 announced today. 107 00:06:48.810 --> 00:06:50.550 Gil Shwed: So, I think you can look at it from two different 108 00:06:50.550 --> 00:06:54.600 angles. One angle is we want the data, we want to investigate, we 109 00:06:54.600 --> 00:07:00.060 want the evidence and events will take log files and will 110 00:07:00.060 --> 00:07:04.230 take not just log file, real-time data, real-time logs 111 00:07:04.230 --> 00:07:06.660 from multiple system and correlate them, and show you 112 00:07:06.660 --> 00:07:12.630 that it's not 20 different log records, it's actually one 113 00:07:12.630 --> 00:07:17.490 event. And that's one. And the flip side of that is once you 114 00:07:17.490 --> 00:07:20.190 analyze that you actually realize what's happened and you 115 00:07:20.190 --> 00:07:23.580 can stop it. So I think it works from two different ways. From 116 00:07:23.580 --> 00:07:29.730 us, it's the foundation with the ability to correlate with, and 117 00:07:29.730 --> 00:07:33.060 to give you, a unified view of what's happening in multiple 118 00:07:33.060 --> 00:07:38.940 systems is actually the foundation to the XDR SBR. And 119 00:07:38.940 --> 00:07:42.690 that's the foundation for the managed detection and prevention 120 00:07:42.690 --> 00:07:46.050 services that we provide. So it's all the same technology 121 00:07:46.050 --> 00:07:46.470 stack. 122 00:07:48.360 --> 00:07:50.340 Michael Novinson: And it's starting in February, and then 123 00:07:50.340 --> 00:07:53.220 again in May. In conversations with investors, you called out 124 00:07:53.460 --> 00:07:56.460 three technology areas that were going to be, what you call, what 125 00:07:56.460 --> 00:07:59.550 you termed as speed boats. One of them was MDR, the other two 126 00:07:59.550 --> 00:08:02.490 were cloud security and email security. And I wanted to get a 127 00:08:02.490 --> 00:08:05.820 sense from you of what the speed boats have meant for your cloud 128 00:08:05.820 --> 00:08:07.860 security and your email security practice. What have you been 129 00:08:07.860 --> 00:08:11.580 able to do with that increased focus in recent months? 130 00:08:12.180 --> 00:08:14.400 Gil Shwed: So first, we call them rockets, not speed boats, 131 00:08:14.400 --> 00:08:19.890 because we aim for the sky, not for groaning in the sea, but 132 00:08:21.210 --> 00:08:25.380 what we were able to do is focus on far more resources in order 133 00:08:25.380 --> 00:08:28.740 to correlate between the user needs, the technology 134 00:08:28.740 --> 00:08:32.190 development and all these function which needed to support 135 00:08:32.190 --> 00:08:36.810 our customers. And I think one rocket like that was the Harmony 136 00:08:36.810 --> 00:08:39.900 email. And I think we've got a great entry into the email 137 00:08:39.900 --> 00:08:43.470 space. And I think by now we have the best system for 138 00:08:44.010 --> 00:08:51.360 cloud-based email, Office365, etc. that can actually not just 139 00:08:51.360 --> 00:08:53.670 ... and I think we have the best technologies today both to 140 00:08:53.670 --> 00:08:56.370 handle phishing, which is a major vector, and to end 141 00:08:56.370 --> 00:08:59.370 malware, malicious files that are entering through emails. I 142 00:08:59.370 --> 00:09:03.810 think no one has something like that. Not on the cloud email. 143 00:09:03.810 --> 00:09:06.480 And I think, by the way, that's a result of an acquisition that 144 00:09:06.480 --> 00:09:10.410 we did about a year ago. And combining the different 145 00:09:10.410 --> 00:09:16.440 technologies, this company has the best technology to handle a 146 00:09:16.920 --> 00:09:19.710 cloud-based email but also in the best anti-phishing 147 00:09:19.740 --> 00:09:23.040 technology. We had the best anti-malware technology and 148 00:09:23.040 --> 00:09:25.980 combining the two together created, I think, something even 149 00:09:25.980 --> 00:09:30.120 stronger. So which one rocket - number rocket to CloudGuard? I 150 00:09:30.120 --> 00:09:33.810 think we don't have enough time to cover it for today. I think 151 00:09:33.810 --> 00:09:36.090 it's worth a different discussion because we really 152 00:09:36.090 --> 00:09:40.170 have the broadest tech to handle everything on the cloud. And the 153 00:09:40.170 --> 00:09:46.290 last rocket that we have is the same MDR-NPR, the manage - the 154 00:09:46.290 --> 00:09:50.700 detection and manage prevention service. And this rocket is, you 155 00:09:50.700 --> 00:09:53.970 know, like a small startup, started from zero a year ago. 156 00:09:54.180 --> 00:09:59.010 Having today getting close soon to almost 200 customers 157 00:09:59.850 --> 00:10:03.510 providing tremendous value. And I think that's the Horizon 158 00:10:03.540 --> 00:10:05.610 MDR-NPR that we're launching today. 159 00:10:06.540 --> 00:10:08.130 Michael Novinson: Let me just ask one thing in terms of the 160 00:10:08.130 --> 00:10:11.370 CloudGuard piece, which is, I know, starting in February. You 161 00:10:11.370 --> 00:10:14.640 called out with these rockets, bringing the technologists in 162 00:10:14.640 --> 00:10:17.730 the sales organization closer together around specific 163 00:10:17.730 --> 00:10:20.340 technology areas. What does that mean for CloudGuard bringing 164 00:10:20.370 --> 00:10:23.100 technology people, the technologist and the sales teams 165 00:10:23.100 --> 00:10:23.940 closer together? 166 00:10:24.870 --> 00:10:27.030 Gil Shwed: I think one of the challenges in the cloud with 167 00:10:27.060 --> 00:10:29.730 what you call cloud security, it sounds simple, but cloud 168 00:10:29.730 --> 00:10:33.150 security is actually replicating all the security that we built 169 00:10:33.570 --> 00:10:36.840 over the last 30 years, moving them to the cloud, and actually 170 00:10:36.840 --> 00:10:39.750 extending them because the cloud today has pretty much all the 171 00:10:39.750 --> 00:10:42.300 services that we have in a traditional IT environment. 172 00:10:42.690 --> 00:10:50.340 Plus, some more services, and it's far more vulnerable than 173 00:10:50.340 --> 00:10:57.030 the traditional systems. I mean, even let's take a cloud email in 174 00:10:57.030 --> 00:10:59.790 the traditional email system, there's a high level of security 175 00:10:59.790 --> 00:11:03.540 just because most of the access to the email system is governed 176 00:11:03.540 --> 00:11:09.090 by VPNs and access control that's provided by the company 177 00:11:09.090 --> 00:11:12.870 firewalls. Cloud email is open to everyone, so anybody who know 178 00:11:12.870 --> 00:11:18.570 your email and the password may access your cloud, the mailbox, 179 00:11:18.600 --> 00:11:23.040 that by definition, creates a higher level of risk. And what 180 00:11:23.040 --> 00:11:27.930 we found out that we had a few dozen technologies in Check 181 00:11:27.930 --> 00:11:32.160 Point which covered the cloud. And what we try doing is 182 00:11:32.160 --> 00:11:35.670 actually consolidate them into a more unified platform. Because 183 00:11:35.670 --> 00:11:38.670 when you're actually shopping and want to secure your cloud, 184 00:11:38.670 --> 00:11:43.230 you don't really know which one out of the 20 technologies that 185 00:11:43.230 --> 00:11:45.990 we can offer you need. You know that you need to secure the 186 00:11:45.990 --> 00:11:48.630 cloud. And I think what we want to offer you is the end-to-end 187 00:11:48.630 --> 00:11:52.260 stack. And I think in the cloud, it was very important combining 188 00:11:52.260 --> 00:11:55.650 all the development teams to actually develop the same 189 00:11:55.650 --> 00:11:59.700 interfaces, the same concepts, with the sales teams that you're 190 00:11:59.700 --> 00:12:02.880 saying, "I need to secure, I don't know container in the 191 00:12:02.880 --> 00:12:05.070 cloud." We don't come back to you and say, "Okay, we have 192 00:12:05.070 --> 00:12:09.990 three answers." No, we have one answer. And that's consistent, 193 00:12:09.990 --> 00:12:14.700 it will be with all the different technology elements 194 00:12:14.700 --> 00:12:17.370 working together to secure your cloud. And I think that was a 195 00:12:17.370 --> 00:12:20.820 very big achievement that we did so far. And I think it will 196 00:12:20.820 --> 00:12:26.070 continue to be a huge roadmap in making that vision an even 197 00:12:26.070 --> 00:12:26.910 better reality. 198 00:12:28.650 --> 00:12:30.660 Michael Novinson: In terms of your heritage, IPC Check Point 199 00:12:31.740 --> 00:12:34.200 grew up in the firewall worlds, you've been in that space for 200 00:12:34.200 --> 00:12:37.440 nearly three decades. Earlier this year, you've announced the 201 00:12:37.440 --> 00:12:40.770 debut of the Quantum Lightspeed Firewall. And I was wondering, 202 00:12:40.770 --> 00:12:43.710 since that debuted, what customer segments, what use 203 00:12:43.710 --> 00:12:47.160 cases have you seen the greatest adoption of your new firewall? 204 00:12:47.760 --> 00:12:51.660 Gil Shwed: So, we've seen Quantum Lightspeed is amazing. 205 00:12:51.690 --> 00:12:55.500 For the first time, we're doing hardware accelerated firewall, 206 00:12:55.500 --> 00:13:01.260 it's very good for a low-latency environment, for a high level of 207 00:13:01.260 --> 00:13:07.020 transaction environments. And I think that's been really nice 208 00:13:07.050 --> 00:13:11.910 success so far. A few segments have been the main successes, so 209 00:13:11.910 --> 00:13:14.760 far. One is banking and financial, when they need to do 210 00:13:14.970 --> 00:13:17.760 high-frequency trading and transactions like that, which, 211 00:13:17.760 --> 00:13:20.880 by the way, in many cases, they gave up security because the 212 00:13:20.880 --> 00:13:23.940 performance was so important and especially, the low latency, 213 00:13:23.940 --> 00:13:27.870 that we gave up security. And now, in many cases, they can get 214 00:13:28.560 --> 00:13:32.730 a pretty good security without sacrificing performance, or can 215 00:13:32.730 --> 00:13:39.600 call it the other way around. So, that's one. Manufacturing is 216 00:13:39.600 --> 00:13:43.140 another one, when there're huge data flows, what we call 217 00:13:43.140 --> 00:13:47.490 elephant flows, they have backups of 400 terabytes and so 218 00:13:47.490 --> 00:13:50.820 on, which we couldn't afford before because they couldn't get 219 00:13:50.850 --> 00:13:54.780 the fastest links on that. And we have a lot of successes in a 220 00:13:54.780 --> 00:13:57.720 lot of our ... also in the telco space where we also need to 221 00:13:57.720 --> 00:14:02.370 process large amounts of data in that regard. So these have been 222 00:14:02.370 --> 00:14:05.370 the few segments. The good news that we found that we started 223 00:14:06.840 --> 00:14:11.100 with Lightspeed with the relatively focused decks of 224 00:14:11.100 --> 00:14:14.640 security operations that are being accelerated. And we've 225 00:14:14.640 --> 00:14:17.730 seen the good interest of that. But the nice thing is many 226 00:14:17.730 --> 00:14:21.000 customers, they said that they want us to expand the number of 227 00:14:21.000 --> 00:14:23.640 services that we can accelerate, which is good, because that's 228 00:14:23.640 --> 00:14:25.860 what we've been preaching for the last decade. You've seen. 229 00:14:25.860 --> 00:14:30.090 You don't need just basic operation, you need the full 230 00:14:30.090 --> 00:14:32.850 stack of security operation if you want to secure your 231 00:14:32.850 --> 00:14:33.510 enterprise. 232 00:14:35.670 --> 00:14:37.590 Michael Novinson: Wanting to turn to the economy here for a 233 00:14:37.590 --> 00:14:40.200 little bit. I know the industry-wide supply chain 234 00:14:40.200 --> 00:14:43.050 shortage has dragged on much longer than pretty much any 235 00:14:43.050 --> 00:14:46.050 observer has anticipated. And I wanted to get a sense of what 236 00:14:46.050 --> 00:14:49.020 the impact of the supply chain constraints have been at Check 237 00:14:49.020 --> 00:14:49.380 Point. 238 00:14:51.930 --> 00:14:54.630 Gil Shwed: First, I think we've managed them. We don't speak too 239 00:14:54.630 --> 00:14:58.920 much about that because I think we are very lucky, but so far, 240 00:14:58.920 --> 00:15:02.190 we were able to keep it almost transparent to our end users. So 241 00:15:02.190 --> 00:15:04.470 I've been, we've been shipping products all the time, we've 242 00:15:04.470 --> 00:15:08.430 been shipping them in very quick turnaround times. And we've been 243 00:15:08.430 --> 00:15:13.800 working very hard with our suppliers around the world. It's 244 00:15:13.800 --> 00:15:15.990 kind of interesting, we have teams with our hunting 245 00:15:15.990 --> 00:15:20.430 electronic components, so we can build enough systems. It's been 246 00:15:20.430 --> 00:15:25.110 a big cost to us, we are paying 40-50% more for the average or 247 00:15:25.110 --> 00:15:29.970 for our manufacturing costs. Because we are looking, you 248 00:15:29.970 --> 00:15:33.120 know, into what's called the gray market to find many 249 00:15:33.120 --> 00:15:37.980 components that we need. These are all genuine good components, 250 00:15:37.980 --> 00:15:40.140 but we're not necessarily getting to us from the 251 00:15:40.140 --> 00:15:44.250 manufacturers, but from third party that somehow have some 252 00:15:44.250 --> 00:15:50.190 inventories. And we've been working very hard around the 253 00:15:50.190 --> 00:15:53.160 entire supply chain to get the product to our customers and got 254 00:15:53.160 --> 00:15:54.210 to some nice wins. 255 00:15:57.660 --> 00:16:01.260 Michael Novinson: See, in terms of that, the cost increase, the 256 00:16:01.260 --> 00:16:04.830 45 to 50% that you're calling out there. To what extent have 257 00:16:04.830 --> 00:16:07.770 you pass that along to customers? And to the extent you 258 00:16:07.770 --> 00:16:09.570 have, what's the impact of that on demand? 259 00:16:10.980 --> 00:16:13.140 Gil Shwed: Firstly, demand is very healthy. So there hasn't 260 00:16:13.140 --> 00:16:17.010 been much of an impact on demand which depends on the product 261 00:16:17.010 --> 00:16:23.160 line, and so on. I think pricing went up between five to 15% over 262 00:16:23.160 --> 00:16:26.610 the last two years, not in one step. And that varies by the 263 00:16:26.610 --> 00:16:29.520 type of product, by the type of component, and so on. So I think 264 00:16:29.520 --> 00:16:33.210 we've kept it very modest. We've absorbed most of the costs. And 265 00:16:33.210 --> 00:16:36.360 remember, by the way, everything in the market went up, not just 266 00:16:36.360 --> 00:16:40.710 the components. We are unfortunately now living in some 267 00:16:40.710 --> 00:16:44.610 inflationary market. So, compensation went up, almost 268 00:16:44.610 --> 00:16:48.960 everything went up in the last two years. Travel even, you 269 00:16:48.960 --> 00:16:51.570 know, for two years we haven't been traveling now. People are 270 00:16:51.570 --> 00:16:54.930 back in traveling and the travel costs are far higher, are much 271 00:16:54.930 --> 00:17:00.570 higher than they've been in 2019. And I think we've been 272 00:17:00.570 --> 00:17:04.680 able to absorb that cost. And I think our focus is simply to 273 00:17:04.680 --> 00:17:06.900 give our customers the security that they need. 274 00:17:08.339 --> 00:17:10.979 Michael Novinson: Wanted to turn to inorganic activity. I know 275 00:17:10.979 --> 00:17:14.609 acquisitions have been pretty central part of your strategy 276 00:17:14.609 --> 00:17:18.989 for a couple years here between 2018 and 2021. Buying Dome9 for 277 00:17:18.989 --> 00:17:23.219 Slack, Cymplify, Protego Labs, Odo Security and Avanan. And 278 00:17:23.219 --> 00:17:26.159 then there was a little bit of a pause in M&A activity a little 279 00:17:26.159 --> 00:17:29.129 bit over a year since your last acquisition was announced. And I 280 00:17:29.129 --> 00:17:32.069 was curious why we've seen a bit of a pause in the M&A at 281 00:17:32.069 --> 00:17:32.639 Checkpoint 282 00:17:34.080 --> 00:17:36.360 Gil Shwed: First, we are very focused on finding the best 283 00:17:36.360 --> 00:17:41.370 technology and we still do. I'm seeing actually more ideas or 284 00:17:41.370 --> 00:17:43.950 more and more ideas for M&A these days than I've seen 285 00:17:43.950 --> 00:17:48.630 before. First, I don't know if there is a slowdown. But in 286 00:17:48.660 --> 00:17:50.940 reality, you're right, we haven't acquired the company 287 00:17:52.920 --> 00:17:57.570 since like, the last one was the Spectral and that was at the 288 00:17:57.570 --> 00:18:01.830 beginning of the year, I think. So it's not that long ago. But I 289 00:18:01.830 --> 00:18:05.250 think the main one, but first, we have a very broad stack 290 00:18:05.280 --> 00:18:09.450 today. So the issue today is not that our stack is not full, the 291 00:18:09.450 --> 00:18:14.550 issue today is that we need to deliver more of that to show 292 00:18:14.550 --> 00:18:19.020 customers the value of using the full Infinity architecture, and 293 00:18:19.020 --> 00:18:22.110 not simply to add more technologies. And second, the 294 00:18:22.110 --> 00:18:25.440 technology sector, in general, has been overwhelmed by too many 295 00:18:25.440 --> 00:18:29.490 technologies, prices that are getting too high, complexity 296 00:18:29.490 --> 00:18:32.280 that's getting too high. So, the number one priority is to get 297 00:18:32.280 --> 00:18:35.370 back to reality, give the customer the value that they 298 00:18:35.370 --> 00:18:40.620 need, best security, simple to manage, delivers the highest 299 00:18:40.620 --> 00:18:43.980 level of prevention. And once we get there, I think we can 300 00:18:43.980 --> 00:18:49.110 continue on the argument. The platform that we have and, by 301 00:18:49.110 --> 00:18:51.900 the way, since we have a broad platform, there's more places we 302 00:18:51.900 --> 00:18:54.060 can plug additional technologies 303 00:18:55.380 --> 00:18:57.210 Michael Novinson: May ask you here finally, looking at the 304 00:18:57.210 --> 00:19:00.360 market landscape, I know we're talking network security, it's 305 00:19:00.360 --> 00:19:03.720 been the same for companies at the top now for well north of a 306 00:19:03.720 --> 00:19:07.320 decade, yourselves, Fortinet, Palo Alto Networks and Cisco. 307 00:19:07.740 --> 00:19:10.230 And when you look at the landscape today, what do you 308 00:19:10.230 --> 00:19:13.650 feel are the biggest things differentiating your approach to 309 00:19:13.650 --> 00:19:16.560 the security industry versus Fortinet versus Palo and versus 310 00:19:16.560 --> 00:19:17.190 Cisco? 311 00:19:18.360 --> 00:19:20.640 Gil Shwed: So I think it comes in multiple levels. The number 312 00:19:20.640 --> 00:19:24.000 one I would say is very simple, is the best security and the 313 00:19:24.000 --> 00:19:27.150 best security means that we're doing pretty much everything in 314 00:19:27.150 --> 00:19:30.150 prevention mode. I gave the example at the beginning. You 315 00:19:30.150 --> 00:19:33.840 get the malicious file. Unfortunately, most, if not all 316 00:19:33.840 --> 00:19:37.500 of our competitors will deliver you the malicious file. And if 317 00:19:37.500 --> 00:19:40.320 they know how to analyze, it will give you the verdict half 318 00:19:40.320 --> 00:19:45.210 an hour later, or sometime later. That's not good enough. 319 00:19:46.650 --> 00:19:49.830 So that's one. We were the only one, by the way, that will only 320 00:19:49.830 --> 00:19:53.370 send you a clean file very fast. You won't have to wait, so don't 321 00:19:53.370 --> 00:19:58.020 worry about that. Second is the fact that we do have a unified 322 00:19:58.020 --> 00:20:01.410 platform to do that. It's not super market, two products that 323 00:20:01.410 --> 00:20:04.860 don't really connect. It's one architecture. One will be called 324 00:20:04.860 --> 00:20:07.320 the Infinity Portal, where you can control the entire 325 00:20:07.320 --> 00:20:10.350 environment. And with all the infrastructure that we have for 326 00:20:10.350 --> 00:20:14.430 correlating events, for threat cloud, which identifies the 327 00:20:14.910 --> 00:20:18.270 difference on a global basis, by the way, not just for an 328 00:20:18.270 --> 00:20:22.140 individual customer. If we see a malicious file in one part of 329 00:20:22.140 --> 00:20:25.680 the world, we don't just say that this file is malicious, we 330 00:20:25.680 --> 00:20:29.160 know who's the command and control, we know what all the 331 00:20:29.820 --> 00:20:35.190 IOC is embedded in that file. And we, within seconds, we can 332 00:20:35.190 --> 00:20:40.770 make them block attacks on every customer around the world. So 333 00:20:40.770 --> 00:20:45.900 that's, I think, is a very strong platform. Customers keep 334 00:20:45.900 --> 00:20:49.050 saying to us, "With our management platform for managing 335 00:20:49.050 --> 00:20:51.780 security in general and for managing the network security 336 00:20:51.780 --> 00:20:55.260 and the firewall, is the gold standard, and remains that way." 337 00:20:55.650 --> 00:20:58.740 And I think these are some of the key differentiator. On top 338 00:20:58.740 --> 00:21:01.440 of that, again, if you look at just the coverage, I don't think 339 00:21:01.440 --> 00:21:06.810 that anyone has everything that covers from mobile to email, I 340 00:21:06.810 --> 00:21:10.050 mean, everything in the middle. And we do cover everything from 341 00:21:10.050 --> 00:21:13.710 mobile to email. And I don't think that most of the vendors 342 00:21:13.710 --> 00:21:16.890 you mentioned there have this kind of scope. And again, 343 00:21:16.890 --> 00:21:19.620 including the network, the cloud, everything in the middle. 344 00:21:21.060 --> 00:21:22.500 Michael Novinson: Very interesting. Yeah. Thanks so 345 00:21:22.500 --> 00:21:23.250 much for the time. 346 00:21:24.060 --> 00:21:26.880 Gil Shwed: Thank you very much, Michael. Enjoyed that. And I 347 00:21:26.880 --> 00:21:32.310 hope we will keep fighting and providing the best security or 348 00:21:32.310 --> 00:21:34.920 work hard to do that every day. Thank you very much. 349 00:21:35.280 --> 00:21:36.900 Michael Novinson: Of course! We've been speaking with Gil 350 00:21:36.900 --> 00:21:40.830 Shwed. He is the founder and CEO at Check Point Software. For 351 00:21:40.830 --> 00:21:44.040 Information Security Media Group, this is Michael Novinson. 352 00:21:44.160 --> 00:21:45.090 Have a nice day.