Tuesday, March 31, 2015

Power-1 appliances reach end of engineering support tomorrow

Just in case you are still using Power-1 appliances, End of Engineering Support for these boxes is tomorrow. Check Point will continue supporting them in general till 01.04.2017.













End of engineering support means Check Point discontinues maintenance releases for these appliances. New software may also be incompatible.

RMAs and fixes for existing software will still be available for two more years.

For more details concerning lifetime management with Check Point please refer to this document.







Saturday, March 28, 2015

Threat Emulation incident is now under investigation

In case you are wondering what happened to the previous post about Threat Emulation issue, it has been suspended by request from Check Point security team while the issue is being investigated.

I will keep you posted about the outcome. Thanks all for understanding. 

Thursday, March 19, 2015

Does Check Point buy another startup from Shlomo Kramer?

Israeli financial newspaper "Calcalist" has published an article claiming Check Point is about to acquire Lacoon Mobile Security company - one of the security startups funded by Shlomo Kramer (Hebrew).

Lacoon Mobile Security is specialises in mobile device security solutions. Check Point is making lots of efforts to dominate this part of the information security market, so this acquisition would make a lot of sense.

"Calcalist" is also reporting that Check Point is bying Lacoon Mobile Security for $80 million.

Neither Check Point nor Lacoon are commenting on this so far.

The same sum was reported by the newspaper for previously mentioned acquisition of Hyperwise, although in this article Calcalist claims the Check Point only paid $60M.

As you may remember, Shlomo Kramer was one of the Check Point founders but left Check Point in 1998. He is arguably the most prominent Israeli investor in the security technologies field. He has founded Imperva, invested in PAN and several rather successful startups in the filed of information security.


Thursday, March 5, 2015

Check Point is not growing fast enough, apparently

Cleveland Research has distributed a security market report several days ago. Although this document is not publicly available, I am allowed to quote from it.

Look at the comparison table of security vendor's revenues:


Security Vendor Comparison

Revs ($000s)
1Q14
2Q14
3Q14
4Q14E
2014E


Checkpoint
$342
$363
$370
$421
$1,496


Y/Y
6.0%
6.6%
7.6%
8.8%
7.3%


Palo Alto*
$151
$178
$192
$204
$725


Y/Y
48.8%
58.6%
50.0%
44.5%
50.2%


Fortinet
168.90
184.10
193.30
224.00
$770


Y/Y
24.4%
24.9%
25.0%
26.3%
25.2%


Fireeye
$74
$94
$114
$143
$425


Y/Y
160.3%
184.4%
167.3%
149.7%
163.4%


















*PANW has not reported 4Q14 yet - revs based on Factset est. (Cleveland Research)

As you can see, year to year growth is quite different. Check Point has managed to achieve just above 7% growth the last year, although both PAN and Fortinet growth is tens of percents.

I can see it on the field as well. Check Point is constantly and seriously challenged by both Fortinet and Palo Alto Networks, when it come to FW security projects.

I have put FireEye in the table as well, although it is not a firewall vendor. FireEye is addressing one specific security task - APT protection. Even with just that, its revenue in 2014 is almost 30% of Check Point entire security revenue. And its growth rate is enormous.

I wonder if Check Point indeed takes this seriously. It should, in my personal opinion.





Tuesday, March 3, 2015

Mobility Blade application timeout, how-to

A customer of mine has started experiencing a weird behaviour with Mobility Blade SSL portal.

One of the application through the portal should send produce an activity report and send it as a file to the end user. It was running just fine for some time, but on a certain stage these reports were becoming bigger and bigger. Then the issue started.

If it takes more than 2 minutes to produce the report, the SSL portal application shows "Page cannot be displayed" error, and the end user never gets his report.

The problem is with CPVPND process, that cannot wait long enough for report to be produced. Here is the error that can be found in the daemon logs:

[CPCVPN_INFO/] .......... Operation too slow. Less than 1 bytes/sec transferred the last 120 seconds

This situation can be fixed by changing the waiting period for CPVPND. To do so, one has to make changes in $CVPNDIR/conf/includes/Web_inside.location.conf.

Find this line:

CvpnRequestLowSpeedTime 120

The number shows delay in seconds. Once changed, one has to run cvpnrestart  and to re-install FW policy on the portal GW.

P.S. I did not find any SK article for the matter.