"The industry needs to change a little bit," [Check Point Software Technologies CEO Gil Shwed] says. "Our software blade architecture is the right direction but it's not enough. I think the real change is actually understanding that security is not a bunch of technologies that people need to deploy but understanding that it needs to be treated like a business process. It starts with the well-defined policy of what a company wants to achieve and what is allowed or not allowed, continues with educating - or not educating but involving the users - and the enforcement side is only the last part of it.
"Most of our customers have a lot of check lists but not one clear policy. Everybody is trying to keep the users aside from that, but if users are not aware of their expected behaviour they become the weakest link in security. Then it goes to enforcement, which needs to apply these principles. We've just launched 3D Security that has three elements - policy, people and enforcement - and I think that would be a major change in people's mindset when they think about security.
While Check Point certainly has some great security technology--I should know, I work there--if it's not applied according to a process and policy with defined business goals, the result will be less than satisfying. I've seen it again and again in my work over the years.