The world's largest dedicated security firm, Israel's Check Point, still refuses to give an inch. Fashions wash over the industry on a never-ending hype cycle and yet the message handed out at the firm's annual CPX 2016 developer and partner event in Nice this week was reassuringly old school - prevention is always better than cure and might cost you less in the long run.
A decade ago this would have been an inarguable orthodoxy and yet with younger US rivals such as FireEye, Fortinet and Palo Alto snapping at its heels pushing newer ideas angled more towards real-time detection and response, there is more explaining to do. Check Point's response has been to return to evolutionary, engineering-driven messages it believes network administrators respond to.
So which threats keep Check Point's pugnacious techie founder and CEO Gil Shwed awake at night?
"I'm concerned about the ones we don't know about not the ones we know about," he says during a quick interview granted to Computerworld UK as he flitted from room to room meeting partners and developers.
A former programmer, Shwed always talks to journalists at these events, often alone in a side room, something not every CEO of a publically-quoted company is keen to do without PR backup to hand. In person, he is confident and unblinking in his answers. It feels almost impertinent to ask at all.
"Right now we're seeing attacks that are trying to use fake identities and do wire transfers or large amounts of money. But it's not that there's one type of attack. The same spectrum of malware that has been on the Internet for 15 years is not dead."
Surely, I counter, the staying ahead of attackers is now impossible. They can buy every security firm's equipment or anti-malware system, work out how it works and adjust their attacks accordingly. The attackers are always ahead of the defenders and there's no way around that.
"It depends which attackers. There are a few attackers in the world like governments that have access to huge resources but even for them we don't give up," shoots Shwed.
He references Check Point's SandBlast Threat Extraction technology, introduced in 2015, which goes one step beyond simple sandboxing by disassembling data sources such as documents, reassembling the bits it deems safe into a PDF or, if preferred, the original data format. The systems' claim to fame is that it can defend against zero-day attacks
"The threat extraction does generate, in our experience, 100 percent threat prevention," he says. "Many security companies are putting a lot of energy on pure detection without the ability to stop the problem. I don't think that is the right strategy. I am holding a different flag that says that 'yes you can block the attack' and not just deal with the damages."
Sign up for Computerworld eNewsletters.