That era is now a thing of the past.
With each wave of enterprise transformation—be it cloud migration, mergers and acquisitions, hybrid multi-cloud environments, IoT, or remote work—a new layer of complexity emerged. Each transformation brought unique topologies, traffic patterns, and security assumptions, leading to exponential growth in complexity. Consequently, security evolved manually: more policies to draft, additional configurations to confirm, and an increasing number of vendors to manage.
What often isn’t highlighted in vendor presentations is that contemporary network security relies heavily on institutional wisdom. It exists in the minds of experienced engineers who understand why certain rules were implemented years ago, in tribal knowledge about safe changes, and in spreadsheets that log endless exceptions. When these engineers depart, the policy remains, but its original intent often fades.
This results in enterprises dealing with policy bases they’re reluctant to modify. Zero Trust initiatives stagnate at 30%. Policy enforcement becomes an endless process. Compliance audits drag on for weeks. Now, with AI rapidly changing the landscape on both sides, the complexity of infrastructure and the speed of adversaries have escalated simultaneously. The operational math that was already on shaky ground has become unmanageable.
Traditional paradigms defining network security are collapsing—one after another. Rule-based policy management assumes humans can keep pace with thousands of rules in ever-evolving environments. Threat prevention presumes static controls can handle dynamic threats. Multi-vendor management operates on the belief that one team can manage five consoles at once. None of these assumptions hold true anymore. A new model is necessary.
The Opportunity Inside the Problem
However, the same technologies exacerbating the issue also provide a genuine solution.
The key lies in agents—autonomous systems that analyze your actual network, break down complex operational goals into manageable actions, execute them, assess the outcomes, and iterate until completion or until a human check is reached.
Rather than coding firewall rules, security teams articulate business intent. A specialized fleet of AI agents manages the rest—translating intent into policies, configuring devices, and enforcing controls continuously across all vendors, all environments, and all control points. It’s time to stop babysitting rules.
This transformation is what we are introducing with Check Point’s Agentic Network Security Orchestration Platform.
How It Actually Works
The platform is built on two foundational pillars: advanced LLMs that perform reasoning and a proprietary harness that ensures they operate on the right data, utilizing the right skills, within appropriate constraints.
Advanced large language models serve as the most capable reasoning engines available today, enabling security administrators to articulate goals in natural language and have those goals broken down into precise, actionable steps across security domains.
However, a model by itself lacks state; it reasons with general knowledge rather than your specific network environment. Query it regarding your topology, rule base, or critical assets, and it may provide a confident answer devoid of context.
The harness is what transforms this reasoning engine into an operational agent. Check Point’s agent harness includes the proprietary Network Knowledge Graph—a dynamic, continuously updated relational model of the customer’s environment, including topology, traffic flows, asset dependencies, real-time configuration data, and policy semantics sourced from CMDBs, ticketing systems, exposure management platforms, and live firewall configurations across multiple vendors. It incorporates specific skills drawn from decades of best practices, troubleshooting guides, and industry expertise gained from securing over 100,000 unique environments, along with safety measures governed by handoffs and evaluation loops for secure autonomous actions.
While general AI thinks, our agents think specifically about your network.
From Rules to Intent
This represents a revolutionary shift in how enterprises manage network security.
Security teams will move from programming firewall rules to defining business intent. Rather than manually reviewing thousands of policies, agents will continuously analyze active traffic, pinpoint shadow accesses and overly permissive configurations, and autonomously execute validated tightening—without endangering connectivity. In place of annual compliance audits, every rule and configuration modification will be aligned with DORA, PCI-DSS, and NIST in real-time.
Trust Is the Product
Constructing autonomous systems that operate on production networks also entails a trust challenge along with the engineering expertise required. We designed for this from the very beginning.
Every action taken by an agent produces an exhaustive execution trace: observable, auditable, and reversible. Human oversight remains at the intent level, allowing for goal setting and sanctioning significant changes before execution.
However, oversight alone is inadequate. We must also ensure that the agents themselves perform correctly. Regular evaluation at scale continues to be one of the most daunting unresolved challenges in agentic AI. To enhance our agent evaluation capabilities, Check Point has strengthened its AI engineering team by collaborating with Deepchecks, a group of outstanding LLM engineers who created an enterprise-grade AI testing, evaluation, and monitoring solution that spans the entire agent lifecycle—from development to production.
We are rolling out the platform in intentional phases. Each capability functions independently, providing real value on its own. Customers can select the level of automation that aligns with their needs—from human-approved recommendations to fully autonomous actions—and expand at their convenience. Trust is not something built solely into architecture; it’s cultivated over time without undermining the judgment and authority that only your team can provide.
This Is Where We Are Going – Together
The narrative of network security has been one of increasing complexity countered by parallel manual efforts. Each generation has introduced additional capabilities but has also added more operational strain. This paradigm has reached its limits.
What we are unveiling is not simply incremental; it is a holistic response to a systemic problem, leveraging the same AI advancements that have contributed to the complexity to finally address it. Networks have evolved. Threats have transformed. Now, the operating model must evolve in line with these changes.
You can implement network security agentic capabilities today. AI Assist, Policy Insights, and Policy Auditor are now generally available, with Playblocks Agents in early access. All accessible through your Infinity Portal, Smart-1 Cloud Web, and Smart Console.
The comprehensive Agentic Network Security Orchestration Platform is entering customer preview. We are enlisting a select group of innovative design partners: organizations that seek not only early access but also a role in shaping future developments.
Join us in redefining network security.
Consult with one of our security experts to learn more and participate in the webinar.
This article is authored by Jonathan Zanger, Chief Technology Officer, Check Point Software Technologies. The views expressed are personal.
