Check Point Technologies released the stateful inspection firewall back in the 1990s. Now it's bringing the world's first Web 3.0 firewall, furthering its mission of securing the digital world for everyone, everywhere.
Firewall technology harks back to age-old methods of physical defense when people first begun building walls to stop intruders. Yes, the Great Wall of China is a predecessor of today's firewall with attackers having moved online instead of in person.
Check Point has been at the forefront of firewalls since its founding over 30 years ago. In fact, Check Point created the stateful firewall. You can read the patent by Gil Shwed here. Previously, firewalls inspected data packets and looked up a table of rules to consider the source, destination, ports, and protocols before making an allow or reject decision. It was a good start but lacked any memory of previous packets, treating every new packet in isolation. Acceptance or rejection was based solely on the set of rules without context of the packet's place in a communication sequence. Check Point considered not all packets are independent, and by maintaining context-awareness, stateful firewalls could make more informed decisions and assess the packet as well as its relationship to previous packets. It was a huge paradigm shift and beat the competiting option of proxies on performance, protocol support, and security.
The world has continue evolving and we've now moved from stateful inspection to next-gen firewalls and to today's AI/ML-powered firewalls. An example is Check Point's own Infinity Platform, the culmination of decades of innovation and acquired technologies that combine to provide collaborative security solutions across an entire enterprise.
Not one to rest on its laurels, Check Point is still innovating and inventing and is building the world's first Web 3.0 firewall - helping protect and defend blockchain transactions be they financial or otherwise.
Check Point Technologies chief technologist Web 3.0 and head of product vulnerability research Oded Vanunu spoke with iTWire to explain what this means.
{loadposition david08}
We know and understand Web 2.0; it's what we use today. Web 2.0 is characterised by the change from static web sites and manually edited HTML files to dynamic, user-generated content, and the growth of social media. Sites like iTWire, for example, have a database of stories and both the front page listing these stories, and the pages rendering the stories themselves, are database-driven. Stories are filed in the back-end content management system. Readers can register and post comments and engage with stories.
Web 3.0 is emerging, and you may have heard of it in the context of blockchain and crypto currencies.
"In Web 2.0 all the models are client and server," Vanunu said. "This is how the Internet works. A client can be a browser or an application, and the server can be something that's parsing the data."
"Communications go between the client and the server. You can use a computer or mobile or other device and connect to your bank and so on. All the communication is through network packets," he said.
"In Web 3.0 we also have a client and server, and communication between the client and the server. The client is an app like a browser or wallet, anything that communicates with the Web 3.0 protocol."
However, in Web 3.0 "the server is a smart contract," Vanunu explained. "It gets traffic from the client, a wallet sends something from the client to the smart contract like 'send two BitCoin'."
That traffic is called a transaction, and the smart contract verifies whether the transaction meets the logic of the contract and passes its application rules.
Once the transaction has been sent and passed the smart contract, the smart contract sends it on to the memory pool. A validator ensures it passes cryptographic checkups, and once it passes this, the transaction is added to the block.
This is the basis of how cryptocurrencies work. And, not only financial transactions - blockchain provides an immutable, verifiable, robust and resilient ledger or database. There are many potential applications beyond finance such as connecting and tracking part shipments, as well as handling votes and elections.
"Once the transaction has entered the mempool/validator/block phase it cannot be tampered with," Vanunu said. "However, vulnerabilties on the client or smart contract could be exploited."
Cryptocurrencies, because they involve money, are, of course, a big target for scammers and criminals. "You hear about someone hacking a million dollars from a wallet," Vanunu said. "The client is the target. The attacker sends a phish to the client - 'I have a digital asset I want to send you', it might say, like an Amazon coupon. The client says 'yes, I want to claim it' and the claim sends a transaction for approval. The client thinks they're saying 'I approve it', but the hackers tricked the transaction to be 'give me permission'. They can then control the wallet and steal the money."
Much like the bad guys can find vulnerabilities in typical software applications, so too "hackers can send payloads to smart contracts and exploit vulnerabilities like buffer overflows."
The end result is the hacker can withdraw the entire liquidity of a pool or project.
Although the terms are fancy and potentially intimidating, "the difference between Web 2.0 and Web 3.0 is packets are transactions, clients are wallets or apps that store digital assets, and servers are smart contracts."
Nevertheless, they use different networks. And with cybercrime always on the rise it's time for a Web 3.0 firewall, and Oded Vanunu is committed to making it happen. "I told Gil I am taking his invention and building the blockChain firewall," Vanunu joked.
iTWire saw it in action; Vanunu logged in to the Infinity portal's Web 3.0 security dashboard. There's a lot to see. By nature, Web 3.0 transactions are recorded in the blockchain, a distributed ledger that can be viewed by anyone with the right tools, and Vanunu and his team are watching, watching, watching all that is taking place.
"Our threat intel system is up and running, and sees attacks," he said. "We built a technology to monitor Of-Chain and On-Chain."
Some more terminology: "Of-Chain" refers to custodians; this is made up of signatures and all the technology needed to protect client wallets. For example, your cryptocurrency wallet provider's processes and workflows fall into this category.
Meanwhile, "On-Chain" is the transaction to the block. "Once something goes to the On-Chain, that's it. It's on the block. The transaction will go and any export will happen."
This year saw the world's largest cryptocurrency heist - on 21st February 2025 ByBit announced it had been hacked, with around 400,000 Ethereum stolen at an approximate notional value of $US 1.4 billion. The attacker exploited vulnerabilities in the multi-signature wallet system ByBit used, which was facilitated by compromised infrastructure at a third-party provider named Safe.
"They tricked the signature of the user," Vanunu explained. "The user thought they were seeing the transaction with all the correct details and destination and source and that it was safe. They approved it, but once approved they unleashed data without even knowing they provided privileges to the attacker."
Vanunu's Web 3.0 dashboard tracks the blockchain and sees what is happening in real-time. As the blockchain contains the full history of transactions, the dashboard can go back in time to let us see these issues of the past. "We can see the story by looking at our Check Point Web 3 security portal," Vanunu said.
Vanunu demonstrated other examples. He showed iTWire where "RugPull" attacks occurred. In this scenario a scammer creates a project and pumps it on social media and through spam. Regular folk are attracted and buy the project tokens but don't understand the owner of the cam has the privilege rights to take out the money in one single moment - hence, the literal rug pull.
With its long heritage in security, augmented by AI, Vanunu's Web 3.0 dashboard can rapidly identify if a transaction has risk indicators. As he browses through transactions, iTWire saw labels indicating unverified contractors, clients and users on a blacklist, contract creation metadata problems, large transactions, and so on. All this information combines to paint a story and reveal impending rug pull attacks as they build up.
"In Web 3.0 and blockchain the nice thing is everything anyone does is recorded and visible," he said. "If I'm a hacker and I want to do something malicious on Web 2.0 I buy domains, buy DNS, create a malicious web server, redirect places on the Internet and build infrastructure and unleash a campaign so everyone redirects to where I want."
"When someone is being hacked on Web 2.0 and somebody is trying to assist there's a forensic process to look for evidence and assets that were part of this attack. There is lots of investigation. How did it happen? Who was involved?"
By contrast, "in Web 3.0, anyone who creates a contract or wallet, anything that happens on the On-Chain, is recorded. Web 3.0 allows us to see the entire view of the attack and attacker."
Sure enough, Vanunu's tooling allows researchers and interested parties to go back in time. You can see the ByBit attacker build up their infrastructure before unleashing their attack in February. Labels pop up at each point tagging the individual transactions. "These give points in the story but are not strong enough by themselves," he said - until one transaction, which is system flagged as an anomaly detection. "This is the smoking gun. Our product identified transactions to this smart contract looked different to the type this smart contract is otherwise getting."
"We have a real-time system to sit on blockchain networks and see the attacks every day, every hour ... we know what's going on," Vanunu said. "We scan and classify every contract entering the Web 3.0 network and recognise if it is phishing or an abnormality."
And next - "once a payload is executed we can prevent it."
Work is still progressing, but the tech is clearly on track to bring this vision to reality. "We're investing a lot to make it bigger and stronger. We've built AI engines. Now we're building prevention," Vanunu said.
"The plan will be to allow users to use the platform. They won't need to look at the network but will be able to protect their network and smart contracts."
The end product will be available to end users like you or I, as well as vendors. For example, "ByBit can enter the system and attach a smart contract firewall to their smart contracts. Then every transaction will talk to the smart contract with these prevention capabilities attached. Or vendors like CoinSpot and other big networks can say 'ok, I'm now going to secure my wallet or app or platform by Check Point'."
"We will build the infrastructure to be agnostic."
Check Point Technologies has already proven its proof of concept for prevention, and is currently taking the prevention and productising it to be part of the overall Check Point user interface and workflow. Vanunu expects it to be readily available during the third quarter of this year.
"This is the future, real-time preventative On-Chain systems - this is what we've built," Vanunu said.