What Is MCP?
Model Context Protocol (MCP) is an open standard that gives AI agents a structured way to access external tools and data. Think of it as a universal adapter between LLMs and the systems they need to interact with.
| Component | Role | Example |
|---|---|---|
| MCP Client | The AI application | Claude Desktop, a custom agent |
| MCP Server | Exposes tools via standard protocol | Check Point Management MCP, Jira MCP |
| Tools | Specific capabilities | list_firewalls, get_policy |
| Resources | Data the server provides | Firewall logs, threat intelligence |
Why MCP Matters for Security
| Benefit | Risk |
|---|---|
| Standardised tool access | Every MCP connection is a potential data channel |
| Agents can orchestrate multi-tool workflows | Too many tools = too much blast radius |
| Tools are discoverable and documented | Tool descriptions can be manipulated (poisoning) |
| Enables security operations automation | Autonomous actions without human approval |
Available Check Point MCP Servers
The cp-agentic-mcp-playground includes 13 MCP servers covering:
| MCP Server | Product | Risk Level |
|---|---|---|
| Reputation Service | ThreatCloud | Low (read-only) |
| Management Logs | SmartLog | Low (read-only) |
| Threat Emulation | SandBlast | Medium (file submission) |
| Quantum Management | Security Mgmt | High (rule changes) |
| Gateway CLI | Quantum GWs | High (CLI commands) |
Loading...
Loading...
Think Deeper
Try this:
An agent has MCP access to both the Reputation Service and Quantum Management. Why is this a risk, and how would you apply least-privilege?
The Reputation Service is read-only (low risk). Quantum Management can modify firewall rules (high risk). If the agent is compromised via prompt injection in a malicious log entry, it could use the Management MCP to open firewall ports. Least-privilege: give investigation agents read-only tools. Only give management access to agents with human-in-the-loop approval.
Key insight: MCP is the new attack surface. Every MCP connection is a capability grant.
Least-privilege applies to agents just like it applies to human users — an investigation agent
should NOT have gateway management access.