Check Point Consolidation

610 views

Published on

Check Point
Consolidation: Your Best Move Towards Stronger Security

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
610
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Check Point Consolidation

  1. 1. Consolidation: Your Best Move Towards Stronger Security Avi Rembaum Director, 3D Consulting [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.
  2. 2. Current Threat Vectors Spear Phishing RATs DoS Security administrators face multiple attacks from the same source that can occur simultaneously or over time Web attacks Zero-day Malware Botnets Network breach SPAM [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 2
  3. 3. Finding The Source of a Security Incident Is Like… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 3
  4. 4. Average Cost of a Cyber Crime Attack $8,389,828 $8,933,510 $6,459,362 2010 2011 2012 Source: Ponemon Cost of Cyber Crime Study, October 2012 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 4
  5. 5. What About Spending? According to 12,396 security professionals, spending on security during 2013 will: Source: ISC(2), 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 5
  6. 6. Are Thing Improving? And how does the same group of people feel about the success of their work? Source: ISC(2), 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 6
  7. 7. What’s Going On? Security incidents are becoming more expensive Security professionals doubt their effectiveness But, investment will stay the same or go up [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 7
  8. 8. At some point we have to realize that just maybe it’s time for a different approach But is this really a new conclusion? Some interesting reading… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 8
  9. 9. When Was This Written?  Malware and other forms of attack continue to be alarmingly effective at eluding in-place safeguards  The vulnerability-threat window is continuing to close  Equally troublesome is the fact that propagation times for threats are reaching new lows  Automated tools continue to lower the bar when it comes to the degree of knowledge required to launch ever more sophisticated attacks  The vast armies of “amateur” hackers are increasingly being joined by ranks of “professionals” [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 9
  10. 10. How About 2005? Admit it – it’s kind of scary that we can tell the same story eight years later [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 10
  11. 11. At The Time, They Recommended Figure 5 — Unified Threat Defenses Pervasive Perimeters Multilayer Awareness Pervasive Integration Multiservice Security [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 11
  12. 12. What They Were Really Saying Defense-in-depth is not the same as best-of-breed An example… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 12
  13. 13. IPS Software Blade: Security Quality Comparison 99.00% NSS 2012 IPS Group Test Competitive Comparison July 2012 97.00% 95.00% 93.00% 91.00% Over-all Protection Client Protections Server Protections 89.00% 87.00% Check Point 12600 SourceFire 3D8120 Fortinet 3240C Palo Alto PA5020 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 13
  14. 14. The reality is that IPS integrated into the firewall is just as effective, if not better, than stand-alone IPS solutions [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 14
  15. 15. And Comparing Check Point in 2012 vs. 2013 100.0% 99.5% 99.0% Getting better every year 98.5% 98.0% 97.5% 97.0% 96.5% Over-all Protection Client Protections Server Protections 96.0% 95.5% 95.0% 2012 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 15
  16. 16. And a look at costs [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 16
  17. 17. IPS Software Blade: Three-Year TCO Comparison Comparing Dedicated IPS Appliances to IPS Software Blade $80,000 $72,500 $70,000 $60,000 $50,000 $50,000 $40,000 $30,000 $20,000 $10,000 $13,500 $7,500 $4,500 $0 Dedicated IPS Dedicated IPS Annual Support One-Year TCOSoftware Blade Product Price Three-Year Dedicated IPS IPS Three-Year IPS Software Blade [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 17
  18. 18. What about other security technologies? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 18
  19. 19. Application Control: Three-Year TCO Comparison Comparing Dedicated Web Filter Appliances to Application Control Blade $60,000 $50,750 $50,000 $40,000 $35,000 $30,000 $20,000 $13,500 $10,000 $5,250 $4,500 $0 Dedicated Web Filter GatewayGateway Appliance Support Application Control Blade Control Bla Dedicated Web Appliance Three-Year Dedicated Web Gateway Three-YearTCO One-Year Appliance Application [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 19
  20. 20. GRC: Three-Year TCO Comparison Comparing Dedicated GRC Solutions with the Compliance Blade $90,000 $79,750 $80,000 $70,000 $60,000 $55,000 $50,000 $40,000 $30,000 $25,500 $20,000 $10,000 $8,250 $8,500 $0 Dedicated GRC Product Price Three-Year One-Year 25 Gateway Compliance Blade Blade T Dedicated GRC Solution Support Dedicated GRC TCO Three-Year Compliance [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 20
  21. 21. Sandboxing: Three-Year TCO Comparison Comparing Dedicated Sandbox Solutions $80,000 $72,500 $70,000 $60,000 $50,000 $50,000 $40,000 $30,000 $20,000 $10,000 $13,500 $7,500 $4,500 $0 Dedicated Sandbox Solution Solution Support Dedicated Sandbox Three-Year DedicatedOne-Year Threat Emulation BladeEmulation Bl Sandbox Solution TCO Threat Three-Year [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 21
  22. 22. Some questions for you [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 22
  23. 23. Please Raise Your Hand Question #1: Who here is using IPS Software Blade?  Why?  What protections? Question #2: Who here is using Anti-Bot?  Why?  Do you run the controls in protect mode? Question #3: Who here is using SmartEvent?  Why?  Do you activate automated blocking? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 23
  24. 24. Today, security solutions must provide: Multi-layer, integrated protections Real-time, actionable intelligence Adaptive controls [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 24
  25. 25. Why? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 25
  26. 26. Consider The Following Attack All three attack vectors are meant to breach the perimeter Server vulnerability exploit Weaponized attachment Network access Malware via social engineering Each attack uses a distinct method [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 26
  27. 27. “Best-of-Breed” During The Attack Server vulnerability exploit Weaponized attachment Malware via social engineering Dedicated Intrusion Detection Dedicated Sandbox Solution Dedicated Web Proxy Probably not in “prevent” mode Captures and analyzes attachment Sees Facebook and allows data to pass Proprietary Log Proprietary Log Proprietary Log 3rd Party Log Aggregator [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 27
  28. 28. And The Outcome Server vulnerability exploit Weaponized attachment Malware via social engineering Dedicated Intrusion Detection Dedicated Sandbox Solution Dedicated Web Proxy Server compromised, ad Probably not in min“prevent” mode rights obtained Proprietary Log Captures and analyzes attachment Endpoint Sees Facebook compromised, dat andextracted allows a to passdata Proprietary Log Proprietary Log 3rd Party Log Aggregator [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 28
  29. 29. And Event Management? Sandbox shows different event Log aggregator collects multiple feeds Each individual event appears separate Full picture and individual events have no relationship [Protected] For public distribution IDS event shows exploit Proxy just sees Facebook ©2013 Check Point Software Technologies Ltd. 29
  30. 30. And Worse Separate signature updates No sharing of “bad actor” information Multiple policy changes required for mitigation [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 30
  31. 31. And Finally, The Cost Product Dedicated IDS Dedicated Sandbox Dedicated Web Proxy CAPEX OPEX Three Year Cost $50,000 $7,500 $72,500 $50,000 $7,500 $72,500 $35,000 $5,250 $50,750 Three-Year Total [Protected] For public distribution $195,750 ©2013 Check Point Software Technologies Ltd. 31
  32. 32. Consolidating with Check Point [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 32
  33. 33. Starting With The GUI Key is to build a security flow Policy starts from the ground up  Firewall is that ground floor  IPS, App Ctrl, Anti-Bot flow from there [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 33
  34. 34. Check Point During The Attack Centralized updates via the ThreatCloud Server vulnerability exploit Weaponized attachment Malware via social engineering Threat Emulation Anti-Bot Application Control IPS Firewall [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 34
  35. 35. What Administrators Would See All attack vectors collected into a single perspective  Protections report into a single location  Tools for high-level and detailed analysis [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 35
  36. 36. And Then… When the attacker gets desperate and launches a DDoS Use the new DDoS controls and/or CLI the source IPs to the firewall [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 36
  37. 37. Costs With Check Point Product CAPEX OPEX 12607 (25% Discount) IPS Software Blade $53,760 $10,080 Three Year Cost $84,000 $4,500 $9,000 $4,500 $13,500 $4,500 $9,000 (Included in Year 1) Threat Emulation Application Control (Included in Year 1) Anti-Bot Blade $4,500 Three-Year Total [Protected] For public distribution $13,500 $129,000 ©2013 Check Point Software Technologies Ltd. 37
  38. 38. The Savings $195,750 $135,000 $53,760 $129,000 $75,240 $60,750 Savings Amount: $66,750 Percent: 35% Multiple Vendors Check Point CAPEX OPEX 3 Year Total [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 38
  39. 39. Summary Yes, it’s tempting to do what’s always been done: Multi-vendor Data suggest that it’s time for an alternative approach: Consolidation [Protected] For public distribution Check Point’s multi-layer threat prevention makes it work ©2013 Check Point Software Technologies Ltd. 39

×