Consolidation: Your
Best Move Towards
Stronger Security

Avi Rembaum
Director, 3D Consulting

[Protected] For public distr...
Current Threat Vectors
Spear
Phishing

RATs

DoS

Security administrators
face multiple attacks
from the same source
that ...
Finding The Source of a Security Incident Is Like…

[Protected] For public distribution

©2013 Check Point Software Techno...
Average Cost of a Cyber Crime Attack

$8,389,828

$8,933,510

$6,459,362

2010

2011

2012

Source: Ponemon Cost of Cyber ...
What About Spending?
According to 12,396 security professionals,
spending on security during 2013 will:

Source: ISC(2), 2...
Are Thing Improving?
And how does the same group of people
feel about the success of their work?

Source: ISC(2), 2013

[P...
What’s Going On?

Security incidents are
becoming more
expensive
Security professionals
doubt their effectiveness

But, in...
At some point we have to
realize that just maybe it’s time
for a different approach
But is this really a new conclusion?
S...
When Was This Written?
 Malware and other forms of attack continue to be
alarmingly effective at eluding in-place safegua...
How About 2005?
Admit it – it’s kind of scary that we can
tell the same story eight years later

[Protected] For public di...
At The Time, They Recommended
Figure 5 — Unified Threat Defenses

Pervasive
Perimeters
Multilayer
Awareness

Pervasive
Int...
What They Were Really Saying

Defense-in-depth is not the
same as best-of-breed
An example…

[Protected] For public distri...
IPS Software Blade:
Security Quality Comparison
99.00%

NSS 2012 IPS
Group Test
Competitive
Comparison
July 2012

97.00%
9...
The reality is that IPS
integrated into the firewall is
just as effective, if not
better, than stand-alone IPS
solutions
[...
And Comparing Check Point in 2012
vs. 2013
100.0%
99.5%
99.0%

Getting
better every
year

98.5%

98.0%
97.5%
97.0%
96.5%

...
And a look at costs

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd.

16
IPS Software Blade:
Three-Year TCO Comparison
Comparing Dedicated IPS Appliances to
IPS Software Blade
$80,000
$72,500
$70...
What about other
security technologies?

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd....
Application Control:
Three-Year TCO Comparison
Comparing Dedicated Web Filter Appliances to
Application Control Blade
$60,...
GRC: Three-Year TCO Comparison
Comparing Dedicated GRC Solutions with
the Compliance Blade
$90,000
$79,750

$80,000
$70,00...
Sandboxing:
Three-Year TCO Comparison
Comparing Dedicated Sandbox Solutions
$80,000
$72,500
$70,000
$60,000
$50,000

$50,0...
Some questions for you

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd.

22
Please Raise Your Hand
Question #1: Who here is using IPS Software Blade?

 Why?
 What protections?
Question #2: Who her...
Today, security solutions must provide:
Multi-layer, integrated protections

Real-time, actionable intelligence
Adaptive c...
Why?

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd.

25
Consider The Following Attack

All three attack
vectors are meant to
breach the perimeter

Server vulnerability
exploit
We...
“Best-of-Breed” During The Attack
Server
vulnerability
exploit

Weaponized
attachment

Malware via social
engineering

Ded...
And The Outcome
Server
vulnerability
exploit

Weaponized
attachment

Malware via social
engineering

Dedicated
Intrusion
D...
And Event Management?

Sandbox
shows
different
event

Log aggregator
collects multiple
feeds
Each individual
event appears...
And Worse

Separate signature updates
No sharing of “bad actor”
information
Multiple policy changes required
for mitigatio...
And Finally, The Cost

Product
Dedicated
IDS
Dedicated
Sandbox
Dedicated
Web Proxy

CAPEX

OPEX

Three Year
Cost

$50,000
...
Consolidating with
Check Point

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd.

32
Starting With The GUI

Key is to build a security flow
Policy starts from the ground up

 Firewall is that ground floor
...
Check Point During The Attack

Centralized updates via the
ThreatCloud

Server vulnerability
exploit

Weaponized
attachmen...
What Administrators Would See

All attack vectors collected into a
single perspective

 Protections report into a single ...
And Then…

When the attacker
gets desperate
and launches a
DDoS

Use the new DDoS
controls and/or CLI
the source IPs to
th...
Costs With Check Point

Product

CAPEX

OPEX

12607 (25% Discount)
IPS Software Blade

$53,760

$10,080

Three Year
Cost
$...
The Savings

$195,750

$135,000

$53,760

$129,000

$75,240
$60,750

Savings
Amount: $66,750
Percent: 35%

Multiple Vendor...
Summary

Yes, it’s tempting
to do what’s
always been
done:
Multi-vendor

Data suggest
that it’s time for
an alternative
ap...
Upcoming SlideShare
Loading in …5
×

Check Point Consolidation

556 views
429 views

Published on

Check Point
Consolidation: Your Best Move Towards Stronger Security

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
556
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Check Point Consolidation

  1. 1. Consolidation: Your Best Move Towards Stronger Security Avi Rembaum Director, 3D Consulting [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.
  2. 2. Current Threat Vectors Spear Phishing RATs DoS Security administrators face multiple attacks from the same source that can occur simultaneously or over time Web attacks Zero-day Malware Botnets Network breach SPAM [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 2
  3. 3. Finding The Source of a Security Incident Is Like… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 3
  4. 4. Average Cost of a Cyber Crime Attack $8,389,828 $8,933,510 $6,459,362 2010 2011 2012 Source: Ponemon Cost of Cyber Crime Study, October 2012 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 4
  5. 5. What About Spending? According to 12,396 security professionals, spending on security during 2013 will: Source: ISC(2), 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 5
  6. 6. Are Thing Improving? And how does the same group of people feel about the success of their work? Source: ISC(2), 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 6
  7. 7. What’s Going On? Security incidents are becoming more expensive Security professionals doubt their effectiveness But, investment will stay the same or go up [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 7
  8. 8. At some point we have to realize that just maybe it’s time for a different approach But is this really a new conclusion? Some interesting reading… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 8
  9. 9. When Was This Written?  Malware and other forms of attack continue to be alarmingly effective at eluding in-place safeguards  The vulnerability-threat window is continuing to close  Equally troublesome is the fact that propagation times for threats are reaching new lows  Automated tools continue to lower the bar when it comes to the degree of knowledge required to launch ever more sophisticated attacks  The vast armies of “amateur” hackers are increasingly being joined by ranks of “professionals” [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 9
  10. 10. How About 2005? Admit it – it’s kind of scary that we can tell the same story eight years later [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 10
  11. 11. At The Time, They Recommended Figure 5 — Unified Threat Defenses Pervasive Perimeters Multilayer Awareness Pervasive Integration Multiservice Security [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 11
  12. 12. What They Were Really Saying Defense-in-depth is not the same as best-of-breed An example… [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 12
  13. 13. IPS Software Blade: Security Quality Comparison 99.00% NSS 2012 IPS Group Test Competitive Comparison July 2012 97.00% 95.00% 93.00% 91.00% Over-all Protection Client Protections Server Protections 89.00% 87.00% Check Point 12600 SourceFire 3D8120 Fortinet 3240C Palo Alto PA5020 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 13
  14. 14. The reality is that IPS integrated into the firewall is just as effective, if not better, than stand-alone IPS solutions [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 14
  15. 15. And Comparing Check Point in 2012 vs. 2013 100.0% 99.5% 99.0% Getting better every year 98.5% 98.0% 97.5% 97.0% 96.5% Over-all Protection Client Protections Server Protections 96.0% 95.5% 95.0% 2012 2013 [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 15
  16. 16. And a look at costs [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 16
  17. 17. IPS Software Blade: Three-Year TCO Comparison Comparing Dedicated IPS Appliances to IPS Software Blade $80,000 $72,500 $70,000 $60,000 $50,000 $50,000 $40,000 $30,000 $20,000 $10,000 $13,500 $7,500 $4,500 $0 Dedicated IPS Dedicated IPS Annual Support One-Year TCOSoftware Blade Product Price Three-Year Dedicated IPS IPS Three-Year IPS Software Blade [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 17
  18. 18. What about other security technologies? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 18
  19. 19. Application Control: Three-Year TCO Comparison Comparing Dedicated Web Filter Appliances to Application Control Blade $60,000 $50,750 $50,000 $40,000 $35,000 $30,000 $20,000 $13,500 $10,000 $5,250 $4,500 $0 Dedicated Web Filter GatewayGateway Appliance Support Application Control Blade Control Bla Dedicated Web Appliance Three-Year Dedicated Web Gateway Three-YearTCO One-Year Appliance Application [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 19
  20. 20. GRC: Three-Year TCO Comparison Comparing Dedicated GRC Solutions with the Compliance Blade $90,000 $79,750 $80,000 $70,000 $60,000 $55,000 $50,000 $40,000 $30,000 $25,500 $20,000 $10,000 $8,250 $8,500 $0 Dedicated GRC Product Price Three-Year One-Year 25 Gateway Compliance Blade Blade T Dedicated GRC Solution Support Dedicated GRC TCO Three-Year Compliance [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 20
  21. 21. Sandboxing: Three-Year TCO Comparison Comparing Dedicated Sandbox Solutions $80,000 $72,500 $70,000 $60,000 $50,000 $50,000 $40,000 $30,000 $20,000 $10,000 $13,500 $7,500 $4,500 $0 Dedicated Sandbox Solution Solution Support Dedicated Sandbox Three-Year DedicatedOne-Year Threat Emulation BladeEmulation Bl Sandbox Solution TCO Threat Three-Year [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 21
  22. 22. Some questions for you [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 22
  23. 23. Please Raise Your Hand Question #1: Who here is using IPS Software Blade?  Why?  What protections? Question #2: Who here is using Anti-Bot?  Why?  Do you run the controls in protect mode? Question #3: Who here is using SmartEvent?  Why?  Do you activate automated blocking? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 23
  24. 24. Today, security solutions must provide: Multi-layer, integrated protections Real-time, actionable intelligence Adaptive controls [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 24
  25. 25. Why? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 25
  26. 26. Consider The Following Attack All three attack vectors are meant to breach the perimeter Server vulnerability exploit Weaponized attachment Network access Malware via social engineering Each attack uses a distinct method [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 26
  27. 27. “Best-of-Breed” During The Attack Server vulnerability exploit Weaponized attachment Malware via social engineering Dedicated Intrusion Detection Dedicated Sandbox Solution Dedicated Web Proxy Probably not in “prevent” mode Captures and analyzes attachment Sees Facebook and allows data to pass Proprietary Log Proprietary Log Proprietary Log 3rd Party Log Aggregator [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 27
  28. 28. And The Outcome Server vulnerability exploit Weaponized attachment Malware via social engineering Dedicated Intrusion Detection Dedicated Sandbox Solution Dedicated Web Proxy Server compromised, ad Probably not in min“prevent” mode rights obtained Proprietary Log Captures and analyzes attachment Endpoint Sees Facebook compromised, dat andextracted allows a to passdata Proprietary Log Proprietary Log 3rd Party Log Aggregator [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 28
  29. 29. And Event Management? Sandbox shows different event Log aggregator collects multiple feeds Each individual event appears separate Full picture and individual events have no relationship [Protected] For public distribution IDS event shows exploit Proxy just sees Facebook ©2013 Check Point Software Technologies Ltd. 29
  30. 30. And Worse Separate signature updates No sharing of “bad actor” information Multiple policy changes required for mitigation [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 30
  31. 31. And Finally, The Cost Product Dedicated IDS Dedicated Sandbox Dedicated Web Proxy CAPEX OPEX Three Year Cost $50,000 $7,500 $72,500 $50,000 $7,500 $72,500 $35,000 $5,250 $50,750 Three-Year Total [Protected] For public distribution $195,750 ©2013 Check Point Software Technologies Ltd. 31
  32. 32. Consolidating with Check Point [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 32
  33. 33. Starting With The GUI Key is to build a security flow Policy starts from the ground up  Firewall is that ground floor  IPS, App Ctrl, Anti-Bot flow from there [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 33
  34. 34. Check Point During The Attack Centralized updates via the ThreatCloud Server vulnerability exploit Weaponized attachment Malware via social engineering Threat Emulation Anti-Bot Application Control IPS Firewall [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 34
  35. 35. What Administrators Would See All attack vectors collected into a single perspective  Protections report into a single location  Tools for high-level and detailed analysis [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 35
  36. 36. And Then… When the attacker gets desperate and launches a DDoS Use the new DDoS controls and/or CLI the source IPs to the firewall [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 36
  37. 37. Costs With Check Point Product CAPEX OPEX 12607 (25% Discount) IPS Software Blade $53,760 $10,080 Three Year Cost $84,000 $4,500 $9,000 $4,500 $13,500 $4,500 $9,000 (Included in Year 1) Threat Emulation Application Control (Included in Year 1) Anti-Bot Blade $4,500 Three-Year Total [Protected] For public distribution $13,500 $129,000 ©2013 Check Point Software Technologies Ltd. 37
  38. 38. The Savings $195,750 $135,000 $53,760 $129,000 $75,240 $60,750 Savings Amount: $66,750 Percent: 35% Multiple Vendors Check Point CAPEX OPEX 3 Year Total [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 38
  39. 39. Summary Yes, it’s tempting to do what’s always been done: Multi-vendor Data suggest that it’s time for an alternative approach: Consolidation [Protected] For public distribution Check Point’s multi-layer threat prevention makes it work ©2013 Check Point Software Technologies Ltd. 39

×