Defining Your
Security Blueprint

Jorge Steinfeld
VP of Information Systems

©2013 Check Point Software Technologies Ltd.
Dynamic Environment, New Challenges

We live in a VERY dynamic environment,
IT needs to enable & support it
©2013 Check Po...
©2013 Check Point Software Technologies Ltd.

3
Check Point Global Presence
LOCATIONS

AUDIENCES

APPLICATIONS

More than 70 offices

©2013 Check Point Software Technolog...
Check Point Global Presence
LOCATIONS

AUDIENCES

APPLICATIONS

4 major offices
2 co-location sites
6 development sites
12...
Check Point Global Audiences
LOCATIONS

Leads
Finance
Employees
Customers

AUDIENCES

HR
Employees
Partners

R&D
Employees...
Check Point Global Audiences
LOCATIONS

Leads
Finance
Employees
Customers

AUDIENCES

HR
Employees
Partners

R&D
Employees...
Check Point Global Audiences
LOCATIONS
CUSTOMER
GATEWAYS

EMPLOYEES

EXTERNAL
PARTIES

Customers’
Gateways
ZoneAlarm
Custo...
Check Point Global Applications
LOCATIONS

Wiki
Customer
Portal

Performance
Review

Call Center
Salary

AUDIENCES

Exchan...
Check Point Global Applications
LOCATIONS

Wiki
Customer
Portal

Performance
Review

Call Center
Salary

AUDIENCES

Exchan...
Check Point Global Applications
LOCATIONS
CUSTOMERS
AND PUBLIC

EMPLOYEES

EMPLOYEES

from anywhere

at the office

DESIGN...
LOCATIONS

AUDIENCES

APPLICATIONS

©2013 Check Point Software Technologies Ltd.

12
Define Network Zones & Policy
DMZ

SSA

INTERNAL

DEPARTMENTAL

Zone populated
with Public
Systems.

Zone populated
with I...
Define Network Zones & Policy
DMZ

SSA

INTERNAL

DEPARTMENTAL

Zone populated
with Public
Systems.

Zone populated
with I...
LOCATIONS

AUDIENCES

APPLICATIONS

©2013 Check Point Software Technologies Ltd.

15
Define Modular Packages
Main Office and
Data Center
DMZ

SSA

Departmental
Departmental
Departmental

Internal
Servers

Sm...
We Will Focus on the 3 Main Risks

Risky enterprise
applications

Data loss
incidents

63%

47%

54%

infected
with bots

...
Adopt a multi-layer protection

Firewall

DLP

Logging & Status

VPN

URLF

Full Disk Encryption

IPS

Application control...
Adopt a multi-layer protection

Firewall
Firewall

DLP
DLP

Logging & Status
Logging & Status

VPN
VPN

URLF
URLF

Full Di...
Adopt a multi-layer protection
Firewall
Firewall

URLF

Full Disk Encryption

IPS

Application control

Policy Management
...
Define Modular Packages
Main Office and
Data Center
DMZ

Internal
Servers

SSA

Small Office
Internal
Servers & Users

Int...
Analyze Performance Requirements
Download and Run Check Point
Performance Sizing Utility
Traffic Characteristics

Resource...
Define Modular Packages
Main Office and
Data Center
DMZ

Internal
Servers

SSA

Small Office
Internal
Servers & Users

Int...
Apply Policy for Your Main Risks

Addressing
external threats

Enable secure
application use

Preventing
Data Loss

©2013 ...
Case 1: Provoked Leakage

Singapore
November 28th, 2012
14:00 hrs. local time

©2013 Check Point Software Technologies Ltd...
Case 1: Leakage Prevention
Daniel gets a notification from the DLP system

Data Loss Prevention Alert
An email that you ha...
DLP Policy Definition
Personal  Public

Confidential

Restricted 
Highly Restricted

Non confidential or
personal informat...
DLP Policy Implementation
Data Type

Action

Our business information: Customers,
contracts, etc

ASK USER

Source code

A...
DLP Incident Statistics
Average
monthly
events

• ASK USER: ~2,700
• BLOCK: ~7

ASK USER
per
employee

~1

ASK USER
feedba...
Case 2: Unintended Exposure

Minsk, Belarus
Oct 22nd, 2012
13:30 hrs. local time

Tel-Aviv, Israel
Oct 22nd, 2012
13:45 hr...
Case 2: Exposure Prevention
BitTorrent detected on one of the lab machines which
was connected to the internal network

Op...
App Wiki—Applications Library

Over 4,900 applications
Over 300,000 social-network
widgets
Grouped in over 80 categories
(...
Application Control Policy Definition
Low Risk

Medium Risk

Applications from the
following categories:
Business applicat...
Application Control Implementation
Application Type

Action

Critical or high risk

Block

Anonymizer, P2P file sharing,
b...
Application Control Statistics

Monthly
events:
20,000
Number of
users: 600

Top block applications  protocols
• Dropbox —...
Defining Your Security Blueprint
1

Identify your environment

2

Define your security zones

3

Identify main threats & p...
Summary
My needs are customers’ needs;
my security solutions are customers’ solutions
DMZ
URLF
Antivirus
Anti-Bot
IPS

SSA...
Thank You

©2013 Check Point Software Technologies Ltd.
Upcoming SlideShare
Loading in...5
×

Check Point: Defining Your Security blueprint

401

Published on

Security blueprint

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
401
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Check how many offices
  • IT is very dynamicEvents every dayNew application, new system, new serverNew dbDRP projectsNew officesMigration of dept. New acquistionsMore outsourced systems that interact with internal systemsNew audiences interacting with our systems : partners, customers, external accountants, gateways  New threats – bots, constant new malwaresNew technologies – mobile synchronization, cloud synchNew trends – BYODTrying to balance time/moneyNeed to apply security measures toAccessInternal assets and informationTools and applicationsConserve bandwidth for business critical tasksOptimize employees’ productivityProtect internal assets from unauthorized accessEnable secure access from everywherePrevent sensitive information from getting to the wrong handsWho is allowed to access which tools?(Who? By IP – but IPs change as users are mobile; IP ranges/NW segments are not accurate – again, users are mobile)What are users allowed to do?(Which internal assets can be accessed? Which Internet tools?)What content can leave the organization?
  • On the 24.2.2012 at approximately 14:00 Singapore time Daniel Phuan, a SE Manager from the Singapore office, received a phone call to his mobile phone from an undisclosed number. The caller spoke English with an Asian accent, and introduced himself as Mike Chen (Product Marketing Manager from US). He claimed that he is on the road from US to Japan for a business meeting, have a connection at Singapore airport and does not have access to Check Point web site as his laptop broke down. He requested contact information of Japan office personnel and provided an external e-mail address (biztrip@live.com).
  • While getting the notification Daniel kept trying to authenticate the identity of the caller started to suspect when he failed to provide the name of his direct manager. The caller claimed that he reports directly to Marketing VP, Juliette Sultan. Daniel told the caller he cannot provide further information and the call ended.Daniel Contacted Check Point security officer by email and notified him of the incident and that Johnny Poh and Lum Soong Chee received a similar call.  
  • Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  • Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  • Vladimir Antonovich, End Point system administrator, setting the environment to test an anti-malware productRan Ravid, Security on duty, reviews the log of application control.Ran - 13:47Please check why your host is running BitorrentVladimir - 13:55 Can’t find this host can you send more information Ran - 13:57According to my log it is using BiTorrent and UtorrentVladimir – 14:06Found it – A Laptop used for test we forgotto uninstall Torrent clients ConclusionsIt took ~20 min to close the “Hole”Even security experts can miss security policySecurity enforcement should be strict
  • The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.
  • The second dimension provides fine-grain internet application awareness to the Check Point security gateway. Check Point’s application control library scanning and detection of more than 4,500 distinct applications and over 50,000 social networking widgets across a wide range of categories including Instant Messaging, Peer-to-peer file sharing, Social Networking, Web 2.0, Voice-over-IP, Anonymizers, IPTV, Multimedia, Games, Virtual Worlds, and Unified Communication. These applications are classified in different levels of business and non-business categories enabling a strong and flexible choice of parameters for any given policy. The applications are organized into 150 categories including categories for communication, IM, entertainment, commercial, financial, computing, government and a lot more.
  • Low risk applications are applications from the following categories: Business Applicatons (i.e Google Apps *), Download Managers (i.e 3wGet, Apt-get, Download Master), Media Sharing (only YouTube and Apple QuickTime are allowed), Mobile Software (i.e Google Play, Mobile Google Maps, WhatsApp Messenger), Social Networking (i.e Facebook, Geni), Tweeter Clients (i.eBinTweet, CheapTweet), and more.* Google apps may be used for personal use only. Uploading corporate data to Google apps is forbidden.Medium risk applications are applications from the following categories:  Brower plugins (i.e.AdobeFlase, Ask Toolbar, BingBar), Email * (I,e Gmail, Yahoo!),  VoIP (i.e Skype), Web Conferencing (only Adobe Connect is allowed), and more.High risk applicatons are applications from the following categories: File Storage and Sharing (i.eDropBox, Sugarsync, DropMe, ShareFile), Instant Messaging (i.e Miranda IM, CryptoChat, IceChat), P2P File Sharing (i.eKazaa, Sopcast, AllPeers, Bittorent, uTorent, Emule), Remote Administration (i.e Poison Ivy, Access Remore PC, Radmin, TeamViewer, pcAnywhere), and more.
  • Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  • Zbot Trojan is loaded onto a USB stickDerek plugs the USB stick into his computerZbot Trojan is installedZbot turns Derek’s computer into a bot !!The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.Trojan.Spy.MSIL.ZbotMalware that when loaded attempts to steal dataTurns systems into Botsto steal more dataMulti-vector attack
  • The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.
  • Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  • Check Point: Defining Your Security blueprint

    1. 1. Defining Your Security Blueprint Jorge Steinfeld VP of Information Systems ©2013 Check Point Software Technologies Ltd.
    2. 2. Dynamic Environment, New Challenges We live in a VERY dynamic environment, IT needs to enable & support it ©2013 Check Point Software Technologies Ltd. 2
    3. 3. ©2013 Check Point Software Technologies Ltd. 3
    4. 4. Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS More than 70 offices ©2013 Check Point Software Technologies Ltd. 4
    5. 5. Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS 4 major offices 2 co-location sites 6 development sites 12 medium offices, 38 small offices ©2013 Check Point Software Technologies Ltd. 5
    6. 6. Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 6
    7. 7. Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 7
    8. 8. Check Point Global Audiences LOCATIONS CUSTOMER GATEWAYS EMPLOYEES EXTERNAL PARTIES Customers’ Gateways ZoneAlarm Customers HR Employees Suppliers External Accountants R&D Employees APPLICATIONS Customers Security Admins AUDIENCES Leads Consultants Finance Employees Partners Marketing Employees PUBLIC Recruitment Agencies All Public ©2013 Check Point Software Technologies Ltd. 8
    9. 9. Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 9
    10. 10. Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 10
    11. 11. Check Point Global Applications LOCATIONS CUSTOMERS AND PUBLIC EMPLOYEES EMPLOYEES from anywhere at the office DESIGNATED EMPLOYEES only Public Site Wiki Performance Review R&D Source Code ZoneAlarm Store Call Center Business Warehouse Salary Customer Portal Sales Systems Time Attendance HR System Support Center Exchange AUDIENCES R&D Project Management APPLICATIONS ©2013 Check Point Software Technologies Ltd. 11
    12. 12. LOCATIONS AUDIENCES APPLICATIONS ©2013 Check Point Software Technologies Ltd. 12
    13. 13. Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data All Public Internal & Remote Employees Public Site Zone Alarm Store Sales Systems Exchange Customer Portal Support Center Wiki Call Center Internal Employees Business Warehouse Perf. Review R&D Employees R&D Systems R&D Project Mgmt. Time Attendance ©2013 Check Point Software Technologies Ltd. 13
    14. 14. Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data DMZ • Any User can reach the DMZ zone • Only corporate users can reach the SSA zone from internal SSA networks or through VPN • Only corporate users can reach the Internal zone from internal Internal networks only Departmental • Only specific users can reach the corresponding Departmental zone Any other access is considered an exception and must be approved ©2013 Check Point Software Technologies Ltd. 14
    15. 15. LOCATIONS AUDIENCES APPLICATIONS ©2013 Check Point Software Technologies Ltd. 15
    16. 16. Define Modular Packages Main Office and Data Center DMZ SSA Departmental Departmental Departmental Internal Servers Small Office Internal Servers & Users Internal Users ©2013 Check Point Software Technologies Ltd. 16
    17. 17. We Will Focus on the 3 Main Risks Risky enterprise applications Data loss incidents 63% 47% 54% infected with bots used anonymizers had a data loss event Threats to the organization Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 17
    18. 18. Adopt a multi-layer protection Firewall DLP Logging & Status VPN URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Anti-Virus Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 18
    19. 19. Adopt a multi-layer protection Firewall Firewall DLP DLP Logging & Status Logging & Status VPN VPN URLF URLF Full Disk Encryption Full Disk Encryption IPS IPS Application control Application control Policy Management Policy Management Mobile Mobile Anti-Spam Anti-Spam Anti-Bot Anti-Bot Compliance Compliance Anti-Virus Anti-Virus Media Encryption Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 19
    20. 20. Adopt a multi-layer protection Firewall Firewall URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Enable secure application use Logging & Status VPN Addressing external threats DLP Anti-Virus Media Encryption Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 20
    21. 21. Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control ©2013 Check Point Software Technologies Ltd. 21
    22. 22. Analyze Performance Requirements Download and Run Check Point Performance Sizing Utility Traffic Characteristics Resource Utilization Max. Throughput Max CPU Define future Target Environment Max. Packet Rate Max Define future Security Kernel CPU Requirements Max. Concurrent Connections Max Memory Security Requirements Firewall Get proposed solutions VPN IPS Anti Bot Anti Virus DLP URL Filtering ©2013 Check Point Software Technologies Ltd. 22
    23. 23. Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control 12600 1100 ©2013 Check Point Software Technologies Ltd. 24
    24. 24. Apply Policy for Your Main Risks Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 25
    25. 25. Case 1: Provoked Leakage Singapore November 28th, 2012 14:00 hrs. local time ©2013 Check Point Software Technologies Ltd. 26
    26. 26. Case 1: Leakage Prevention Daniel gets a notification from the DLP system Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. DLP Enforcement Send , Discard , or Review Issue ©2013 Check Point Software Technologies Ltd. 27
    27. 27. DLP Policy Definition Personal Public Confidential Restricted Highly Restricted Non confidential or personal information that has non or positive effect on the company Important information that has limited impact on the company Sensitive or highly sensitive information that may compromise the company • Sending out data classified as Personal or Public is allowed. • Sending out data classified as Restricted, Highly Restricted or Confidential is not allowed. Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 28
    28. 28. DLP Policy Implementation Data Type Action Our business information: Customers, contracts, etc ASK USER Source code ASK USER Financial data, Intellectual property ASK USER Personal employee data ASK USER Special documents BLOCK ©2013 Check Point Software Technologies Ltd. 29
    29. 29. DLP Incident Statistics Average monthly events • ASK USER: ~2,700 • BLOCK: ~7 ASK USER per employee ~1 ASK USER feedback distribution • Sent: 85% • Don’t send: 15% ©2013 Check Point Software Technologies Ltd. 30
    30. 30. Case 2: Unintended Exposure Minsk, Belarus Oct 22nd, 2012 13:30 hrs. local time Tel-Aviv, Israel Oct 22nd, 2012 13:45 hrs. local time ©2013 Check Point Software Technologies Ltd. 31
    31. 31. Case 2: Exposure Prevention BitTorrent detected on one of the lab machines which was connected to the internal network Open file sharing access App Name Action Risk ©2013 Check Point Software Technologies Ltd. 32
    32. 32. App Wiki—Applications Library Over 4,900 applications Over 300,000 social-network widgets Grouped in over 80 categories (including Web 2.0, IM, P2P, Voice & Video, File Share) appwiki.checkpoint.com ©2013 Check Point Software Technologies Ltd. 33
    33. 33. Application Control Policy Definition Low Risk Medium Risk Applications from the following categories: Business applications, Mobile software, Social networking,… Application from the following categories: Browser plugins, Personal mail, VoIP,… High Risk Application from the following categories: File storage & sharing, P2P file Sharing, Remote administration,... • Usage of Low Risk and Medium Risk applications Risk Medium Risk is allowed • Usage of High RiskRisk High Risk applications is not allowed Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 34
    34. 34. Application Control Implementation Application Type Action Critical or high risk Block Anonymizer, P2P file sharing, botnets, etc. Block Department special need (e.g., hacker sites) Medium risk Ask User Monitor ©2013 Check Point Software Technologies Ltd. 35
    35. 35. Application Control Statistics Monthly events: 20,000 Number of users: 600 Top block applications protocols • Dropbox — 52% • Sugarsync. — 43% • BitTorrent — 2% • Lync (Microsoft Chat tool) — 2% Top 4 covers ~90% of the cases ©2013 Check Point Software Technologies Ltd. 36
    36. 36. Defining Your Security Blueprint 1 Identify your environment 2 Define your security zones 3 Identify main threats & protections 4 5 Analyze performance requirements 1 5 Define Specific Security environment 4 2 7 Identify & ModuleDataRequirements Analyze PerformanceZones Define your SecurityDefine Protections Define Threats Packages 3 6 Identify MainOrganize your Policies Analyze your & Define modular packages 6 Define specific security Policies 7 DMZ SSA Analyze your data DMZ URLF Antivirus Anti-Bot IPS Firewall Internal Servers SSA DEPARTInternal Departmental Departmental INTERNAL To manage Departmental Users MENTAL all this: Anti-Spam Unified Management Application Control Tool 4 People! DLP ©2013 Check Point Software Technologies Ltd. 37
    37. 37. Summary My needs are customers’ needs; my security solutions are customers’ solutions DMZ URLF Antivirus Anti-Bot IPS SSA Build security modular packages, adopting a multi-layer protection: - Be a business enabler Analyze your data to improve your security Easy to manage with Software Blades ©2013 Check Point Software Technologies Ltd. 38
    38. 38. Thank You ©2013 Check Point Software Technologies Ltd.

    ×