More Related Content Similar to Completing your Next Generation Threat Prevention - Check Point Similar to Completing your Next Generation Threat Prevention - Check Point (20) Completing your Next Generation Threat Prevention - Check Point1. ©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd.
Supoj Aram-ekkalarb | Security Consultant
COMPLETING YOUR
NEXT-GENERATION
THREAT PREVENTION
2. ©2014 Check Point Software Technologies Ltd. 2[Restricted] ONLY for designated groups and individuals
Accelerating Rise of Malware
The Security Landscape
25 Years Ago:
Invention of
Firewall
20 Years Ago:
Invention of
Stateful Inspection
10 Years Ago:
URL Filtering,
UTM
5 Years Ago:
NGFW,
Mobile Security
Now:
Threat Intelligence
Threat Prevention
15 Years Ago:
Prevalent use of
Antivirus, VPN,
IPS
2010:
DDoS
attacks:
Stuxnet
SCADA
1988:
Morris
Worm
1994:
Green
Card
Lottery
2000:
I Love You
2003:
Anonymous
Formed
2006:
WikiLeaks
2011:
Stolen
authentication
information
1998:
Melissa
2007:
Zeus Trojan
3. ©2015 Check Point Software Technologies Ltd. 3
Meet John — The Security Administrator
June
2015
Aug
2015
Oct
2015
Dec
2015
4. ©2015 Check Point Software Technologies Ltd. 4
John works for a retailing
company. John managed
to keep customer credit
cards safe
6. ©2015 Check Point Software Technologies Ltd. 6
Unusual hour
John starts his morning by reviewing
Threat Prevention Events
Prevented
Bot EventCritical Severity
Do we have business
in Italy?OMG! It’s a
Point of Sale
June
2015
7. ©2015 Check Point Software Technologies Ltd. 7
John validates destination IP reputation on
Virus Total
June
2015
8. ©2015 Check Point Software Technologies Ltd. 8
Advanced Threat Prevention — Forensics
How was the host infected?
What got compromised?
Which files/domains/processes were part of the attack?
Questions:
Which other machines are also compromised?
NEW
The Host is infected —
now what?
9. ©2015 Check Point Software Technologies Ltd. 9
CustomerFeedbacks.doc (Suspicious file)
2 Suspicious User Activity
Remote Login at unusual time (5:37AM)
User (Jasmin) started a malicious process
Malicious site: http://192.126.2.238
http://192.126.2.238 (Malicious URL)
Wed 17-Jun-2015 04:35:02
10. ©2015 Check Point Software Technologies Ltd. 10
There are also Anti-Bot logs with an infecting
host as the source
Originating from
DNS server
What’s This?
Infected Machine
June
2015
11. ©2015 Check Point Software Technologies Ltd. 11
Using Story Line
Jasmine received an
email with a link
Jasmine browsed to
the link
Bot was detected on
Jasmine’s desktop
June
2015
NEW
12. ©2015 Check Point Software Technologies Ltd. 12
John asks Jasmine to forward him a
malicious document
June
2015
13. ©2015 Check Point Software Technologies Ltd. 13
John downloads the document using his
virtual environment and tests it on Virus Total
June
2015
14. ©2015 Check Point Software Technologies Ltd. 14
John emulates the document on Check Point
Threat Emulation cloud and gets the report
June
2015
15. ©2015 Check Point Software Technologies Ltd. 15
Attack Flow
June
2015
ENDPOINT FORENSICS
SMARTEVENT STORY LINE
Jasmine
receives an
email with a
link in it from
the known
sender
Jasmine
follows the link
in the email
and opens a
malicious pdf
Her computer
is infected with
a bot. The bot
connects to
C&C
Links inside email URL reputation Anti-Bot
The bot
scans internal
network and
infects the
point of sale
device via
CIFS
Bot records
credit cards
numbers at the
point of sale
The bot tries to
send credit
card numbers
to its C&C
Anti-Bot
16. ©2015 Check Point Software Technologies Ltd. 16
John realizes that his current defenses are not
strong enough
BLOCK THREATS
IPS ANTI VIRUS ANTI BOT THREAT EMULATION
June
2015
17. ©2015 Check Point Software Technologies Ltd. 17
June
2015
OK, now we have
Threat Emulation,
can we turn off
other blades?
Multi Layered
Defense is
important!
18. ©2015 Check Point Software Technologies Ltd. 18
Check Point Threat Emulation
Blocks Undiscovered Attacks
INSPECT
FILE EMULATE
PREVENT
TURN
TO
KNOWN
19. ©2015 Check Point Software Technologies Ltd. 19
Test Results for Detecting and
Blocking Malware
Check Point:
Industry’s Fastest Threat Emulation!
20. ©2015 Check Point Software Technologies Ltd. 20
Check Point IPS
Prevents Exploits of Known Vulnerabilities
Enforce Protocol
Specifications
Detect Protocol
Anomalies
Signature
based Engine
21. ©2015 Check Point Software Technologies Ltd. 21
Examples of 2014 vulnerabilities blocked by
Check Point IPS
Heartbleed
Shellshock
Poodle
Validated requested heart beat length
Analyzed and blocked http get requests
Validated and blocked vulnerable Open SSL version
22. ©2015 Check Point Software Technologies Ltd. 22
Check Point Anti-Virus
Blocks Download of Known Malware
Signatures and
MD5 based
Engines
Malware Feeds Blocks Access to
Malware Sites
23. ©2015 Check Point Software Technologies Ltd. 23
Stop Traffic to
Remote Operators
Multi-tier
Discovery
Check Point Anti-Bot
Blocks Bot Communication
PREVENT
Bot Damage
IDENTIFY
Bot infected
Devices
Reputation Patterns SPAM
25. ©2015 Check Point Software Technologies Ltd. 25
Lessons learned
Threat Emulation is important
Segmentation should be enforced
between point of sale devices and
the rest of corporate network
1
2
26. ©2015 Check Point Software Technologies Ltd. 26
POS TERMINALS
CARD SWIPING DEVICES
REST OF THE ORGANIZATION
Aug
2015
27. ©2015 Check Point Software Technologies Ltd. 27
Malicious document is sent to
several company employees.
The document is blocked by
Threat Emulation
Aug
2015
29. ©2015 Check Point Software Technologies Ltd. 29
Are we 100% safe
now?
Well … There is one
more technology …
30. ©2015 Check Point Software Technologies Ltd. 30
Remove Embedded Objects,
Macros & Scripts….
What is Threat Extraction
Deliver Clean Content
Sanitized file is
delivered to the
user
NEW
33. ©2015 Check Point Software Technologies Ltd. 33©2015 Check Point Software Technologies Ltd. 33
Summary
Fact
Fact
Fact
This is what makes Check Point the
best security for our customers
Check Point: industry’s best catch rate Threat
Emulation
Check Point: industry’s Fastest Threat Emulation
Check Point Threat Prevention is built to
prevent
34. ©2014 Check Point Software Technologies Ltd. 34©2014 Check Point Software Technologies Ltd. 34[Restricted] ONLY for designated groups and individuals
CHECK POINT
Mobile Security Revolutionized
35. ©2014 Check Point Software Technologies Ltd. 35[Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 35
Infection or Loss … Easy as 1, 2, 3
SURF THE INTERNET
UPLOAD FILES
TO THE CLOUDFORGET DEVICE
36. ©2014 Check Point Software Technologies Ltd. 36[Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 36
Protect Own Network
Protect Devices on
Other Networks
Protect Documents
Everywhere
Protecting Across ALL Networks
Expanding Network for the CIO
37. ©2014 Check Point Software Technologies Ltd. 37[Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 37[Restricted] ONLY for designated groups and individuals
Introducing….
• Establishes a secure business environment on mobile devices
• Secures your documents everywhere they go
• Protects devices from threats everywhere
SEAMLESS security for everywhere you go
38. ©2014 Check Point Software Technologies Ltd. 38[Restricted] ONLY for designated groups and individuals
A Secure Business Environment
Protect business data E V E RY W H E R E
*****
SECURELY log-in
EASILY ACCESS
business applications
PLACE ONLY business
information under IT’s control
39. ©2014 Check Point Software Technologies Ltd. 39[Restricted] ONLY for designated groups and individuals
NO passwords
SEAMLESS access for
authorized users
My-Company
Secure documents at your organization
GRANULAR document
permissions
Secure documents E V E R Y W H E R E they go
40. ©2014 Check Point Software Technologies Ltd. 40[Restricted] ONLY for designated groups and individuals
On Premise Gateways
Secure mobile devices
Check Point Capsule
Scans all traffic in the cloud
Protect A L L devices from viruses, threats and data leakage
Off Premise
On Premise
41. ©2014 Check Point Software Technologies Ltd. 41[Restricted] ONLY for designated groups and individuals
Single Security Management for
On Premise and Cloud
Check Point
Capsule
On Premise
Security Gateways
42. ©2014 Check Point Software Technologies Ltd. 42[Restricted] ONLY for designated groups and individuals
Integrated IT Experience and Management
Know
WHO is
accessing
files
Know
WHAT
actions are
taken
Know
WHERE
documents
are sent
Know
WHEN
unauthorized
access is
attempted
43. ©2014 Check Point Software Technologies Ltd. 43[Restricted] ONLY for designated groups and individuals
SEAMLESS security for everywhere you go
Addressing A L L your mobile security needs
• Establishes a secure business environment on mobile devices
• Secures your documents everywhere they go
• Protects devices from threats everywhere
45. SETTING UP A
SECURITY GATEWAY
using Check Point
latest technology
CONNECTING
TO NETWORK
to inspect traffic
ANALYZING
THE FINDINGS
and generating
a report
DISCUSSING
THE FINDINGS
and advising
how to enhance
security
SECURITY CHECKUP ASSESSMENT
conducted on-site by security experts
47. ©2015 Check Point Software Technologies Ltd. 47©2015 Check Point Software Technologies Ltd.
THANK YOU!