SlideShare a Scribd company logo
1 of 44
Download to read offline
1©2014 Check Point Software Technologies Ltd.
Cyber Attacks: Protecting against the
Unknown Unknowns
Keith D. Holtham
Check Point Software Technologies Australia
2©2014 Check Point Software Technologies Ltd.
The Internet of everything
3©2014 Check Point Software Technologies Ltd.
The Internet of everything BRINGS WITH IT new challenges
4©2014 Check Point Software Technologies Ltd.
Adobe breach hit more than 150
million usernames and passwords
According to foreign media the organization behind the attack is suspected to be
an unnamed government organization...
Target credit card hack reveals
need for updated security
The U.S. is the juiciest target for hackers hunting credit card information. And …
4.6 Million Snapchat usernames
and phone numbers leaked
A new website called SnapchatDB! Has allegedly leaked 4.6 million Snapchat..
5©2014 Check Point Software Technologies Ltd.
6©2014 Check Point Software Technologies Ltd.
Value of a Hacked PC
http://krebsonsecurity.com
7©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. Application patching
3. OS Patching
4. Restrict Admin privileges
5. User application configuration hardening
6. Automated dynamic analysis of email and web content (Sandboxing)
7. Operating system Generic exploit mitigation
8. Host based Intrusion Detection/Prevention
9. Disable Local Admin accounts
10.Network Segmentation
11.Multi-Factor Authentication
12.Software-Based Application firewall - Incoming
13.Software-Based Application firewall – Outgoing
14.Non-Persistent virtualised sandboxing
8©2014 Check Point Software Technologies Ltd.
Target: 40 million credit & debit cards
9©2014 Check Point Software Technologies Ltd.
TARGET attack
10©2014 Check Point Software Technologies Ltd.
40 000 machines
1797 stores
11©2014 Check Point Software Technologies Ltd.
TARGET attack
12©2014 Check Point Software Technologies Ltd.
TARGET attack
13©2014 Check Point Software Technologies Ltd.
TARGET attack
14©2014 Check Point Software Technologies Ltd.
TARGET attack
15©2014 Check Point Software Technologies Ltd.
TARGET attack
16©2014 Check Point Software Technologies Ltd.
TARGET attack
17©2014 Check Point Software Technologies Ltd.
TARGET attack
18©2014 Check Point Software Technologies Ltd.
TARGET attack
 RAM-scraping kit: BlackPOS (VBScript – 207kB)
 Created in March 2013
 Kit author: Rinat Shabayev, 23 years old
 Cost: 1800-2300$
19©2014 Check Point Software Technologies Ltd.
TARGET attack – who’s next ?
20©2014 Check Point Software Technologies Ltd.
Critical Infrastructure at Risk!
Critical and industrial systems
make our modern world
Like other IT systems, they are
prone to attacks
The consequences of such attacks
are much greater:
- Power failures
- Water pollution or floods
- Disruption of transportation systems
- Malfunction of Production Lines
21©2014 Check Point Software Technologies Ltd.
Important Attacks
Stuxnet, Duqu, Flame
Pacific Energy,
Saudi Arabia Aramco
German Power Utility, 50Hertz
Queensland, Harrisburg and
Willows Water System
22©2014 Check Point Software Technologies Ltd.
3 steps of modern attacks
23©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
GET
ACCESS
EXTRACT
DATA
3 steps of modern attacks
24©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
Designing an attack
25©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
Designing an attack
26©2014 Check Point Software Technologies Ltd.
Top Vulnerable Applications
list of leading vulnerable applications in 2012
Adobe Reader
Adobe Flash Firefox
Java Microsoft Office
Internet Explorer
30 Critical
vulnerabilities
17 Critical
vulnerabilities
16 Critical
vulnerabilities
57 Critical
vulnerabilities
91 Critical
vulnerabilities
14 Critical
vulnerabilities
27©2014 Check Point Software Technologies Ltd.
WOULD YOU OPEN
THIS ATTACHMENT?
“Over 90% of targeted emails use malicious file
attachments as the payload or infection source”
Wall Street Journal Nov, 2012
28©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
29©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
First Name
Last Name
Likes
Gender
Email
Phone Number
Topic of Interest
Usernames
Social Profile Technical Profile
IP Address
Browser Type
Plug-ins deployed
OS Type
Patch History
Anti-Virus Brand
Applications
User permissions
30©2014 Check Point Software Technologies Ltd.
Choosing the right weapon
Zero-Day
Exploits
Patched
Vulnerabilities
31©2014 Check Point Software Technologies Ltd.
In reality, it’s impossible to patch everything
32©2014 Check Point Software Technologies Ltd.
33©2014 Check Point Software Technologies Ltd.
WHAT ABOUT
NEW ATTACKS?
Block download of
malware infested files
Detect and prevent
bot damage
Stops exploits of
known vulnerabilities
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
34©2014 Check Point Software Technologies Ltd.
ONLY DEALS
WITH THE
KNOWN
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
35©2014 Check Point Software Technologies Ltd.
HOW TO DEAL
WITH THE
UNKNOWN ?
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
36©2014 Check Point Software Technologies Ltd.
Known Unknowns –
Top Vulnerable Applications
list of leading vulnerable applications in 2012
Adobe Reader
Adobe Flash Firefox
Java Microsoft Office
Internet Explorer
30 Critical
vulnerabilities
17 Critical
vulnerabilities
16 Critical
vulnerabilities
57 Critical
vulnerabilities
91 Critical
vulnerabilities
14 Critical
vulnerabilities
We know that in the upcoming year
200–300 new currently unknown
vulnerabilities will be discovered in
popular business applications
37©2014 Check Point Software Technologies Ltd.
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
Duqu Worm Causing Collateral Damage in a
Silent Cyber-War
Worm exploiting zero-day vulnerabilities in a Word document
38©2013 Check Point Software Technologies Ltd.
Threat Emulation
Discover and STOP new threats based-on
threat behavior
[Confidential] For designated groups and individuals
INSPECT EMULATE
PREVENTSHARE
39©2014 Check Point Software Technologies Ltd.
That’s why we need to
segment networks
Initial
infection on
laptop
Only pathway across
network controlled
through
security gateway
Infection can’t
spread if there’s
no open path
40©2014 Check Point Software Technologies Ltd.
Hierarchical Lines of Defense
“Establish hierarchical lines of defense that provide protections for data
and systems hosted within the corresponding segment boundaries”
Site
(Host, Network)
Mobile
Cloud
41©2014 Check Point Software Technologies Ltd.
Segment Grouping
Site
42©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. Application patching
3. OS Patching
4. Restrict Admin privileges
5. User application configuration hardening
6. Automated dynamic analysis of email and web content (Sandboxing)
7. Operating system Generic exploit mitigation
8. Host based Intrusion Detection/Prevention
9. Disable Local Admin accounts
10.Network Segmentation
11.Multi-Factor Authentication
12.Software-Based Application firewall - Incoming
13.Software-Based Application firewall – Outgoing
14.Non-Persistent virtualised sandboxing
43©2014 Check Point Software Technologies Ltd.
How do you manage the unknown in 2014?
Use of unknown malware exploded in 2013
Integrated malware sandboxing is a must-have1
Malware exposure and infections increased
Anti-bot and antivirus must have global intelligence
2
High-risk applications expanded in the enterprise
Policy-driven application control must be integrated
3
Data loss events grew across industries and data types
Data loss prevention must expand across the network
4
44©2014 Check Point Software Technologies Ltd.
Thank You !

More Related Content

What's hot

Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportGroup of company MUK
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentMarketingArrowECS_CZ
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationNattira Panbun
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint SecurityBurak DAYIOGLU
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 

What's hot (20)

checkpoint
checkpointcheckpoint
checkpoint
 
Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical Support
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast Agent
 
How to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerHow to Choose a SandBox - Gartner
How to Choose a SandBox - Gartner
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point Consolidation
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentation
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 

Viewers also liked

Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70symple9
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Check point
Check pointCheck point
Check pointAre Mar
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA-  Introduction and Guide in ShortCisco Ironport WSA-  Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortPriyank Sharma
 
Political checkpoint
Political checkpointPolitical checkpoint
Political checkpointAzizah Bakar
 
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieBreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieIxia
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate PresentationInvestorSymantec
 
Cp r75 firewall_admin_guide
Cp r75 firewall_admin_guideCp r75 firewall_admin_guide
Cp r75 firewall_admin_guideAnh Thảo
 

Viewers also liked (12)

Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
Checkpoint r77
Checkpoint r77Checkpoint r77
Checkpoint r77
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Check point
Check pointCheck point
Check point
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA-  Introduction and Guide in ShortCisco Ironport WSA-  Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in Short
 
Checkpoint 1 (1)
Checkpoint 1 (1)Checkpoint 1 (1)
Checkpoint 1 (1)
 
Political checkpoint
Political checkpointPolitical checkpoint
Political checkpoint
 
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets LieBreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
BreakingPoint & McAfee RSA Conference 2011 Presentation: Data Sheets Lie
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
 
Cp r75 firewall_admin_guide
Cp r75 firewall_admin_guideCp r75 firewall_admin_guide
Cp r75 firewall_admin_guide
 

Similar to Check point presentation june 2014

Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiMarketingArrowECS_CZ
 
комплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastкомплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastDiana Frolova
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Clouditalia Telecomunicazioni
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddcCSA Argentina
 
Completing your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check PointCompleting your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check Pointaliciasyc
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014Ashlie Steele
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointMarcoTechnologies
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14IBM Sverige
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
End to End Security - Check Point
End to End Security - Check PointEnd to End Security - Check Point
End to End Security - Check PointHarry Gunns
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machinePriyanka Aash
 
PIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTPIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTTechnofutur TIC
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 

Similar to Check point presentation june 2014 (20)

Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
комплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastкомплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblast
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddc
 
Completing your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check PointCompleting your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check Point
 
LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014LSI Spring Agent Open House 2014
LSI Spring Agent Open House 2014
 
Check Point Infinity
Check Point Infinity Check Point Infinity
Check Point Infinity
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
WannaCry: How to Protect Yourself
WannaCry: How to Protect YourselfWannaCry: How to Protect Yourself
WannaCry: How to Protect Yourself
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
End to End Security - Check Point
End to End Security - Check PointEnd to End Security - Check Point
End to End Security - Check Point
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
 
PIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINTPIONEERING GEN V SECURITY WITH CHECK POINT
PIONEERING GEN V SECURITY WITH CHECK POINT
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 

More from David Berkelmans

ISACA Oceania CACS 2017 Sponsorship Prospectus
ISACA Oceania CACS 2017 Sponsorship ProspectusISACA Oceania CACS 2017 Sponsorship Prospectus
ISACA Oceania CACS 2017 Sponsorship ProspectusDavid Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Canberra Chapter Certification Information Session
Canberra Chapter Certification Information SessionCanberra Chapter Certification Information Session
Canberra Chapter Certification Information SessionDavid Berkelmans
 
ISACA Canberra 2014 Financial Statements
ISACA Canberra 2014 Financial StatementsISACA Canberra 2014 Financial Statements
ISACA Canberra 2014 Financial StatementsDavid Berkelmans
 
ISACA Canberra 30th anniversary panel breakfast
ISACA Canberra 30th anniversary panel breakfastISACA Canberra 30th anniversary panel breakfast
ISACA Canberra 30th anniversary panel breakfastDavid Berkelmans
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising riskDavid Berkelmans
 

More from David Berkelmans (7)

ISACA Oceania CACS 2017 Sponsorship Prospectus
ISACA Oceania CACS 2017 Sponsorship ProspectusISACA Oceania CACS 2017 Sponsorship Prospectus
ISACA Oceania CACS 2017 Sponsorship Prospectus
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
 
Canberra Chapter Certification Information Session
Canberra Chapter Certification Information SessionCanberra Chapter Certification Information Session
Canberra Chapter Certification Information Session
 
ISACA Canberra 2014 Financial Statements
ISACA Canberra 2014 Financial StatementsISACA Canberra 2014 Financial Statements
ISACA Canberra 2014 Financial Statements
 
ISACA Canberra 30th anniversary panel breakfast
ISACA Canberra 30th anniversary panel breakfastISACA Canberra 30th anniversary panel breakfast
ISACA Canberra 30th anniversary panel breakfast
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising risk
 

Recently uploaded

Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 

Recently uploaded (20)

Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 

Check point presentation june 2014

  • 1. 1©2014 Check Point Software Technologies Ltd. Cyber Attacks: Protecting against the Unknown Unknowns Keith D. Holtham Check Point Software Technologies Australia
  • 2. 2©2014 Check Point Software Technologies Ltd. The Internet of everything
  • 3. 3©2014 Check Point Software Technologies Ltd. The Internet of everything BRINGS WITH IT new challenges
  • 4. 4©2014 Check Point Software Technologies Ltd. Adobe breach hit more than 150 million usernames and passwords According to foreign media the organization behind the attack is suspected to be an unnamed government organization... Target credit card hack reveals need for updated security The U.S. is the juiciest target for hackers hunting credit card information. And … 4.6 Million Snapchat usernames and phone numbers leaked A new website called SnapchatDB! Has allegedly leaked 4.6 million Snapchat..
  • 5. 5©2014 Check Point Software Technologies Ltd.
  • 6. 6©2014 Check Point Software Technologies Ltd. Value of a Hacked PC http://krebsonsecurity.com
  • 7. 7©2014 Check Point Software Technologies Ltd. ASD Top 35 – Top 14 Mitigation Strategies 1. Application white listing 2. Application patching 3. OS Patching 4. Restrict Admin privileges 5. User application configuration hardening 6. Automated dynamic analysis of email and web content (Sandboxing) 7. Operating system Generic exploit mitigation 8. Host based Intrusion Detection/Prevention 9. Disable Local Admin accounts 10.Network Segmentation 11.Multi-Factor Authentication 12.Software-Based Application firewall - Incoming 13.Software-Based Application firewall – Outgoing 14.Non-Persistent virtualised sandboxing
  • 8. 8©2014 Check Point Software Technologies Ltd. Target: 40 million credit & debit cards
  • 9. 9©2014 Check Point Software Technologies Ltd. TARGET attack
  • 10. 10©2014 Check Point Software Technologies Ltd. 40 000 machines 1797 stores
  • 11. 11©2014 Check Point Software Technologies Ltd. TARGET attack
  • 12. 12©2014 Check Point Software Technologies Ltd. TARGET attack
  • 13. 13©2014 Check Point Software Technologies Ltd. TARGET attack
  • 14. 14©2014 Check Point Software Technologies Ltd. TARGET attack
  • 15. 15©2014 Check Point Software Technologies Ltd. TARGET attack
  • 16. 16©2014 Check Point Software Technologies Ltd. TARGET attack
  • 17. 17©2014 Check Point Software Technologies Ltd. TARGET attack
  • 18. 18©2014 Check Point Software Technologies Ltd. TARGET attack  RAM-scraping kit: BlackPOS (VBScript – 207kB)  Created in March 2013  Kit author: Rinat Shabayev, 23 years old  Cost: 1800-2300$
  • 19. 19©2014 Check Point Software Technologies Ltd. TARGET attack – who’s next ?
  • 20. 20©2014 Check Point Software Technologies Ltd. Critical Infrastructure at Risk! Critical and industrial systems make our modern world Like other IT systems, they are prone to attacks The consequences of such attacks are much greater: - Power failures - Water pollution or floods - Disruption of transportation systems - Malfunction of Production Lines
  • 21. 21©2014 Check Point Software Technologies Ltd. Important Attacks Stuxnet, Duqu, Flame Pacific Energy, Saudi Arabia Aramco German Power Utility, 50Hertz Queensland, Harrisburg and Willows Water System
  • 22. 22©2014 Check Point Software Technologies Ltd. 3 steps of modern attacks
  • 23. 23©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK GET ACCESS EXTRACT DATA 3 steps of modern attacks
  • 24. 24©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK Designing an attack
  • 25. 25©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK Designing an attack
  • 26. 26©2014 Check Point Software Technologies Ltd. Top Vulnerable Applications list of leading vulnerable applications in 2012 Adobe Reader Adobe Flash Firefox Java Microsoft Office Internet Explorer 30 Critical vulnerabilities 17 Critical vulnerabilities 16 Critical vulnerabilities 57 Critical vulnerabilities 91 Critical vulnerabilities 14 Critical vulnerabilities
  • 27. 27©2014 Check Point Software Technologies Ltd. WOULD YOU OPEN THIS ATTACHMENT? “Over 90% of targeted emails use malicious file attachments as the payload or infection source” Wall Street Journal Nov, 2012
  • 28. 28©2014 Check Point Software Technologies Ltd. Gathering Intelligence
  • 29. 29©2014 Check Point Software Technologies Ltd. Gathering Intelligence First Name Last Name Likes Gender Email Phone Number Topic of Interest Usernames Social Profile Technical Profile IP Address Browser Type Plug-ins deployed OS Type Patch History Anti-Virus Brand Applications User permissions
  • 30. 30©2014 Check Point Software Technologies Ltd. Choosing the right weapon Zero-Day Exploits Patched Vulnerabilities
  • 31. 31©2014 Check Point Software Technologies Ltd. In reality, it’s impossible to patch everything
  • 32. 32©2014 Check Point Software Technologies Ltd.
  • 33. 33©2014 Check Point Software Technologies Ltd. WHAT ABOUT NEW ATTACKS? Block download of malware infested files Detect and prevent bot damage Stops exploits of known vulnerabilities Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  • 34. 34©2014 Check Point Software Technologies Ltd. ONLY DEALS WITH THE KNOWN Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  • 35. 35©2014 Check Point Software Technologies Ltd. HOW TO DEAL WITH THE UNKNOWN ? Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  • 36. 36©2014 Check Point Software Technologies Ltd. Known Unknowns – Top Vulnerable Applications list of leading vulnerable applications in 2012 Adobe Reader Adobe Flash Firefox Java Microsoft Office Internet Explorer 30 Critical vulnerabilities 17 Critical vulnerabilities 16 Critical vulnerabilities 57 Critical vulnerabilities 91 Critical vulnerabilities 14 Critical vulnerabilities We know that in the upcoming year 200–300 new currently unknown vulnerabilities will be discovered in popular business applications
  • 37. 37©2014 Check Point Software Technologies Ltd. TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
  • 38. 38©2013 Check Point Software Technologies Ltd. Threat Emulation Discover and STOP new threats based-on threat behavior [Confidential] For designated groups and individuals INSPECT EMULATE PREVENTSHARE
  • 39. 39©2014 Check Point Software Technologies Ltd. That’s why we need to segment networks Initial infection on laptop Only pathway across network controlled through security gateway Infection can’t spread if there’s no open path
  • 40. 40©2014 Check Point Software Technologies Ltd. Hierarchical Lines of Defense “Establish hierarchical lines of defense that provide protections for data and systems hosted within the corresponding segment boundaries” Site (Host, Network) Mobile Cloud
  • 41. 41©2014 Check Point Software Technologies Ltd. Segment Grouping Site
  • 42. 42©2014 Check Point Software Technologies Ltd. ASD Top 35 – Top 14 Mitigation Strategies 1. Application white listing 2. Application patching 3. OS Patching 4. Restrict Admin privileges 5. User application configuration hardening 6. Automated dynamic analysis of email and web content (Sandboxing) 7. Operating system Generic exploit mitigation 8. Host based Intrusion Detection/Prevention 9. Disable Local Admin accounts 10.Network Segmentation 11.Multi-Factor Authentication 12.Software-Based Application firewall - Incoming 13.Software-Based Application firewall – Outgoing 14.Non-Persistent virtualised sandboxing
  • 43. 43©2014 Check Point Software Technologies Ltd. How do you manage the unknown in 2014? Use of unknown malware exploded in 2013 Integrated malware sandboxing is a must-have1 Malware exposure and infections increased Anti-bot and antivirus must have global intelligence 2 High-risk applications expanded in the enterprise Policy-driven application control must be integrated 3 Data loss events grew across industries and data types Data loss prevention must expand across the network 4
  • 44. 44©2014 Check Point Software Technologies Ltd. Thank You !