festival ICT 2013: Difendersi da attacchi mirati e Zero Day

485 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
485
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

festival ICT 2013: Difendersi da attacchi mirati e Zero Day

  1. 1. Cloud Services Prevent Zero-day and Targeted Attacks
  2. 2. 2©2013 Check Point Software Technologies Ltd. WOULD YOU OPEN THIS ATTACHMENT? WOULD YOU OPEN THIS ATTACHMENT?
  3. 3. 3©2013 Check Point Software Technologies Ltd. TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
  4. 4. 4©2013 Check Point Software Technologies Ltd. Exploiting Zero-day vulnerabilities New vulnerabilities Countless new variants “nearly 200,000 new malware samples appear around the world each day” - net-security.org, June 2013
  5. 5. 5©2013 Check Point Software Technologies Ltd. WHAT ABOUT NEW ATTACKS? Block download of malware infested files Detect and prevent bot damage Stops exploits of known vulnerabilities Check Point Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  6. 6. 6©2013 Check Point Software Technologies Ltd. Check Point introducing Check Point ThreatCloud Emulation Service PREVENTION OF ZERO-DAY ATTACKS !
  7. 7. 7©2013 Check Point Software Technologies Ltd. INSPECT FILE PREVENTSHARE Stop undiscovered attacks with Check Point Threat Emulation INSPECT FILE EMULATE PREVENTSHARE
  8. 8. 8©2013 Check Point Software Technologies Ltd. Exe files, PDF and Office documents Identify files in email attachments and downloads over the web Send file to virtual sandbox INSPECT Requires no infrastructure change or adding devices
  9. 9. 9©2013 Check Point Software Technologies Ltd. EMULATE Open file and monitor abnormal behavior Emulating Multi OS environments WIN 7, 8, XP & user customized Monitored behavior: • file system • system registry • network connections • system processes
  10. 10. 10©2013 Check Point Software Technologies Ltd. A STANDARD CV? Emulation @ Work
  11. 11. 11©2013 Check Point Software Technologies Ltd. Emulation @ Work
  12. 12. 12©2013 Check Point Software Technologies Ltd. Emulation @ Work File System Activity System Registry System Processes Network Connections Abnormal file activity Tampered system registry Remote Connection to Command & Control Sites “Naive” processes created
  13. 13. 13©2013 Check Point Software Technologies Ltd. PREVENT Security Gateway Inline stopping of malicious files on any gateway
  14. 14. 14©2013 Check Point Software Technologies Ltd. Immediate update of all gateways SHARE
  15. 15. 15©2013 Check Point Software Technologies Ltd. INSPECT FILE EMULATE PREVENTSHARE Stop undiscovered attacks with ThreatCloud Emulation Service
  16. 16. 16©2013 Check Point Software Technologies Ltd. New exploit variant of vulnerability (CVE-2012-0158) Installs a bot agent Opens network ports for bot communication Steals user credentials Real Life Example Prevented 140 phishing emails targeting 4 customers in 2 days!
  17. 17. 17©2013 Check Point Software Technologies Ltd. Most Accurate and Fastest Prevention Optimize analysis by inspecting only files at risk Optimize analysis by inspecting only files at risk Zero false-positive in document emulation Zero false-positive in document emulation THREAT EMULATION with ongoing innovation
  18. 18. 18©2013 Check Point Software Technologies Ltd. ThreatCloud Emulation Service BranchBranch HeadquartersHeadquarters BranchBranch Agent for Exchange ServerAgent for Exchange Server ThreatCloud Emulation Service ThreatCloud Emulation Service Single Global Solution – For the entire organization
  19. 19. 19©2013 Check Point Software Technologies Ltd. ThreatCloud Emulation Service Advantages Cloud based service— works with your existing infrastructure. No need to install new equipment Control expenses with manageable lower monthly costs Organizations can choose from 5 subscription options for global file inspections, starting at 10,000 files per month and up
  20. 20. 20©2013 Check Point Software Technologies Ltd. threats@checkpoint.com threatemulation.checkpoint.com Anyone can submit files for THREAT EMULATION
  21. 21. 21©2013 Check Point Software Technologies Ltd. Multi-Layered Protection Against all Incoming Cyber Threats Check Point Threat Prevention Solution
  22. 22. 22©2013 Check Point Software Technologies Ltd. Top Reasons customers pick Check Point Threat Emulation works with your existing infrastructure -- No need to install any new equipment A Complete Threat Prevention Solution for Known and Unknown threats
  23. 23. 23©2013 Check Point Software Technologies Ltd. Other Threat Emulation Solutions Miss malicious files hiding in encrypted communication Require multiple appliances per each network Cannot prevent threats from infecting the organization. Emulating Win XP only leaves Windows 7 attacks vulnerable Don’t have a protection against unknown threats
  24. 24. 24©2013 Check Point Software Technologies Ltd. Summary Check Point Prevents Zero-day Attacks Stopping undiscovered malware Simple deployment – requires no Infrastructure change Prevent infections from malicious documents & executables Part of Check Point multi-layered Threat Prevention
  25. 25. Thank You

×