Recommended
More Related Content
What's hot
What's hot (20)
Similar to Check Point Infinity
Similar to Check Point Infinity (20)
More from Alexander Kravchenko
More from Alexander Kravchenko (13)
Recently uploaded
Recently uploaded (20)
Check Point Infinity
- 1. 1©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. ЯК СТВОРИТИ ІНФРАСТРУКТУРУ, ЗДАТНУ ПРОТИСТОЯТИ СУЧАСНИМ АТАКАМ CHECK POINT INFINITY Олександр Чубарук Технічний директор в Україні, Грузії та країнах СНД ochubaruk@checkpoint.com
- 2. 2©2018 Check Point Software Technologies Ltd. Was 2017 a Cyber Security WAKE-UP- CALL? EVERYTHING IS CONNECTED THE MOST DANGEROUS TOOLS NSA HACKING TOOLS LEAKED AND SOLD ONLINE 1M GOOGLE ACCOUNTS BREACHED BY GOOLIGAN MOBILE ATTACKS RANSOMWARE ATTACK KEEPS HOTEL GUESTS IN AUSTRIA LOCKED OUT OF ROOMS ATTACKS EVERYWHERE WANNACRY RANSOMWARE HITS HUNDREDS OF COMPANIES GLOBALLY WHAT HAPPENED IN 2017?
- 3. 3©2018 Check Point Software Technologies Ltd. GERMANY MAY 2017: WANNACRY GLOBAL ATTACKS UK SPAIN RUSSIA USA BRAZIL CHINA FRANCE JAPAN May 12, 8:24am WannaCry outbreak
- 4. 4©2018 Check Point Software Technologies Ltd. RUSSIA DENMARKUK FRANCE GERMANY USA A MONTH LATER: NOTPETYA OUTBREAK June 27 NotPetya Outbreak UKRAINE • International airport • Utilities (Energy) • Telco provider • Banks • Media (Radio & TV) • Petrol stations
- 5. ©2018 Check Point Software Technologies Ltd. LET’S LOOK AT THE GENERATIONS OF ATTACKS…
- 6. 6©2018 Check Point Software Technologies Ltd. 6©2018 Check Point Software Technologies Ltd. Generations of Attacks and Protections Gen I Late 1980s – PC attacks - standalone Virus Gen II Mid 1990s – Attacks from the internet Networks Gen III Early 2000s - Exploiting vulnerabilities in applications Applications The Anti Virus The Firewall Intrusion Prevention (IPS) Gen IV 2010 - Polymorphic Content Payload SandBoxing and Anti-Bot
- 7. 7©2018 Check Point Software Technologies Ltd. Where are we ? 1990 2000 2010 2015 2017 THREATS PROTECTIONSNetworks Gen II Applications Gen III Payload Gen IV GRADE I GRADE II GRADE III GRADE V GRADE IV Virus Gen I Enterprises are between Gen 2-3 2.8 Mega Gen V
- 8. 8©2018 Check Point Software Technologies Ltd. The Global Risks Report 2018
- 9. ©2018 Check Point Software Technologies Ltd. ARE WE TAKING THE RIGHT APPROACH?
- 10. 10©2018 Check Point Software Technologies Ltd. 10©2018 Check Point Software Technologies Ltd. PROTECTED NOT PROTECTED LET’S LOOK AT WHAT ORGANIZATIONS USED IN 2016 NETWORK SANDBOXING MOBILE SECURITY 93% 99% 98% CLOUD SECURITY 2016 2016 2016
- 11. 11©2018 Check Point Software Technologies Ltd. 11©2018 Check Point Software Technologies Ltd. PROTECTED NOT PROTECTED LET’S LOOK AT WHAT ORGANIZATIONS USE TODAY NETWORK SANDBOXING MOBILE SECURITY 93% 99% 98% CLOUD SECURITY 87% 96% 91% 2017 2017 20172016 2016 2016 BUT WE ARE STILL NOT USING THE MOST EFFECTIVE SECURITY ! 86% more 300% more 350% more DRAMATIC INCREASE IN PROTECTION
- 12. 12©2018 Check Point Software Technologies Ltd. THE EXPLANATIONS IT’S TOO COMPLICATED I DIDN’T REALIZE IT WAS SUCH A PROBLEM TOO MANY POINT PRODUCTS NOT ENOUGH TRAINED PEOPLE I DIDN’T THINK IT COULD HURT US
- 13. 13©2018 Check Point Software Technologies Ltd. HOW ARE WE APPROACHING CYBER SECURITY TODAY ? A R E W E R E A D Y F O R T H E F U T U R E O F C Y B E R T H R E A T S ?
- 14. [Protected] Distribution or modification is subject to approval THE TRADITIONAL APPROACH Virus Malicious Websites Intrusion Botnet High Risk Applications Anti-Virus URL Filtering Intrusion Prevention Anti-Bot Application Control
- 15. Most security technologies today stay PATCHWORK OF POINT SOLUTIONS. COMPLEX SOLUTIONS WITH UNCERTAIN SECURITY COVERAGE. • Looking for yesterday’s signatures • Detection instead of prevention ONE STEP BEHIND
- 16. 16©2018 Check Point Software Technologies Ltd. Technology B Technology C MULTI-VENDOR, ATTACK DETECTION AND MITIGATION A R C H I T E C T U R E A Mitigation Tools Breach Detection and Remediation USING POINT SOLUTIONS… “Attacks are inevitable, so we might as well mitigate the damage” POINT SOLUTIONS: Too many disparate technologies INHERENT GAPS: Incomplete coverage between solutions POST BREACH: Detection & mitigation tools to minimize the damage
- 17. 17©2018 Check Point Software Technologies Ltd. Technology B Technology C MULTI-VENDOR, ATTACK DETECTION AND MITIGATION A R C H I T E C T U R E A W e A l l N e e d P r o t e c t i o n Mitigation Tools Breach Detection and Remediation U N I F I E D A R C H I T E C T U R E Next Generation Firewall Threat Prevention (AV, IPS) Advanced Threat Prevention Cloud Mobile Networks A R C H I T E C T U R E B UNIFIED ARCHITECURE FOCUS ON PREVENTION
- 18. 18©2018 Check Point Software Technologies Ltd. Technology B Technology C Mitigation Tools Breach Detection and Remediation U N I F I E D A R C H I T E C T U R E Next Generation Firewall Threat Prevention (AV, IPS) Advanced Threat Prevention Cloud Mobile Networks Average 40days to identify the attack Cost of remediation: $667,500 Average 2days to identify the attack Cost of remediation: $6,800 MULTI-VENDOR, ATTACK DETECTION AND MITIGATION A R C H I T E C T U R E A W e A l l N e e d P r o t e c t i o n A R C H I T E C T U R E B FOCUS ON PREVENTION SINGLE VENDOR, UNIFIED ARCHITECTURE
- 19. ©2018 Check Point Software Technologies Ltd. WE MUST STEP FORWARD!
- 20. 20©2018 Check Point Software Technologies Ltd. 20©2018 Check Point Software Technologies Ltd. 2018 – GEN V OF ATTACKS Large scale (across country and industry) State-sponsored technologies Multi-vector (network, cloud, mobile)
- 21. 21©2018 Check Point Software Technologies Ltd. 21©2018 Check Point Software Technologies Ltd. GEN IV PROTECTION IS NO LONGER ENOUGH! Gen IV PAYLOAD SandBoxing and Anti-Bot 2010 - Polymorphic Content WE NEED PREVENTION (NOT-JUST DETECTION) COVERING OUR WEAKEST POINTS – CLOUD, MOBILE REAL-TIME ACTION
- 22. 22©2018 Check Point Software Technologies Ltd. Introducing GEN V PROTECTION Against MEGA ATTACKS
- 23. 23©2018 Check Point Software Technologies Ltd. 23©2018 Check Point Software Technologies Ltd. WHAT INGREDIENTS DO WE NEED ?
- 24. 24©2018 Check Point Software Technologies Ltd. 24©2018 Check Point Software Technologies Ltd. MAKING GEN V POSSIBLE SS7 ATTACK PREVENTION LARGE SCALE MANAGEMENT MOBILE MAN IN THE MIDDLE ATTACK MEMORY ANALYSIS PUBLIC-CLOUD AUTOPROVISION THREAT EXTRACTION NETWORK ENCRYPTION REST APIs ORCHESTRATION CPU LEVEL SANDBOX ADAPTIVE CLOUD SECURITY CLOUD SECURITY AUTO-SCALE
- 25. 25©2018 Check Point Software Technologies Ltd. You Need a Small Army of Security Technologies Machine Learning CPU-Level Sandboxing
- 26. 27©2018 Check Point Software Technologies Ltd. 27©2018 Check Point Software Technologies Ltd. THIS WORKS ! YOU CAN MAKE IT POSSIBLE Machine Learning CPU-Level Sandboxing Threat Extraction Virtual Firewall Endpoint Detection & Response Human Behavioral Analytics Data Encryption Data Leak Prevention Anti-Bot Flash Detonation URL Filtering Firewall ICS/ SCADA Protection Machine Learning Proxy Network Encryption Anti- Ransomware Zero Phishing Mobile Threat Prevention CPU-Level Sandboxing HTTPS Inspection Intrusion Prevention Anti-Virus DDOS Hypervisor Level Security Application Control THE CYBER SECURITY ARCHITECTURE OF THE FUTURE
- 27. 28©2018 Check Point Software Technologies Ltd. ACROSS ALL NETWORKS, ENDPOINT, CLOUDS AND MOBILE REAL TIME THREAT PREVENTION Block the most sophisticated attacks before they infiltrate the network SHARED THREAT INTELLIGENCE Unified threat intelligence and open interfaces block attacks on all platforms Single Management, Modular Policy Management & integrated threat visibility CONSOLIDATED MANAGEMENT T H E C Y B E R S E C U R I T Y A R C H I T E C T U R E O F T H E F U T U R E
- 28. CONVERTING INTELLIGENCE INTO PROTECTION ENFORCEMENT LAYER THREAT PREVENTION ENDPOINT SECURITY NETWORK SECURITY GATEWAY MOBILE SECURITY VIRTUAL SYSTEMS CLOUD SECURITY CONTROL LAYER MANAGEMENT LAYER SINGLE MANAGEMENT
- 29. Unmatched Unified Access Policy Users Devices Applications Data Gateways Mobile Public Cloud Private Cloud
- 30. ©2018 Check Point Software Technologies Ltd. LET’S LOOK AT AN EXAMPLE…
- 31. 32©2018 Check Point Software Technologies Ltd. 11:30 Incoming email with PDF attachment blocked File hash: 4931c1259863e1ba59201e… C&C server: pwnown.hack.evil … 11:32 11:35 Access to web site on mobile device was blocked 1. Zero-day malicious PDF detected by Check Point Sandbox 2. Address of remote C&C identified in malicious PDF 3. Exposed indicator shared with ThreatCloud 1. Malicious link identified by the exposed indicators Virtual machine on public cloud was quarantined 1. Detected infection (bot) on cloud virtual machine. Communication with C&C identified by indicators C A N ’ T D O I T W I T H S E P A R A T E S Y S T E M S !
- 32. 33©2018 Check Point Software Technologies Ltd. 11:30 11:32 11:35 Shared intelligence and threat prevention across networks, mobile, cloud One consolidated system to fully block the attack Incoming email with PDF attachment blocked Access to web site on mobile device was blocked Virtual machine on public cloud was quarantined
- 33. ©2018 Check Point Software Technologies Ltd. BEST SECURITY, REAL-TIME PREVENTION We must step up to….
- 34. 35©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. Олександр Чубарук Технічний директор в Україні, Грузії та країнах СНД ochubaruk@checkpoint.com ДЯКУЮ!
Editor's Notes
- Final figure: 160 countries, 300,000 computers
- the TE usage data shows 7% for EU (764/ 11078) which is identical to the WW usage of TE. Top countries of TE in EU for Q4 are Germany, UK and France.
- the TE usage data shows 7% for EU (764/ 11078) which is identical to the WW usage of TE. Top countries of TE in EU for Q4 are Germany, UK and France.
- When you look at the security industry, it's quite interesting. There are different attack vectors such as viruses, malicious websites, intrusions, bots and so forth. Then you look at security technologies developed to protect against them. For viruses, antivirus. For intrusions, intrusion prevention systems. For bots, there's anti-bot. This is a very reactive approach that leaves defenses always one step behind. That's definitely not the right way if to protect your critical assets.
- Currently, there are hundreds of security vendors. Most vendors offer point solutions that protect one attack vector. These point solutions usually look at old signatures that don’t prevent unknown threats. Also, using several point solutions from multiple vendors leaves organizations with a complex patchwork of systems that is very hard to manage and leaves holes in security coverage. Most security vendors provide detection, not prevention. Detection means finding threats after they penetrate a system. Costs for remediation are huge - close to a million dollars per incident, not to mention the bad reputation and management time spent. Suggested anecdote: Even though we are all spending more on cybersecurity—according to Gartner $86 Billion, which is 8.8% more than last year—cybersecurity incidents increased 38% in 2015 compared to the year before according to PwC.
- Using
- Icon Similarity - Check if a file has a similar icon to a different file and thus try to camouflage itself as an expected file - for example exe with pdf icon,exe with mp3 icon etc. Flash detonation Unique detection engine that is capable to detect most known flash web exploits and probably also future exploits. Allows rapidly detecting the attack by hooking to key operations in the exploit usage and allowing detection. Machine Learning Large scale machine learning based detection engine to detect malicious executables, dlls, com files scr files and more. DGA Detector - Detection of malware using domain generation algorithms
- Charles Alexandre de Calonne who was the controversial Finance Minister for King Louis XVI of France and Queen Marie Antoinette
- Icon Similarity - Check if a file has a similar icon to a different file and thus try to camouflage itself as an expected file - for example exe with pdf icon,exe with mp3 icon etc. Flash detonation Unique detection engine that is capable to detect most known flash web exploits and probably also future exploits. Allows rapidly detecting the attack by hooking to key operations in the exploit usage and allowing detection. Machine Learning Large scale machine learning based detection engine to detect malicious executables, dlls, com files scr files and more. DGA Detector - Detection of malware using domain generation algorithms
- One security platform : Highest level of security on all platforms, regardless of network or size Block attacks using common threat indicators across all networks Easily integrate to 3rd party capabilities for elevated security and orchestration Preemptive TP Focused on Prevention. Saving cost and time for effective protection Preventing both known and unknown targeted attacks CONSOLIDATED SYSTEM Efficiently manage security through a single pane of glass Centrally correlate all types of events across all network environments, cloud services and mobile infrastructures
- We take ThreatCloud intelligence and transform it into prevention. Probably the best way to show how we do it is our complete architecture called Software-Defined Protection. The idea behind Software-Defined Protection is we have a complete set of enforcement points: physical, virtual, cloud, mobile, and desktop endpoints and connect all of them to ThreatCloud in real-time. Suggested anecdote: If for example I find new malware propagating in a power plant in Vietnam, I would like a power plant in the U.S. to be protected at the same time. Software Defined Protection translates threat intelligence from one source into protection throughout your whole environment, all managed by the single, efficient management platform.