Check Point's CloudGuard provides advanced threat prevention across cloud environments. It offers security solutions for SaaS, IaaS, and SDN environments. CloudGuard for SaaS provides identity protection, data leak prevention, and zero-day threat protection for SaaS applications. CloudGuard for IaaS brings the same advanced threat prevention features of Check Point gateways to multiple public clouds. It uses a hub and spoke architecture for perimeter and east-west security. CloudGuard also supports multi-cloud and hybrid cloud environments with dynamic policies. For VMware NSX environments, CloudGuard integrates with NSX to provide network security.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Cassie Vorster delivered a presentation on Extending Security to Every Edge at the Fortinet Breakfast that took place on the 17th of March 2023, at the Hilton Sandton.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, and early detection and prevention of events. See a live demonstration that will showcase how to operationalize those resources so that your organization can reap the maximum benefit.
OT Security Architecture & Resilience: Designing for Security Successaccenture
Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/36gMaWm
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Cassie Vorster delivered a presentation on Extending Security to Every Edge at the Fortinet Breakfast that took place on the 17th of March 2023, at the Hilton Sandton.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, and early detection and prevention of events. See a live demonstration that will showcase how to operationalize those resources so that your organization can reap the maximum benefit.
OT Security Architecture & Resilience: Designing for Security Successaccenture
Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/36gMaWm
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
Para trabajar en un ecosistema digitalmente transformado, los directores de sistemas de información y otros líderes empresariales tienen que navegar en un entorno de amenazas a la seguridad en constante cambio. Las soluciones de Next Gen Security (NGS) son soluciones de seguridad optimizadas para trabajar mejor con la escala masiva y cobertura expansiva de la Tercera Plataforma. Aunque 7 de cada 10 empresas afirman estar en el proceso de implementar una solución más de seguridad de nueva generación, 3 de esos 7 no tendrá éxito por la falta de competencia interna, por lo que el tema de seguridad es cada día más crítico”. Akamai ofrece un rendimiento a escala con la solución de distribución en la nube más grande y confiable del mundo. Sus recursos se escalan de forma que sus clientes no tengan que hacerlo. Akamai tiene una visibilidad sin igual de las propiedades más atacadas en la web y obtiene inteligencia ante amenazas continuamente a partir de inspecciones avanzadas tanto del tráfico bueno como del malo.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
Secure Modern Workplace With Microsoft 365 Threat ProtectionAmmar Hasayen
Join me as I walk you through alll what Microsoft 365 has to offer to protect your business and organization. I am going to cover every security feature and how it fits in the big picture. Whether you are on-premises organization or migrating to the cloud, there is something for you to look at.
Follow me on twitter @ammarhasayen and connect on Linkedined https://www.linkedin.com/in/ammarhasayen
Here is the full blog post: https://blog.ahasayen.com/secure-modern-workplace-with-microsoft-365-advanced-threat-protection/
Steve Porter : cloud Computing SecurityGurbir Singh
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.
Why Check Point - Top 4 Facts
Check Point is committed to providing its customers solutions with the best security. Our solutions have a Comprehensive architecture that provides Consolidated security with unparalleled Collaborative efficiency. Below, find four points why customers choose Check Point, that demonstrate our leadership, based on publicly verifiable information. For more information visit https://tiny.cc/whycheckpoint
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
2. Where are we ?
1990 2000 2010 2015 2017
THREATS
PROTECTIONSNetworks
Gen II
Applications
Gen III
Payload
Gen IV
GRADE I
GRADE II
GRADE III
GRADE V
GRADE IV
Virus
Gen I
Enterprises are
between Gen 2-3
2.8
Mega
Gen V
6. Check Point Infinity Architecture
Best Threat Prevention across entire enterprise
Shared Threat Intelligence
Consolidated Security
Management
MOBILE
ENDPOINT
Hybrid Cloud
NETWORK
Perimeter & Data centers
CLOUD
7. NETWORK
Shared Threat Intelligence
Consolidated
Security
Management
Multi & Hybrid Cloud
Headquarters Branch
Access Control
Multi Layered Security
Advanced Threat Prevention
Data Protection
Access Control
Multi Layered Security
Advanced Threat Prevention
Wi-Fi, DSL, PPoE Ready
MOBILE
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business Data
Protect Docs Everywhere
ENDPOINT
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
CLOUD
Advanced Threat Prevention
Adaptive Security
Automation and Orchestration
Cross Environment
Dynamic Policies
Infrastructure
Identity Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Applications
8. PRODUCTS FAMILY
GATEWAYS, CLOUD
Perimeter and cloud
protection
SANDBLAST AGENT
Endpoint and
browsers protection
SANDBLAST API
Custom applications
protection
SANDBLAST MOBILE
Mobile device
protection
9. THREATEXTRACTION
CPU-Level Detection
Catches the most sophisticated malware
before evasion techniques deploy
O/S Level Emulation
Stops zero-day and unknown malware in
wide range of file formats
Malware Malware
Original Doc
Safe Doc
Threat Extraction
Deliver safe version of content quickly
SandBlast Network HOW IT WORKS
10. • A mail with a malicious
content (attachment or
URL) is sent
• The content is
inspected for potential
threats using KNOWN
signatures/URL
reputation
• Malicious
download/Exploit are
blocked
Hacker
Threat
Intelligence
• A user is downloading
malicious content from
the web
SandBlast Network HOW IT WORKS
11. • For UNKNOWN
attacks/browser exploits
the content is sent for
emulation in cloud or in
designated local
appliance
• If the file identified as
malicious, the mail is
quarantined and the
incident is reported to
the administrator
CPU Level
Machine
Learning
Emulation Engine
File/URL
Reputation
Push Forward
Hacker
Traps & Decoys
SandBlast Network HOW IT WORKS
Threat
Intelligence
12. • In parallel, a sanitized
copy is sent to the user
without any embedded
objects, macros, Java
Script Code and sensitive
hyperlink
• Post Emulation, If
identified as benign, per
the user request, the
original attachment will
be delivered to the user
A sanitized file
is sent
MTA
SandBlast Network HOW IT WORKS
Threat
Intelligence
13. ELEMENTS IN NEED OF PROTECTION
INCOMING MAIL
BROWSING USERS
EXPOSED SYSTEMS
INCOMING MAIL
15. DELIVER CLEAN ATTACHMENTS GET THE DATA
NOT THE RISK
Convert documents
to PDF
CONVERT MODE
Retain file format,
remove active
content
CLEAN MODE
Fast
delivery
Preserve all text
and visual content
We recommend
CONVERT MODE - for Word documents
CLEAN MODE - for everything else
Threat Extraction for Documents
Self-catered access to
original files
16. SMTP
MAIL TRANSFER AGENT
SMTP
ANTI-SPAM MAIL SERVER
MTA next hop = GW
SMTPSMTP
WHY MTA?
• Guaranteed prevention
• Threat Extraction support
• SMTP TLS support
• User interaction
• Excellent stability and performance
• Configuration granularity
• Mail queue visibility and control
• Continued improvements in R80.20
MTA next hop = Mail
Server
CHECK POINT GATEWAY
17. WHERE TO DEPLOY YOUR MTA?
OR
Reuse existing gateway
PERIMETER GATEWAY
ANTI-SPAM
PERIMETER
GW
Mail Server
DEDICATED GATEWAY
Don’t impact perimeter gateway
ANTI-SPAM MTA GW Mail Server
18. ELEMENTS IN NEED OF PROTECTION
BROWSING USERS
EXPOSED SYSTEMS
INCOMING MAIL
BROWSING USERS
19. Evasion-resistant sandbox detection
of malicious flash
PUSH-FORWARD
Threat Emulation dynamically drives
Adobe Flash execution, forcing detonation if
it’s malicious
23. ANTI-BOT: PINPOINT INFECTED HOSTS
when behind a proxy
INFECTED
HOST
ATTACKER
GATEWAY
C&C
PROXY
C&C
PROBLEM
Source IP = Proxy
SOLUTION
Turn on XFF
IP: 10.100.0.123
HTTP REQUEST WITH XFF
Correct IP written to log
Blocked
by Anti-Bot
PRIVACY
CONCERNS?
GET /index.html HTTP/1.1
HOST: www.example.com
X-FORWARDED-FOR: 10.100.0.123
...
GET /index.html HTTP/1.1
HOST: www.example.com
X--------------: XXXXXXXXXXXX
...
The gateway can
wipe the internal IP.
24. ANTI-BOT: PINPOINT INFECTED HOSTS
when behind a DNS Server
INFECTED
HOST
ATTACKER
GATEWAY
DNS QUERY
PROBLEM
Source IP = DNS Server
IP: 10.100.0.123
Blocked
by Anti-Bot
DNS
Server
SOLUTION
Turn on DNS TRAP
DNS QUERY
Resolve
C&C domain
1
DNS response
with predefined IP
2
Communication attempt
with the predefined IP
is pinpointed to the infected host
3
25. Threat Intelligence
Endpoint Blades
SandBlast Mobile
Anti-Bot Anti-Virus
Application
Control
URL Filtering
Threat Emulation
IPS
Industry Feeds
Collaboration
- URLs, Hashes, Domains
- Virus Total indicators
- Cyber Threat Alliance
Data Mining
- Campaign hunting
Threat Intelligence
CERTS
Sensors
Malware
research
Event
Analysis
Analysts
Community
AI
400
researchers &
Analysts
28. CloudGuard
• New name for all our cloud security
solutions including vSEC
• Introduction of new SaaS/CASB
offering
• Introduction of Alibaba Cloud and
Oracle Cloud offerings
31. CLOUDGUARD SAAS
SAAS SECURITY IS
ONE CLICK AWAY
Identity
Protection
Protect
Sensitive Data
Zero-day threats
Protection
End-to-End
SaaS Security
32. Security Gateway
SAAS PROVIDERS
SECURITY STACK
Prevent
Account
Takeovers
Data Leak
Prevention
Reveal
Shadow IT
HOW IT WORKS
API & AD
…
CloudGuard SaaS
Documents
encryption
Zero-day
Threats
Protection
33. Accesses
App
Accesses
App
Stolen ID
Hacker
Identify Device
• Only users and devices with ID-
Guard endpoint agent can login
• Malicious login prevented even if
the hacker has correct credentials
• No user involvement
PREVENT ACCOUNT
TAKEOVER WITH
CLOUDGUARD SAAS
IDENTITY PROTECTION
Identity Server
ADFS, AzureAD,
Okta
Employee
Identity Server
ADFS,
AzureAD, Okta
34. • Collects network intelligence from
on premise devices, Threat Cloud
and SaaS
• Prevents suspicious logins
Example: seen in two locations,
bad source IP reputation
Accesses app
Stolen
credentials
Hacker
Intelligence
PREVENT ACCOUNT
TAKEOVER WITH
CLOUDGUARD SAAS
IDENTITY PROTECTION
Agentless Mode
Identity Server
ADFS,
AzureAD, Okta
36. ADVANCED THREAT PREVENTION FOR CLOUD ENVIRONMENTS
CHECK POINT CLOUDGUARD IAAS
IN AN AGILE AND AUTOMATED NATURE
37. CLOUD = SHARED RESPONSIBILITY
Customer
responsible for
security in the
cloud
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data
Encryption & Data
Integrity Authentication
Server-side Encryption
(File System / Data)
Network Traffic
Protection (Encryption,
Integrity, Identity)
Cloud vendor
responsible for
security of the
cloud
Cloud Global
Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking
38. CloudGuard IaaS
• All the Advanced Threat Prevention
features of Check Point Security
Gateways and R80 Management
plus:
• For all these clouds
ACI
Automation and
Orchestration
Cross Environment
Dynamic Policies
Adaptive Security
45. CloudGuard for VMware NSX
Hardware
Hypervisor
vm vm
ESXi ESXi
Security
Management
Server
Hardware
vSphere API NSX vSphere API
NetX API
vCente
r
Hypervisor
vm vm
CloudGuard
CloudGuard
54. HOW IT WORKSHOW IT WORKS
APP ANALYSIS
(INFECTED APPS)
CLOUD-BASED
BEHAVIORAL RISK ENGINE
ON DEVICE DETECTION
OS EXPLOITS
(JAILBREAK/ROOT)
NETWORK
ATTACKS
(WIFI, BLUETOOTH)
SMS ATTACKS
REAL-TIME INTELLIGENCE,
MONITORING AND CONTROL
55. HOW IT WORKSHOW IT WORKS
APP ANALYSIS
(INFECTED APPS)
CLOUD-BASED
BEHAVIORAL RISK ENGINE
ON DEVICE DETECTION
OS EXPLOITS
(JAILBREAK/ROOT)
NETWORK
ATTACKS
(WIFI, BLUETOOTH)
SMS ATTACKS
REAL-TIME INTELLIGENCE,
MONITORING AND CONTROL
56.
57. MOBILE THREAT
DEFENSE (MTD)
Android Antivirus
Apps Analysis / Emulation
Network Threats (MiTM,…)
OS Vulnerability Research
Documents Lifecycle
MOBILE CONTENT
MANAGEMENT (MCM)
Document Repositories
MOBILE APPLICATION
MANAGEMENT (MAM)
Enterprise Apps / Store
Apps White/Black - Listing
Apps White/Black - Listing
App Profile Management
MOBILE INFORMATION
PROTECTION
Secure Container
Dual Persona
REMOTE ACCESS
(Secure) Email ProxyPer-App VPN
VDI / VMIFull-Device VPN / Profile
MOBILE DEVICE
MANAGEMENT (MDM)
Device “Fleet” Management
Device Profiles (Settings)
GEO-Location Tracking
App Distribution
SANDBLAST MOBILE
CAPSULE VPN
CAPSULE DOCS
CAPSULE WORKSPACE
CAPSULE WORKSPACE
SSL VPN
Native Containment
58. CAPSULE WORKSPACE | Architecture overview
Corporate
Servers
Check Point Firewall with
Mobile Access Blade
Management
Console
Internet Mobile DeviceWireless
Networks
MOBILE
59. CAPSULE WORKSPACE | Simplify mobile security
• Manage corporate data, not devices
• A PIN unlocks a single app so you can
̶ Access email/calendar/PIM/Intranet securely
̶ Launch security-wrapped business apps
̶ Keep data encrypted at rest and in motion
̶ Track and require higher levels of access to docs
̶ Extend consistent security to iOS and Android
̶ Wipe corporate data on lost or stolen devices
̶ Capsule Workspace is integrated with
Check Point Mobile Threat Prevention
61. Identify and block
unknown and zero-
day threats
Deliver clean
documents in
seconds
Safeguard
credentials from
theft
Accelerate
understanding for
better response
Keeping endpoints
safe from cyber
extortion
ADVANCED THREAT PREVENTION TECHNOLOGIES
THREAT
EMULATION
THREAT
EXTRACTION
ZERO
PHISHING
FORENSICS
ANTI
RANSOMWARE
62. SANDBLAST
SERVICE
Web downloads sent
to remote SandBlast1 Sanitized version
delivered promptly2 Original file emulated
in the background3
How SandBlast Agent Works
64. Corporate
Credentials
With so many credentials to
remember…
Users often re-use
the same password
Corporate Password
Exposed
How Credential Protection Works
Preventing Reuse of Corporate Credentials
65. How Forensics Works
FORENSICS data
continuously collected
from various OS
sensors
1Report generation
automatically triggered
upon detection of network
events or 3rd party AV
2
Digested incident
report sent to
SmartEvent4Processes
Registry
Files
Network
Advanced
algorithms analyze
raw forensics data3
66. How Anti-Ransomware Works
ONGOING UPON DETECTION
BEHAVIORAL ANALYSIS
Constantly monitor for
ransomware specific behaviors
DATA SNAPSHOTS
Continuously create short-
term file backups
QUARANTINE
Stop and quarantine
all elements of the
attack
RESTORE
Restore encrypted
files from snapshots
ANALYZE
Initiate forensic
analysis to analyze
attack details
RANSOMWARE PROTECTION IS
ON
67. ADVANCED THREAT PREVENTION TECHNOLOGIES
THREAT
EMULATION
THREAT
EXTRACTION
ZERO
PHISHING
FORENSICS
ANTI
RANSOMWARE
BASELINE THREAT PREVENTION TECHNOLOGIES
ACCESS
CONTROL
ANTI VIRUS ANTI BOT
68. Secure Remote
Mobile Access to
corporate resources
Security verification
Compliance with
regulatory
requirements
How Access Control Works
Industry first Desktop
Firewall and
Application Control
Secure endpoint access, data in transit and verify compliance
69. Lockdown infected machines
• Block C&C communications
• Prevent data exfiltration
Identify compromised hosts
• Inside and outside the network
• Pinpoint when inside the network
Detect the C&C Channel – and we know the host is infected
Block the C&C Channel – and we contain the malware
Communications BlockedANTI-BOT
How Anti-Bot Works
C&C Communications
70. How Full Disk Encryption Works
Windows and Apple
Pre-Boot Authentication
71. Business Data SegregationSeamless Experience
Automatic data encryption
and seamless access to
authorized users
Policy based automatic
segregation
End User Education
Engage and educate
users with UserCheck
Non Business Data (E:)
Business Data – Encrypted (F:)
Transparent security for information on storage drives
How Media Encryption Works
72. Ensure that only authorized
devices/ports can be used
Get the benefit of a flexible
blacklisting/whitelisting approach
Use discovered devices for
policy fine-tuning
How Port Protection Works
73. Share
Select the authorized
users and groups
Classify
Classify and set
permissions according to
your needs
Encrypt Data
Protect your documents
with a single click
Automatic protection for seamless user experience
User Education and Engagement using UserCheck
How Capsule Docs Works
85. Security Gateways Designed for Gen V Cyber Security
Next Generation Threat Prevention Technologies
Advanced Network Security
Firewall
IPS
App Control
Threat Emulation Threat Extraction Antivirus
DLP
Anti-Bot Anti-
Spam
VPNURL Filtering
Security & Threat Management
ForensicsSingle
Management
Full Threat
Visibility
Reporting Compliance
Identity Aware
BRANCH
PRIVATE CLOUD
ACI
HEADQUARTERS
SCADA SYSTEMS
MANAGEMENT
CLOUD IaaS
NETWORK
Access Control
Advanced
Threat Prevention
Segmentation
SMALL
OFFICE
86. FULL RANGE OF MOST ADVANCED THREAT PREVENTION
3000
Appliances
(2 models)
5000
Appliances
(6 models)
15000
Appliances
(2 models)
23000
Appliances
(2 models)
1400
Appliances
(4 models)
Activate Advanced
Threat Prevention
Inspect encrypted
(SSL) traffic
Stronger and Future
Proof !
87. Prevents Exploits of Known Vulnerabilities
Enforce Protocol
Specifications
Detect Protocol
Anomalies
Signature based
Engine
Today IPS is seen as commodity
How IPS Works
91. How URL Filtering Works
Allow, Block or Limit Web Access Based on Time or Bandwidth
92. Granular Visibility of Users, Groups and Machines
How Identity Awareness Works
BRANCH
CLOUD IaaSPRIVATE CLOUD
ACI
HEADQUARTERS
RADIUS TERMINAL SERVER
{REST}
API
KERBEROS
AD QUERY IDENTITY AGENT REMOTE ACCESS
CLIENTS
IDENTITY
COLLECTOR
CISCO ISE
TRUSTSEC
Network
IDENTITY SOURCES
IDENTITY POLICY ENFORCEMENT
93. Involve UsersPrevent Data Loss
Open MultiSpect
Detection Language
800+ file
formats
600+
data
types
How DLP Works
Inspect Sensitive Data Leaving Organizations in Real Time
Detect Proprietary
Documents
95. BRANCH
LAN
App Control
URL Filtering
Full-Featured Threat Prevention
Zero Touch Provisioning
Large Scale Management
Large Scale site-to-site VPN
Secure, Simp le, Sca la b le
Advanced Protections Across The Network
Firewall
IPS
VPN
Identity
Awareness
Antivirus
Anti-Bot
Anti-Spam
Sandboxing
96. 6400044000
Firewall
Throughput
377 Gbps 880 Gbps
Threat Prevention
Real-world performance
21 Gbps 42 Gbps
NGFW
Real-world performance
29.6 Gbps 59.2 Gbps
64000Security Platform
44000Security Platform
Scalable Threat Prevention Platforms
high port density | single management object | designed for zero down time
97. Virtual Systems
Max Efficiency with Hardware Virtualization
Consolidate Up To 250 Gateways
To Secure Multiple Network Segments
Unique Virtual System Load Sharing (VSLS)
For Unmatched Availability
98. Multiple Security Group
More And More Hardware Efficiency
Support Up To 8 Segregated Installations
On Separate Blades - Same Chassis
Each Security Group Runs An Independent SMO
With Its Own Software Version And Configuration
Each Security Group Can Run Up To
250 Virtual Systems: 2,000 VSs in Total
100. SMB / branch solutions
Wireless / Wired SMB
gateways
Industrial Control Systems
(ICS)
Over 800 SCADA commands in Application Control
Security for ICS/SCADA Systems
FOCUS ON REAL TIME PREVENTION WITH BEST TECHNOLOGIES
SHARED INTERLLIGNECE
ACROSS THE ENTIRE NETWORK
CONSOLIDATED MANAGEMENT
WE ARE IMPLEMENTING GEN 5
WE ALL NEED TO STEP UP AND IMPLEMENT THESE TECHNOLOGIES
Check Point SandBlast Zero-Day Protection detects the attacks, which are Highly Motivated and Sophisticated Customized for high-value targets (specifically designed/programmed) AND Have never been used before
As defenders, we are tasked with protecting these three elements within our organizations that attackers go after: Incoming Mail, Browsing Users and our Exposed Systems. These three elements are responsible for almost all real-world cyber-attacks we see in the wild.
<CLICK>
We’ll start with protecting your mail
The two key SandBlast components that will let you protect incoming mail are Threat Emulation and Threat Extraction - which are designed to work together.
Threat Emulation is our evasion-resistant sandbox, which detects and blocks advanced zero-day malware in any file type, and specifically in documents with the aid of our unique CPU-Level technology.
The second component is Threat Extraction – the technology for delivering clean, sanitized documents to users.
<CLICK>
Extraction is built for documents, which as we saw earlier, constitute 96% of all mail attachments. So it is highly relevant and highly effective.
A few important points to keep in mind on Threat Extraction:
The technology offers two modes of operation:
‘Clean’ delivers files in their original formats while removing active content such as scripts. So for instance, a PowerPoint presentation will be delivered as a PowerPoint presentation.
‘Convert’ transforms files into PDF – it’s a more aggressive transformation, user experience is not as good as with Clean mode, but virtually no malware can survive this transformation.
So you have a the classic tradeoff here between security and user-experience.
<CLICK>
What we normally recommend is to use Convert mode for Word documents as this normally renders good results that user have no problem using, and use ‘Clean’ mode for all other types.
Keep in mind that users can always get seamless access to the original file if they need to – it’s a simple click and they get the original, of course, only if was found to be clean by the Threat Emulation sandbox.
In order to implement strong mail defense you want to deploy the gateway as an Mail Transfer Agent – MTA.
It means that the gateway doesn’t just route SMTP traffic,
<CLICK>
instead the gateway is defined as a formal mail relay, acting as a sort of proxy for SMTP traffic.
It’s a simple configuration on your anti-spam and on the gateways to make this happen.
<CLICK>
Deploying the gateway as MTA guaranties that we can BLOCK malicious mail.
It’s also required for Threat Extraction.
It is the only way to handle encrypted mail traffic
MTA also let’s us manipulate mails before delivery – for example in order to embed a link to the original if the attachment is extracted.
<CLICK>
We’ve been working very hard on MTA improvements and it’s come a long way. Our gateway MTA now enjoys excellent stability and performance, and will give you very good visibility and control.
We have a dedicated team in RnD that is continuing to focus on this, and many more improvements will be coming later this year with R80.20.
One important consideration is how to deploy the MTA.
You can either dedicate a gateway to handle MTA traffic or reuse an existing gateway.
<CLICK>
While both options are fully supported, we recommend dedicating a gateway for MTA. For instance, a relatively small 5600 appliance should be able to handle mail for 10,000 users.
If you do want to use an existing gateway also as your MTA then you’ll need to validate your sizing (keep in mind that MTA is I/O intensive), and take some care in the policy a SMTP is entering the gateway twice.
That’s it for protecting your incoming mail.
<CLICK>
Next, let’s discuss the second attack vector that attempts to penetrate by compromising users while their browsing the web.
Speaking of Flash, you should know that detecting zero-day malicious Flash is really hard.
The Threat Emulation sandbox includes a unique, patented technology – ‘Push-forward’, which can very reliably detect evasive malicious Flash objects which can evade detection by conventional sandbox products.
There are several ways that attackers go after browsing users:
First, getting the user to download and launch a malicious attachment.
Second, exploiting the browser, for instance using malicious Flash objects or other browser exploits
And finally, the web is also used for phishing user credentials as a first stage in an attack.
To effectively protect against all these vectors, we recommend that you apply protections on both the network and the endpoint.
<CLICK>
On the network, use IPS to block browser exploits and malicious file downloads. For instance, we have IPS protections for exploiting the recent Meltdown and Spectre attacks using javascript.
Anti-virus will also help block malicious downloads and access to malicious web sites.
Threat emulation gives you the active sandbox layer for preventing unknown and zero-day web attacks. Specifically, the unique Push-Forward technology we mentioned earlier is fundamental for preventing Flash attacks.
Threat Extraction will be available as a streaming protection engine on the network for web downloads in R80.20 – giving you proactive file sanitation for extra protection.
<CLICK>
The endpoint adds some unique protections.
Our new ‘Anti-Exploit’ technology is an important last-line-of-defense to prevent browser and other program exploitation during run-time.
‘Zero Phishing’ is essential to preventing users from surrendering their credentials to unknown phishing sites
And finally, ‘Anti-Ransomware’ detects and prevents ransomware infections, and can roll recover encrypted files with the simple click of a button.
In terms of deployment, the simple way is to reuse your perimeter gateway for inline web inspection.
In this topology, the gateway will need to perform SSL termination, and you’ll have full control on the policy and full support with all threat prevention blades.
An alternative that has proven quite popular with our customers, is to integrate the gateway with your web proxy using the ICAP protocol. With ICAP the proxy performs the SSL termination, offloading the gateway, and you can control what traffic goes via the gateway in the proxy configuration. Keep in mind that currently only the Threat Emulation and AV blades are supported with ICAP. We are working to add all blades – hopefully later this year.
We’ve covered web and mail.
<CLICK>
Next, let’s talk about your systems.
Your IPS is worthless if it isn’t constantly updated.
So if you’re unsure – head to the Updates tab in your policy and make sure that scheduled updates are turned on.
In R80.20 we’ll be improving this mechanism further so that gateways will each independently download updates without needing to push policy.
If you are looking for the best possible IPS protection, then we give you ample tools to optimize your configuration.
With R80 you can assign individual profiles to any network segment or host.
Use the tags and quick search to rapidly select relevant protections and assign them to your custom profile. You can even use the output of vulnerability assessment tools to automatically build profiles with relevant protections.
The final point we’d like to touch on is dealing with a compromise. What do you do if and when one of your systems or endpoints becomes infected?
<CLICK>
The key in such an event is to quickly identify and contain the infection.
Anti Bot is the technology that we use for that.
Malware will always communicate back to the attacker command and control. We call this C&C traffic.
<CLICK>
Anti Bot has a very simple concept – it scans outgoing traffic to identify C&C communications. The C&C traffic is intercepted and blocked - preventing malware propagation and data exfiltration.
<CLICK>
And the incident is written to a log.
Anti-Bot logs that are the most important ones for you to monitor as they are a certain indication that a system is compromised and you must take corrective action.
If you have a SOC, then make sure they know to look for these logs and that they understand what they mean.
<CLICK>
If you have roaming users, who are outside your network, then Anti Bot on the gateway won’t help identifying when their infected.
<CLICK>
That’s why we have Anti-Bot also on endpoints with SandBlast Agent – it extends your coverage to detect infected endpoints no matter where they are. SandBlast Agent adds also forensic analysis and remediation – critical elements to help your need for rapid incident containment and response.
One common issue with Anti Bot logs is if the gateway is behind your proxy.
<CLICK>
Anti Bot will identify and block the command & control communication without problem, so the attacker is cut off and the malware is contained.
The problem is that the source IP of the connection is the proxy – so it’s impossible to pinpoint the infected system in such a case.
<CLICK>
There is a simple trick to resolve this: enable the X-Forwarded-For (XFF) header feature on your proxy.
<CLICK>
This adds the endpoint IP to each HTTP request and let’s us write IP of the infected system to the log.
<CLICK>
If you don’t like the idea of legitimate requests including a header with internal Ips, then we have a feature on the gateway that will eliminate them, so you never expose this stuff to the outside world.
Another common issue with Anti-Bot occurs when the gateway is behind your internal DNS server.
<CLICK>
Anti-Bot commonly identifies C&C based on the DNS query to resolve the attackers C&C domain.
In this case, the DNS query will be coming to the gateway from your DNS server’s IP, and again we will log the wrong IP – that pf the DNS server.
So how do you pinpoint the infected endpoint in this situation?
<CLICK>
DNS Trap to the rescue.
<CLICK>
This feature is actually enabled by default and forces a bogus response to DNS queries blocked by Anti-Bot.
For it to work, you’ll need to make sure that the predefined IP we return is routed back to the gateway.
The infected host will attempt connecting to the bogus IP delivered by the gateway, and at that point we can associate this IP to the Anti-Bot detection – and allow you to pinpoint the infected host.
Bilateral
Threat Emulation – files (automatic domain, URL indicators generation) and research
IPS – for researches campaign purposes
Anti Bot + AV – GW statistics for researchers
End Point Blades – hashes updated to Threat Cloud (such as SB Agent), even AV heuristics
SB Mobile – Feed to Threat Cloud
URLF – feeds TC for domains and URLs – for identifying malicious indicator
Updates only from TC
APPI
Cloud is becoming common in most of the organization today, many organizations have start to work either in hybrid cloud (on-prem and public together) or multi public cloud for different platforms.
But still (just like the last year), the security stays the biggest challenge in moving into the cloud.
And that is evidenced by reading through the current headlines of data breaches and attacks against cloud services. These are just a few examples but it seems we’re hearing about more and more of these incidents all the time. It seems as though in the rush to get to the cloud we may not be doing enough to understand the risks these new environments and how best to plug the gaps.
And that is evidenced by reading through the current headlines of data breaches and attacks against cloud services. These are just a few examples but it seems we’re hearing about more and more of these incidents all the time. It seems as though in the rush to get to the cloud we may not be doing enough to understand the risks these new environments and how best to plug the gaps.
Verizon breach – 14 million records exposed due to unprotected Amazon storage server – data was left exposed for more than 6 months
TWC – records exposed on AWS server with no password
Wrestling fans had their personal information exposed in July, as a database containing information on more than 3 million subscribers was stored on an unprotected AWS S3 server. While there is no clear evidence that hackers accessed the data, it was stored in plain text without a user name or password and was accessible by anyone who could access the site. Data potentially exposed included names, educational backgrounds, earnings, ethnicity, home and email addresses, and age ranges of users' children. Security researchers also discovered a second WWE database that was also incorrectly secured with information on European fans. The WWE has since moved to properly secure the AWS S3 server, it said.
Traditional security is not good enough since it demands too much labor from different departments in the organization to work in synchronization.
Another subject is the lack of knowledge wither from the IT security personal or the DevOps teams.
The current architecture needs to changed, applications deployed spread in different environments so perimeter security can’t protect it.
The cloud environment is flexible and changes all the time while legacy security is still static.
CloudGuard is the Check Point solution for the cloud: private, public, Hybrid and SaaS.
CloudGuard SaaS is the only preventive security solution for SaaS applications.
It provides: Identity Protection to prevent SaaS account takeovers, Zero-day threats protection to prevent any type of malware and attack from accessing your cloud application, even unknown malware and phishing attacks, it keeps sensitive data secured, and it provides end-to-end SaaS security coverage that addresses other elements of the enterprise.
All cloud providers are working in a model called: shared responsibility, this means that we as customers needs to protect our Data, connected people and the infrastructure (like OS and network configurations).
But the cloud providers doesn’t throw you into the deep water, they provide some basic tools, but those tools doesn’t provide advanced threat protection, unified policy management inside my environment and between cloud platforms.
The lake of advanced security in the platforms native tools can expose you to abuse of your cloud infrastructure, data breach's and more.
Centralized management to manage your public, private, hybrid and traditional data center. Consistent policy rules for all clouds!
We do prevention! – Best security Check Point can offer across clouds. N-S and E-W, this includes, AV, Anti-bot, Threat Extraction and Emulation, URL Filtering, Application Control
All Clouds – We support all major cloud platforms and the ecosystem is growing, latest to announce oracle cloud support
DevOps ready – We support full RESTful API and CLI access.
Adaptivness and automation – Support Auto-Provisioning via ready to use templates and APIs, Auto-Scaling security with PAYG licensing and thus, Auto-Protection with zero touch hassle. vSEC Adapts policy rules to application changes automatically.
Forensic Analysis
Advanced Threat Prevention
Application and Data Security
Next Generation Firewall
Forensic Analysis
Advanced Threat Prevention
Application and Data Security
Next Generation Firewall
Forensic Analysis
Advanced Threat Prevention
Application and Data Security
Next Generation Firewall
Forensic Analysis
Advanced Threat Prevention
Application and Data Security
Next Generation Firewall
Our principles for the cloud security blueprint: Agile, Efficient and multi-cloud.
Our public cloud blueprint is based on hub and spoke architecture.
Some spoke can be connected just to the internet, others focused on the internal traffic and of course to both.
Our public cloud blueprint is based on hub and spoke architecture.
With the new security architecture can work to provide automated protection to newly created spokes, deploy new gateway with templates and provide enhanced control.
multi cloud deployments are becoming more common and our blueprint can fit to that design.
multi cloud deployments are becoming more common and our blueprint can fit to that design.
Check point manages security for all cloud platforms from a single policy.
That ability allow us to defines connectivity, like Azure servers with NSX security groups from the on-premise data center, with a single console via a single rule.
That ability helps organizations minimize the operational overhead and complexity.
Adaptive security allow us to increase the innovation of the operations.
Adaptive security allow us to increase the innovation of the operations.
Grabbed and updated from a ppt file from Oded Yarkoni.
Here are the Mobile Security Building blocks used by enterprises to protect their assets and information.
MDM/EMM –are responsible for policy enforcement of the mobile devices - they give the organization some level of control to mobile devices that are accessing company resources.
Secure Containers or app wrapping solutions mainly prevent Data Leakage of important Documents in the organization. They do not protect your against attacks of the none secured areas of the mobile device or if a malware accesses the credentials to the container. The Check Point Capsule Workspace solution – is a secure container that works together with SB Mobile for the full security offering.
An Anti virus solution detects known threats, signature based – but mobile security is primarily around unknown and zero days threats. Therefore, although Antivirus solutions are important – they will not protect you against the common mobile threats which put your corporation at risk.
What SB Mobile brings to the table is:
An encompassing solution that includes the AntiVirus within,
Detects zero day and unknown threats through a variety of on device and cloud based techniques,
works and integrates with MDMs and containers to complement them and create a full mobile security solution needed in every corporation today.
Here are the Mobile Security Building blocks used by enterprises to protect their assets and information.
MDM/EMM –are responsible for policy enforcement of the mobile devices - they give the organization some level of control to mobile devices that are accessing company resources.
Secure Containers or app wrapping solutions mainly prevent Data Leakage of important Documents in the organization. They do not protect your against attacks of the none secured areas of the mobile device or if a malware accesses the credentials to the container. The Check Point Capsule Workspace solution – is a secure container that works together with SB Mobile for the full security offering.
An Anti virus solution detects known threats, signature based – but mobile security is primarily around unknown and zero days threats. Therefore, although Antivirus solutions are important – they will not protect you against the common mobile threats which put your corporation at risk.
What SB Mobile brings to the table is:
An encompassing solution that includes the AntiVirus within,
Detects zero day and unknown threats through a variety of on device and cloud based techniques,
works and integrates with MDMs and containers to complement them and create a full mobile security solution needed in every corporation today.
How does this advanced threat detection and mitigation happen? – Here’s how our solution works:
Check Point SandBlast Mobile is composed of 3 main parts:
A client app called “SandBlast Protect” installed on an Android or iOS end user mobile devices
A cloud based analysis and intelligence system – known as the BRE – Behavioral Risk Engine,
An admin dashboard, used to monitor and control the organizational mobile threat landscape in real time.
In this ecosystem, threats are detected both on device and in the cloud (with the prime objective of maximal security with no impact on usability – battery, privacy and such).
The on device analysis that is done includes:
Jailbreak and Root operating system exploits
Wifi man-in-the-middle network attacks
SMS Phishing attacks.
The in depth application analysis used to detect malicious apps, conducted in the cloud – in the Behavioral Risk Engine includes in part the most advanced sophisticated technologies such as:
Dynamic app sandbox emulation
app reputation threat intelligence
advance code flow analysis
Anti-Virus feeds and more.
Finally, the management console offers end to end threat landscape monitoring capabilities and alerting to administrators needed to identify potential risks to the organization and control the security of the corporate assets and network.
How does this advanced threat detection and mitigation happen? – Here’s how our solution works:
Check Point SandBlast Mobile is composed of 3 main parts:
A client app called “SandBlast Protect” installed on an Android or iOS end user mobile devices
A cloud based analysis and intelligence system – known as the BRE – Behavioral Risk Engine,
An admin dashboard, used to monitor and control the organizational mobile threat landscape in real time.
In this ecosystem, threats are detected both on device and in the cloud (with the prime objective of maximal security with no impact on usability – battery, privacy and such).
The on device analysis that is done includes:
Jailbreak and Root operating system exploits
Wifi man-in-the-middle network attacks
SMS Phishing attacks.
The in depth application analysis used to detect malicious apps, conducted in the cloud – in the Behavioral Risk Engine includes in part the most advanced sophisticated technologies such as:
Dynamic app sandbox emulation
app reputation threat intelligence
advance code flow analysis
Anti-Virus feeds and more.
Finally, the management console offers end to end threat landscape monitoring capabilities and alerting to administrators needed to identify potential risks to the organization and control the security of the corporate assets and network.
Grabbed and updated from a ppt file from Oded Yarkoni.
So how does it all come together from an architecture perspective?
It’s very straight forward. The traffic coming from the Capsule Workspace on the mobile device, goes to the Mobile Access Blade. The gate-keeper of your corporate environment. Based on the policy that was dictated through the Management Console, the blade will decide whether that traffic should gain access to internal resources such as email or intranet. It’s that simple.
Capsule Workspace bridges that gap for companies trying to secure their corporate data.
It allows you to manage what is actually important: not device, but rather your corporate data such as email, intranet, or native apps.
It does so by providing a single app with secondary PIN authentication and ensures that that data is encrypted at rest and in motion.
That corporate data can be remotely wiped in case a device is lost or stolen, rather than wiping employee’s personal data.
It can also integrate with Check Point Mobile Threat Prevention to detect any type of mobile attack whether it comes from the device, another app, or the network.
So how does Anti-Ransomware work?
At the core of our detection engine we utilize a range of advanced behavioral algorithms
The algorithms are specifically tuned to detect ransomware.
We look for generic malicious behavior as well as for a very wide range of behaviors that are unique to ransomware. Things like attempting to delete shadow-copies and backups, creating ransom notes, and ultimately we constantly monitor the file-system, and we can identify early-on any activity that is illegitimately and systematically encrypting files.
<CLICK>
Upon detection, we utilize SandBlast Agent’s unique and advanced ability to automatically analyze incidents with it’s Automated Forensic Analysis.
<CLICK>
The analysis phase identifies all the malicious elements of the malware, allowing us to automatically quarantine it completely – even if it’s a new attack that we’ve never seen before.
<CLICK>
In some rare cases, some data could get encrypted before the quarantine is complete.
In order to mitigate this case, we’ve built an ongoing mechanism that creates temporary snapshots of data files before granting any change that we suspect may be illegitimate.
The back-ups are maintained on the endpoint itself. In a portion of the file-system which we protect from tampering.
Because we identify if there is ransomware in play very quickly, the backed-up data files are kept just for a short term. And because it is short-term, we need to allocate just 1GB of storage on each endpoint for this to be effective.
Just keep in mind that data snapshots are not a replacement for your backup system. The snapshots are maintained solely to facilitate data recovery in case of a ransomware attack.
<CLICK>
Now back to the detection: As we saw in the demo, if some data was encrypted during the attack then once we’ve completed the quarantine, our data snapshots allow us to automatically restore the files.
The 3 complementary components to Anti-Malware in the traditional Endpoint Protection domain are:
Desktop FW
Port Protection
Compliance - Security Verification for achieving compliance with regulatory requirements
Media Encryption Usability
Seamless Experience - Transparent end-user experience with automatic data encryption and seamless integration. Data read from and written to an encrypted media device is done transparently and automatically, without any user interruption. Simple access to encrypted media device also for external parties and from machines not having the client installed, based on password access.
Business Data Segregation - Separate and protect business data from personal data on storage devices.
Education - Engage and educate users with integrated UserCheck™ messages and dialogs. Use Check Point UserCheck™ to actively engage and educate users as they access portable media to identify potential policy incidents as they occur and remediate them immediately.
Port Protection
Our computers have many ports, such as USB and Bluetooth, allowing us to connect various types of useful devices.
Sometimes we need to enforce a policy allowing connections of only specific types of devices only to specific ports – our Port Protection capability provides the solution.
We can define which specific devices and ports are authorized to be used, use a blacklist or a whitelist approach and utilize the already discovered devices for policy fine-tuning.
User Experience
When using Capsule Docs to protect document, the following 3 core concepts are utilized:
Classify – Choose a classification, which is basically as set of allowed and denied permissions
Share – Grant access only to the relevant users and groups (including both internal users and external users / business partners). Grant elevated permissions to authors and co-authors of documents.
Encrypt Data – Using strong encryption algorithms (AES 256 + RSA 2048)
Capsule Docs also provides automatic protection settings (without any user intervention) as well as UserCheck messages and dialog which educate users about the actions they perform with their documents.
User Experience
When using Capsule Docs to protect document, the following 3 core concepts are utilized:
Classify – Choose a classification, which is basically as set of allowed and denied permissions
Share – Grant access only to the relevant users and groups (including both internal users and external users / business partners). Grant elevated permissions to authors and co-authors of documents.
Encrypt Data – Using strong encryption algorithms (AES 256 + RSA 2048)
Capsule Docs also provides automatic protection settings (without any user intervention) as well as UserCheck messages and dialog which educate users about the actions they perform with their documents.
Virtual Systems technology consolidate and simplify security, allow dynamically creating and deleting virtual firewalls instances on demand. Virtual Systems and scalable platform maximizing hardware utilization using patented VSLS technology.
The VSLS technology allows distributing Virtual Systems between the chassis so both chassis are processing traffic and no hardware stays idle.
Another way of maximizing hardware utilization is multiple security groups, we allow several products to be installed utilizing the same chassis, so each group of SGMs can be installed with Security Gateway, Virtual Systems or a mix.
Multiple Security Groups support up to 8 groups, each with a dedicated SMO simplifying the configuration and maintenance while sharing the same networking infrastructure (SSM), the traffic is segregated by using a dedicated network interface or a VLAN interface which are assigned per security group.