Headline
Increased Protection - Reduced TCO
Defining the modern cyber security architecture
Unified cyber security architecture
Security architecture, also known as cyber security architecture or network security architecture, is defined as The practice of designing computer systems to ensure the security of underlying data.
While businesses can build simple network security systems independently, many do not possess the necessary technologies to effectively manage their cyber security risks.
An ideal security architecture should be flexible enough to adapt and provide security coverage for businesses despite the continuously evolving cyber threat domain.
This is where IT and Cybersecurity architecture fuse together, and here are some warning signs of bad architecture.
From a cyber risk perspective, poor architecture:
allows for undocumented applications to fall by the wayside, such as obsolete and redundant technology
difficult to maintain
waste time and money
creates security gaps, leaving your architecture vulnerable to outside threats
Poor architecture stems from a lack of communication, meaning that employees and/or business owners may not even be aware of certain problems.
A stable architecture creates several benefits:
Reduce costs by removing redundant data and applications
Improve your overall IT quality and performance
Gain a comprehensive understanding of your company’s applications, licenses, and systems
Easier to enable innovation, as your business continues to grow and take advantage of new technology
Reduce security risks, costs, and unnecessary complexity when you target and eliminate weaknesses/gaps/blind spots within your IT architecture
Building security into instead of bolting on….Secure from the Start: IT cybersecurity principles and tools can no longer be an afterthought, continually trying to catch up to the technology disruption. While business focuses on rapidly pushing new products & services to market, necessary security standards and governance frequently lag.
That leaves vital data vulnerable and critical operations at risk.
Technology advances — from the Internet of Things (IoT) to artificial intelligence (AI) and advanced analytics are enabling purpose-driven, resilient, and adaptable enterprises. Yet for many companies, IT cybersecurity principles and tools are still an afterthought, continually trying to catch up to the technology disruption. As a result, while business understandably focuses on rapidlypushing new products to market, necessary security standards and governance frequently lag behind.That leaves vital data vulnerable and critical operations at risk. More importantly no longer is the threat only to corporate, government, and personal information. With the widespread adoption of Internet-of-Things capabilities into our daily lives — including advanced healthcare solutions — even human lives can be at risk
Building Blocks of IT and Cybersecurity Architecture
Purpose built: business-IT-cybersecurity together
Sources:
https://www.tcs.com/perspectives/articles/cybersecurity-modernization-iot-implementation
https://www.cr-t.com/blog/warning-signs-of-bad-it-architecture/
Any cyber attack can result in a breach – my own example of a business process that we hadn’t fully architected for security considerations.
Your company may have fallen victim [to help build compassion]
Supporting statement that we HAD cybersecurity practices in place, were building, etc…
Key elements of cyber security architecture include an understanding of data flow: to/from, who has access, type of data, encrypted or unencrypted at rest or in transit?
Important to know how threat actors attack a potential target, and your security architecture must encompass a good understanding of the organization’s processes and business objectives. They have to understand how vulnerabilities occur and how threat actors exploit them.
https://www.cshub.com/attacks/articles/five-ransomware-attacks-in-2022-so-far-you-should-know-about
Nvidia
Red Cross
Conti
https://www.linkedin.com/pulse/plaintext-trim-away-security-excess-dark-reading/?trackingId=h3JGRHrTSnqMeZO82KoJhA%3D%3D
Globally in 2021, Check Point Research reported a >40% increase in cyberattacks, with one1 out of every 61 organizations being impacted by ransomware each week.
Threats increase year after year: Ransomware, Phishing, and Supply chain attacks
Velocity, intensity, complexity increasing > 50% year over year
Disjointed architecture makes stopping these things from happening more difficult
Threat prevention front & center focus for architecture
That said, we can establish some general requirements of an effective security architecture. It consists of three major components:
The People – They establish security objectives and identify business drivers.
The Processes – These determine the security techniques and principles that best suits the business based on a Needs assessment.
The Tools – The architectural framework developed to suit business goals and objectives.
The architecture must be strategically designed and implemented in a way that supports business goals.
>>>>>>
Practices that were established when data, applications, and other elements of IT infrastructure were located within a company’s four walls are not sufficient for an era of cloud computing and increasingly decentralized threats. A hyper-connected, boundary-less network is the new normal for a modern digital organization — which means a wider threat surface and more vectors for actors with ill
intent globally.
More important, no longer is the threat only to corporate, government and personal information. With the widespread adoption of Internet-of-Things capabilities into our daily lives — including advanced healthcare solutions — even human lives can be at risk.
Complexities in cybersecurity toolsetsTo defend against an expanding attack surface, security teams are increasingly adopting new cyber security products to protect networks, cloud infrastructure, IoT devices, as well as users and access. However, stitching together different products from multiple vendors may create security gaps and operational overhead.
Sprawl of different cyber security tools … Most look at the price point whenever they have chosen a tool to implement. There is nothing inherently wrong with doing that, but it leads to a more complex set of defenses with little or no integration between the tools.
Cybersecurity professionals continue to grapple with the challenges that come with a rapidly expanding network perimeter. And with every new ransomware attack that hits the headlines, it would be fair to assume that adding more security products or vendors would make a company more secure. But that’s not the case.
Saturated security market
One of the key reasons organizations are falling behind when it comes to consolidation is that decision-makers are, to all intents and purposes, spoiled for choice. The security market is heavily saturated at the moment, particularly in light of the move toward remote or hybrid working. Yet, despite organizations needing more robust security measures than ever before, budgets are tight and many feel pressured to only focus on the specific problem they face today. This is particularly true of the healthcare sector.
There are many reasons behind this tendency, not least the concept of vendor lock-in, which is still highly prevalent in the industry. Ongoing subscriptions make it difficult for organizations to switch vendors. Likewise, it’s becoming increasingly difficult for vendors to get customers to commit to a relationship spanning multiple years. Such relationships take time to nurture and reach their full potential. “With the threat landscape posing immediate risks, it’s probably more realistic and achievable for organizations to leverage and integrate a smaller number of vendors than commit to any single one,” says Deryck.
This multi-vendor approach might offer a fix for short-term problems, but it puts a great deal of strain on security teams who might not have the resources to adequately vet every product or vendor. CISOs might have a good idea of what’s best for their own organization, but it’s difficult to apply that knowledge to an ever-expanding list of disparate vendors that are pulled together under one umbrella.
Dark Reading article for talking points
How Check Point helps to solve the challenge
What is a modern/reference architecture?
Depicts all the security tools that should be in place to protect assets
Having disparate toolsets creates more complexity and re-work, etc.
Without a solid security architecture, this complexity can lead to gaps in the security posture
why moving toward security consolidation can significantly enhance security posture, improve security operational efficiency, and greatly reduce TCO (Total Cost of Ownership).
Similarly, CISOs had to react to the widening attack surface by enforcing security policies and the security infrastructure. CISOs have two options to deal with a widening attack surface. Either one takes a best-of-breed strategy to patchwork the security architecture with multiple vendors, or one consolidates the security architecture with a cyber security suite. The latter approach is recommended as it closes security gaps related to misconfiguration and security policies that do not fully overlap when using multiple vendors. Check Point surveyed over 400 global CISOs to confirm this trend, with 79% of security experts saying that working with multiple security vendors is challenging and 69% agreeing that working with fewer vendors would increase security.
Saturated security market
One of the key reasons organizations are falling behind when it comes to consolidation is that decision-makers are, to all intents and purposes, spoiled for choice. The security market is heavily saturated at the moment, particularly in light of the move toward remote or hybrid working. Yet, despite organizations needing more robust security measures than ever before, budgets are tight and many feel pressured to only focus on the specific problem they face today. This is particularly true of the healthcare sector.
According to Deryck Mitchelson, Field CISO at Check Point and former CISO at NHS Scotland, “Managers have become accustomed to making short-term decisions to solve immediate problems instead of considering more long-term, strategic approaches to addressing their security concerns.”
There are many reasons behind this tendency, not least the concept of vendor lock-in, which is still highly prevalent in the industry. Ongoing subscriptions make it difficult for organizations to switch vendors. Likewise, it’s becoming increasingly difficult for vendors to get customers to commit to a relationship spanning multiple years. Such relationships take time to nurture and reach their full potential. “With the threat landscape posing immediate risks, it’s probably more realistic and achievable for organizations to leverage and integrate a smaller number of vendors than commit to any single one,” says Deryck.
This multi-vendor approach might offer a fix for short-term problems, but it puts a great deal of strain on security teams who might not have the resources to adequately vet every product or vendor. CISOs might have a good idea of what’s best for their own organization, but it’s difficult to apply that knowledge to an ever-expanding list of disparate vendors that are pulled together under one umbrella.
Check Point’s Infinity platform is the first modern, consolidated security platform specifically designed to guard against modern-day threats such as zero-day and fifth-generation attacks across the network, cloud and endpoints; Protecting your entire infrastructure to address the elements shown in the Gartner mesh architecture.
Check Point Infinity is a unified, multi-layered approach to cyber security that protects all IT attack surfaces – networks, cloud, endpoints, mobile, and IoT devices – sharing the same threat prevention technologies, management services, and threat intelligence.
A unified cloud-native security suite – Check Point CloudGuard;
Network and data center security – Check Point Quantum;
User & Access security – Check Point Harmony;
Unified security management – Check Point Infinity.
Pre-emptive threat prevention technology is the key to a modern cyber security architecture blocking sophisticated attacks before damage can be inflicted. An organization needs to be able to predict and block unknown malware, as well as known malware, to deliver consistent protection across the entire IT infrastructure.
>>>>>>>>>>
Secure access – secure the cloud – secure the network –
Time management of team
Unified visibility !!
By adopting a consolidated security approach with Check Point Infinity architecture, businesses realize preemptive protection against the most advanced attacks, while achieving on average a 50% increase in operational efficiency and a 20% reduction in security costs. Unlike other consolidated security solutions on the market, Check Point Infinity has a flexible ELA (enterprise license agreement) that can be tailored to individual applications.
Brent Lassi, CISO at Bluecore, on a CISO Stop List he believes every leader in security should have.
Infinity Enterprise License Agreement is a simple and predictable Business ModelOne license for all services: All-inclusive subscription & tailored pricing model
To meet the demand for security consolidation, Check Point offers an Infinity Enterprise License Agreement (ELA) Suite with a unified management approach to cyber security. Benefits:
Reduced Overhead: Managing individual licenses across the organization can consume significant resources as each license needs to be purchased, tracked, and renewed individually. An ELA (Enterprise License Agreement) allows a company to use a single license for all vendor’s services that it consumes across the entire organization.
Lower Costs: An ELA is a bulk purchase of a vendor’s service for a fixed period. Often, this comes with large discounts compared to individual, per-seat licenses.
Decreased Business Impact: With individual licenses, an organization needs to manage each license and may face business disruptions if one slips through the cracks and expires. With an ELA, an organization only needs to manage a single license, decreasing the probability that an oversight will cause a disruption to operations.
Reduced Waste: With individual license agreements, an organization may inadvertently purchase additional licenses for a product while others go to waste or are only used occasionally. An ELA enables an organization to bundle services and stop spending money on unused services.
Predictable Spend: With an ELA, an organization and a vendor agree on a predetermined rate for a vendor’s services for the period of the ELA. This provides a greater degree of predictability than individual user licenses.
Service Flexibility: ELAs often include the option to claim credits for underused resources that can be applied to other services. This allows an organization to better tailor its service consumption to its actual needs. Remember the CISO Stop List?
In addition to ELA, the Vision Add-ons can further your comprehensive cybersecurity protection, keeping the toolset integrated.
How do we stack up?
Coverage across all attack vectors versus having to supplement with other point solutions
And the brains behind this is Check Point’s proprietary architecture is ThreatCloud, then talk through the items
Threat Cloud Glues our architecture together
Shared intelligence
Part of Infinity’s success is its ability to leverage Check Point’s ThreatCloud, a real-time global threat intelligence platform that monitors networks around the world for emerging threats and vulnerabilities. Unlike other consolidated security solutions on the market, Check Point Infinity has a flexible ELA (enterprise license agreement) that can be tailored to individual applications. While some solutions come with complex pricing structures and require cumbersome “all in one” rollouts, Infinity’s pricing is clear and streamlined, and can be rolled out in a way to suit individual businesses. If you want to tackle endpoint security first, for instance, and then focus on their network, you can take that approach with Infinity.
Finer points of our proprietary TC architecture: ThreatCloud delivers accurate prevention in under 2 seconds To 100’s of millions of enforcement points worldwide
How do we validate the authenticity of our “homegrown” TC? As a pioneer in the cybersecurity industry, based on 25 years of experience –
Structural component in your CS architecture
Reliability
Authenticity
Robust protection
CISO going to sleep at night; never at peace
Log4j customers protected by Threat Cloud were unaffected by 0-day threat because of TC protection
Increased Protection
Optimal # of engineers required to support all of the disparate systems 30 vs 16 needed for Infinity; freed up other members of the security team to focus on other security initiatives and projects (GRC, BCDR, etc.)
Applicable to any size organization SMB
Reduce SW, HW and operational cost
Compare and contrast HW SW to operational costs
Need to adjust this graphic to fill the slide
Check Point leadership has been recognized By third-party analysts, testing labs and associations
What our customers say about Infinity ELA
Consolidate your security architecture
Gain accurate prevention against sophisticated attacks with the power of ThreatCloud
Reduce TCO & Increase security efficiency
Check Point provides the most complete security for banks.
Infinity-Vision is the unified management platform for Check Point Infinity, the first modern, consolidated cyber security architecture built to prevent today’s most sophisticated attacks across networks, cloud, endpoints, mobile, and IoT. Infinity-Vision is powered by the world’s largest threat intelligence network. It is centrally managing the Infinity architecture to mitigate attacks effectively in real-time, solve security gaps, and reduce the total cost of ownership.
Organizations frequently implement multiple cyber security solutions in pursuit of better protections. As a result, they are frequently left with a patchwork security architecture that results in a high TCO.
By adopting a consolidated security approach with Check Point Infinity architecture, businesses realize preemptive protection against advanced fifth-generation attacks while achieving a 50% increase in operational efficiency and a 20% reduction in security costs.
30sec
IT has changed
Limited Resources – Money and HR
Increasing # and complexity of attacks
Security is reactive & expensive
Point products create overlap, misconfigurations and confusion
We built a holistic solution