Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PIONEERING GEN V SECURITY WITH CHECK POINT

111 views

Published on

Forum Cybersécurité 2018 : Les défis des environnements ouverts : hôpitaux et universités… même combat !
(20 novembre 2018)

Published in: Internet
  • Be the first to comment

PIONEERING GEN V SECURITY WITH CHECK POINT

  1. 1. 1©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. Christof Jacques | Security Engineer Check Point Belgium & Luxembourg Performance & Prevention PIONEERING GEN V SECURITY WITH CHECK POINT
  2. 2. 2©2018 Check Point Software Technologies Ltd. 2©2018 Check Point Software Technologies Ltd. Generations of Attacks and Protections Gen I Late 1980s – PC attacks - standalone Virus Gen II Mid 1990s – Attacks from the internet Networks Gen III Early 2000s - Exploiting vulnerabilities in applications Applications The Anti VirusThe Anti Virus The FirewallThe Firewall Intrusion Prevention (IPS) Intrusion Prevention (IPS) Gen IV 2010 - Polymorphic Content Payload SandBoxing and Anti-Bot SandBoxing and Anti-Bot
  3. 3. 3©2018 Check Point Software Technologies Ltd. GERMANY MAY 2017: WANNACRY GLOBAL ATTACKS UK SPAIN RUSSIA USA BRAZIL CHINA FRANCE JAPAN May 12, 8:24am WannaCry outbreak
  4. 4. 4©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Belgique & Pays-Bas: Q-Park
  5. 5. 5©2018 Check Point Software Technologies Ltd. RUSSIA DENMARKUK FRANCE GERMANY USA A MONTH LATER: NOTPETYA OUTBREAK UKRAINE • International airport • Chernobyl reactor • Power grid • Metro system • Petrol stations June 27 NotPetya Outbreak
  6. 6. 6©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Belgique: APM (parti de Maersk) & Mondelez
  7. 7. 7©2018 Check Point Software Technologies Ltd. WE ARE AT AN INFLECTION POINT ! 1990 2000 2010 2017 Networks Gen II Applications Gen III Payload Gen IV Virus Gen I Mega Gen V
  8. 8. 8©2018 Check Point Software Technologies Ltd. 11:30 11:32 11:35 Shared intelligence and threat preventionShared intelligence and threat preventionShared intelligence and threat preventionShared intelligence and threat prevention across networks, mobile, cloudacross networks, mobile, cloudacross networks, mobile, cloudacross networks, mobile, cloud One consolidated system to fully block theOne consolidated system to fully block theOne consolidated system to fully block theOne consolidated system to fully block the attackattackattackattack Incoming email withIncoming email withIncoming email withIncoming email with PDF attachmentPDF attachmentPDF attachmentPDF attachment blockedblockedblockedblocked Access to web site onAccess to web site onAccess to web site onAccess to web site on mobile device wasmobile device wasmobile device wasmobile device was blockedblockedblockedblocked Virtual machine onVirtual machine onVirtual machine onVirtual machine on public cloud waspublic cloud waspublic cloud waspublic cloud was quarantinedquarantinedquarantinedquarantined
  9. 9. 9©2018 Check Point Software Technologies Ltd. 9©2018 Check Point Software Technologies Ltd. 9 MOBILE Threat Intelligence ENDPOINT HEADQUARTERS LAN BRANCH Access Protection Baseline Threat Prevention Advanced Threat Prevention Media Encryption Full Disk Encryption Advanced Threat Prevention Inbound Outbound Access Control Data Protection Multi Layered Security MGMT - VPN IDA LAN Network Protection Device Protection App Protection Capsule WorkSpace/Docs Remote Access Secure Business data Protect docs everywhere CLOUD Infrastructure Applications Advanced Threat Prevention Adaptive Security Anti-Ransomware Forensics Threat Prevention Access/Data Security Access Control Secure Media Secure Documents ENDPOINT Identity Protection Sensitive Data Protection Zero-Day Threat Protection End-to-end SaaS Security Automation and Orchestration Multi-Cloud Hybrid Cloud Cross Cloud Dynamic Policies Access Control Advanced Threat Prevention Segmentation
  10. 10. ©2018 Check Point Software Technologies Ltd. HIGHEST SECURITY EFFECTIVENESS
  11. 11. 11©2018 Check Point Software Technologies Ltd. New Machine Learning Higher Catch Rates Lower False Positives “CADET” “HUNTRESS” “CAMPAIGN HUNTING” PREVENT UNKNOWN ATTACKS
  12. 12. ©2018 Check Point Software Technologies Ltd. CONTEXT AWARE DETECTION “CADET” Look at full context of the inspected element Extract parameters from the environment THOUSANDS of discrete Indicators ONE Accurate Verdict Missed Detection False Positive Old CADET
  13. 13. ©2018 Check Point Software Technologies Ltd. UNCOVER MALICIOUS EXECUTABLES Dynamically analyze executables in a Sandbox to collect system APIs Apply Machine Learning to reach malicious verdict Feedback loop for continued learning “HUNTRESS” Huntress Unique Detections +13%
  14. 14. ©2018 Check Point Software Technologies Ltd. PREDICTIVE THREAT INTELLIGENCE Expose unknown bots and malicious domains Attribute attacks to campaigns Enrich threat intelligence for predictive campaign prevention Campaign Hunting Introduced +10% CAMPAIGN HUNTING
  15. 15. ©2018 Check Point Software Technologies Ltd. MATURE AND SECURED SOFTWARE WITH SENSE OF URGENCY 1.02 Mature SW Code Swift response to SW vulnerabilities 221.3 62 183.6 93 48.2 99 # Total of SW vulnerabilities(2016,2017) Average fix time (days) Source: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgency
  16. 16. ©2018 Check Point Software Technologies Ltd. AVERAGE RESPONSE TIME FOR TOP VULNERABILITIES(IPS) IN 2017 Source: vendors security advisories web pages & http://tiny.cc/urgency
  17. 17. ©2018 Check Point Software Technologies Ltd. GROUNDBREAKING PERFORMANCE
  18. 18. 18©2018 Check Point Software Technologies Ltd. Most of Our Traffic is Encrypted! 70%Traffic over HTTPS SMB Security Management Portal (SMP) 69%HTTPS Page Loads Google Transparency Report
  19. 19. 19©2018 Check Point Software Technologies Ltd. RRRR80.1080.1080.1080.10 RRRR80.2080.2080.2080.20 1.71.71.71.7 GbpsGbpsGbpsGbps 2.72.72.72.7 GbpsGbpsGbpsGbps PROTECTING ENCRYPTED TRAFFIC AND SENSITIVE DATA WITH NEW SOFTWARE ACCELERATED SSL ENGINE IN R80.20 90% SSL with full Threat Prevention Tested on 15600
  20. 20. 20©2018 Check Point Software Technologies Ltd. Other vendors Protocols Typical Enterprise mix of protocols HTTP only or an undisclosed mix Content Types Real-Life mix Synthetic Transaction Size Variety Single size or an undisclosed mix How do different vendors test performance?
  21. 21. 21©2018 Check Point Software Technologies Ltd. Web: youtube video, 30% Web: JPG, 40% Web: 15K page, 15% Web: 1K pages, 5% SMTP; 1% Telnet; 1% FTP; 1% POP3; 1% DNS; 1% Traffic Mix Introducing New Enterprise Testing Conditions A typical internet facing traffic blend for enterprises in 2018 Realistic mix of protocols and content types Aligned with customer expectations in RFPs
  22. 22. 22©2018 Check Point Software Technologies Ltd. Measured under ENTERPRISE TESTING CONDITION Check Point 5100 Check Point 15400 Check Point 23900 Gen V Security Full Threat Prevention with SandBlast Zero-Day Protections 700 Mbps 4 Gbps 14.6 Gbps Gen III Security Next-Gen Firewall 2.1 Gbps 7.7 Gbps 24 Gbps Gen II Security Firewall bandwidth 6.45 Gbps 33.5 Gbps 77.9 Gbps
  23. 23. 23©2018 Check Point Software Technologies Ltd. Bypass security when buffers are full Don’t emulate large files Inspecting only inbound traffic Inspect only the beginning of the connection Traffic load Disables all Security Large files (like this ppt) are not protected Enabling malware to communicate Freely Very easy to evade security Be Aware! Other Security Vendors Cut Corners! *Based on security vendors product documentation
  24. 24. ©2018 Check Point Software Technologies Ltd. OPERATIONAL EXCELLENCE
  25. 25. 25©2018 Check Point Software Technologies Ltd. Source: Operational Efficiency Report: Dimensional Research Step up to Cyber Security Your Security is Only as Strong as Your Ability to Manage it 98% 58% 23% 98% of enterprises experienced a significant cyber threat in the past 3 years 58% took more than 24 hours to start remediation of threat Only 23% report their security teams are fully up-to-date
  26. 26. 26©2018 Check Point Software Technologies Ltd. SINGLE CONSOLE UNIFIED POLICY
  27. 27. 27©2018 Check Point Software Technologies Ltd. Unified Rulebase – One Policy Governs Everything User Aware Device Aware Applications Content Cloud Gateways
  28. 28. 28©2018 Check Point Software Technologies Ltd. Unified Management – One Simple Example When selecting a rule... ...you immediately see the logs relevant to that specific rule
  29. 29. 29©2018 Check Point Software Technologies Ltd. • Inline layer is only checked if parent rule matches. • Can be reused multiple times • Can be assigned a dedicated administrator Unified Rulebase – Inline Layers Parent Rule Inline Layer
  30. 30. 30©2018 Check Point Software Technologies Ltd. RESPOND TO SECURITY INCIDENTS IMMEDIATELY SINGLE VIEW INTO SECURITY RISKS REAL-TIME FORENSIC & EVENT INVESTIGATION New Cyber Attack Dashboard Find the needle in the haystack
  31. 31. 31©2018 Check Point Software Technologies Ltd. Multi-Tasking in R80.20 [Internal Use] for Check Point employees NO NEED TO PUBLISH OR DISCARD UNFINISHED WORK OPEN MULTIPLE SMARTCONSOLE SESSIONS IN PARALLEL SWITCHING TASKS 99POLICY CHANGES
  32. 32. 32©2018 Check Point Software Technologies Ltd. Unified logs for Security Gateway, SandBlast Agent and SandBlast Mobile for simple log analysis Logging & Monitoring
  33. 33. 33©2018 Check Point Software Technologies Ltd. Log Exporter rsyslogrsyslogrsyslogrsyslog …and any other SIEM application that can run syslog agent Supports… Extract – Reads incoming logs from the Security Gateway Transform – Adapts SIEM format Export – Sends the logs to the configured target server # cp_log_export add name my_splunk_device domain-server LondonDomain target-server 192.168.13.32 target-port 5009 protocol tcp format CEF encrypted true ca-cert /path/my-certificate client-cert /path/my-cert.p12 client-secret shared-secret --apply-now Log
  34. 34. 34©2018 Check Point Software Technologies Ltd. ENHANCEMENTS STREAMLINE BUSINESS OPERATIONS FOR FAST AND EFFICIENT SECURITY CONTROL NEW MANAGEMENT API’s IOC, UPDATEABLE OBJECTS, WILDCARD OBJECTS, MULTI-TASKING, SHOW TASKS, PURGE REVISIONS New! Online Changelog in the API documentation R80.20 does not stop giving!
  35. 35. 35©2018 Check Point Software Technologies Ltd. Task Task 1: Allow Facebook for one department and block it everywhere else 00:40 58 Clicks 1 Menu 02:03 110 Clicks 11 Menus 01:34 97 Clicks 4 Menus 01:44 108 Clicks 7 Menus Task 2: Create a new network object and perform dynamic NAT 00:19 49 Clicks 2 Menus 00:56 80 Clicks 6 Menus 00:53 60 Clicks 4 Menus 00:50 75 Clicks 6 Menus Task 3: Find logs for the application "Mega.nz" 00:08 9 Clicks 1 Menu 00:20 14 Clicks 2 Menus 00:13 11 Clicks 2 Menus 00:43 11 Clicks 3 Menus Task 4: Replace an object appearing 4 times with another object 00:20 13 Clicks 1 Menu 00:46 44 Clicks 8 Menus 00:40 38 Clicks 5 Menus 01:06 49 Clicks 9 Menus Task 5: add the same simple rule to 2 different policies/gateways 00:37 55 Clicks 2 Menu 01:47 103 Clicks 5 Menus 01:12 99 Clicks 4 Menus 01:18 94 Clicks 9 Menus Totals: 02:08 183 Clicks 7 Menus 05:52 340 Clicks 32 Menus 04:32 272 Clicks 19 Menus 05:41 341 Clicks 35 Menus Management Agony Coefficient 1 3.04 2.23 3.06 AGONY METER Full reference: http://tiny.cc/agonymeter [Internal Use] for Check Point employees
  36. 36. ©2018 Check Point Software Technologies Ltd. COMPLETE CLOUD SECURITY
  37. 37. 37©2018 Check Point Software Technologies Ltd. ISE COMPLETE CLOUD SECURITY Consistent security policy and control across all Public and Private Clouds
  38. 38. 38©2018 Check Point Software Technologies Ltd. Adaptive Security for Cloud Managing access rules to online services in now easier than ever Ready-to-use, automatically updated groups do the work for you!
  39. 39. 39©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees PREVENTION OF SAAS CYBER ATTACKS BLOCK OF SAAS ACCOUNT HIJACKING
  40. 40. 40©2018 Check Point Software Technologies Ltd. 4 MOBILE Threat Intelligence ENDPOINT HEADQUARTERS LAN BRANCH Access Protection Baseline Threat Prevention Advanced Threat Prevention Media Encryption Full Disk Encryption Advanced Threat Prevention Inbound Outbound Access Control Data Protection Multi Layered Security MGMT - VPN IDA LAN Network Protection Device Protection App Protection Capsule WorkSpace/Docs Remote Access Secure Business data Protect docs everywhere CLOUD Infrastructure Applications Advanced Threat Prevention Adaptive Security Anti-Ransomware Forensics Threat Prevention Access/Data Security Access Control Secure Media Secure Documents ENDPOINT Identity Protection Sensitive Data Protection Zero-Day Threat Protection End-to-end SaaS Security Automation and Orchestration Multi-Cloud Hybrid Cloud Cross Cloud Dynamic Policies Access Control Advanced Threat Prevention Segmentation
  41. 41. 41©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. THANK YOU

×