Contenu connexe
Similaire à festival ICT 2013: Check Point 2013 Security Report (20)
Plus de festival ICT 2016 (20)
festival ICT 2013: Check Point 2013 Security Report
- 1. 11©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals
- 2. 22©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
A comprehensive survey
– and much more !
888 companies
1,494 gateways
120,000 Monitoring hours
112,000,000 security events
[Restricted] ONLY for designated groups and individuals
- 3. 33©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
40%
40%
20%
39%
14%10%
7%
4%
26%
A comprehensive survey
% of companies
Americas
EMEA
APAC
Industrial
Finance
Government
Telco
Consulting
Other
By geography By sector
[Restricted] ONLY for designated groups and individuals
- 4. 44©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Multiple sources of data
SensorNet
3D
Reports
Threat
Cloud
[Restricted] ONLY for designated groups and individuals
- 5. 55©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Looking back and forward
Main security threats
& risks
Security architecture
Recommendations
2012 2013 and beyond
[Restricted] ONLY for designated groups and individuals
- 6. 66©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Check Point Security Report 2013
About the research
Key findings
Security strategy
Summary
[Restricted] ONLY for designated groups and individuals
- 7. 77©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threats
to the
organization
Risky
enterprise
applications
Data loss
incidents in
the network
[Restricted] ONLY for designated groups and individuals
- 8. 88©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Another day, another major hack
[Restricted] ONLY for designated groups and individuals
- 9. 99©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Just this week….
[Restricted] ONLY for designated groups and individuals
“Hackers in China Attacked The Times for
Last 4 Months”
(NY Times , Jan 30, 2013)
“Wall Street Journal also hit by hack”
(WSJ , Jan 31 2013)
- 10. 1010©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
2012: the year of hacktivism
Arab Spring
Political freedom
Foxcon
Working conditions
Justice Department
Anti-corruption
Vatican
Unhealthy transmitters
UN ITU
Internet deep packet inspection
[Restricted] ONLY for designated groups and individuals
- 11. 1111©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
This does not affect me, right?
[Restricted] ONLY for designated groups and individuals
- 12. 1212©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The majority of companies are infected
63%
100% = 888 companies
of the
organizations
(2 out of 3)
in the
research
were infected
with bots
[Restricted] ONLY for designated groups and individuals
- 13. 1313©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Once in … always on
Communicating
with command
& control every
21minutes
[Restricted] ONLY for designated groups and individuals
- 14. 1414©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Top 2012 Bots
[Restricted] ONLY for designated groups and individuals
- 15. 1515©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Exploit kits are easy to buy
Rental costs
One day – 50$
Up to 1 month – 500$
3 month – 700$
Rental costs
One day – 50$
Up to 1 month – 500$
3 month – 700$
Available
online
[Restricted] ONLY for designated groups and individuals
- 16. 1616©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
But there is more than Bots, right?
Malware
INSIDE
How does malware
get to my network?
[Restricted] ONLY for designated groups and individuals
- 17. 1717©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Going to the wrong places…
[Restricted] ONLY for designated groups and individuals
- 18. 1818©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Downloading malware all the time
53%of organizations saw
malware downloads
[Restricted] ONLY for designated groups and individuals
- 19. 1919©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anatomy of an attack
Recon
Exploit
Toolkit
Backdoor
Damage4
3
2
1
BOT
Virus
RAT
[Restricted] ONLY for designated groups and individuals
- 20. 2020©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Two major trends
BOT
Virus
Damage
Profit drivenA
Ideological
driven
B
4RAT
[Restricted] ONLY for designated groups and individuals
- 21. 2121©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case example
Massive SQL injection attack
Italian University
[Restricted] ONLY for designated groups and individuals
- 22. 2222©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case Study
Hacker injected the following string…
In normal language:
“Please give me the usernames and
passwords from the database”
In normal language:
“Please give me the usernames and
passwords from the database”
[Restricted] ONLY for designated groups and individuals
- 23. 2323©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
BLOCKED
by
Check Point
IPS Software
Blades
From around the world…
Case study - the success
[Restricted] ONLY for designated groups and individuals
- 24. 2424©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Main takeaways…
63%63% of organizations were infected
with bots
53%53% of organizations experienced
malware downloads
[Restricted] ONLY for designated groups and individuals
- 25. 2525©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threats
to the
organization
Risky
enterprise
applications
Data loss
incidents in
the network
[Restricted] ONLY for designated groups and individuals
- 26. 2626©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
No longer a game
[Restricted] ONLY for designated groups and individuals
- 27. 2727©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
What are risky applications?
Bypassing security or
hiding identity
Do harm without
the user knowing it
P2P file sharing
Anonymizers
File sharing / storage
Social networks
[Restricted] ONLY for designated groups and individuals
- 28. 2828©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Just this week….
[Restricted] ONLY for designated groups and individuals
We discovered one live attack and were able to
shut it down in process moments later,
However, our investigation has thus far indicated
that the attackers may have had access to limited
user information — usernames, email addresses
and passwords — for approximately 250,000
users.”
Bob Lord, Twitter’s director of information security.
(Friday, Feb 1, 2013)
- 29. 2929©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Risky applications
Anonymizers
[Restricted] ONLY for designated groups and individuals
- 30. 3030©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
What is an anonymizer?
Firewall
OK
User Proxy Site
[Restricted] ONLY for designated groups and individuals
- 31. 3131©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
History of Anonymizers
Began as “The Onion
Router”
Officially sponsored
by the US Navy
80% of 2012 budget
from US Government
Used widely during
Arab Spring
[Restricted] ONLY for designated groups and individuals
- 32. 3232©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The risk of anonymizers
Bypasses security
infrastructure
Used by botnets to
communicate
Hide criminal,
illegal activity
[Restricted] ONLY for designated groups and individuals
- 33. 3333©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anonymizers inside the corporation
47%
of organizations
had users of
Anonymizers
(80% were not aware that
their employees use
Anonymizers)
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
- 34. 3434©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Risky applications
P2P file sharing
[Restricted] ONLY for designated groups and individuals
- 35. 3535©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Risk of P2P Applications
Downloading
the latest
“24” episode
right now ☺
Pirated content liability
Malware downloads
“Back door” network access
[Restricted] ONLY for designated groups and individuals
- 36. 3636©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
P2P inside the corporation
61%
of organizations
had a P2P file
sharing app in
use
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
- 37. 3737©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case example: P2P
3,800
personal details shared
on P2P
95,000
personal details shared
on P2P
Fines for information disclosers
[Restricted] ONLY for designated groups and individuals
- 38. 3838©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Main takeaways…
61% of organizations had a P2P
file sharing app in use
47% of organizations had users of
anonymizers
[Restricted] ONLY for designated groups and individuals
- 39. 3939©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threats
to the
organization
Risky
enterprise
applications
Data loss
incidents in
the network
[Restricted] ONLY for designated groups and individuals
- 40. 4040©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
How common is it?
54%
of organizations
experienced data
loss
[Restricted] ONLY for designated groups and individuals
- 41. 4141©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Many types of data leaked
[Restricted] ONLY for designated groups and individuals
- 42. 4242©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
PCI compliance can be improved
Of financial organizations sent credit
card data outside the organization
[Restricted] ONLY for designated groups and individuals
- 43. 4444©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We have all had this problem
Error 552: sorry, that message exceeds
my maximum message size limit
Dropbox?
YouSendIt?
Windows Live?
[Restricted] ONLY for designated groups and individuals
- 44. 4545©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Storing and Sharing applications
80%
of organizations
use file storage
and sharing
applications
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
- 45. 4646©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Top sharing and storage apps
70
51
25
22
13
10
Dropbox
Windows Live
Curl
YouSendIt
Sugarsync
PutLocker
% of organizations
But sharing is not
always caring…
[Restricted] ONLY for designated groups and individuals
- 46. 4747©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Check Point Security Report 2013
About the research
Key findings
Security strategy
Summary
[Restricted] ONLY for designated groups and individuals
- 47. 4848©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We talked about three issues
Threats
to the
organization
Risky
enterprise
applications
Data loss
incidents in
the network
[Restricted] ONLY for designated groups and individuals
- 48. 4949©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anatomy of an attack
Recon
Exploit
Toolkit
Backdoor
Damage4
3
2
1
BOT
Virus
RAT
[Restricted] ONLY for designated groups and individuals
- 49. 5050©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Addressing external threats
FW AVIPS
AntiBot
URLF
ThreatEmulation
[Restricted] ONLY for designated groups and individuals
- 50. 5151©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Enabling secure application use
URLF
Antivirus
ApplicationControl
[Restricted] ONLY for designated groups and individuals
Endpoint
- 51. 5252©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Preventing data loss
DocSec
DLP
Data
EndPoint
ApplicationControl
Usercheck
[Restricted] ONLY for designated groups and individuals
- 52. 5353©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Seeing attacks and protections
SmartEvent
SmartLog
SmartDashboard
[Restricted] ONLY for designated groups and individuals
- 53. 5454©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Summary
63%
47%
54%
Infected with bots
3 key
Takeaways Used Anonymizer
Experienced data leak
Multi Layer Security
Central Management
Manage
&
Monitor
Protect from
external threats
Protect from
external threats
Prevent access
to bad sources
Prevent access
to bad sources
Keep the
organization
secured
Keep the
organization
secured
[Restricted] ONLY for designated groups and individuals
- 54. 5555©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals