End to End Security - Check Point

11/7/2018 1www.secdata.com
Check Point
Adrian Aston
Pre-Sales Consultant
November 2018

CHECK POINT – FROM THE CLOUD TO THE END POINT
• Check Point were established in 1993 and are key vendor for SecureData
• SecureData hold the highest accreditation – 4 Star Elite Partner
• Why Check Point ? It is important for organisation to protect all network entry points, Check Point
offer solutions to cover multiple areas. You can no longer focus on the traditional edge protection
model.
• SecureData have worked with Check Point for many years and are able to work with the whole
solution portfolio

3©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd.
Edward Smart | Channel Manager UK
& all points in between
FROM THE CLOUD TO THE END POINT

4©2018 Check Point Software Technologies Ltd.
THE ERA OF DIGITAL TRANSFORMATION
CONNECTING
TO THE CLOUD
AND MOBILE

#1 Taxi company
owns no cars
#1 Accommodation
company owns
no real estate
#1 media provider
creates no content
#1 fastest growing
TV network lays
no cables
#1 Valuable retailer
has no inventory
DISRUPTIVE BUSINESS MODELS

THE INFRASTRUCTURE IS CHANGING NOW
CLOUD
MOBILE
SERVER
IOT
VIRTUALISATION

FOR THE BAD ACTORS AS
WELL AS THE GOOD GUYS
CHANGES CREATE NEW
OPPORTUNITIES

Security is the biggest
barrier to IoT adoption
Security Concerns Continue
Amid Cloud Adoption
Cybersecurity Is Biggest Risk
of Autonomous Cars
ITPRO
InformationWeek
Bloomberg
“
”
“
“
”
”

WAS 2017 A CYBER-SECURITY
WAKE-UP CALL ?
WannaCry
Thousands of enterprises in over 99 countries
NotPetya
Completely shutting down an entire country and
impacting over 60 more

The Global Risks Report 2018

11©2018 Check Point Software Technologies Ltd. 11©2018 Check Point Software Technologies Ltd.
Generations of Attacks and Protections
Gen I
Late 1980s –
PC attacks - standalone
Virus
Gen II
Mid 1990s –
Attacks from the internet
Networks
Gen III
Early 2000s -
Exploiting vulnerabilities
in applications
Applications
The Anti Virus
The Firewall
Intrusion
Prevention (IPS)
Gen IV
2010 -
Polymorphic Content
Payload
SandBoxing
and Anti-Bot

Where are we ?
1990 2000 2010 2015 2017
THREATS
PROTECTIONSNetworks
Gen II
Applications
Gen III
Payload
Gen IV
GRADE I
GRADE II
GRADE III
GRADE V
GRADE IV
Virus
Gen I
Enterprises
are between
Gen 2-3
2.8
Mega
Gen V

2018 – GEN V OF ATTACKS
Large scale (across country and industry)
State-sponsored technologies
Multi-vector (network, cloud, mobile)

GEN IV PROTECTION IS NO LONGER
ENOUGH!
Gen IV
PAYLOAD
SandBoxing
and Anti-Bot
2010 -
Polymorphic Content
WE NEED PREVENTION (NOT-JUST DETECTION)
COVERING OUR WEAKEST POINTS – CLOUD, MOBILE
REAL-TIME ACTION

PATCHWORK OF POINT
SOLUTIONS.
COMPLEX SOLUTIONS
WITH UNCERTAIN
SECURITY COVERAGE.
Most security
technologies today stay
• Looking for
yesterday’s signatures
• Detection instead
of prevention
ONE STEP
BEHIND

THE TRADITIONAL APPROACH
Virus > < Anti-Virus
Malicious Websites > < URL Filtering
Intrusion > < Intrusion Prevention
Botnet > < Anti-Bot
High Risk Applications > < Application Control

Introducing GEN 5 PROTECTION
Against MEGA ATTACKS

CONVERTING INTELLIGENCE INTO PROTECTION
ENFORCEMENT LAYER
THREAT PREVENTION
ENDPOINT
SECURITY
NETWORK SECURITY
GATEWAY
MOBILE
SECURITY
VIRTUAL
SYSTEMS
CLOUD
SECURITY
CONTROL LAYER
MANAGEMENT LAYER SINGLE MANAGEMENT

WHAT INGREDIENTS DO WE NEED ?

SS7 ATTACK
PREVENTION
LARGE SCALE
MANAGEMENT
MOBILE MAN
IN THE MIDDLE
ATTACK
MEMORY
ANALYSIS
PUBLIC-CLOUD
AUTOPROVISION
THREAT
EXTRACTION
NETWORK
ENCRYPTION
REST APIs ORCHESTRATION
CPU LEVEL
SANDBOX
ADAPTIVE
CLOUD
SECURITY
CLOUD
SECURITY
AUTO-SCALE

MAKING GEN V POSSIBLE
SS7 ATTACK
PREVENTION
LARGE SCALE
MANAGEMENT
MOBILE MAN
IN THE
MIDDLE
ATTACK
MEMORY
ANALYSIS
PUBLIC-CLOUD
AUTOPROVISION
THREAT
EXTRACTION
NETWORK
ENCRYPTION
REST APIs ORCHESTRATION
CPU LEVEL
SANDBOX
ADAPTIVE
CLOUD
SECURITY
CLOUD
SECURITY
AUTO-SCALE

©2018 Check Point Software Technologies Ltd.
HOW DO WE MOVE
TO GEN V OF
SECURITY?

You Need a Small Army of Security Technologies
Machine
Learning
CPU-Level
Sandboxing

THE FIRST CONSOLIDATED SECURITY ACROSS NETWORKS,
CLOUD, AND MOBILE, PROVIDING THE HIGHEST LEVEL
OF THREAT PREVENTION.
THE CYBER SECURITY ARCHITECTURE OF THE FUTURE

ACROSS ALL NETWORKS, CLOUDS AND MOBILE
ONE SECURITY
PLATFORM
Leveraging unified
threat intelligence
& open interfaces
PREEMPTIVE
THREAT PREVENTION
Blocking the most
sophisticated attacks
before they happen
Single Management,
Modular Policy
Management & integrated
threat visibility
CONSOLIDATED
SYSTEM
T H E C Y B E R S E C U R I T Y A R C H I T E C T U R E O F T H E F U T U R E

CLOUDGUARD
SAAS
PROTECTING ANY CLOUD,
ANY SERVICE, ANYWHERE

New Cloud Service Protects Enterprise SaaS Apps

CLOUDGUARD SAAS
SAAS SECURITY IS
ONE CLICK AWAY
Identity
Protection
Protect
Sensitive Data
Zero-day threats
Protection
End-to-End
SaaS Security

Security Gateway
SAAS PROVIDERS
SECURITY STACK
Prevent
Account
Takeovers
Data Leak
Prevention
Reveal
Shadow IT
HOW IT WORKS
API & AD
…
CloudGuard SaaS
Documents
encryption
Zero-day
Threats
Protection

CLOUDGUARD SAAS
THREAT PROTECTION
Prevent malware and zero-day
threats from getting into SaaS apps
Block phishing emails for
Office 365 and Gmail

AWARD-WINNING
THREAT PROTECTION
TECHNOLOGY
Threat Emulation
The only evasion resistant
CPU-Level sandbox
Threat Extraction
Proactive prevention
through file sanitation
Anti Phishing for Email
Advanced protection
of user emails
Anti-Virus
Protection against known
malware

API: New File
Detected
Quarantine
file
THREAT PREVENTION
FOR SAAS APPS
HOW IT WORKS
• Attackers shares or emails data
• Insider shares or emails sensitive data
• Detected content is quarantined, un-
shared or encrypted
• The solution is deployed as an add-
on to the SaaS application
Hacker
Shares / emails
malicious content
Scan
File
Found
malware
CloudGuard SaaS
Threat Prevention

CLOUDGUARD SAAS
IDENTITY PROTECTION
ID-Guard technology identifies
imposturous access
Blocks unauthorized users and
devices, on mobile and PCs

Identity Server
ADFS, Azure AD, Okta
ACCOUNT TAKEOVER
HOW IT WORKS?
• Attacker uses phishing, password
spraying, or malware to steal
credentials
• Attacker authenticates against an
Identity Federation Service
Hacker
Accesses App
Stolen
credentials

Accesses
App
Accesses
App
Stolen ID
Hacker
Identify Device
• Only users and devices with ID-Guard
endpoint agent can login
• Malicious login prevented even if the
hacker has correct credentials
• No user involvement
PREVENT ACCOUNT
TAKEOVER WITH
CLOUDGUARD SAAS
IDENTITY PROTECTION
Identity Server
ADFS, Azure AD,
Okta
Employee
Identity Server
ADFS, Azure AD,
Okta

• Collects network fromThreat Cloud
and SaaS
• Prevents suspicious logins
Example: seen in two locations,
bad source IP reputation
Accesses app
Stolen
credentials
Hacker
Intelligence
PREVENT ACCOUNT
TAKEOVER WITH
CLOUDGUARD SAAS
IDENTITY PROTECTION
Network Only Mode
Identity Server
ADFS, Azure AD,
Okta

CLOUDGUARD SAAS
DATA PROTECTION
Documents shared Email Chat
Block sharing of sensitive data
and files
Force encryption of sensitive data

API: New File
Detected
Unshare file
DATA PROTECTION
FOR SAAS APPS
HOW IT WORKS
• Attackers shares or emails data
• Insider shares or emails sensitive
data
• Detected content is quarantined,
un-shared or encrypted
• The solution is deployed as an
add-on to the SaaS application
Shares sensitive content
Scan
File
Found a
sensitive
financial report
CloudGuard SaaS
Employee
Data Leak
Prevention

CLOUDGUARD SAAS
END-TO-END SECURITY
Sync policies between gateways,
mobile, and CloudGuard SaaS
Unify management across gateways,
endpoints, and Cloud

Shared intelligence and threat prevention
across networks, mobile, cloud
One unified system to fully block the
attack
CLOUDGUARD SAAS
END-TO-END SECURITY
• On premise security gateways
report employees behavior &
location
• IP reputation intelligence feeds
cross Check Point customers
• Mobile/PC endpoint suites detect
malware and OS exploits to
condition SaaS access
• Shadow IT reporting with Check
Point SmartEvent and AppControl

PROTECT A MULTITUDE OF SAAS APPS
WITHIN MINUTES

• Protects home-brewed SaaS apps
with advanced threat prevention
• RESTful threat prevention APIs
PROTECT YOUR APPS
WITH CLOUDGUARD API
CloudGuard SaaS
Malware
detected
Send file for
inspection
API call –
Scan file
Zero-Day Protection

CLOUDGUARD SAAS
SAAS SECURITY IS
ONE CLICK AWAY
Identity
Protection
Protect
Sensitive Data
Zero-day threats
Protection
End-to-End
SaaS Security

SUMMARY
SAAS ATTACKS ARE
HAPPENING AS WE SPEAK
CLOUD APPS ARE AT RISK
DUE TO ADVANCED
EXTERNAL THREATS, AND
ACCOUNT TAKEOVER
CLOUDGUARD SAAS – THE
ONLY PREVENTIVE SECURITY
SOLUTION FOR ALL CLOUD
APPLICATIONS

CLOUDGUARD
IAAS
BROADEST SECURITY FOR
CLOUD-BASED DATA
CENTERS

COMPREHENSIVE SECURITY ARCHITECTURE
Headquarters
Remote Employees Branch
Private Cloud & SDN SAASPublic IAAS

CLOUD IS TAKING OVER THE WORLD
CLOUD DIVERSITY
67% OF ENTERPRISES ARE IN
HYBRID CLOUD MODEL.
MULTI CLOUD BECOMING THE
NORM
RightScale
SECURITY
40% OF ENTERPRISES RATE
CLOUD SECURITY AS
SIGNIFICANT CHALLENGE
RightScale 2017

Source: Gartner
RAPID ADOPTION OF CLOUD SERVICES
0
20
40
60
80
100
120
2016 2017 2018 2019 2020
Revenue(US$Billion)
Worldwide Cloud Services Revenue Forecast
Platform-as-a-Service
SaaS
Public Cloud

CLOUD SERVICES ARE VULNERABLE

Traditional Security Not Designed for Cloud
Static workloads
Manually intensive
DevOps don't know Security
IT Security doesn't know Cloud

• Cloud applications are everywhere
Perimeter security is not enough – we need security
inside the cloud
• Cloud applications are elastic
Legacy security is static
• DevOps wants agile environment
Security is a showstopper
LEGACY SECURITY ARCHITECTURE NOT
DESIGNED FOR CLOUD

CLOUD = SHARED RESPONSIBILITY
Customer
responsible for
security in the
cloud
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data
Encryption & Data
Integrity Authentication
Server-side Encryption
(File System / Data)
Network Traffic
Protection (Encryption,
Integrity, Identity)
Cloud vendor
responsible for
security of the
cloud
Cloud Global
Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking

NO Unified Management for all Clouds & Traditional Data Center
NO Threat Prevention in real time (L4-L7 protections)
NO Identity based authentication access to applications
NO URL Filtering
NO Threat Extraction and Zero-day Sandboxing
WHERE CLOUD NATIVE SECURITY FALLS SHORT

Lateral threat movements
Data breach due to misconfiguration
Abuse of cloud services
API hacking
Malicious insiders
THIS MIGHT EXPOSE YOU TO…

ADVANCED THREAT PREVENTION FOR CLOUD ENVIRONMENTS
INTRODUCING CHECK POINT CLOUDGUARD IAAS
IN AN AGILE AND AUTOMATED NATURE

ACI
Consistent security
policy and control
across ALL Public and
Private Clouds

CLOUDGUARD IAAS BUILDING BLOCKS
Centralized Management
Advanced Threat
Prevention
Cloud
Diversity
DevOps
Ready
Adaptive and
Automatic

THE SECURITY BLUEPRINT
FOR THE CLOUD ERA

• Agile - security architecture that enables DevOps innovation
• Efficient – automatically deploy, provision, & scale security in the Cloud
•
• Multi-Clouds – unified security architecture for all environments
CHECK POINT’S CLOUD SECURITY BLUEPRINT

SANDBLAST AGENT
ENDPOINT SOLTUTION
ENDPOINT PROTECTION
REMOTE EMPLOYEES

Protecting employees’ endpoints while connecting
from remote locations & working from home
ENDPOINT PROTECTION
REMOTE EMPLOYEES
• Augments traditional AV at the endpoint
• Prevents evasive attacks
• Phishing via zero day sites
• Protection for web downloads
• Preventing reuse of corporate credentials
• Anti exploit protection during run time
• Breach containment
• Detect and quarantine infected devices
• Automated Forensics and remediation
• Dedicated Anti Ransomware solution

Browser Extension
Web downloads
Threat Extraction &
Threat Emulation
File-System Monitor
Any file copied or created
e.g. from USB, network shares, …
Threat Emulation
ZERO-DAY PROTECTION – IN TWO LAYERS
SANDBLAST SERVICE
Cloud or Appliance
[Restricted] ONLY for designated groups and individuals

ELIMINATE ZERO DAY MALWARE AT THE ENDPOINTZERODAYPROTECTIONDEMO
Web downloads
sent to SandBlast
cloud
Original file
emulated in the
background
Sanitized version
delivered
promptly
SANDBLAST SERVICE
Cloud or Appliance
WWWDOC
DOC

ANTI RANSOMWARE
Prevent the most EVASIVE and
ZERO-DAY ransomware variants
INCLUDED with SandBlast Agent
or as a STANDALONE solution
Safely RECOVER encrypted data

HOW
ANTI-RANSOMWARE
WORKS
BEHAVIORAL
ANALYSIS
Constantly
monitors for
ransomware
specific behaviors
DETECT
ENCRYPTION
Identifies
systematic
illegitimate file
encryption
DATA
SNAPSHOTS
Continuously
create short-term
file backups on
hidden partition on
the hard drive
ON GOING
RANSOMWARE
QUARANTINE
All elements of the
attack are
identified by
forensic analysis
and then
quarantined
DATA
RESTORATION
Encrypted files are
automatically
restored from
snapshots
UPON DETECTION
RANSOMWARE PROTECTION IS ON

Check Point SandBlast
Recommended for Security Effectiveness and Value
2017 NSS Breach Prevention Systems Test
100% Breach Prevention
System Combined Score
100% Protection against
Social Exploits
Drive-By exploits
HTTP Malware
Email Malware
100% Protection against Off-
Line infections
0.0% False Positives &
99.2% Evasions
A Leading TCO: $14
Price/protected Mbps

NSS Security Value Map
Breach Prevention System (BPS) Test – 2017

Forrest Wave
Endpoint Security Suites – Q2 2018

MOBILE
SECURITY

MOBILE – THE
WEAKEST LINK
IN OUR
ENTERPRISES
with jailbroken or
rooted devices
74%
89%
Experienced a
man-in-the-middle
attack over Wi-Fi
OF ALL
ORGANIZATIONS
ARE INFECTED WITH
MOBILE MALWARE
100%
Source: Check Point Mobile Threat Prevention | N=850 Check Point customers, each protecting more than 500 devices

DAMAGES
Tracking
Location
Stealing
Emails
Stealing
Contacts list
Microphone
Recordings
Taking
Photos
Stealing
Passwords
Hijacking
Messages

ZERO-DAY MALWARE
MitM ATTACKS OVER Wi-Fi
SECURE BROWSING
SMS ATTACKS
DEVICE SETTINGS
BLUETOOTH
INFECTED APPS
OS EXPLOITS

INDUSTRY’S WIDEST SET OF MOBILE INTEGRATIONS
NEW!

HOW IT WORKSHOW IT WORKS
Behavioral Risk Engine
Real-Time Intelligence
and Control
Check Point Protect App

MOBILE
Threat Intelligence
ENDPOINT
HEADQUARTERS
LAN
BRANCH
Access Protection
Baseline Threat
Prevention
Advanced Threat
Prevention
Media
Encryption
Full Disk
Encryption
Advanced
Threat
Prevention
Inbound
Outbound
Access Control
Data
Protection
Multi Layered
Security
MGMT -
VPN
IDA
LAN
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business
data
Protect docs
everywhere
CLOUD
Infrastructure Applications
Advanced
Threat Prevention
Adaptive Security
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
ENDPOINT
Identity Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Automation and
Orchestration
Multi-Cloud
Hybrid Cloud
Cross Cloud
Dynamic Policies
Access
Control
Advanced
Threat Prevention
Segmentation

EFFICIENT EVERYWHEREEFFECTIVE
THE SECURITY
YOU
DESERVE

THANK YOU

CHECK POINT – FROM THE CLOUD TO THE END POINT
• Attacks are constantly evolving
• Protection is required across multiple entry points to the organisation
• Check Point offer a complete portfolio to cover these areas
• Questions?

End to End Security - Check Point

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (19)

Similaire à End to End Security - Check Point

Similaire à End to End Security - Check Point (20)

Plus de Harry Gunns

Plus de Harry Gunns (17)

Dernier

Dernier (20)

End to End Security - Check Point