©2015 check point software technologies ltd. 1 *texas, oklahoma, arkansas hank johnson | area...
TRANSCRIPT
©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd.
*Texas, Oklahoma, Arkansas
Hank Johnson | Area Manager Oscar Grider Sales RepresentativeStephen Systems Engineer
SECURITY OBSERVATIONS & IDEAS FROM THE FIELD
©2015 Check Point Software Technologies Ltd. 2
What’s driving Security Spending ?
Upgrade of existing, aged equipment
Consolidation of multiple point products
Consolidation + New Security Features
Compliance
Redefinition of the Enterprise to include LocationsMobile
A Good Offense is the Best Defense Advanced Threat Protection = Known & Unknown Reporting & Forensics = More Data & Visibility
©2015 Check Point Software Technologies Ltd. 3
Security Trends
** Redefine the Enterprise: Remote sites & Mobile
**Client Execs involved at a new level **
Security Readiness
Data : Dashboard , Detail & Forensics
Product Enterprise Security Strategies
Monitor / React Proactive / Trend
User Involvement
©2015 Check Point Software Technologies Ltd. 5
Security has been underfunded…
By other valid IT & Business Priorities including:
IP Telephony / Unified Communications Storage & Server Virtualization ;Converged Computing SAP , Oracle, other applications SF.com & other CRM systems Cloud & Hybrid Data Center Initiatives
Impact to Security: Most are in Catch Up Mode Security is “MainStream” Key issues:
Personnel / Organizational Structure Policy ( Social media, Document Retention, Breach planning ) Strategy ( Current State to Future State )
©2015 Check Point Software Technologies Ltd. 6 [Restricted] ONLY for designated groups and individuals
Self Assessment
Start Here
©2015 Check Point Software Technologies Ltd. 7
Client Assessments: Work to be Done
1st Key Question:
“Where am I today?”
Follow up questions:
• Desired Future State
• First Priority
• What’s possible today
• Where do I start
©2015 Check Point Software Technologies Ltd. 8
High Level Security Planning Framework - 4 things
Infrastructure
Threat
Mobility
Management & Visibility
©2015 Check Point Software Technologies Ltd. 9 [Restricted] ONLY for designated groups and individuals
Fewer Suppliers & Maintenance contracts
More control & reporting
DLPSoftware Blade
Application Control
Software BladeIPS
Software BladeFirewall and VPNSoftware Blades
URL FilteringSoftware Blade
Antivirus & Anti-Malware
Software Blade
Identity Awareness
Software BladeAnti-Bot
Software Blade
InfrastructureConsolidation is real but you own Architecture
©2015 Check Point Software Technologies Ltd. 10
User Access
Internet Applications Usage
Sensitive Data
Mobile Access
Network Threat Prevention
Granular Control of All Security Layers
Gran
ular V
isibility
Identity Awareness
DLP
Mobile Access
SmartEvent
IPS
Anti-Bot
Antivirus
Application Control
URLF
©2015 Check Point Software Technologies Ltd. 11
Check Point
Research
IndustryFeeds
Sensors & Sites
Priority: Keep System Software Current
©2015 Check Point Software Technologies Ltd. 12
One of the most dynamic areas of Security
Threat Prevention
©2015 Check Point Software Technologies Ltd. 13
Known ( IPS / IDS / URL / App )
Unknown ( SandBox / Zero Day / APT )
Email & Mobile
Reporting / Context / Forensics / Trending
©2015 Check Point Software Technologies Ltd. 14
Polymorphic Malware
APTs
Mobility
We Spend Time and Budget On..
While Positioning for Future Challenges
TODAY’S INFRASTRUCTURE
FUTURE ATTACK VECTORS
Firewall
VPN
IPS
Anti-Spam
URL Filtering
Anti-Virus
DDoS
Have the Platform Built 1st !!
©2015 Check Point Software Technologies Ltd. 15
Multi-Layer Threat Prevention
Known and Unknown Malware
Known
Unknown
XX X X XX XXX
KnownKnown Known Known
Industry FeedsGlobal Sensor DataCheck Point Research
ThreatCloud
Emulation Service
©2015 Check Point Software Technologies Ltd. 16[Protected] Non-confidential content
INSPECT EMULATE
PREVENTSHARE
“Threat” requires a holistic view** New CPU level solution – Stop before threats get to
the OS level.
Managing Unknowns
Sandbox
Quarantine
Emulation
©2015 Check Point Software Technologies Ltd. 17
9 hrsCheck Point
22 hrsCheck Point
18 hrsCheck Point
Others ? Others? Others ?
Priority: Speed & Time to address major vulnerabilities
Heart Bleed Shell Shock Poodle
©2015 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals
You can’t manage what you can’t measure
Optics & Reporting
©2015 Check Point Software Technologies Ltd. 19
Event Management
Log Management
Security Management
Management
“Our evaluation of Global Management put the Check Point Security Gateway on top by a wide margin.” Network World – May 2012
Check Point Management is the “gold standard against which other consoles are measured.” Gartner 2013
Built-In Compliance Engine
Simplicity & Power in One Plate of Glass
©2015 Check Point Software Technologies Ltd. 21
360o Visibility of Network Security
Time shows topline security events
Map shows origin of attacks and threats
Rate and frequency of potential attacks
Important security events highlighted
©2015 Check Point Software Technologies Ltd. 22 [Restricted] ONLY for designated groups and individuals
Mobility
©2015 Check Point Software Technologies Ltd. 23
Today’s Mobile Solutions have Security Gaps
[Restricted] ONLY for designated groups and individuals
How do you protect devices from T H R E A T S ?How do you protect D A T A wherever it goes?
• MDM = Management
• NOT Security
Mobile Security
Same policies as On Net
APT protection
Document Security
Mgt & Reporting
©2015 Check Point Software Technologies Ltd. 29
The Issues are Real
The Solutions are Many
Assess – Plan – Execute
For the entire Enterprise
• Hold the industry accountable • Network / Idea share with
others • Don’t overthink it – get after
it!
Final Thoughts
©2015 Check Point Software Technologies Ltd. 30
Everyone has a plan ‘till they get punched in the mouth Mike Tyson
©2015 Check Point Software Technologies Ltd. 31©2015 Check Point Software Technologies Ltd.
Thank You !
Hank Johnson | Area Manager
©2015 Check Point Software Technologies Ltd. 32
Build a Plan ; Execute the Plan
Any Security Function
Firewall IPS
VPN App
ControlMobile
Access
DLPID
Awareness GRC
Threat Emulation
Any
Platform
Appliances Open serversCOTS Servers Virtual Cloud
IAS and
COTS servers
2012 Appliances
Anti-Virus
URL Filtering
App
Control
NGFW
Anti-VirusURL
Filtering
Anti-Bot Anti-Spam
NGTP SWG NGDP More
Mobile Data Protection
Integration with OPSEC Central Management and Reporting