check point - completing your next-generation threat prevention
TRANSCRIPT
![Page 1: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/1.jpg)
©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.
Supoj Aram-ekkalarb | Security Consultant
COMPLETING YOUR
NEXT-GENERATION
THREAT PREVENTION
![Page 2: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/2.jpg)
©2014 Check Point Software Technologies Ltd. 2 [Restricted] ONLY for designated groups and individuals
Accelerating Rise of Malware
The Security Landscape
25 Years Ago: Invention of Firewall
20 Years Ago: Invention of Stateful Inspection
10 Years Ago: URL Filtering, UTM
5 Years Ago: NGFW, Mobile Security
Now: Threat Intelligence Threat Prevention
15 Years Ago: Prevalent use of Antivirus, VPN, IPS
2010: DDoS
attacks: Stuxnet
SCADA
1988: Morris Worm
1994: Green Card
Lottery 2000:
I Love You
2003: Anonymous
Formed
2012: Flame Malware
2017: Driverless Cars
Hacked?
2006: WikiLeaks
2013: Dragonfly
2011: Stolen
authentication information
2014: Bitcoi
n
2020: IoT
Everywhere 1998:
Melissa
2007: Zeus Trojan
![Page 3: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/3.jpg)
©2015 Check Point Software Technologies Ltd. 3
Meet John — The Security Administrator
June 2015
Aug 2015
Oct 2015
Dec 2015
![Page 4: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/4.jpg)
©2015 Check Point Software Technologies Ltd. 4
John works for a retailing company. John managed to keep customer credit cards safe
![Page 5: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/5.jpg)
©2015 Check Point Software Technologies Ltd. 5
Morning June 2015
June 2015
![Page 6: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/6.jpg)
©2015 Check Point Software Technologies Ltd. 6
Unusual hour
John starts his morning by reviewing Threat Prevention Events
Prevented
Bot Event Critical Severity
Do we have business in Italy? OMG! It’s a
Point of Sale
June 2015
![Page 7: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/7.jpg)
©2015 Check Point Software Technologies Ltd. 7
John validates destination IP reputation on Virus Total
June 2015
![Page 8: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/8.jpg)
©2015 Check Point Software Technologies Ltd. 8
Advanced Threat Prevention — Forensics
How was the host infected?
What got compromised?
Which files/domains/processes were part of the attack?
Questions:
Which other machines are also compromised?
NEW
The Host is infected — now what?
![Page 9: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/9.jpg)
©2015 Check Point Software Technologies Ltd. 9
CustomerFeedbacks.doc (Suspicious file)
2 Suspicious User Activity
Remote Login at unusual time (5:37AM)
User (Jasmin) started a malicious process
Malicious site: http://192.126.2.238
http://192.126.2.238 (Malicious URL)
Wed 17-Jun-2015 04:35:02
![Page 10: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/10.jpg)
©2015 Check Point Software Technologies Ltd. 10
There are also Anti-Bot logs with an infecting host as the source
Originating from DNS server
What’s This? Infected Machine
June 2015
![Page 11: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/11.jpg)
©2015 Check Point Software Technologies Ltd. 11
Using Story Line
Jasmine received an email with a link
Jasmine browsed to the link
Bot was detected on Jasmine’s desktop
June 2015
NEW
![Page 12: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/12.jpg)
©2015 Check Point Software Technologies Ltd. 12
John asks Jasmine to forward him a malicious document
June 2015
![Page 13: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/13.jpg)
©2015 Check Point Software Technologies Ltd. 13
John downloads the document using his virtual environment and tests it on Virus Total
June 2015
![Page 14: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/14.jpg)
©2015 Check Point Software Technologies Ltd. 14
John emulates the document on Check Point Threat Emulation cloud and gets the report
June 2015
![Page 15: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/15.jpg)
©2015 Check Point Software Technologies Ltd. 15
Attack Flow
June 2015
ENDPOINT FORENSICS
SMARTEVENT STORY LINE
Jasmine receives an email with a link in it from the known
sender
Jasmine follows the link
in the email and opens a malicious pdf
Her computer is infected with a bot. The bot connects to
C&C
Links inside email URL reputation Anti-Bot
The bot scans internal network and infects the
point of sale device via
CIFS
Bot records credit cards
numbers at the point of sale
The bot tries to send credit
card numbers to its C&C
Anti-Bot
![Page 16: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/16.jpg)
©2015 Check Point Software Technologies Ltd. 16
John realizes that his current defenses are not strong enough
BLOCK THREATS
IPS ANTI VIRUS ANTI BOT THREAT EMULATION
June 2015
![Page 17: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/17.jpg)
©2015 Check Point Software Technologies Ltd. 17
June 2015
OK, now we have Threat Emulation,
can we turn off other blades?
Multi Layered Defense is important!
![Page 18: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/18.jpg)
©2015 Check Point Software Technologies Ltd. 18
Check Point Threat Emulation
Blocks Undiscovered Attacks
INSPECT FILE
EMULATE
PREVENT TURN
TO KNOWN
![Page 19: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/19.jpg)
©2015 Check Point Software Technologies Ltd. 19
Test Results for Detecting and Blocking Malware
Check Point:
Industry’s Fastest Threat Emulation!
![Page 20: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/20.jpg)
©2015 Check Point Software Technologies Ltd. 20
Check Point IPS
Prevents Exploits of Known Vulnerabilities
Enforce Protocol Specifications
Detect Protocol Anomalies
Signature based Engine
![Page 21: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/21.jpg)
©2015 Check Point Software Technologies Ltd. 21
Examples of 2014 vulnerabilities blocked by Check Point IPS
Heartbleed
Shellshock
Poodle
Validated requested heart beat length
Analyzed and blocked http get requests
Validated and blocked vulnerable Open SSL version
![Page 22: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/22.jpg)
©2015 Check Point Software Technologies Ltd. 22
Check Point Anti-Virus
Blocks Download of Known Malware
Signatures and MD5 based
Engines
Malware Feeds Blocks Access to Malware Sites
![Page 23: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/23.jpg)
©2015 Check Point Software Technologies Ltd. 23
Stop Traffic to Remote Operators
Multi-tier Discovery
Check Point Anti-Bot
Blocks Bot Communication
PREVENT Bot Damage
IDENTIFY Bot infected
Devices Reputation Patterns SPAM
![Page 24: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/24.jpg)
©2015 Check Point Software Technologies Ltd. 24
August 2015
Aug 2015
![Page 25: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/25.jpg)
©2015 Check Point Software Technologies Ltd. 25
Lessons learned
Threat Emulation is important
Segmentation should be enforced between point of sale devices and the rest of corporate network
1
2
![Page 26: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/26.jpg)
©2015 Check Point Software Technologies Ltd. 26
POS TERMINALS
CARD SWIPING DEVICES
REST OF THE ORGANIZATION
Aug 2015
![Page 27: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/27.jpg)
©2015 Check Point Software Technologies Ltd. 27
Malicious document is sent to several company employees. The document is blocked by
Threat Emulation
Aug 2015
![Page 28: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/28.jpg)
©2015 Check Point Software Technologies Ltd. 28
October
2015
Oct 2015
![Page 29: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/29.jpg)
©2015 Check Point Software Technologies Ltd. 29
Are we 100% safe now?
Well … There is one more technology …
![Page 30: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/30.jpg)
©2015 Check Point Software Technologies Ltd. 30
Remove Embedded Objects,
Macros & Scripts….
What is Threat Extraction
Deliver Clean Content
Sanitized file is
delivered to the
user
NEW
![Page 31: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/31.jpg)
©2015 Check Point Software Technologies Ltd. 31
Oct 2015
![Page 32: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/32.jpg)
©2015 Check Point Software Technologies Ltd. 32
Oct 2015
![Page 33: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/33.jpg)
©2015 Check Point Software Technologies Ltd. 33 ©2015 Check Point Software Technologies Ltd. 33
Summary
Fact
Fact
Fact
This is what makes Check Point the
best security for our customers
Check Point: industry’s best catch rate Threat Emulation
Check Point: industry’s Fastest Threat Emulation
Check Point Threat Prevention is built to prevent
![Page 34: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/34.jpg)
©2014 Check Point Software Technologies Ltd. 34 ©2014 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals
CHECK POINT
Mobile Security Revolutionized
![Page 35: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/35.jpg)
©2014 Check Point Software Technologies Ltd. 35 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 35
Infection or Loss … Easy as 1, 2, 3
SURF THE INTERNET UPLOAD FILES
TO THE CLOUD FORGET DEVICE
![Page 36: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/36.jpg)
©2014 Check Point Software Technologies Ltd. 36 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 36
Protect Own Network
Protect Devices on
Other Networks
Protect Documents
Everywhere
Protecting Across ALL Networks
Expanding Network for the CIO
![Page 37: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/37.jpg)
©2014 Check Point Software Technologies Ltd. 37 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 37 [Restricted] ONLY for designated groups and individuals
Introducing….
• Establishes a secure business environment on mobile devices
• Secures your documents everywhere they go
• Protects devices from threats everywhere
SEAMLESS security for everywhere you go
![Page 38: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/38.jpg)
©2014 Check Point Software Technologies Ltd. 38 [Restricted] ONLY for designated groups and individuals
A Secure Business Environment
Protect business data E V E RY W H E R E
*****
SECURELY log-in
EASILY ACCESS business applications
PLACE ONLY business
information under IT’s control
![Page 39: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/39.jpg)
©2014 Check Point Software Technologies Ltd. 39 [Restricted] ONLY for designated groups and individuals
NO passwords
SEAMLESS access for authorized users
My-Company
Secure documents at your organization
GRANULAR document permissions
Secure documents E V E R Y W H E R E they go
![Page 40: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/40.jpg)
©2014 Check Point Software Technologies Ltd. 40 [Restricted] ONLY for designated groups and individuals
On Premise Gateways
Secure mobile devices
Check Point Capsule
Scans all traffic in the cloud
Protect A L L devices from viruses, threats and data leakage
Off Premise
On Premise
![Page 41: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/41.jpg)
©2014 Check Point Software Technologies Ltd. 41 [Restricted] ONLY for designated groups and individuals
Single Security Management for On Premise and Cloud
Check Point Capsule
On Premise Security Gateways
![Page 42: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/42.jpg)
©2014 Check Point Software Technologies Ltd. 42 [Restricted] ONLY for designated groups and individuals
Integrated IT Experience and Management
Know WHO is accessing files
Know WHAT
actions are taken
Know WHERE documents are sent
Know WHEN
unauthorized access is
attempted
![Page 43: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/43.jpg)
©2014 Check Point Software Technologies Ltd. 43 [Restricted] ONLY for designated groups and individuals
SEAMLESS security for everywhere you go
Addressing A L L your mobile security needs
• Establishes a secure business environment on mobile devices
• Secures your documents everywhere they go
• Protects devices from threats everywhere
![Page 44: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/44.jpg)
SECURITY CHECKUP THREAT ANALYSIS REPORT
![Page 45: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/45.jpg)
SETTING UP A SECURITY GATEWAY
using Check Point latest technology
CONNECTING TO NETWORK
to inspect traffic
ANALYZING THE FINDINGS
and generating a report
DISCUSSING THE FINDINGS
and advising how to enhance
security
SECURITY CHECKUP ASSESSMENT
conducted on-site by security experts
![Page 46: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/46.jpg)
UNCOVER SECURITY RISKS
ON YOUR ENTERPRISE NETWORK.
SIGN UP FOR CHECK POINT’S
ON-SITE SECURITY CHECKUP.
![Page 47: Check Point - Completing Your Next-Generation Threat Prevention](https://reader033.vdocuments.us/reader033/viewer/2022042615/55a859041a28ab7c2d8b486a/html5/thumbnails/47.jpg)
©2015 Check Point Software Technologies Ltd. 47 ©2015 Check Point Software Technologies Ltd.
THANK YOU!