check point - completing your next-generation threat prevention

©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.

Supoj Aram-ekkalarb | Security Consultant

COMPLETING YOUR

NEXT-GENERATION

THREAT PREVENTION

©2014 Check Point Software Technologies Ltd. 2 [Restricted] ONLY for designated groups and individuals

Accelerating Rise of Malware

The Security Landscape

25 Years Ago: Invention of Firewall

20 Years Ago: Invention of Stateful Inspection

10 Years Ago: URL Filtering, UTM

5 Years Ago: NGFW, Mobile Security

Now: Threat Intelligence Threat Prevention

15 Years Ago: Prevalent use of Antivirus, VPN, IPS

2010: DDoS

attacks: Stuxnet

SCADA

1988: Morris Worm

1994: Green Card

Lottery 2000:

I Love You

2003: Anonymous

Formed

2012: Flame Malware

2017: Driverless Cars

Hacked?

2006: WikiLeaks

2013: Dragonfly

2011: Stolen

authentication information

2014: Bitcoi

n

2020: IoT

Everywhere 1998:

Melissa

2007: Zeus Trojan

©2015 Check Point Software Technologies Ltd. 3

Meet John — The Security Administrator

June 2015

Aug 2015

Oct 2015

Dec 2015


John works for a retailing company. John managed to keep customer credit cards safe


Morning June 2015

June 2015


Unusual hour

John starts his morning by reviewing Threat Prevention Events

Prevented

Bot Event Critical Severity

Do we have business in Italy? OMG! It’s a

Point of Sale

June 2015


John validates destination IP reputation on Virus Total

June 2015


Advanced Threat Prevention — Forensics

How was the host infected?

What got compromised?

Which files/domains/processes were part of the attack?

Questions:

Which other machines are also compromised?

NEW

The Host is infected — now what?


CustomerFeedbacks.doc (Suspicious file)

2 Suspicious User Activity

Remote Login at unusual time (5:37AM)

User (Jasmin) started a malicious process

Malicious site: http://192.126.2.238

http://192.126.2.238 (Malicious URL)

Wed 17-Jun-2015 04:35:02


There are also Anti-Bot logs with an infecting host as the source

Originating from DNS server

What’s This? Infected Machine

June 2015


Using Story Line

Jasmine received an email with a link

Jasmine browsed to the link

Bot was detected on Jasmine’s desktop

June 2015

NEW


John asks Jasmine to forward him a malicious document

June 2015


John downloads the document using his virtual environment and tests it on Virus Total

June 2015


John emulates the document on Check Point Threat Emulation cloud and gets the report

June 2015


Attack Flow

June 2015

ENDPOINT FORENSICS

SMARTEVENT STORY LINE

Jasmine receives an email with a link in it from the known

sender

Jasmine follows the link

in the email and opens a malicious pdf

Her computer is infected with a bot. The bot connects to

C&C

Links inside email URL reputation Anti-Bot

The bot scans internal network and infects the

point of sale device via

CIFS

Bot records credit cards

numbers at the point of sale

The bot tries to send credit

card numbers to its C&C

Anti-Bot


John realizes that his current defenses are not strong enough

BLOCK THREATS

IPS ANTI VIRUS ANTI BOT THREAT EMULATION

June 2015


June 2015

OK, now we have Threat Emulation,

can we turn off other blades?

Multi Layered Defense is important!


Check Point Threat Emulation

Blocks Undiscovered Attacks

INSPECT FILE

EMULATE

PREVENT TURN

TO KNOWN


Test Results for Detecting and Blocking Malware

Check Point:

Industry’s Fastest Threat Emulation!


Check Point IPS

Prevents Exploits of Known Vulnerabilities

Enforce Protocol Specifications

Detect Protocol Anomalies

Signature based Engine


Examples of 2014 vulnerabilities blocked by Check Point IPS

Heartbleed

Shellshock

Poodle

Validated requested heart beat length

Analyzed and blocked http get requests

Validated and blocked vulnerable Open SSL version


Check Point Anti-Virus

Blocks Download of Known Malware

Signatures and MD5 based

Engines

Malware Feeds Blocks Access to Malware Sites


Stop Traffic to Remote Operators

Multi-tier Discovery

Check Point Anti-Bot

Blocks Bot Communication

PREVENT Bot Damage

IDENTIFY Bot infected

Devices Reputation Patterns SPAM


August 2015

Aug 2015


Lessons learned

Threat Emulation is important

Segmentation should be enforced between point of sale devices and the rest of corporate network

1

2


POS TERMINALS

CARD SWIPING DEVICES

REST OF THE ORGANIZATION

Aug 2015


Malicious document is sent to several company employees. The document is blocked by

Threat Emulation

Aug 2015


October

2015

Oct 2015


Are we 100% safe now?

Well … There is one more technology …


Remove Embedded Objects,

Macros & Scripts….

What is Threat Extraction

Deliver Clean Content

Sanitized file is

delivered to the

user

NEW


Oct 2015

©2015 Check Point Software Technologies Ltd. 33 ©2015 Check Point Software Technologies Ltd. 33

Summary

Fact

Fact

Fact

This is what makes Check Point the

best security for our customers

Check Point: industry’s best catch rate Threat Emulation

Check Point: industry’s Fastest Threat Emulation

Check Point Threat Prevention is built to prevent

©2014 Check Point Software Technologies Ltd. 34 ©2014 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals

CHECK POINT

Mobile Security Revolutionized

©2014 Check Point Software Technologies Ltd. 35 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 35

Infection or Loss … Easy as 1, 2, 3

SURF THE INTERNET UPLOAD FILES

TO THE CLOUD FORGET DEVICE

©2014 Check Point Software Technologies Ltd. 36 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 36

Protect Own Network

Protect Devices on

Other Networks

Protect Documents

Everywhere

Protecting Across ALL Networks

Expanding Network for the CIO

©2014 Check Point Software Technologies Ltd. 37 [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 37 [Restricted] ONLY for designated groups and individuals

Introducing….

• Establishes a secure business environment on mobile devices

• Secures your documents everywhere they go

• Protects devices from threats everywhere

SEAMLESS security for everywhere you go


A Secure Business Environment

Protect business data E V E RY W H E R E

*****

SECURELY log-in

EASILY ACCESS business applications

PLACE ONLY business

information under IT’s control


NO passwords

SEAMLESS access for authorized users

My-Company

Secure documents at your organization

GRANULAR document permissions

Secure documents E V E R Y W H E R E they go


On Premise Gateways

Secure mobile devices

Check Point Capsule

Scans all traffic in the cloud

Protect A L L devices from viruses, threats and data leakage

Off Premise

On Premise


Single Security Management for On Premise and Cloud

Check Point Capsule

On Premise Security Gateways


Integrated IT Experience and Management

Know WHO is accessing files

Know WHAT

actions are taken

Know WHERE documents are sent

Know WHEN

unauthorized access is

attempted


SEAMLESS security for everywhere you go

Addressing A L L your mobile security needs

• Establishes a secure business environment on mobile devices

• Secures your documents everywhere they go

• Protects devices from threats everywhere

SECURITY CHECKUP THREAT ANALYSIS REPORT

SETTING UP A SECURITY GATEWAY

using Check Point latest technology

CONNECTING TO NETWORK

to inspect traffic

ANALYZING THE FINDINGS

and generating a report

DISCUSSING THE FINDINGS

and advising how to enhance

security

SECURITY CHECKUP ASSESSMENT

conducted on-site by security experts

UNCOVER SECURITY RISKS

ON YOUR ENTERPRISE NETWORK.

SIGN UP FOR CHECK POINT’S

ON-SITE SECURITY CHECKUP.

check point - completing your next-generation threat prevention

Technology

point of sale

john downloads

meet john

john works

link jasmine

link bot

malicious document

malicious url