More Related Content
Similar to PIONEERING GEN V SECURITY WITH CHECK POINT (20)
More from Technofutur TIC (20)
PIONEERING GEN V SECURITY WITH CHECK POINT
- 1. 1©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd.
Christof Jacques | Security Engineer Check Point Belgium & Luxembourg
Performance & Prevention
PIONEERING GEN V SECURITY
WITH CHECK POINT
- 2. 2©2018 Check Point Software Technologies Ltd. 2©2018 Check Point Software Technologies Ltd.
Generations of Attacks and Protections
Gen I
Late 1980s –
PC attacks - standalone
Virus
Gen II
Mid 1990s –
Attacks from the internet
Networks
Gen III
Early 2000s -
Exploiting vulnerabilities
in applications
Applications
The Anti VirusThe Anti Virus
The FirewallThe Firewall
Intrusion
Prevention (IPS)
Intrusion
Prevention (IPS)
Gen IV
2010 -
Polymorphic Content
Payload
SandBoxing
and Anti-Bot
SandBoxing
and Anti-Bot
- 3. 3©2018 Check Point Software Technologies Ltd.
GERMANY
MAY 2017: WANNACRY GLOBAL ATTACKS
UK
SPAIN
RUSSIA
USA
BRAZIL
CHINA
FRANCE
JAPAN
May 12, 8:24am
WannaCry
outbreak
- 4. 4©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Belgique & Pays-Bas: Q-Park
- 5. 5©2018 Check Point Software Technologies Ltd.
RUSSIA
DENMARKUK
FRANCE
GERMANY
USA
A MONTH LATER: NOTPETYA OUTBREAK
UKRAINE
• International airport
• Chernobyl reactor
• Power grid
• Metro system
• Petrol stations
June 27
NotPetya
Outbreak
- 6. 6©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Belgique: APM (parti de Maersk) & Mondelez
- 7. 7©2018 Check Point Software Technologies Ltd.
WE ARE AT AN
INFLECTION
POINT !
1990 2000 2010 2017
Networks
Gen II
Applications
Gen III
Payload
Gen IV
Virus
Gen I
Mega
Gen V
- 8. 8©2018 Check Point Software Technologies Ltd.
11:30 11:32 11:35
Shared intelligence and threat preventionShared intelligence and threat preventionShared intelligence and threat preventionShared intelligence and threat prevention
across networks, mobile, cloudacross networks, mobile, cloudacross networks, mobile, cloudacross networks, mobile, cloud
One consolidated system to fully block theOne consolidated system to fully block theOne consolidated system to fully block theOne consolidated system to fully block the
attackattackattackattack
Incoming email withIncoming email withIncoming email withIncoming email with
PDF attachmentPDF attachmentPDF attachmentPDF attachment
blockedblockedblockedblocked
Access to web site onAccess to web site onAccess to web site onAccess to web site on
mobile device wasmobile device wasmobile device wasmobile device was
blockedblockedblockedblocked
Virtual machine onVirtual machine onVirtual machine onVirtual machine on
public cloud waspublic cloud waspublic cloud waspublic cloud was
quarantinedquarantinedquarantinedquarantined
- 9. 9©2018 Check Point Software Technologies Ltd. 9©2018 Check Point Software Technologies Ltd.
9
MOBILE
Threat Intelligence
ENDPOINT
HEADQUARTERS
LAN
BRANCH
Access Protection
Baseline Threat
Prevention
Advanced Threat
Prevention
Media
Encryption
Full Disk
Encryption
Advanced
Threat
Prevention
Inbound
Outbound
Access Control
Data
Protection
Multi Layered
Security
MGMT -
VPN
IDA
LAN
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business
data
Protect docs
everywhere
CLOUD
Infrastructure Applications
Advanced
Threat Prevention
Adaptive Security
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
ENDPOINT
Identity Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Automation and
Orchestration
Multi-Cloud
Hybrid Cloud
Cross Cloud
Dynamic Policies
Access
Control
Advanced
Threat Prevention
Segmentation
- 11. 11©2018 Check Point Software Technologies Ltd.
New Machine Learning
Higher Catch Rates Lower False Positives
“CADET”
“HUNTRESS”
“CAMPAIGN HUNTING”
PREVENT
UNKNOWN
ATTACKS
- 12. ©2018 Check Point Software Technologies Ltd.
CONTEXT
AWARE
DETECTION
“CADET”
Look at full context of the inspected element
Extract parameters from the environment
THOUSANDS
of discrete Indicators
ONE
Accurate Verdict
Missed Detection False Positive
Old CADET
- 13. ©2018 Check Point Software Technologies Ltd.
UNCOVER
MALICIOUS
EXECUTABLES
Dynamically analyze executables in a
Sandbox to collect system APIs
Apply Machine Learning to reach
malicious verdict
Feedback loop for continued learning
“HUNTRESS”
Huntress
Unique
Detections
+13%
- 14. ©2018 Check Point Software Technologies Ltd.
PREDICTIVE
THREAT
INTELLIGENCE
Expose unknown bots and malicious domains
Attribute attacks to campaigns
Enrich threat intelligence for predictive campaign
prevention
Campaign
Hunting
Introduced
+10%
CAMPAIGN HUNTING
- 15. ©2018 Check Point Software Technologies Ltd.
MATURE AND SECURED SOFTWARE WITH SENSE OF URGENCY
1.02
Mature SW Code
Swift response to
SW vulnerabilities 221.3
62
183.6
93
48.2
99
# Total of SW
vulnerabilities(2016,2017)
Average fix time
(days)
Source: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgencySource: vendors security advisories web pages & http://tiny.cc/urgency
- 16. ©2018 Check Point Software Technologies Ltd.
AVERAGE RESPONSE TIME FOR TOP VULNERABILITIES(IPS) IN 2017
Source: vendors security advisories web pages & http://tiny.cc/urgency
- 18. 18©2018 Check Point Software Technologies Ltd.
Most of Our Traffic is Encrypted!
70%Traffic over HTTPS
SMB Security Management Portal (SMP)
69%HTTPS Page Loads
Google Transparency Report
- 19. 19©2018 Check Point Software Technologies Ltd.
RRRR80.1080.1080.1080.10 RRRR80.2080.2080.2080.20
1.71.71.71.7 GbpsGbpsGbpsGbps
2.72.72.72.7 GbpsGbpsGbpsGbps
PROTECTING
ENCRYPTED TRAFFIC AND
SENSITIVE DATA WITH NEW
SOFTWARE ACCELERATED
SSL ENGINE IN R80.20
90% SSL with full
Threat Prevention
Tested on 15600
- 20. 20©2018 Check Point Software Technologies Ltd.
Other vendors
Protocols
Typical Enterprise
mix of protocols
HTTP only or
an undisclosed mix
Content Types Real-Life mix Synthetic
Transaction Size Variety
Single size or
an undisclosed mix
How do different vendors test performance?
- 21. 21©2018 Check Point Software Technologies Ltd.
Web: youtube
video, 30%
Web:
JPG, 40%
Web: 15K
page, 15%
Web: 1K pages,
5%
SMTP; 1%
Telnet; 1% FTP; 1% POP3; 1%
DNS; 1%
Traffic Mix
Introducing New Enterprise Testing Conditions
A typical internet facing traffic blend
for enterprises in 2018
Realistic mix of protocols
and content types
Aligned with customer
expectations in RFPs
- 22. 22©2018 Check Point Software Technologies Ltd.
Measured under ENTERPRISE TESTING CONDITION
Check Point
5100
Check Point
15400
Check Point
23900
Gen V Security
Full Threat Prevention with
SandBlast Zero-Day Protections
700
Mbps
4
Gbps
14.6
Gbps
Gen III Security
Next-Gen Firewall
2.1
Gbps
7.7
Gbps
24
Gbps
Gen II Security
Firewall bandwidth
6.45
Gbps
33.5
Gbps
77.9
Gbps
- 23. 23©2018 Check Point Software Technologies Ltd.
Bypass security
when buffers
are full
Don’t emulate
large files
Inspecting only
inbound traffic
Inspect only
the beginning of
the connection
Traffic load
Disables all
Security
Large files
(like this ppt)
are not protected
Enabling
malware to
communicate
Freely
Very easy to
evade security
Be Aware! Other Security Vendors Cut Corners!
*Based on security vendors product documentation
- 25. 25©2018 Check Point Software Technologies Ltd. Source: Operational Efficiency Report: Dimensional Research
Step up to Cyber Security
Your Security is Only as Strong as Your Ability to
Manage it
98% 58% 23%
98% of enterprises experienced a
significant cyber threat in the past 3 years
58% took more than 24 hours to start
remediation of threat
Only 23% report their security teams
are fully up-to-date
- 27. 27©2018 Check Point Software Technologies Ltd.
Unified Rulebase – One Policy Governs Everything
User Aware
Device Aware
Applications
Content Cloud
Gateways
- 28. 28©2018 Check Point Software Technologies Ltd.
Unified Management – One Simple Example
When selecting a rule...
...you immediately see the logs
relevant to that specific rule
- 29. 29©2018 Check Point Software Technologies Ltd.
• Inline layer is only checked if parent rule matches.
• Can be reused multiple times
• Can be assigned a dedicated administrator
Unified Rulebase – Inline Layers
Parent Rule
Inline Layer
- 30. 30©2018 Check Point Software Technologies Ltd.
RESPOND TO SECURITY INCIDENTS
IMMEDIATELY
SINGLE VIEW INTO SECURITY RISKS
REAL-TIME FORENSIC &
EVENT INVESTIGATION
New Cyber Attack Dashboard
Find the needle in the haystack
- 31. 31©2018 Check Point Software Technologies Ltd.
Multi-Tasking in R80.20
[Internal Use] for Check Point employees
NO NEED TO PUBLISH OR
DISCARD UNFINISHED WORK
OPEN MULTIPLE SMARTCONSOLE
SESSIONS IN PARALLEL SWITCHING TASKS
99POLICY CHANGES
- 32. 32©2018 Check Point Software Technologies Ltd.
Unified logs for Security Gateway, SandBlast Agent and
SandBlast Mobile for simple log analysis
Logging & Monitoring
- 33. 33©2018 Check Point Software Technologies Ltd.
Log Exporter
rsyslogrsyslogrsyslogrsyslog
…and any other SIEM application that
can run syslog agent
Supports…
Extract – Reads incoming logs
from the Security Gateway
Transform – Adapts SIEM format
Export – Sends the logs to the
configured target server
# cp_log_export add name my_splunk_device
domain-server LondonDomain
target-server 192.168.13.32 target-port 5009
protocol tcp format CEF encrypted true ca-cert
/path/my-certificate client-cert /path/my-cert.p12
client-secret shared-secret --apply-now
Log
- 34. 34©2018 Check Point Software Technologies Ltd.
ENHANCEMENTS STREAMLINE BUSINESS
OPERATIONS FOR FAST AND EFFICIENT
SECURITY CONTROL
NEW MANAGEMENT API’s
IOC, UPDATEABLE OBJECTS, WILDCARD
OBJECTS, MULTI-TASKING, SHOW TASKS,
PURGE REVISIONS
New! Online Changelog in the API documentation
R80.20 does not stop giving!
- 35. 35©2018 Check Point Software Technologies Ltd.
Task
Task 1:
Allow Facebook for one department
and block it everywhere else
00:40
58 Clicks
1 Menu
02:03
110 Clicks
11 Menus
01:34
97 Clicks
4 Menus
01:44
108 Clicks
7 Menus
Task 2:
Create a new network object and
perform dynamic NAT
00:19
49 Clicks
2 Menus
00:56
80 Clicks
6 Menus
00:53
60 Clicks
4 Menus
00:50
75 Clicks
6 Menus
Task 3:
Find logs for the application "Mega.nz"
00:08
9 Clicks
1 Menu
00:20
14 Clicks
2 Menus
00:13
11 Clicks
2 Menus
00:43
11 Clicks
3 Menus
Task 4:
Replace an object appearing 4 times
with another object
00:20
13 Clicks
1 Menu
00:46
44 Clicks
8 Menus
00:40
38 Clicks
5 Menus
01:06
49 Clicks
9 Menus
Task 5:
add the same simple rule to 2 different
policies/gateways
00:37
55 Clicks
2 Menu
01:47
103 Clicks
5 Menus
01:12
99 Clicks
4 Menus
01:18
94 Clicks
9 Menus
Totals:
02:08
183 Clicks
7 Menus
05:52
340 Clicks
32 Menus
04:32
272 Clicks
19 Menus
05:41
341 Clicks
35 Menus
Management Agony Coefficient 1 3.04 2.23 3.06
AGONY METER
Full reference: http://tiny.cc/agonymeter [Internal Use] for Check Point employees
- 37. 37©2018 Check Point Software Technologies Ltd.
ISE
COMPLETE CLOUD SECURITY
Consistent security policy and control
across all Public and Private Clouds
- 38. 38©2018 Check Point Software Technologies Ltd.
Adaptive Security for Cloud
Managing access rules to online
services in now easier than ever
Ready-to-use, automatically updated
groups do the work for you!
- 39. 39©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
PREVENTION OF SAAS CYBER
ATTACKS
BLOCK OF SAAS ACCOUNT
HIJACKING
- 40. 40©2018 Check Point Software Technologies Ltd.
4
MOBILE
Threat Intelligence
ENDPOINT
HEADQUARTERS
LAN
BRANCH
Access Protection
Baseline Threat
Prevention
Advanced Threat
Prevention
Media
Encryption
Full Disk
Encryption
Advanced
Threat
Prevention
Inbound
Outbound
Access Control
Data
Protection
Multi Layered
Security
MGMT -
VPN
IDA
LAN
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business
data
Protect docs
everywhere
CLOUD
Infrastructure Applications
Advanced
Threat Prevention
Adaptive Security
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
ENDPOINT
Identity Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Automation and
Orchestration
Multi-Cloud
Hybrid Cloud
Cross Cloud
Dynamic Policies
Access
Control
Advanced
Threat Prevention
Segmentation
- 41. 41©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd.
THANK YOU