Check Point DLP & Application Control V-ICT-OR event 26 April 2012

©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone

Check Point DLP & Application ControlV-ICT-OR event

26 April 2012

Jeroen De CorelSecurity Engineer [email protected]

22©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |

Check Point DLPMakes data loss prevention work

Agenda

1 What is Data Loss?

2 Key Challenges of DLP

3 Introducing Check Point DLP

4 Application Control


Data Loss Prevention

What is DLP?

[email protected]

Corporate Strategy

Green World Strategy Plan 2010

E-mail sent to the wrong recipient, intentionally or by mistake.

Data breaches have happened to all of us

Company document uploaded to an external website.


Data Breaches—Headline Examples

Brand Damage

Compliance Liabilities

Costly Fines


It’s Not Just About Regulatory Compliance

Chief Compliance Officer

Chief Security Officer

Compliance

►Customer data

►Corporate data

►Patient data

Security

► Intellectual property

►Strategic plans

► Internal data


DLP Has Not Yet Been Solved!

Technology

Challenge

Computers can not reliably understand human content and

context

IT Staff

Challenge

Burden of incident handling

Exposure to sensitive data


Check Point Makes DLP Work

[email protected]

Corporate Strategy

John,

Let’s review the corporate strategy in our morning meeting.


‘John’ <[email protected]>

[email protected]

Confidential data sent to the wrong recipient!

Data Loss Prevention Alert

An email that you have just sent has been quarantined.

Reason: attached document contains confidential internal data

The message is being held until further action.

Send , Discard , or Review Issue

User prompted to take action

User remediates


John,

Let’s review the corporate strategy in our morning meeting.


[email protected]

Corporate Strategy

Data Loss Prevention Alert

An email that you have just sent has been quarantined.




Introducing Check Point Data Loss Prevention

EducateUsers on corporate

data policies

EnforceData loss

business processes

PreventMove from detection

to prevention

Check Point Combines Technology and Processes to Make DLP Work

NEW!


Check Point Solves the DLP Challenge

Technology ChallengeEmpowers users to remediate

incidents in real time

IT Staff ChallengeEducates users on DLP policies

without involving IT staff

New UserCheck™ Technology


Data Loss Prevention AlertAn email that you have just sent has been quarantined.




2. User alert

1. Mail sent or document uploaded

3. User remediation

UserCheck Provides User Remediation

Non-disruptive Real-time Educational


How Does Check Point DLP Work?

Simple Rule-based Policy Management

MultiSpect™ Detection Engine

Full Network Enforcement


Item No.

Name Social Security Number

Job Title Gross Pay

1 John Smith 987-65-4320 CEO $200,000

2 Kevin Brian 987-65-4221 VP R&D $150,000

3 Margret White

769-65-7522 VP Marketing

$153,000

4 Bob Johns 342-62-3323 CFO $140,000

5 Mike Riddle 777-43-4324 COO $180,000

Correlates data from multiple sources using open language

New MultiSpect™ Technology

MultiSpect Detection Engine

Detects more than 600 file formats600+ File Formats600+ Data Types

Over 250 pre-defined content data types

Detect and recognize proprietary forms and templates


Simple Rule-based Policy Management

Easily Define Policy to Detect, Prevent or Ask User


Unified Control and Deployment

Centralized Management

For Unified Control Across the Entire

Security Infrastructure

Data Loss Prevention


Ease-of-Deployment

Dedicated ApplianceSoftware Blade Network-based Inline Solution

On Existing Gateways or Open Servers

Be Up and Running Day-1!DLP-1


Check Point DLP At-A-Glance

Move from Detection to Prevention

Scaling from hundred to thousandsof users

Supporting HTTP, HTTPS, SMTP and FTP protocols

Inline network-based Software Bladerunning on any existing Check Point gateway

UserCheck notification using either thin agent or a returning email to the user

Proactively block intentional and unintentional data loss


Check Point DLP Summary

Check Point combines technology and processes to make DLP work

Prevent Data BreachesMove from detection to prevention

Enforce Data Policies Across the entire network

Educate and Alert UsersWithout involving IT staff


DLP-1 Appliance Specifications

DLP-1 2571 DLP-1 9571Performance

Number of users 1,000 5,000Messages/Hour 70K 350K

Throughput 700 Mbps 2.5 GbpsSpecifications

Storage 500 GB 2 x 1 TB (RAID 1)NICs 6 Copper 1GbE 10 Copper 1GbE

Optional Bypass card4 ports - 2 segments

(pre-packaged appliance)4 ports - 2 segments

(orderable as accessory)Price

Price year 1Without bypass card - $14,990

With bypass card- $15,990$49,990

Add bypass card - $4,995

Annual price year 2+ $7,000 $12,000


Check Point DLP Software Blade

CPSB-DLP-500 CPSB-DLP-1500 CPSB-DLP-U

Recommended Users (depending on configuration)*

Up to 500 500-1,500 1,500+

Messages/Hour 5,000-15,000 15,000-50,000

50,000-250,000

Max Throughput 700 Mbps 1.5 Gbps 2.5 Gbps

Annual Price $3,000 $7,000 $12,000


Application Control


The Problem with Internet Applications

Malware Threats

Productivity Loss

Bandwidth Hogging


Introducing

Check Point Application ControlSoftware Blade

Detect and control application usage

Available on EVERY gateway

AppWiki—Industry’s largest library with over 50,000 applications

Educate users on corporate policies


Introducing Check Point AppWiki

Over 4,500 applications

Over 50,000 social-network widgets

Grouped in over 150 categories (including Web 2.0, IM, P2P, Voice & Video, File Share)

http://appwiki.checkpoint.com

World’s largestApplication Classification Library

Unparalleled Application Control


► Measures the potential risk

Granular Application Categorization

► IM► Web conferencing► Gaming….

► Share files► High bandwidth► Use stealth techniques…

SecurityRisk

AdvancedProperties

ApplicationType


User and Machine Awareness

User identification with both agent-based and seamless, agentless Active Directory integration

Machine-aware

Corporate Active Directory Security Gateway

User- and group-aware

Includes User Identification


Application Detection and Usage Controls

Identify, allow, block or limit usage of applications at user or group level

Enable access for support team

Application Detection and Usage Controls


Reality of Standard Application Control

IT defines black & white policies

Policies don’t match real usage

IT resorts to monitor only

No real control!


Makes application control more practical

Asks users to explain reasons for application

usage

Check Point UserCheck Technology

Understand usage needs, while enforcing policyAsk

Application Usage Alert

You are trying to use Skype.

Corporate application use policy does not allow the use of Skype. If you require Skype access for business, please click Explain blow.

Corporate Proper Use Policy


Makes application control more practical

Asks users to confirm application usage in

real-time


http://www.youtube.com

Understand usage needs, while enforcing policyAsk

Application Usage Alert

You are trying to access YouTube.

Corporate application use policy limits YouTube access to business use only in order to save bandwidth.

Please select and confirm your use-case:

Personal , Business , or Cancel


Alerts users in real-time

Educates users on risk and usage policies


http://www.facebook.com

Inform and educate, while allowing application usageInform



Use to preserve resources (bandwidth) or control acceptable useLimit

http://apps.facebook.com/onthefarmApplication Usage Alert

You are trying to access Facebook Games.

Corporate application use policy allows access to non-business related activities such as Facebook Games only during these times:

12:30-14:0019:30-8:30

Corporate Proper Use Policy


Practical Implementation

Traditional security policies are suitable for clear-cut cases

Involve end-users using multiple policy actions

Accept / Drop

Allow but inform the user about the risksInform

Learn usage patterns to create better policiesAsk

Use to preserve resources (bandwidth) or control acceptable useLimit


Q&A


Thank You!

Check Point DLP & Application Control V-ICT-OR event 26 April 2012

Documents

Transcript of Check Point DLP & Application Control V-ICT-OR event 26 April 2012