Check Point DLP & Application Control V-ICT-OR event 26 April 2012
description
Transcript of Check Point DLP & Application Control V-ICT-OR event 26 April 2012
©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Check Point DLP & Application ControlV-ICT-OR event
26 April 2012
Jeroen De CorelSecurity Engineer [email protected]
22©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point DLPMakes data loss prevention work
Agenda
1 What is Data Loss?
2 Key Challenges of DLP
3 Introducing Check Point DLP
4 Application Control
33©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Data Loss Prevention
What is DLP?
Corporate Strategy
Green World Strategy Plan 2010
E-mail sent to the wrong recipient, intentionally or by mistake.
Data breaches have happened to all of us
Company document uploaded to an external website.
44©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Data Breaches—Headline Examples
Brand Damage
Compliance Liabilities
Costly Fines
55©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
It’s Not Just About Regulatory Compliance
Chief Compliance Officer
Chief Security Officer
Compliance
►Customer data
►Corporate data
►Patient data
Security
► Intellectual property
►Strategic plans
► Internal data
66©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
DLP Has Not Yet Been Solved!
Technology
Challenge
Computers can not reliably understand human content and
context
IT Staff
Challenge
Burden of incident handling
Exposure to sensitive data
77©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point Makes DLP Work
Corporate Strategy
John,
Let’s review the corporate strategy in our morning meeting.
Green World Strategy Plan 2010
‘John’ <[email protected]>
Confidential data sent to the wrong recipient!
Data Loss Prevention Alert
An email that you have just sent has been quarantined.
Reason: attached document contains confidential internal data
The message is being held until further action.
Send , Discard , or Review Issue
User prompted to take action
User remediates
88©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
John,
Let’s review the corporate strategy in our morning meeting.
Green World Strategy Plan 2010
Corporate Strategy
Data Loss Prevention Alert
An email that you have just sent has been quarantined.
Reason: attached document contains confidential internal data
The message is being held until further action.
Send , Discard , or Review Issue
Introducing Check Point Data Loss Prevention
EducateUsers on corporate
data policies
EnforceData loss
business processes
PreventMove from detection
to prevention
Check Point Combines Technology and Processes to Make DLP Work
NEW!
99©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point Solves the DLP Challenge
Technology ChallengeEmpowers users to remediate
incidents in real time
IT Staff ChallengeEducates users on DLP policies
without involving IT staff
New UserCheck™ Technology
1010©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Data Loss Prevention AlertAn email that you have just sent has been quarantined.
Reason: attached document contains confidential internal data
The message is being held until further action.
Send , Discard , or Review Issue
2. User alert
1. Mail sent or document uploaded
3. User remediation
UserCheck Provides User Remediation
Non-disruptive Real-time Educational
1111©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
How Does Check Point DLP Work?
Simple Rule-based Policy Management
MultiSpect™ Detection Engine
Full Network Enforcement
1212©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Item No.
Name Social Security Number
Job Title Gross Pay
1 John Smith 987-65-4320 CEO $200,000
2 Kevin Brian 987-65-4221 VP R&D $150,000
3 Margret White
769-65-7522 VP Marketing
$153,000
4 Bob Johns 342-62-3323 CFO $140,000
5 Mike Riddle 777-43-4324 COO $180,000
Correlates data from multiple sources using open language
New MultiSpect™ Technology
MultiSpect Detection Engine
Detects more than 600 file formats600+ File Formats600+ Data Types
Over 250 pre-defined content data types
Detect and recognize proprietary forms and templates
1313©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Simple Rule-based Policy Management
Easily Define Policy to Detect, Prevent or Ask User
1414©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Unified Control and Deployment
Centralized Management
For Unified Control Across the Entire
Security Infrastructure
Data Loss Prevention
1515©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Ease-of-Deployment
Dedicated ApplianceSoftware Blade Network-based Inline Solution
On Existing Gateways or Open Servers
Be Up and Running Day-1!DLP-1
1616©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point DLP At-A-Glance
Move from Detection to Prevention
Scaling from hundred to thousandsof users
Supporting HTTP, HTTPS, SMTP and FTP protocols
Inline network-based Software Bladerunning on any existing Check Point gateway
UserCheck notification using either thin agent or a returning email to the user
Proactively block intentional and unintentional data loss
1717©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point DLP Summary
Check Point combines technology and processes to make DLP work
Prevent Data BreachesMove from detection to prevention
Enforce Data Policies Across the entire network
Educate and Alert UsersWithout involving IT staff
1818©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
DLP-1 Appliance Specifications
DLP-1 2571 DLP-1 9571Performance
Number of users 1,000 5,000Messages/Hour 70K 350K
Throughput 700 Mbps 2.5 GbpsSpecifications
Storage 500 GB 2 x 1 TB (RAID 1)NICs 6 Copper 1GbE 10 Copper 1GbE
Optional Bypass card4 ports - 2 segments
(pre-packaged appliance)4 ports - 2 segments
(orderable as accessory)Price
Price year 1Without bypass card - $14,990
With bypass card- $15,990$49,990
Add bypass card - $4,995
Annual price year 2+ $7,000 $12,000
1919©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point DLP Software Blade
CPSB-DLP-500 CPSB-DLP-1500 CPSB-DLP-U
Recommended Users (depending on configuration)*
Up to 500 500-1,500 1,500+
Messages/Hour 5,000-15,000 15,000-50,000
50,000-250,000
Max Throughput 700 Mbps 1.5 Gbps 2.5 Gbps
Annual Price $3,000 $7,000 $12,000
©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Application Control
2121©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
The Problem with Internet Applications
Malware Threats
Productivity Loss
Bandwidth Hogging
2222©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Introducing
Check Point Application ControlSoftware Blade
Detect and control application usage
Available on EVERY gateway
AppWiki—Industry’s largest library with over 50,000 applications
Educate users on corporate policies
2323©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Introducing Check Point AppWiki
Over 4,500 applications
Over 50,000 social-network widgets
Grouped in over 150 categories (including Web 2.0, IM, P2P, Voice & Video, File Share)
http://appwiki.checkpoint.com
World’s largestApplication Classification Library
Unparalleled Application Control
2424©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
► Measures the potential risk
Granular Application Categorization
► IM► Web conferencing► Gaming….
► Share files► High bandwidth► Use stealth techniques…
SecurityRisk
AdvancedProperties
ApplicationType
2525©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User and Machine Awareness
User identification with both agent-based and seamless, agentless Active Directory integration
Machine-aware
Corporate Active Directory Security Gateway
User- and group-aware
Includes User Identification
2626©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Application Detection and Usage Controls
Identify, allow, block or limit usage of applications at user or group level
Enable access for support team
Application Detection and Usage Controls
2727©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Reality of Standard Application Control
IT defines black & white policies
Policies don’t match real usage
IT resorts to monitor only
No real control!
2828©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Makes application control more practical
Asks users to explain reasons for application
usage
Check Point UserCheck Technology
Understand usage needs, while enforcing policyAsk
Application Usage Alert
You are trying to use Skype.
Corporate application use policy does not allow the use of Skype. If you require Skype access for business, please click Explain blow.
Corporate Proper Use Policy
2929©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Makes application control more practical
Asks users to confirm application usage in
real-time
Check Point UserCheck Technology
http://www.youtube.com
Understand usage needs, while enforcing policyAsk
Application Usage Alert
You are trying to access YouTube.
Corporate application use policy limits YouTube access to business use only in order to save bandwidth.
Please select and confirm your use-case:
Personal , Business , or Cancel
3030©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Alerts users in real-time
Educates users on risk and usage policies
Check Point UserCheck Technology
http://www.facebook.com
Inform and educate, while allowing application usageInform
3131©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Check Point UserCheck Technology
Use to preserve resources (bandwidth) or control acceptable useLimit
http://apps.facebook.com/onthefarmApplication Usage Alert
You are trying to access Facebook Games.
Corporate application use policy allows access to non-business related activities such as Facebook Games only during these times:
12:30-14:0019:30-8:30
Corporate Proper Use Policy
3232©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Practical Implementation
Traditional security policies are suitable for clear-cut cases
Involve end-users using multiple policy actions
Accept / Drop
Allow but inform the user about the risksInform
Learn usage patterns to create better policiesAsk
Use to preserve resources (bandwidth) or control acceptable useLimit
©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Q&A
©2012 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Thank You!