Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ......
Transcript of Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ......
![Page 1: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/1.jpg)
1 ©2014 Check Point Software Technologies Ltd. 1
Modern Threat Prevention
[Confidential] For designated groups and individuals
Olli Mikkonen
Security Engineer
![Page 2: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/2.jpg)
2 ©2014 Check Point Software Technologies Ltd. 2 [Confidential] For designated groups and individuals
The Internet of things BRINGS WITH IT NEW challenges
TECHNOLOGY IS EVERYWHERE
![Page 3: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/3.jpg)
3 ©2014 Check Point Software Technologies Ltd. 3
Every year THREATS are becoming more sophisticated
and MORE FREQUENT
[Confidential] For designated groups and individuals
VIRUSES
AND
WORMS
ADWARE
AND
SPYWARE
DDOS
APTS
RANSOMWARE
HACTIVISM
STATE SPONSORED
INDUSTRIAL ESPIONAGE
NEXT GEN APTS
(MASS APT TOOLS)
UTILIZING WEB
INFRASTRUCTURES (DWS)
2014
2010
2007 2004
1997
AN EVER- CHANGING THREAT LANDSCAPE
![Page 4: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/4.jpg)
4 ©2014 Check Point Software Technologies Ltd. 4
*Source: http://www.forbes.com
[Confidential] For designated groups and individuals
THREATS BECOME A COMMODITY
![Page 5: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/5.jpg)
5 ©2014 Check Point Software Technologies Ltd. 5
IT environments have EVOLVED with new EMERGING technologies
[Confidential] For designated groups and individuals
EVOLVING AND COMPLEX IT ENVIRONMENTS
![Page 6: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/6.jpg)
6 ©2014 Check Point Software Technologies Ltd. 6 [Confidential] For designated groups and individuals
WE NEED SECURITY that is
MODULAR
AGILE
SECURE!!!
![Page 7: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/7.jpg)
7 ©2014 Check Point Software Technologies Ltd. [Confidential] For designated groups and individuals
Today SECURITY for Tomorrow’s THREATS
SOFTWARE –DEFINED PROTECTION
Introducing
![Page 8: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/8.jpg)
8 ©2014 Check Point Software Technologies Ltd.
E N F O R C E M E N T L AY E R Inspects traffic and enforces protection in well-defined segments
C O N T R O L L AY E R Delivers real-time protections to the enforcement points
M AN A G E M E N T L AY E R Integrates security with business process
[Confidential] For designated groups and individuals
SOFTWARE – DEFINED PROTECTION
![Page 9: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/9.jpg)
9 ©2014 Check Point Software Technologies Ltd. 9
RELIABLE and FAST to deal with demanding
IT networks and hosts.
[Confidential] For designated groups and individuals
ENFORCEMENT LAYER
![Page 10: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/10.jpg)
10 ©2014 Check Point Software Technologies Ltd.
Enforcement points MEDIATE interactions between users and systems
and EXECUTE protections
CLOUD SECURITY
MOBILE SECURITY
NETWORK SECURITY GATEWAY
ENDPOINT SECURITY
VIRTUAL SYSTEMS
[Confidential] For designated groups and individuals
ENFORCEMENT LAYER
![Page 11: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/11.jpg)
11 ©2014 Check Point Software Technologies Ltd. 11 [Confidential] For designated groups and individuals
HOW TO PROTECT
BOUNDLESS ENVIRONMENTS?
![Page 12: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/12.jpg)
12 ©2014 Check Point Software Technologies Ltd. 12
In today’s NETWORKS, there is no single perimeter.
Smartphones, clouds, and cloud move DATA and networks
across boundless computing environments.
[Confidential] For designated groups and individuals
SEGMENTATION IS THE NEW PERIMETER
![Page 13: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/13.jpg)
13 ©2014 Check Point Software Technologies Ltd. [Confidential] For designated groups and individuals
ATOMIC SEGMENTS
SEGMENT GROUPING
TRUSTED CHANNELS
CONSOLIDATION
Elements that share the same policy and protection characteristics
Grouping of atomic segments to allow modular protection
Of physical and virtual components, as network security gateways or as host-based software
Protect interactions and data flow between segments
STEP 1
STEP 2
STEP 3
STEP 4
SEGMENTATION METHODOLOGY
![Page 14: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/14.jpg)
14 ©2014 Check Point Software Technologies Ltd.
Atomic segment
Group of Segments
Consolidation
[Confidential] For designated groups and individuals
SEGMENTING YOUR NETWORK
![Page 15: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/15.jpg)
15 ©2014 Check Point Software Technologies Ltd. 15 [Confidential] For designated groups and individuals
Generates SOFTWARE-DEFINED protections and deploys
them at the appropriate ENFORCEMENT points.
CONTROL LAYER
![Page 16: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/16.jpg)
16 ©2014 Check Point Software Technologies Ltd. 16 [Confidential] For designated groups and individuals
Generate PROTECTIONS
CONTROL LAYER
![Page 17: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/17.jpg)
17 ©2014 Check Point Software Technologies Ltd. 17
Control interactions between users, assets, data and applications
Protect data in motion and at rest
[Confidential] For designated groups and individuals
ACCESS CONTROL AND
DATA PROTECTION
![Page 18: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/18.jpg)
18 ©2014 Check Point Software Technologies Ltd. 18 [Confidential] For designated groups and individuals
WHAT ABOUT PROTECTING AGAINST
THE BAD GUYS?
![Page 19: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/19.jpg)
19 ©2014 Check Point Software Technologies Ltd. 19
Known Knowns
Known Unknowns
Unknown Unknowns
Threats we know we know
Threats we know we don’t know
Threats we don’t know we
don’t know
ANTI VIRUS
ANTI BOT
IPS
THREAT EMULATION
ANTI BOT
[Confidential] For designated groups and individuals
THE THREATS WE NEED TO PREVENT
![Page 20: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/20.jpg)
20 ©2013 Check Point Software Technologies Ltd.
Block download of
malware infested files
Detect and prevent
bot damage
Stops exploits of
known vulnerabilities
Check Point Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
![Page 21: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/21.jpg)
21 21
IPS Software Blade Summary
Security – Sophisticated and Accurate Industry leading threat coverage
Multi-Method Detection Engine
NSS Recommended in IPS Group Tests
Integrated Turn-Key Appliances Multiple models covering performance spectrum
Integrated hardware and software bypass
Flexibility with integrated, turn-key appliances
Management – Operational Efficiency Unified management of Check Point IPS products
Easy deployment, configuration and management of IPS policy, features
Efficient and effective policy and IPS operations management
[Confidential] For designated groups and individuals
![Page 22: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/22.jpg)
22 22
Increase Security NSS IPS Group Test Results (2012)
98,9% 98,3% 96,6% 96,0% 95,0% 94,8% 92,5% 90,9% 88,8%
77,5%
0,0%
20,0%
40,0%
60,0%
80,0%
100,0%
120,0%Overall Achievable Block Rate (Tuned*)
*NSS Labs tested only tuned configurations in 2012
[Confidential] For designated groups and individuals
![Page 23: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/23.jpg)
23 23
Missing a type of evasion means a hacker can use an entire class
of exploits to circumvent the IPS, rendering it virtually useless
Check Point IPS Software Blade
delivered 100% resistance to evasion
Increase Security NSS IPS Group Test Results
Resistance to Evasion Attacks
IP Packet
Fragmentation
TCP Stream
Segmentation
RPC
Fragmentation
SMB & NetBIOS
Evasions URL
Obfuscation
HTML
Obfuscation
Payload
Encoding
FTP
Evasion
IP Frag + TCP
Segmentation
IP Frag + MSRPC
Fragmentation IP Frag + SMB
Evasions
TCP Seg +
NetBIOS
Evasions
[Confidential] For designated groups and individuals
![Page 24: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/24.jpg)
24 ©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. |
Antivirus Software Blade
Constantly
updated Security intelligence with ThreatCloud™
Prevent
Access to
Malicious Sites Over 300,000 sites!
Stop Incoming
Malware Attacks
R
75
.40
Sig
na
ture
s
[Millio
n]
300x Protect with 300x more signatures!
R75.20
4.5-
0-
Extended Protection using ThreatCloud™
![Page 25: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/25.jpg)
25 25
Botnet Operation: The Infection
Infection
Social engineering
Exploiting vulnerability
Drive-by downloads
Download Egg
Small payload
Contains initial activation sequence
Egg downloaded directly from infection source or source, such as Command & Control server
C&C Server
![Page 26: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/26.jpg)
26 26
Botnet Operation: Self -Defense
Self Defense
Stop Anti-Virus service
Change “hosts” file
Disable Windows Automatic Updates
Reset system restore points
Command
& Control
Server
![Page 27: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/27.jpg)
27 27
Botnet Operation: The Damages
Payload Pull
Command
& Control
Server
Spam
Denial of Service
Identity Theft
Propagation
Click fraud
![Page 28: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/28.jpg)
28 28
Prevent
Bot damage Stop traffic to remote operators
Discover
Bot infections Multi-tier discovery
Anti-Bot Software Blade
Extensive forensics tools
Investigate
Bot infections
DISCOVER and STOP Bot Attacks
![Page 29: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/29.jpg)
29 29
ThreatSpect™ Engine
Reputation
Detect Command & Control sites and drop zones
Over 250 millions addresses in ThreatCloud™
Real time updates
Network
Signatures
Over 2000 bots’ family unique communication patterns
Dozen of behavioral patterns
Suspicious
Email Activity Over 2 million outbreaks
ThreatSpect™ Engine Maximum security with
multi-gig performance
![Page 30: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/30.jpg)
30 ©2013 Check Point Software Technologies Ltd.
WHAT ABOUT
NEW ATTACKS? Block download of
malware infested files
Detect and prevent
bot damage
Stops exploits of
known vulnerabilities
Check Point Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
![Page 31: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/31.jpg)
31 ©2013 Check Point Software Technologies Ltd.
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
Duqu Worm Causing Collateral Damage in a
Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
![Page 32: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/32.jpg)
32 ©2013 Check Point Software Technologies Ltd.
Exploiting Zero-day vulnerabilities
New vulnerabilities Countless new variants
“nearly 200,000 new malware samples appear
around the world each day” - net-security.org, June 2013
![Page 33: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/33.jpg)
33 ©2013 Check Point Software Technologies Ltd.
INSPECT
FILE
PREVENT SHARE
Stop undiscovered attacks with
Check Point Threat Emulation
INSPECT
FILE EMULATE
PREVENT SHARE
![Page 34: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/34.jpg)
34 ©2013 Check Point Software Technologies Ltd.
Exe files, PDF and
Office documents
Identify files in email
attachments and downloads over the web
Send file to virtual sandbox
INSPECT
Requires no infrastructure
change or adding devices
![Page 35: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/35.jpg)
35 ©2013 Check Point Software Technologies Ltd.
EMULATE
Open file and monitor
abnormal behavior
Emulating
Multi OS
environments WIN 7, 8, XP & user
customized
Monitored behavior: • file system
• system registry
• network connections
• system processes
![Page 36: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/36.jpg)
36 ©2013 Check Point Software Technologies Ltd.
PREVENT
Security
Gateway
Inline stopping of malicious
files on any gateway
![Page 37: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/37.jpg)
37 ©2013 Check Point Software Technologies Ltd.
Immediate update of all
gateways
SHARE
![Page 38: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/38.jpg)
38 ©2013 Check Point Software Technologies Ltd.
A STANDARD CV?
Emulation @ Work
![Page 39: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/39.jpg)
39 ©2013 Check Point Software Technologies Ltd.
Emulation @ Work
![Page 40: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/40.jpg)
40 ©2013 Check Point Software Technologies Ltd.
Emulation @ Work
File System
Activity
System
Registry
System
Processes
Network
Connections
Abnormal file activity
Tampered system registry
Remote Connection to
Command & Control Sites
“Naive” processes created
![Page 41: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/41.jpg)
41 ©2013 Check Point Software Technologies Ltd.
Local Emulation
Appliance Threat Emulation
Cloud Service
[Restricted] ONLY for designated groups and individuals
Threat Emulation Deployment Options
THE ONLY SOLUTION TO PROVIDE
MULTIPLE DEPLOYMENT OPTIONS
Security Gateway, R77
![Page 42: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/42.jpg)
42 ©2013 Check Point Software Technologies Ltd.
INSPECT
FILE EMULATE
PREVENT SHARE
Stop undiscovered attacks with
ThreatCloud Emulation Service
![Page 43: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/43.jpg)
43 ©2014 Check Point Software Technologies Ltd. 43
Utilizing the same enforcement
points for real time dynamic
Threat Prevention protections
[Confidential] For designated groups and individuals
Updated protections in REAL-TIME
THREAT PREVENTION
![Page 44: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/44.jpg)
44 ©2014 Check Point Software Technologies Ltd. 44 [Confidential] For designated groups and individuals
EFFCTIVE THREAT PREVENTION IS
BASED ON INTELLIGENCE
![Page 45: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/45.jpg)
45 ©2014 Check Point Software Technologies Ltd.
REAL-TIME collaborative and open INTELLIGENCE
translate into SECURITY protections.
[Confidential] For designated groups and individuals
THREAT INTELLIGENCE
![Page 46: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/46.jpg)
46 ©2013 Check Point Software Technologies Ltd.
ThreatCloud™ First Collaborative Network to Fight Cybercrime
Check Point ThreatCloud™
Over 250 Million
Addresses
Analyzed for Bot
Discovery
Over 4.5 Million
Malware
Signatures
Over 300,000
Malware-Infested
Sites Up-to-the-Minute
Security Intelligence
![Page 47: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/47.jpg)
47 ©2013 Check Point Software Technologies Ltd.
ThreatCloud™ - Dynamically Updated Intelligence
Industry-best
malware feeds
Malware
Sites Signatures
Bot addresses
Collect attack
information from
gateways
Global network of
sensors to identify
emerging threats
Check Point
ThreatCloud™
SensorNET
![Page 48: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/48.jpg)
48 ©2013 Check Point Software Technologies Ltd.
Boosting the Collaborative Power of ThreatCloud
[Restricted] ONLY for designated groups and individuals
Real-time sharing for immediate Protection
![Page 49: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/49.jpg)
49 ©2013 Check Point Software Technologies Ltd.
ThreatCloud™ Model: High Performance with Extended Protection
Threat Database is kept in the cloud
Download updates to
the gateway
Gateway consults
the cloud
Malicious URLs
Real time signatures
C&C IP Addresses
Binary Signatures
Heuristic Engine
Traffic Anomaly Check
Security updates
normalized to the
ThreatCloud
Extended Protection
High Performance
![Page 50: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/50.jpg)
50 ©2014 Check Point Software Technologies Ltd. 50
The MANAGEMENT Layer ORCHESTRATES the
infrastructure and brings the highest
degree of AGILITY to the entire architecture.
[Confidential] For designated groups and individuals
MANAGEMENT LAYER
![Page 51: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/51.jpg)
51 ©2014 Check Point Software Technologies Ltd.
BRINGS the SDP architecture to LIFE by integrating security
with business processes
MODULARITY
Support segmentation
and segregation of
management duties
AUTOMATION
Automates security
policy administration
and synchronizes it
with other systems
VISIBILITY
360 degree
situational awareness
[Confidential] For designated groups and individuals
MANAGEMENT LAYER
![Page 52: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/52.jpg)
52 ©2014 Check Point Software Technologies Ltd. 52
Management modularity
provides the flexibility
to manage each
segment and control
Segregation of duties
Layers of policy
ENDLESS FLEXIBILITY with LAYERS of POLICIES
MODULARITY
![Page 53: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/53.jpg)
53 ©2014 Check Point Software Technologies Ltd. 53
OPEN INTERFACES support business process changes
Open API
Web services
AUTOMATION
![Page 54: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/54.jpg)
54 ©2014 Check Point Software Technologies Ltd.
SDN
An emerging network architecture, decoupling
network control and data planes.
Data flows between network nodes controlled via
a programmable network SDN controller.
SDP An overlay architecture enforcing security
traffic flows within an SDN network
Data flows are programmed to pass through
SDP enforcement points
SDP AND SDN WORKING
IN SYNERGY
![Page 55: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/55.jpg)
55 ©2014 Check Point Software Technologies Ltd. 55
Collects information from every enforcement point
Situation awareness view
Generation of new protections
SITUATION AWARENESS & INCIDENT RESPONSE
VISIBILITY
![Page 56: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/56.jpg)
56 ©2014 Check Point Software Technologies Ltd.
Management Challenges
Too Much Log Data
A Multitude of Devices
No Time to View
Events
![Page 57: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/57.jpg)
57 ©2014 Check Point Software Technologies Ltd.
Management Challenge
Finding the Relevant
Events
Knowing What Poses
the Real Threat
![Page 58: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/58.jpg)
58 ©2014 Check Point Software Technologies Ltd.
Management Challenge
Getting Actionable
Information
Leveraging Information
to Stop Attacks Across
the Enterprise
![Page 59: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/59.jpg)
59 ©2014 Check Point Software Technologies Ltd. 59
Check Point SmartEvent
Correlate events across all security systems
Stop attacks straight from the event screen
Identify critical security events from the clutter
with visual timelines
Check Point translates
security information
into action
![Page 60: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/60.jpg)
60 ©2014 Check Point Software Technologies Ltd.
Monitor Only what is Important!
Easily monitor
top events
See all recent
critical events
Get attack
source and
destination See through the
mass to get top
event sources,
destinations and
attacks
![Page 61: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/61.jpg)
61 ©2014 Check Point Software Technologies Ltd.
Best Integration
Monitor all events for IPS, DLP, endpoint and more
![Page 62: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/62.jpg)
62 ©2014 Check Point Software Technologies Ltd.
Timelines View
See trends and
anomalies with
Timeline View Time donuts provide
the number, time and
severity of events
![Page 63: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/63.jpg)
63 ©2014 Check Point Software Technologies Ltd.
Chart View
Bar charts show
how events
differ over time
Pie charts show
percentage of
events with
specific properties
Configure how
to split the
charts
Investigate
security issues
using pie or
bar charts
Configure how
to split the
charts
![Page 64: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/64.jpg)
64 ©2014 Check Point Software Technologies Ltd.
Map View
Map view shows
events by source
and destination
countries
Countries are
color-coded to
show levels of
activity
![Page 65: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/65.jpg)
65 ©2014 Check Point Software Technologies Ltd.
Map View
Run any
query on the
map
![Page 66: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/66.jpg)
66 ©2014 Check Point Software Technologies Ltd.
Easy Drill-Down
From business view to forensics in 3 clicks
One click on a
time donut to
view events
2nd click to
view events on
event screen
3rd click to see
packet capture
![Page 67: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/67.jpg)
67 ©2014 Check Point Software Technologies Ltd.
Better Remediation
Add protections on the fly
Easily add
protection
against critical
threats
Change policy
to prevent
critical threats Proactive
protection is
now enabled!
![Page 68: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/68.jpg)
68 ©2014 Check Point Software Technologies Ltd.
Setting Automatic Response for Event Definition
Block source
according to
configured time
![Page 69: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/69.jpg)
69 ©2014 Check Point Software Technologies Ltd.
Configuring Automatic Responses
Generate
response for a
configurable
time
![Page 70: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/70.jpg)
70 ©2014 Check Point Software Technologies Ltd. 70
Better Remediation—Geo Protection
Block malicious traffic from rogue nations
See lots of Suspicious Activity
from Hacker Land –
a know source of attacks Trojanland
Trojanland
Trojanland
Trojanland
Trojanland
Trojanland
Trojanland
Trojanland
Trojanland
The entire rogue nation is blocked!
Identify malicious
traffic activity from
Trojanland
Block traffic by
country with
Geo Protection Trojanland
Trojanland is
now blocked
![Page 71: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/71.jpg)
71 ©2014 Check Point Software Technologies Ltd. 71 [Confidential] For designated groups and individuals
SUMMARY
![Page 72: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/72.jpg)
72 ©2014 Check Point Software Technologies Ltd. 72
MODULAR AND DYNAMIC SECURITY
ARCHITECTURE
FAST AND RELIABLE ENFORCEMENT WITH
REAL-TIME INTELLIGENCE
TODAY’S SECURITY ARCHITECTURE FOR
TOMORROW’S THREATS
[Confidential] For designated groups and individuals
SOFTWARE – DEFINED PROTECTION
![Page 73: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/73.jpg)
73 ©2014 Check Point Software Technologies Ltd.
E N F O R C E M E N T L AY E R
Network, Host, Mobile, Cloud
C O N T R O L L AY E R
Next Generation Firewall, Threat Prevention,
ThreatCloud™
M AN A G E M E N T L AY E R Check Point Next Generation Security Management
[Confidential] For designated groups and individuals
CHECK POINT
SOFTWARE – DEFINED PROTECTION
![Page 74: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/74.jpg)
74 ©2014 Check Point Software Technologies Ltd. 74 [Confidential] For designated groups and individuals
GO TO WWW.checkpoint.com/sdp
TO DOWNLOAD THE WHITE PAPER
![Page 75: Modern Threat Prevention - · PDF file©2014 Check Point Software Technologies Ltd. 1 ... *NSS Labs tested only tuned configurations in 2012 . ... NSS IPS Group Test Results](https://reader031.fdocuments.in/reader031/viewer/2022030511/5abb29b27f8b9a76038c656e/html5/thumbnails/75.jpg)
75 ©2014 Check Point Software Technologies Ltd. 75 [Confidential] For designated groups and individuals
THANK YOU!