1©2019 Check Point Software Technologies Ltd.

Konstantina Koukou, Security Engineer

Transforming your endpoints from the weakest link to the strongest defense

2©2019 Check Point Software Technologies Ltd.

A wake up call…

AND MANY MORE… ALL STARTED FROM VULNERABLE ENDPOINTS!

A criminal gang in Nigeria targeting the global maritime industry had been running multiple “business email compromise” scams for hundreds of thousands of dollars. The group calling had been sending messages to infiltrate payments within shipping companies. Among the victims was a South-Korean and a Japanese shipping company.

In June 2017, shipping giant Maersk was hit by a devastating cyber attack caused by the NotPetya malware, originating in Ukraine. The attack resulted in significant disruptions to Maersk’s operations and terminals worldwide, costing them up to USD 300 million.

In July 2018, COSCO Shipping Lines fell victim to a cyber attack. After a 5-day sprint to activate contingency plans, COSCO’s operations were back to normal. Apparently, Cosco was aware of what happened to Maersk and had taken proactive steps to minimize the risk

3©2019 Check Point Software Technologies Ltd.

ENDPOINTS CAN BE THE STRONGEST LINK!

Strong On-device Enforcement

Behavioral and Forensics Visibility

User Interaction

LEVERAGE ENDPOINTS TO BETTER PROTECT YOUR INFRASTRUCTURE

4©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

5©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

6©2019 Check Point Software Technologies Ltd.

1. REDUCE ATTACK SURFACE

Your corporate policy Endpoint compliance

Peripherals Port protection

Applications Application control

Data in motion Endpoint FirewallCONTROL

ENCRYPT

ENFORCE

Data in motion IPSec and SSL VPN

Data at rest & use FDE, Media Encryption and Document Security

7©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

8©2019 Check Point Software Technologies Ltd.

2. PREVENT BEFORE IT RUNS

Inhibit user mistakes

Zero-Phishing

Block known attacks

Endpoint anti-malware and reputation

Prevent unknown attacks

Pre-execution static and dynamic analysis

Thwart exploits

Anti-Exploit

9©2019 Check Point Software Technologies Ltd.

INHIBIT USER MISTAKES: with Zero-Phishing

BLOCKphishing sites

PREVENTcredential re-use

DETECTcompromised passwords

On-access activation

Real-time inspection

Dozens of indicators

Compares cached PW hashes

Collected on internal sites

Enforced on external sites

Compromised Password Used

Collected from Dark Web

Alerts user on usage

Notifies admin

10©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

11©2019 Check Point Software Technologies Ltd.

Detect signs of ransomware activities

Uncover running mutations of known malware

Discover unknown malware behaviors

Expose file-less attacks

Track evasion signs to reveal evasive malware

Prevent cached credentials scraping

3. RUNTIME PROTECTION

ANTI-RANSOMWARE

BEHAVIORAL GUARD: MALWARE FAMILIES

BEHAVIORAL GUARD : GENERIC RULES

BEHAVIORAL GUARD : FILE-LESS MALWARE

ANTI-EVASION

“ANTI-MIMI”

12©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

13©2019 Check Point Software Technologies Ltd.

4. CONTAIN AND REMEDIATE

Contain attacks and control damages

Detect and block C&C traffic

Prevent lateral movement by isolating infected machines

ANTI-BOT

ENDPOINT FIREWALL

Remediate and sterilize

Restore encrypted files

Quarantine files, kill processes

Sterilize FULL attack chain

ANTI-RANSOMWARE

FORENSICS REMEDIATION

14©2019 Check Point Software Technologies Ltd.

ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION

Reduce attack surface

Prevent before it runs

Runtime protection

Contain & remediate

Understand & respond

15©2019 Check Point Software Technologies Ltd.

Collect Forensics Data and Trigger Report Generation

FORENSICS data continuously collected from various OS sensors1

Report generation automatically triggered upon detection of network events or 3rd party AV

2Digested incident report sent to SmartEvent4Processes

RegistryFiles

Network

Advanced algorithms analyze raw forensics data3

16©2019 Check Point Software Technologies Ltd.

UNDERSTAND THE FULL ATTACK

Attack elements What is the damage?

All cleaned?

Attack types

Triage: Should I Panic?

Is it a real attack?

Full attack flow

How did it get in?

17©2019 Check Point Software Technologies Ltd.

Investigation TriggerIdentify the process that accessed the C&C server

Identify Attack OriginChrome exploited while

browsing

From Trigger to InfectionAutomatically trace back the

infection point

Dropped Malware Dropper downloads and

installs malware

Exploit CodeDropper process

launched by Chrome

Activate MalwareScheduled task

launches after boot

Attack Traced Even across system boots

Schedule ExecutionMalware registered to

launch after boot

Data BreachMalware reads

sensitive documents

18©2019 Check Point Software Technologies Ltd.

SANDBLAST AGENT PROVIDES THE STRONGEST DEFENSE

DATA SECURITY

ACCESS CONTROL & SECURE COMMUNICATION

ENDPOINT DETECTION & RESPONSE (EDR)

ADVANCED THREAT PREVENTION

FORENSICS COLLECTIONAUTOMATED MACHINE

QUARANTINEDETECTION & RESPONSE (EDR)AUTOMATED

INCIDENT ANALYSIS REPORTSFULL ATTACK CHAIN

REMEDIATION

ACCESS CONTROL & SECURE COMM

ENDPOINT IPSEC VPN

ENDPOINT COMPLIANCE

ENDPOINT FIREWALL SSL VPNAPPLICATION

CONTROL

PORT PROTECTIONDOCUMENT ENCRYPTION

FULL DISK ENCRYPTION

DOCUMENT ACCESS CONTROL

EXTERNAL MEDIA ENCRYPTION

DATA SECURITY

THREATEMULATION

ADVANCED PREVENTIONONLINE PROTECTIONS ANTI-BOT

THREATEXTRACTION

URL FILTERING

BEHAVIORAL GUARD

ANTI-RANSOMWARE

ADVANCED PREVENTIONOFFLINE PROTECTIONS

ANTI-MALWAREBASELINE PREVENTIONTHR

EAT

PR

EVEN

TIO

N ANTI-EXPLOIT ZERO-PHISHING ANTI-EVASION ANTI-MIMIMACHINE LEARNING

STATIC

MACHINE LEARNING DYNAMIC

19©2019 Check Point Software Technologies Ltd.

CHECK POINT ENDPOINT SECURITY

5,000Protecting over

organizations

5,000,000Over

Endpoint deployed worldwide

SandBlast Agent named a leader in the Forrester Wave™ endpoint security suits

ESS Wave Q2 2018

• 17.5/18 possible points

• 100% protection, 0 false positives

SandBlast Agent earns top Product by AV-TEST

Highest possible scores in:

• Corporate Vision & Focus• Malware Prevention

• Data Security• Mobile Security

Check Point earns recommended status in NSS Labs Advanced Endpoint Protection (AEP) test

Zero False Positives

• 100% HTTP block rate• 100% Email block rate

• 100% Offline threats block rate• 100% Evasions block rate

20©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd.

A solution validated for ship’s Advanced Endpoint Protection

❖ Chosen for our strong offline and online protections against Zero-day attacks❖ Independent from existing network security gateway solution ❖ Cloud based management and reporting solution❖ Happy to help you deal with the maritime cyber risks and bring you closer to IMO

compliancy by 2021

21©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

23©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees 23©2019 Check Point Software Technologies Ltd.

ENDPOINTS ARE YOUR STRONGEST DEFENSEwith SandBlast Agent

THANK YOU!