11©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals
22©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
A comprehensive survey – and much more !
888 companies
1,494 gateways
120,000 Monitoring hours
112,000,000 security events
[Restricted] ONLY for designated groups and individuals
33©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
40%
40%
20%
39%
14%10%7%
4%
26%
A comprehensive survey% of companies
Americas
EMEA
APACIndustrial
FinanceGovernment
Telco
Consulting
Other
By geography By sector
[Restricted] ONLY for designated groups and individuals
44©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Multiple sources of data
SensorNet
3D Reports
Threat Cloud
[Restricted] ONLY for designated groups and individuals
55©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Looking back and forward
Main security threats & risks
Security architectureRecommendations
2012 2013 and beyond
[Restricted] ONLY for designated groups and individuals
66©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Check Point Security Report 2013
About the research
Key findings
Security strategy
Summary
[Restricted] ONLY for designated groups and individuals
77©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threatsto the
organization
Riskyenterprise
applications
Data loss incidents in the network
[Restricted] ONLY for designated groups and individuals
88©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Another day, another major hack
[Restricted] ONLY for designated groups and individuals
99©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Just this week….
[Restricted] ONLY for designated groups and individuals
“Hackers in China Attacked The Times for Last 4 Months”(NY Times , Jan 30, 2013)
“Wall Street Journal also hit by hack” (WSJ , Jan 31 2013)
1010©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
2012: the year of hacktivism
Arab SpringPolitical freedom
FoxconWorking conditions
Justice DepartmentAnti-corruption
VaticanUnhealthy transmitters
UN ITUInternet deep packet inspection
[Restricted] ONLY for designated groups and individuals
1111©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
This does not affect me, right?
[Restricted] ONLY for designated groups and individuals
1212©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The majority of companies are infected
63%
100% = 888 companies
of the organizations (2 out of 3) in the research were infected with bots
[Restricted] ONLY for designated groups and individuals
1313©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Once in … always on
Communicating with command & control every
21minutes
[Restricted] ONLY for designated groups and individuals
1414©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Top 2012 Bots
[Restricted] ONLY for designated groups and individuals
1515©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Exploit kits are easy to buy
Rental costsOne day – 50$Up to 1 month – 500$3 month – 700$
Rental costsOne day – 50$Up to 1 month – 500$3 month – 700$
Available online
[Restricted] ONLY for designated groups and individuals
1616©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
But there is more than Bots, right?
MalwareINSIDE
How does malwareget to my network?
[Restricted] ONLY for designated groups and individuals
1717©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Going to the wrong places…
[Restricted] ONLY for designated groups and individuals
1818©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Downloading malware all the time
53%of organizations saw malware downloads
[Restricted] ONLY for designated groups and individuals
1919©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anatomy of an attack
Recon
Exploit
Toolkit
Backdoor
Damage4
3
2
1
BOT
Virus
RAT
[Restricted] ONLY for designated groups and individuals
2020©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Two major trends
BOT
Virus
Damage
Profit driven A
Ideological driven B
4RAT
[Restricted] ONLY for designated groups and individuals
2121©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case example
Massive SQL injection attack
Italian University
[Restricted] ONLY for designated groups and individuals
2222©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case StudyHacker injected the following string…
In normal language:“Please give me the usernames and
passwords from the database”
In normal language:“Please give me the usernames and
passwords from the database”
[Restricted] ONLY for designated groups and individuals
2323©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
BLOCKED
by Check Point IPS Software Blades
From around the world…
Case study - the success
[Restricted] ONLY for designated groups and individuals
2424©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Main takeaways…
63%63% of organizations were infected with bots
53%53% of organizations experienced malware downloads
[Restricted] ONLY for designated groups and individuals
2525©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threatsto the
organization
Riskyenterprise
applications
Data loss incidents in the network
[Restricted] ONLY for designated groups and individuals
2626©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
No longer a game
[Restricted] ONLY for designated groups and individuals
2727©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
What are risky applications?
Bypassing security or hiding identity
Do harm without the user knowing it
P2P file sharing
Anonymizers
File sharing / storage
Social networks
[Restricted] ONLY for designated groups and individuals
2828©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Just this week….
[Restricted] ONLY for designated groups and individuals
We discovered one live attack and were able to shut it down in process moments later,
However, our investigation has thus far indicated that the attackers may have had access to limited user information — usernames, email addresses and passwords — for approximately 250,000 users.”Bob Lord, Twitter’s director of information securit y. (Friday, Feb 1, 2013)
2929©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Risky applications
Anonymizers
[Restricted] ONLY for designated groups and individuals
3030©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
What is an anonymizer?
Firewall
OK
User Proxy Site
[Restricted] ONLY for designated groups and individuals
3131©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
History of Anonymizers
Began as “The Onion Router”
Officially sponsored by the US Navy
80% of 2012 budget from US Government
Used widely during Arab Spring
[Restricted] ONLY for designated groups and individuals
3232©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The risk of anonymizers
Bypasses security infrastructure
Used by botnets to communicate
Hide criminal, illegal activity
[Restricted] ONLY for designated groups and individuals
3333©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anonymizers inside the corporation
47%of organizations had users of Anonymizers(80% were not aware that their employees use Anonymizers)
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
3434©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Risky applications
P2P file sharing
[Restricted] ONLY for designated groups and individuals
3535©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Risk of P2P Applications
Downloading the latest
“24” episoderight now ☺
Pirated content liability
Malware downloads
“Back door” network access
[Restricted] ONLY for designated groups and individuals
3636©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
P2P inside the corporation
61%of organizations had a P2P file sharing app in use
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
3737©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Case example: P2P
3,800personal details shared
on P2P
95,000personal details shared
on P2P
Fines for information disclosers
[Restricted] ONLY for designated groups and individuals
3838©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Main takeaways…
61% of organizations had a P2P file sharing app in use
47% of organizations had users of anonymizers
[Restricted] ONLY for designated groups and individuals
3939©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We will talk about 3 issues
Threatsto the
organization
Riskyenterprise
applications
Data loss incidents in the network
[Restricted] ONLY for designated groups and individuals
4040©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
How common is it?
54%of organizations experienced data loss
[Restricted] ONLY for designated groups and individuals
4141©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Many types of data leaked
[Restricted] ONLY for designated groups and individuals
4242©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
PCI compliance can be improved
Of financial organizations sent credit card data outside the organization
[Restricted] ONLY for designated groups and individuals
4444©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We have all had this problem
Error 552 : sorry, that message exceeds my maximum message size limit
Dropbox ?YouSendIt?
Windows Live?
[Restricted] ONLY for designated groups and individuals
4545©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Storing and Sharing applications
80%of organizations use file storage and sharing applications
100% = 888 companies
[Restricted] ONLY for designated groups and individuals
4646©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Top sharing and storage apps
70
51
25
22
13
10
Dropbox
Windows Live
Curl
YouSendIt
Sugarsync
PutLocker
% of organizations
But sharing is not always caring…
[Restricted] ONLY for designated groups and individuals
4747©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
The Check Point Security Report 2013
About the research
Key findings
Security strategy
Summary
[Restricted] ONLY for designated groups and individuals
4848©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
We talked about three issues
Threatsto the
organization
Riskyenterprise
applications
Data loss incidents in the network
[Restricted] ONLY for designated groups and individuals
4949©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Anatomy of an attack
Recon
Exploit
Toolkit
Backdoor
Damage4
3
2
1
BOT
Virus
RAT
[Restricted] ONLY for designated groups and individuals
5050©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Addressing external threats
FW AVIPS
Anti B
ot
UR
LF
Threat E
mulation
[Restricted] ONLY for designated groups and individuals
5151©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Enabling secure application use
UR
LF
Ant
iviru
s
App
licat
ion
Con
trol
[Restricted] ONLY for designated groups and individuals
End
poin
t
5252©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Preventing data loss
Doc
Sec
DLP
Data
End
Poi
nt
App
licat
ion
Con
trol
Use
r ch
eck
[Restricted] ONLY for designated groups and individuals
5353©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Seeing attacks and protections
SmartEvent
SmartLog
SmartDashboard
[Restricted] ONLY for designated groups and individuals
5454©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Summary
63%
47%
54%
Infected with bots3 key
Takeaways Used Anonymizer
Experienced data leak
Multi Layer SecurityCentral Management
Manage &
Monitor
Protect fromexternal threatsProtect fromexternal threats
Prevent accessto bad sourcesPrevent accessto bad sources
Keep the organization secured
Keep the organization secured
[Restricted] ONLY for designated groups and individuals
5555©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals
Top Related