комплексная защита от современных интернет угроз с...
-
Upload
diana-frolova -
Category
Presentations & Public Speaking
-
view
33 -
download
1
Transcript of комплексная защита от современных интернет угроз с...
©2016 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | [email protected] Security Engineer - CIS
Комплексная защита от
современных Интернет угроз
с помощью решения
Check Point Sandblast
©2016 Check Point Software Technologies Ltd. 2
Фокус на безопасности и лидерство
► $1,6 Млрд (Оборот) Оборот в 2015 году
Стратегия Software Blades обеспечивает постоянный рост
► 100% (Безопасность) Специализация исключительно на ИТ-безопасности
Все компании из Fortune 500 - заказчики Check Point
► Мировое признание Признание NSS Labs, Gartner, Miercom, SC Magazine
“Leader” в Gartner Enterprise Firewall уже 17 лет
Кому вы доверяете вашу IT безопасность?
©2016 Check Point Software Technologies Ltd. 3
CHECK POINT SOFTWARE TECHNOLOGIES NAMED A LEADER IN THE
GARTNER MAGIC QUADRANTS FOR
ENTERPRISE NETWORK FIREWALLS3
UNIFIED THREAT MANAGEMENT4
MOBILE DATA PROTECTION5
4 YEARS IN A ROW
SINCE 1997
8 YEARS IN A ROW
3Gartner, Inc., Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D'Hoinne, 22 April 2015. 4Gartner, Inc., Magic Quadrant for Unified Threat Management, Jeremy D’Hoinne, Adam Hils, Greg Young, 07 August 2014. 5Gartner, Inc., Magic Quadrant for Mobile Data Protection, John Girard, 08 September 2014. 3-5Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
©2016 Check Point Software Technologies Ltd. 4
Key Technology
[Restricted] ONLY for designated groups and individuals
Unified Management
Network Security Next Generation
Threat Prevention
Mobile and Endpoint Security
Virtualized Security / Cloud Security
©2016 Check Point Software Technologies Ltd. 5
Malware that has not previously been seen,
which can often get past traditional security products
WHAT ARE
Unknown Threats?
©2016 Check Point Software Technologies Ltd. 6
Spear Phishing Email
©2016 Check Point Software Technologies Ltd. 7
Enable Macro…..
©2016 Check Point Software Technologies Ltd. 8
Boom…..
©2016 Check Point Software Technologies Ltd. 9
• Encrypts local content rendering user files unusable
• In many cases then encrypts network storage
o Impacting many more users
• Once encrypted, almost no chance to decrypt yourself
• Two choices
o Reimage and restore, losing work since last backup
o Pay up
[Protected] Non-confidential content
Damage and Response
©2015 Check Point Software Technologies Ltd. 10
How are these bypassing AV? Exploit kits turn known into unknown
So long bankers…hello crypto lockers
[Protected] Non-confidential content
Polymorphic changes
Packing and Obfuscation
©2016 Check Point Software Technologies Ltd. 12
CHECK POINT Next-Generation Threat Prevention
©2016 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals
IPS
Anti Virus
SandBlast
Anti Bot
SandBlast Agent
Комплексный подход
SECURITY GATEWAY
©2016 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals
Check Point IPS
©2016 Check Point Software Technologies Ltd. 15 [Protected] Non-confidential content
Check Point IPS
Prevents Exploits of Known Vulnerabilities
Enforce Protocol Specifications
Detect Protocol Anomalies and Attacks
Signature based Engine
©2016 Check Point Software Technologies Ltd. 16 ©2016 Check Point Software Technologies Ltd.
16
3466
3140
1297
813
# CVE's
# CVE's in Recommended Profile
Microsoft CVE's
Adobe CVE's
2260
3443
2082
2685
2984
854
1129
716
1177 1168
540
805
468
770 705
Number of CVE’s covered by IPS (2010-2016)
Information is current as of Jan 2010 - May 2016 | Source: Check Point Advisories| Palo Alto ThreatVault |Fortinet FortiGuard|Mcafee Threat Intelligence|Tipping Point Digital Vaccine|SourceFire Advisories
©2016 Check Point Software Technologies Ltd. 17
NSS LABS- Check Point’s Track Record of Security Leadership and Excellence!
IPS Recommended – Jan 2011 Best integrated IPS Security Score of 97.3%!
NGFW Recommended – April 2011 World’s first NSS Recommended NGFW!
FW Recommended – April 2011 Only vendor to pass the initial test!
NGFW Recommended – Jan 2012 Continued NGFW Leadership and Excellence!
IPS Recommended – July 2012 Leading integrated IPS Security Score of 98.7%!
FW Recommended – Jan 2013 Best Security + Management score of 100%!
IPS Individual Test – Feb 2013* 61000 IPS Security Score of 99%! 26.5G IPS
IPS Recommended – Nov 2013 100% Management score and Best annual Management Labor Cost (Upkeep and Tuning)!
NGFW Recommended – Feb 2013 Best Security + Management Score of 98.5%!
• Individual product test and not part of a Group Test.
NSS only awards “Recommended” in Group Tests.
NGFW Recommended – Sept 2014 4th NGFW Recommended
BDS Recommended – Aug 2015 1st time tested , 100% unknown malware catch-rate
©2016 Check Point Software Technologies Ltd.
17
NGFW Recommended – Mar 2016 Best Catch rate 99.8% Continuing Leadership and Excellence …
NGFW Recommended – Mar 2016 99.8% Catch rate and 5th NSS NGFW Recommended!
©2016 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals
Check Point Network AV
©2016 Check Point Software Technologies Ltd. 19 [Protected] Non-confidential content
Check Point Anti-Virus
Blocks Download of Known Malware
Signatures and MD5 based Engines
Malware Feeds Blocks Access to Malware Sites
©2016 Check Point Software Technologies Ltd. 20 [Restricted] ONLY for designated groups and individuals
Check Point Network Anti Bot
©2016 Check Point Software Technologies Ltd. 21
Stop Traffic to Remote Operators
Multi-tier Discovery
Check Point Anti-Bot
[Protected] Non-confidential content
Blocks Bot Communication
PREVENT Bot Damage
IDENTIFY Bot infected
Devices Reputation Patterns SPAM
©2016 Check Point Software Technologies Ltd. 22 [Protected] Non-confidential content
©2016 Check Point Software Technologies Ltd. 23
PROTECT FROM THE UNKNOWN
Rapid delivery of sanitized
content
PROACTIVE
PREVENTION
Evasion resistant malware detection
ADVANCED
SANDBOX
©2016 Check Point Software Technologies Ltd. 24
Sandblast Threat Extraction Providing Clean Files
B E F O R E A F T E R
Malware Activated Malware Removed
Immediate Access. Proactive Prevention. Attack Visibility.
©2016 Check Point Software Technologies Ltd. 25 [Restricted] ONLY for designated groups and individuals
.cleaned.doc.pdf
Less than 1% of users need the original
For those who do, it’s a simple click
Original becomes available after found clean by the sandbox
©2016 Check Point Software Technologies Ltd. 26 [Restricted] ONLY for designated groups and individuals
Examine:
• System Registry
• Network Connections
• File System Activity
• System Processes
Open and detonate any files
THE TRADITIONAL SANDBOX HOW IT WORKS (1st Generation)
Watch for telltale signs of malicious code
at the Operating System level
T H R E A T C O N T A I N E D
©2016 Check Point Software Technologies Ltd. 27
VULNERABILITY
EXPLOIT
SHELLCODE
MALWARE
©2016 Check Point Software Technologies Ltd.
THE ONLY SANDBOX WITH CPU-LEVEL TECHNOLOGY
Traditional Sandbox
• Behavioral detection
• Can be evaded
SANDBLAST
• CPU-Level detection
• EVASION RESISTANT
©2015 Check Point Software Technologies Ltd. 28 28 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
A B C
D E
F
CPU OPERATION
Normal execution
©2015 Check Point Software Technologies Ltd. 29 29 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
ROP EXPLOIT (Return Oriented Programming)
A B C
D E
F 2
1 3
4 5
6 Hijacks small pieces of legitimate code from the memory and manipulates the CPU to load and execute the actual malware.
©2016 Check Point Software Technologies Ltd. 30 [Protected] Non-confidential content
• Highest catch rate
• Evasion-resistant
• Efficient and fast
• Unique to Check Point
CPU-LEVEL & OS-LEVEL EXPLOIT DETECTION
©2016 Check Point Software Technologies Ltd. 31
Борьба с атаками нулевого дня
INSPECT EMULATE
PREVENT SHARE
On site Dedicated APPLIANCE SECURITY GATEWAY
Exe files, PDF and
Office documents
©2015 Check Point Software Technologies Ltd. 32 32 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 32 ©2014 Check Point Software Technologies Ltd.
14,000,000+ FILES INSPECTION / WEEK February 2016
THREAT EMULATION
CLOUD SERVICE:
55,000+ UNKNOWN MALWARE
DETECTION / WEEK February 2016
We have the experience!
©2016 Check Point Software Technologies Ltd. 33 [Restricted] ONLY for designated groups and individuals
Block UNKNOWN and ZERO-DAY ATTACKS in Microsoft Office 365™
SANDBLAST CLOUD PROTECTS CLOUD-BASED EMAIL
• Advanced Threat Prevention for Office 365
• Fast and Transparent User Experience
• Easy to Deploy and Manage
OFFICE 365 PROTECTION
©2016 Check Point Software Technologies Ltd. 34
I N T R O D U C I N G …
THE POWER TO PROTECT. THE INSIGHT TO UNDERSTAND.
©2016 Check Point Software Technologies Ltd. 35
SANDBLAST
CLOUD
Eliminate Zero Day Malware at the Endpoint
[Restricted] ONLY for designated groups and individuals
Web downloads sent to SandBlast cloud 1 Sanitized version
delivered promptly 2 Original file emulated in the background 3
©2016 Check Point Software Technologies Ltd. 36
CONVERT to PDF for best security,
or SANITIZE keeping the original format
Instant Protection for Web Downloads
[Restricted] ONLY for designated groups and individuals
©2016 Check Point Software Technologies Ltd. 37
Access to the Original File
[Restricted] ONLY for designated groups and individuals
Only After Threat Emulation when verdict is benign
Self-Catered No Helpdesk Overhead
©2016 Check Point Software Technologies Ltd. 38
SANDBLAST CLOUD
Browser Extension Web downloads
Threat Extraction &
Threat Emulation
File-System Monitor Any file copied or created
Threat Emulation
Zero-day Protection – in two layers
©2016 Check Point Software Technologies Ltd. 40
Collect Forensics Data and Trigger Report Generation
[Restricted] ONLY for designated groups and individuals
FORENSICS data continuously collected from various OS sensors 1
Report generation automatically triggered upon detection of network events or 3rd party AV
2 Digested incident report sent to SmartEvent 4 Processes
Registry Files
Network
Advanced algorithms analyze raw forensics data 3
©2016 Check Point Software Technologies Ltd. 42
SandBlast – A Recognized Leader
COOLEST CYBERSECURITY
PRODUCTS
2 0 1 5
Leader in the Forrester WaveTM
For Advanced Malware Analysis, Q2 2016
Highest Overall Score, Top Score for Strategy
Top-scoring ‘Recommended’ Vendor
Breach Detection Systems, 2015
Leading TCO @ $27 / Protected Mbps
100% Malware
Catch Rate
Highest Detection
Rate of Malicious URLS
©2016 Check Point Software Technologies Ltd.
SUMMARY
[Protected] Non-confidential content
©2016 Check Point Software Technologies Ltd. 44
Family of Solutions Staying One Step Ahead of Zero-Day Attacks
SandBlast Appliance GW + Cloud Service
ENDPOINT OFFICE 365™ EMAIL NETWORK
©2016 Check Point Software Technologies Ltd. 45
One Step Ahead in Zero-Day Protection
Proactive Prevention
Catches More
Malware
Complete Integrated Protection
Emulation
CPU-Level
Detection
Threat
Extraction
Threat
Prevention Suite
©2016 Check Point Software Technologies Ltd. 46 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | [email protected] Security Engineer – CIS
QUESTIONS