комплексная защита от современных интернет угроз с...

©2016 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

Olexandr Rapp | [email protected] Security Engineer - CIS

Комплексная защита от

современных Интернет угроз

с помощью решения

Check Point Sandblast

mailto:[email protected]

©2016 Check Point Software Technologies Ltd. 2

Фокус на безопасности и лидерство

► $1,6 Млрд (Оборот) Оборот в 2015 году

Стратегия Software Blades обеспечивает постоянный рост

► 100% (Безопасность) Специализация исключительно на ИТ-безопасности

Все компании из Fortune 500 - заказчики Check Point

► Мировое признание Признание NSS Labs, Gartner, Miercom, SC Magazine

“Leader” в Gartner Enterprise Firewall уже 17 лет

Кому вы доверяете вашу IT безопасность?


CHECK POINT SOFTWARE TECHNOLOGIES NAMED A LEADER IN THE

GARTNER MAGIC QUADRANTS FOR

ENTERPRISE NETWORK FIREWALLS3

UNIFIED THREAT MANAGEMENT4

MOBILE DATA PROTECTION5

4 YEARS IN A ROW

SINCE 1997

8 YEARS IN A ROW

3Gartner, Inc., Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D'Hoinne, 22 April 2015. 4Gartner, Inc., Magic Quadrant for Unified Threat Management, Jeremy D’Hoinne, Adam Hils, Greg Young, 07 August 2014. 5Gartner, Inc., Magic Quadrant for Mobile Data Protection, John Girard, 08 September 2014. 3-5Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research

publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of

merchantability or fitness for a particular purpose.


Key Technology

[Restricted] ONLY for designated groups and individuals

Unified Management

Network Security Next Generation

Threat Prevention

Mobile and Endpoint Security

Virtualized Security / Cloud Security


Malware that has not previously been seen,

which can often get past traditional security products

WHAT ARE

Unknown Threats?


Spear Phishing Email


Enable Macro…..


Boom…..


• Encrypts local content rendering user files unusable

• In many cases then encrypts network storage

o Impacting many more users

• Once encrypted, almost no chance to decrypt yourself

• Two choices

o Reimage and restore, losing work since last backup

o Pay up

[Protected] Non-confidential content

Damage and Response


How are these bypassing AV? Exploit kits turn known into unknown

So long bankers…hello crypto lockers


Polymorphic changes

Packing and Obfuscation


CHECK POINT Next-Generation Threat Prevention

©2016 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals

IPS

Anti Virus

SandBlast

Anti Bot

SandBlast Agent

Комплексный подход

SECURITY GATEWAY


Check Point IPS

©2016 Check Point Software Technologies Ltd. 15 [Protected] Non-confidential content

Check Point IPS

Prevents Exploits of Known Vulnerabilities

Enforce Protocol Specifications

Detect Protocol Anomalies and Attacks

Signature based Engine

©2016 Check Point Software Technologies Ltd. 16 ©2016 Check Point Software Technologies Ltd.

16

3466

3140

1297

813

# CVE's

# CVE's in Recommended Profile

Microsoft CVE's

Adobe CVE's

2260

3443

2082

2685

2984

854

1129

716

1177 1168

540

805

468

770 705

Number of CVE’s covered by IPS (2010-2016)

Information is current as of Jan 2010 - May 2016 | Source: Check Point Advisories| Palo Alto ThreatVault |Fortinet FortiGuard|Mcafee Threat Intelligence|Tipping Point Digital Vaccine|SourceFire Advisories

https://www.checkpoint.com/advisories/

https://threatvault.paloaltonetworks.com/

https://fortiguard.com/updates/ips

http://www.mcafee.com/threat-intelligence/vulnerability/latest.aspx

https://threatlinq.tippingpoint.com/

http://www.snort.org/vrt/advisories




NSS LABS- Check Point’s Track Record of Security Leadership and Excellence!

IPS Recommended – Jan 2011 Best integrated IPS Security Score of 97.3%!

NGFW Recommended – April 2011 World’s first NSS Recommended NGFW!

FW Recommended – April 2011 Only vendor to pass the initial test!

NGFW Recommended – Jan 2012 Continued NGFW Leadership and Excellence!

IPS Recommended – July 2012 Leading integrated IPS Security Score of 98.7%!

FW Recommended – Jan 2013 Best Security + Management score of 100%!

IPS Individual Test – Feb 2013* 61000 IPS Security Score of 99%! 26.5G IPS

IPS Recommended – Nov 2013 100% Management score and Best annual Management Labor Cost (Upkeep and Tuning)!

NGFW Recommended – Feb 2013 Best Security + Management Score of 98.5%!

• Individual product test and not part of a Group Test.

NSS only awards “Recommended” in Group Tests.

NGFW Recommended – Sept 2014 4th NGFW Recommended

BDS Recommended – Aug 2015 1st time tested , 100% unknown malware catch-rate

©2016 Check Point Software Technologies Ltd.

17

NGFW Recommended – Mar 2016 Best Catch rate 99.8% Continuing Leadership and Excellence …

NGFW Recommended – Mar 2016 99.8% Catch rate and 5th NSS NGFW Recommended!


Check Point Network AV


Check Point Anti-Virus

Blocks Download of Known Malware

Signatures and MD5 based Engines

Malware Feeds Blocks Access to Malware Sites


Check Point Network Anti Bot


Stop Traffic to Remote Operators

Multi-tier Discovery

Check Point Anti-Bot


Blocks Bot Communication

PREVENT Bot Damage

IDENTIFY Bot infected

Devices Reputation Patterns SPAM


PROTECT FROM THE UNKNOWN

Rapid delivery of sanitized

content

PROACTIVE

PREVENTION

Evasion resistant malware detection

ADVANCED

SANDBOX


Sandblast Threat Extraction Providing Clean Files

B E F O R E A F T E R

Malware Activated Malware Removed

Immediate Access. Proactive Prevention. Attack Visibility.


.cleaned.doc.pdf

Less than 1% of users need the original

For those who do, it’s a simple click

Original becomes available after found clean by the sandbox


Examine:

• System Registry

• Network Connections

• File System Activity

• System Processes

Open and detonate any files

THE TRADITIONAL SANDBOX HOW IT WORKS (1st Generation)

Watch for telltale signs of malicious code

at the Operating System level

T H R E A T C O N T A I N E D


VULNERABILITY

EXPLOIT

SHELLCODE

MALWARE


THE ONLY SANDBOX WITH CPU-LEVEL TECHNOLOGY

Traditional Sandbox

• Behavioral detection

• Can be evaded

SANDBLAST

• CPU-Level detection

• EVASION RESISTANT

©2015 Check Point Software Technologies Ltd. 28 28 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |

A B C

D E

F

CPU OPERATION

Normal execution


©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |

ROP EXPLOIT (Return Oriented Programming)

A B C

D E

F 2

1 3

4 5

6 Hijacks small pieces of legitimate code from the memory and manipulates the CPU to load and execute the actual malware.


• Highest catch rate

• Evasion-resistant

• Efficient and fast

• Unique to Check Point

CPU-LEVEL & OS-LEVEL EXPLOIT DETECTION


Борьба с атаками нулевого дня

INSPECT EMULATE

PREVENT SHARE

On site Dedicated APPLIANCE SECURITY GATEWAY

Exe files, PDF and

Office documents


©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 32 ©2014 Check Point Software Technologies Ltd.

14,000,000+ FILES INSPECTION / WEEK February 2016

THREAT EMULATION

CLOUD SERVICE:

55,000+ UNKNOWN MALWARE

DETECTION / WEEK February 2016

We have the experience!


Block UNKNOWN and ZERO-DAY ATTACKS in Microsoft Office 365™

SANDBLAST CLOUD PROTECTS CLOUD-BASED EMAIL

• Advanced Threat Prevention for Office 365

• Fast and Transparent User Experience

• Easy to Deploy and Manage

OFFICE 365 PROTECTION


I N T R O D U C I N G …

THE POWER TO PROTECT. THE INSIGHT TO UNDERSTAND.


SANDBLAST

CLOUD

Eliminate Zero Day Malware at the Endpoint


Web downloads sent to SandBlast cloud 1 Sanitized version

delivered promptly 2 Original file emulated in the background 3


CONVERT to PDF for best security,

or SANITIZE keeping the original format

Instant Protection for Web Downloads



Access to the Original File


Only After Threat Emulation when verdict is benign

Self-Catered No Helpdesk Overhead


SANDBLAST CLOUD

Browser Extension Web downloads

Threat Extraction &

Threat Emulation

File-System Monitor Any file copied or created

Threat Emulation

Zero-day Protection – in two layers


Collect Forensics Data and Trigger Report Generation


FORENSICS data continuously collected from various OS sensors 1

Report generation automatically triggered upon detection of network events or 3rd party AV

2 Digested incident report sent to SmartEvent 4 Processes

Registry Files

Network

Advanced algorithms analyze raw forensics data 3


SandBlast – A Recognized Leader

COOLEST CYBERSECURITY

PRODUCTS

2 0 1 5

Leader in the Forrester WaveTM

For Advanced Malware Analysis, Q2 2016

Highest Overall Score, Top Score for Strategy

Top-scoring ‘Recommended’ Vendor

Breach Detection Systems, 2015

Leading TCO @ $27 / Protected Mbps

100% Malware

Catch Rate

Highest Detection

Rate of Malicious URLS


SUMMARY



Family of Solutions Staying One Step Ahead of Zero-Day Attacks

SandBlast Appliance GW + Cloud Service

ENDPOINT OFFICE 365™ EMAIL NETWORK


One Step Ahead in Zero-Day Protection

Proactive Prevention

Catches More

Malware

Complete Integrated Protection

Emulation

CPU-Level

Detection

Threat

Extraction

Threat

Prevention Suite

©2016 Check Point Software Technologies Ltd. 46 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

Olexandr Rapp | [email protected] Security Engineer – CIS

QUESTIONS

mailto:[email protected]

комплексная защита от современных интернет угроз с...

Presentations & Public Speaking

Transcript of комплексная защита от современных интернет угроз с...