Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.

Check Point vSEC

Bezpečnostní řešení pro moderní datová centra

Peter Kovalčík

SE Manager, Check Point Software Technologies

©2015 Check Point Software Technologies Ltd. 2 [Protected] Non-confidential content

Who we are:

Established 1993

Stateful Inspection invented

Leader in Enterprise Security

Leader in Threat Protection Security

NSS Recommended

Best Management in a field

©2015 Check Point Software Technologies Ltd. 3

Commited for Best Security for our Customers (protecting against known, unknown and emerging threats…)

Secure All Business Platforms (physical, virtual, cloud, mobile, endpoint, scada …)

Best Management for maintaining complex security

(unified management of security policy for all platforms and protections)

The vision of Check Point


Bezpečnosť včera, dnes a zajtra

[Highly Restricted] ONLY for designated individuals


Včera

Firewall / ACL

Signature based attacks

Anti-virus

UTM

Dnes

Unknown malware attacks

Behavior based detections

Event correlation

Reporting

Mobile security

Datacenter security

Zajtra

SDN

Hybrid clouds

Operation efficiency

SCADA security


NEW SECURITY CHALLENGES MODERN DATA CENTER


• Perimeter Gateway doesn’t protect traffic inside the data center

• Lack of security between applications

• Threats attack low-priority service and then move to critical systems

Modern threats can spread laterally inside the data

center,

moving from one application to another

CHALLENGE #1:

LATERAL THREATS


• New applications provisioned rapidly

• Virtual-app movement

• Change IP address

• Unpatched dormant VMs that wakes up

Traditional static security fail to protect dynamic

datacenter

CHALLENGE #2:

DYNAMIC CHANGES


Complex to manage different security products

in a multi-clouds environment?

CHALLENGE #3:

COMPLEX ENVIRONMENT

©2015 Check Point Software Technologies Ltd. 10 [Restricted] ONLY for designated groups and individuals

Ransomware rises


Source: Symantec: The evolution of ransomware

Ransomware Begins

What encrypts:

- Personal and Data files

- Local files

- File-shares available to pc

- Share data if not paid

Typical resolutions:

- Recover data from backup

- Use removal tools

- Re-image machine


Source: Symantec: The evolution of ransomware

Ransomware Evolution

“Silent encryption”:

- After few months – backups got

encrypted

New way of spread - worm:

- Spread as work

- Ransomware + Conficter

RansomWeb

- Encrypt web application DB on

the fly

- “Silent encryption”

- Encrypts DB + backups

©2015 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals

Anti-virus is dead

• Antivirus cannot detect ~55% of malware

• New malware is delivered as a zero-day attack


Hey, I can spin-up VMs in minutes. Why does it take a week to get network/firewall changes

State of Virtualization vs. Networking


Securing SDDC - goals

Better SECURITY

Better FLEXIBILITY

Better PERFORMANCE


Securing SDDC - goals

Increased visibility and control

DEEP inspection, CLOSE to applications

Security is natural part of modern SDDC design

Improved security policy management

avoid overhead by knowing CONTEXT

FLEXIBLE for application deployments and changes

Performance and scalability

SCALABLE - growing with datacenter growth

no choke point design


Building blocks

• Automated security provisioning (new ESXi hosts deployed with security from beginning)

• Transparent security insertion – configurable redirection to deep inspection engine

• Cloud management systems integration into Security Management – consume objects and state of NSX/vCenter (using SDDC context)

• Tagging VMs with security incidents

• API and CLI for security automation and orchestration


End-to-End Next Generation Security

All Protections

Across All business Platforms

Best in class Management

Firewall Application Control

IPS DLP Web Security

Anti-bot Threat Emulation

Antivirus Threat Extraction

Next Generation Firewall Malware Protection Zero-day protection Data protection

Document Security

Security Appliances Virtual Appliances and SDN Endpoint and Mobile devices

Centrally Managed Monitoring and Reporting Incident Response

©2015 Check Point Software Technologies Ltd. 21 [Protected] Non-confidential content

Datacenter Security Sensor

APP FW

DB FW

APP FW

APP FW

Front-End

Segments

Application

Segments

Database

Segments DC firewall layer

North-South

DC Security

Activity Monitoring

Check Point DC activity

monitoring sensor:

Ongoing attacks inside

DC (east-west traffic)

Botnet activities

Malware activities

Suspicious behavior

monitoring

Application flow

monitoring

Real-time segmented

views

Event correlation

Reporting and Alerting

20% of

all DC traffic

80% of

all DC traffic

Non-intrusive incident detection & response


vSEC

Solution Components


vSEC solution components


vSEC

Key Features


Automatically & instantly scale vSEC to secure VMs on new host members

CHECK POINT vSEC AUTO-DEPLOYMENT


SECURITY FOR EAST-WEST TRAFFIC NSX chains Check Point vSEC gateway between VMs

Traffic between VMs goes through VMware NSX and Check Point vSEC gateways


Use vSEC for Advanced Threat Prevention inside data center

PREVENT LATERAL THREATS


UNIFIED MANAGEMENT

Use Check Point unified management for consistent policy control and threat visibility across virtual and perimeter gateways


APPLICATION-AWARE POLICY

Check Point Access Policy

Rule From To Service Action

3 WEB_VM

(vCenter Object)

Database

(NSX SecGroup) SQL Allow

Use Fine-grained security policies tied to NSX Security Groups and Virtual Machine identities

Check Point dynamically fetches objects from NSX and vCenter


SHARED-CONTEXT POLICY

NSX Policy

From To Action

Infected VM (Tagged by Check Point)

Any Quarantine

Shared security context between vSEC and NSX Manager to automatically quarantine and trigger remediation by other services

Check Point tags infected Virtual Machines in NSX manager


Use Check Point SmartEvent to monitor and investigate threats across north-south and east-west traffic

THREAT VISIBILITY INSIDE THE DATACENTER

4800

12400

Infected Virtual Machines

VM Identity Severity Date

VM_Web_22 High 3:22:12 2/4/2015

VM_DB_12 High 5:22:12 2/4/2015

VM_AD_15 Medium 5:28:12 2/4/2015

VM_SAP_34 Medium 7:28:12 2/4/2015


Summary


Securing SDDC - values

Increased visibility and control DEEP inspection, CLOSE to applications

existing and proved tools known to customers – same CP tools customer knows and adopted for DC

Improved security policy management avoid overhead by knowing CONTEXT

FLEXIBLE for application deployments and changes

smoother cooperation within customer’s teams

Performance and scalability SCALABLE - growing with datacenter growth

no choke point design

East-West security is complementary to existing North-South solution


Dakujem

Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

Technology

Transcript of Check Point vSEC - Bezpečnostní řešení pro moderní datová centra