©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk.
7 Effective Habits when using the Internet Philip O’Kane 1.
Security for Today’s Threat Landscape Kat Pelak 1.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
©2015 Check Point Software Technologies Ltd. 1 Dallas Data Connectors 2015 Hank Johnson, Area Manager Check Point Software Technologies SECURITY OBSERVATIONS.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
1 1©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
APA of Isfahan University of Technology In the name of God.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
The Strickland Group Founded in employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
© 2010 Verizon. All Rights Reserved. PTE / DBIR.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
The Changing World of Endpoint Protection
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Integration Framework: QRadar 7.2 MR1.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Winning with Check point
Sky Advanced Threat Prevention
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Role Of Network IDS in Network Perimeter Defense.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.
Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Check Point & Security Market June 2013.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
©2014 Check Point Software Technologies Ltd. 1 ©2014 Check Point Software Technologies Ltd [Restricted] ONLY for designated groups and individuals©2014.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
Threat Management Server Eusebio Nieva Director Técnico Check Point España y Portugal.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Understanding and breaking the cyber kill chain
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Critical Security Controls
Jon Peppler, Menlo Security Channels
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chapter 4: Protecting the Organization
Cybersecurity Simplified: Phishing
Presentation transcript:

©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security Posture

©2015 Check Point Software Technologies Ltd. 2 1,000,000,000

©2015 Check Point Software Technologies Ltd. 3 According to IBM X-Factor Threat Intelligence, roughly: 1,000,000,000 Personal Records were leaked in 2014 due to Online Threats and Cyberattacks.

©2015 Check Point Software Technologies Ltd. 4 [Restricted] ONLY for designated groups and individuals 2015 Security Report Sources: 16,000+ Organizations Over 300,000 monitoring hours 1,300 Security Checkup Reports 1 Million Smartphones 3,000 Security Gateways 122 Countries and Various Industries

©2015 Check Point Software Technologies Ltd. 5

6

7

8

9

10 Let’s start with a true story A German steel mill – thousands of employees Source:

©2015 Check Point Software Technologies Ltd. 11 [Restricted] ONLY for designated groups and individuals The story starts with a spear-phishing attack on the steel mill’s business network

©2015 Check Point Software Technologies Ltd. 12 [Restricted] ONLY for designated groups and individuals Phase 1: Infiltration Attackers send a targeted that appears to come from a trusted source tricking employee to open a malicious attachment.

©2015 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals The malware exploited a vulnerability on the employee computers

©2015 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals Phase 2: Lateral Movement This established a beachhead for horizontal movement

©2015 Check Point Software Technologies Ltd. 15 [Restricted] ONLY for designated groups and individuals Phase 3: Compromised Control Systems Failures accumulated in individual control components and entire systems.

©2015 Check Point Software Technologies Ltd. 16 [Restricted] ONLY for designated groups and individuals Phase 4: Unable to shut down a blast furnace. Massive damage to the factory.

©2015 Check Point Software Technologies Ltd KEY FINDINGS UNKNOWN MALWARE KNOWN MALWARE MOBILITY HIGH-RISK APPLICATIONS DATA LOSS

©2015 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals M 83M 34M 18.5M 18M 12M 142M New Malware in 2014 and a 71% increase versus Security Report Statistics

©2015 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals UnknownKnown

©2015 Check Point Software Technologies Ltd. 20 Known Unknown IPS/Anti Virus work by: ̶ Looking for specific patterns ̶ Enforce compliance of protocols to standards ̶ Detect variations from the protocols Attackers evade signature based detection by obfuscating the attacks and creating attacks variants So how tough is it? ̶ Zeus and SpyEye ‘builder’s, generating Zeus or Spyeye variants in a click, are sold at 1-10K$ ̶ will obfuscate HTML, Javascript, Executable files, PDF & Flash files at 5-25$ per file, quantity discounts apply.

©2015 Check Point Software Technologies Ltd. 21 [Restricted] ONLY for designated groups and individuals 41% of organizations downloaded at least one unknown malware 34 sec unknown malware is downloaded Unknown Malware

©2015 Check Point Software Technologies Ltd. 22 [Restricted] ONLY for designated groups and individuals Bots 1 Command and Control min Infected organizations % % Known Malware

©2015 Check Point Software Technologies Ltd. 23 [Restricted] ONLY for designated groups and individuals DDoS Known Malware TOP ATTACK VECTORS 30 DDoS attack min

©2015 Check Point Software Technologies Ltd. 24 [Restricted] ONLY for designated groups and individuals Known Malware: Top IPS Events Percent of Total 60% 40% CLIENT SERVER NO ONE TO BLAME BUT OURSELVES

©2015 Check Point Software Technologies Ltd. 25 [Restricted] ONLY for designated groups and individuals Known Malware: Endpoint Vulnerabilities and Misconfigurations

©2015 Check Point Software Technologies Ltd. 26 [Restricted] ONLY for designated groups and individuals Mobility: Corporate Data at Risk

©2015 Check Point Software Technologies Ltd. 27 [Restricted] ONLY for designated groups and individuals Mobile Threat Research 60% 40% ANDROID iOS SURVEY: 500K+ Android and 400K iOS devices in 100+ countries 42% Suffered mobile security incidents costing more than $250,000

©2015 Check Point Software Technologies Ltd. 28 [Restricted] ONLY for designated groups and individuals Mobile Threat Research 20+ Malware variants 18 MRAT families found

©2015 Check Point Software Technologies Ltd. 29 [Restricted] ONLY for designated groups and individuals % % P2P File Sharing Applications

©2015 Check Point Software Technologies Ltd. 30 [Restricted] ONLY for designated groups and individuals 305x per day, Once every 5 mins High-risk Applications used % % Anonymizer Proxy Applications

©2015 Check Point Software Technologies Ltd. 31 [Restricted] ONLY for designated groups and individuals Data Loss 36 sensitive data sent min % %

©2015 Check Point Software Technologies Ltd. 32 [Restricted] ONLY for designated groups and individuals sent credit card data 30% sent sensitive personal information 25% Data Sent Outside Organization by Employees % of Organizations

©2015 Check Point Software Technologies Ltd. 33 [Restricted] ONLY for designated groups and individuals EVERY 24 SECONDS a host accesses a malicious website EVERY 34 SECONDS an unknown malware is downloaded EVERY 1 MINUTE a bot communicates with its command and control center EVERY 5 MINUTES a high risk application is used EVERY 6 MINUTES a known malware is downloaded EVERY 36 MINUTES sensitive data is sent outside the organization AN AVERAGE DAY

©2015 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals Summary Security Statistics in 2014 New malware increased 71% 106 downloads of unknown malware occurred per hour 86% of organizations accessed a malicious site 83% of organizations had existing bot infections

©2015 Check Point Software Technologies Ltd. 35 [Restricted] ONLY for designated groups and individuals Summary Security Statistics in % of businesses suffered mobile security incidents costing more than $250,000 to remediate 96% of organizations used at least one high-risk application 81% of organizations suffered a data loss incident Loss of proprietary information increased 71% over the past three years

©2015 Check Point Software Technologies Ltd. WHAT DO WE DO ABOUT IT?

©2015 Check Point Software Technologies Ltd. 37 Segments reduce the size of the challenge Limit the scope of a breach Segmentation

©2015 Check Point Software Technologies Ltd. 38 Weaponized PDF Threat Emulation (CPU and OS level) / Threat Extraction Command and ControlAnti - Bot Malware infestationIPS and Anti-Malware Multi-Layered Threat Prevention

©2015 Check Point Software Technologies Ltd. 39 High-Risk Applications Application Control / Mobile Threat Prevention Malicious Websites URL Filtering / Mobile Threat Prevention Data Loss DLP and Data/ Document Security Access Control & Data Protection

©2015 Check Point Software Technologies Ltd. 40 A question: Who configures their security technologies to prevent and not just detect?

©2015 Check Point Software Technologies Ltd. 41 Pre-Infection

©2015 Check Point Software Technologies Ltd. 42 Post-Infection

©2015 Check Point Software Technologies Ltd. 43 Source:

©2015 Check Point Software Technologies Ltd. 44 College – Server Compromise Incident Response Team (IRT) investigates possible server compromise Server in DMZ was flooding external hosts with UDP traffic Application control log detected IRC over HTTPS to machine in Russia IRT finds JSP RAT and Bitcoin Mining Malware on server College IPS was configured for Detect mode only (IDS). IPS Logs show Oracle server was exploited via JSP injection vulnerability IPS Signatures specific to the environment should be configured to Prevent

©2015 Check Point Software Technologies Ltd. 45 Large Pharmaceutical – Malware Infection IRT contacted about possible Bot infection Examination of Anti-Bot logs show events with critical severity configured for Detect mode

©2015 Check Point Software Technologies Ltd. 46 Large Pharmaceutical – Malware Infection IRT Identifies specific malware IRT investigates traffic #TotalHash shows 2151 unique malware hashes hosted on this IP Customer finds malware on host VirusTotal shows 29 AV products identify as malicious and confirms H-Worm malware H-Worm Ponmocup Conficker Critical Anti-Bot events should be configured to Prevent

©2015 Check Point Software Technologies Ltd. 47 Professional Sports Team – Ransomware Customer infected with CryptoWall Ransomware Correlating source IP and user info with time of infection shows Cubby Cloud File Sharing application detected Intelligence sources confirm CryptoWall campaign uses Cubby Cloud for distribution IP of Infected Host Username Time of Infection Allowed High Risk High Risk Application Control events should be configured to Prevent Back-ups are Critical in recovery from Crypto Malware

©2015 Check Point Software Technologies Ltd. 48 Leveraging IPS to address known exploits CVE Vulnerability specific signatures provide protection until systems are patched

©2015 Check Point Software Technologies Ltd. 49 And why Threat Prevention incorporates integrated Anti-Virus. URLs with Malware: Gateway blocks access to known infected websites URLs with Malware: Gateway blocks access to known infected websites Viruses: Gateway scans traffic for known viruses and malware Viruses: Gateway scans traffic for known viruses and malware Anti-Malware

©2015 Check Point Software Technologies Ltd. 50 Botnet Protections Checks for URLs, IPs, Domain reputation Looks for unique patterns in files or in the network Finds infected machines Looks for such as C&C patterns Blocks outbound C&C traffic

©2015 Check Point Software Technologies Ltd. 51 ThreatEmulation Emulated OSs Threat Emulation provides a closed environment to analyze files for unknown attacks Emulated OSs Threat Emulation provides a closed environment to analyze files for unknown attacks Focus is on behavior How a file interacts with the operating system gives a view into malicious content Focus is on behavior How a file interacts with the operating system gives a view into malicious content

©2015 Check Point Software Technologies Ltd. 52 Take the leap of faith Configure your security to “Prevent” Apply the protections to everything

©2015 Check Point Software Technologies Ltd. 53 WE SECURE THE FUTURE Download the 2015 Security Report at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.