Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

Published byThomasine Floyd Modified over 8 years ago

Similar presentations

Presentation on theme: "©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied."— Presentation transcript:

1 ©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied well Spear Phishing

2 ©2015 Check Point Software Technologies Ltd. 2 Statistics show: End user are vulnerable to traditional threats… especially advanced attacks spear phishing email peaks on weekends

3 ©2015 Check Point Software Technologies Ltd. 3 Detect and prevent hackers’ attempts to infect and commandeer endpoint devices STAYING ONE STEP AHEAD OF ENDPOINT INFILTRATION [Protected] Non-confidential content ©2016 Check Point Software Technologies Ltd.

4 ©2015 Check Point Software Technologies Ltd. 4 Timing is Everything [Restricted] ONLY for designated groups and individuals​ Source: 2015 cost of data breach study: global analysis, Ponemon Institute The Longer an attack goes UNDETECTED, the more time it takes to CONTAIN it CONTAIN COST The longer it takes to CONTAIN it, the more it will COST $154 per lost record $3.79M average damage 23% increase from previous year

5 ©2015 Check Point Software Technologies Ltd. 5 Cost over Time: Direct loss: $162,000,000 Estimated indirect loss: >$1 Billion The financial impact GROWS dramatically with TIME

6 ©2015 Check Point Software Technologies Ltd. 6 How do we clean it? [Restricted] ONLY for designated groups and individuals​ How did it enter? Is there business impact? Has it spread? How can I block the attack vector?How do I mitigate? Who should I notify? How can I save time responding? Am I addressing the full scope? What You Really Need to Know

7 ©2015 Check Point Software Technologies Ltd. 7 What do you do when you’ve been breached? Traditional forensic analysis Rely on AV quarantine Re-image the PC Works only for known malware AV will miss all malware elements before the detection Data could be stolen before the detection Works only for known malware AV will miss all malware elements before the detection Data could be stolen before the detection Does not bring back lost data Costly & disruptive procedure Will not prevent same malware from getting in again Does not bring back lost data Costly & disruptive procedure Will not prevent same malware from getting in again Forensic data is often long gone Forensics skill is a scarce resource Too expensive to perform on all events Forensic data is often long gone Forensics skill is a scarce resource Too expensive to perform on all events [Restricted] ONLY for designated groups and individuals​ Common Approaches to Infection Response:

8 ©2015 Check Point Software Technologies Ltd. 8 SANDBLAST CLOUD Eliminate Zero-Day Malware at the Endpoint [Restricted] ONLY for designated groups and individuals​ Web downloads sent to SandBlast cloud 1 Sanitized version delivered promptly 2 Original file emulated in the background 3

9 ©2015 Check Point Software Technologies Ltd. 9 Collect Forensics Data and Trigger Report Generation [Restricted] ONLY for designated groups and individuals​ FORENSICS data continuously collected from various OS sensors 1 Analysis automatically TRIGGERED upon detection of network events or AV 2 Digested INCIDENT REPORT sent to SmartEvent 4 Processes Registry Files Network Advanced ALGORITHMS analyze raw forensics data 3

10 ©2015 Check Point Software Technologies Ltd. 10 Investigation Trigger Identify the process that accessed the C&C server Identify Attack Origin Chrome exploited while browsing From Trigger to Infection Automatically trace back the infection point Dropped Malware Dropper downloads and installs malware Exploit Code Dropper process launched by Chrome Activate Malware Scheduled task launches after boot Attack Traced Even across system boots Schedule Execution Malware registered to launch after boot [Restricted] ONLY for designated groups and individuals​ Data Breach Malware reads sensitive documents

11 ©2015 Check Point Software Technologies Ltd. 11 Automatically requests logs from involved endpoints and generates complete view of attacks  Malware entry point  Scope of damage  Other affected hosts / users  Attack flow Automated Incident Reporting Triggers the creation of an incident report through  Existing AV products  Network detections  Endpoint Anti-bot, Threat Emulation or Anti-malware  Investigation by IRT looking at related cases Triggers the creation of an incident report through  Existing AV products  Network detections  Endpoint Anti-bot, Threat Emulation or Anti-malware  Investigation by IRT looking at related cases

12 ©2015 Check Point Software Technologies Ltd. 12 [Restricted] ONLY for designated groups and individuals​ Malicious and suspicious activities Drill-down detail Severity How Serious is This Event? Understanding an Incident Instant Answers to Important Questions

13 ©2015 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals Infection 9:15AM What happened before? What happened after? Providing an Infection Timeline Are there similar infection attempts in my network? Telling a story

14 ©2015 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals WHAT WE DON’T CONTROL? How to protect against

15 ©2015 Check Point Software Technologies Ltd. 15 [Restricted] ONLY for designated groups and individuals Mix of personal and business data Can’t install low level protections such as AV Can’t control individuals’ behavior MOBILE DEVICES ARE DIFFICULT TO CONTROL

16 ©2015 Check Point Software Technologies Ltd. 16 [Restricted] ONLY for designated groups and individuals THE RESULT: A GROWING MOBILE THREAT LANDSCAPE mobile devices infected worldwide of organizations above 2000 employees have infected mobile device in their network

17 ©2015 Check Point Software Technologies Ltd. 17 [Restricted] ONLY for designated groups and individuals THREAT PREVENTI ON FOR MOBILE Let’s think different

18 ©2015 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals Dynamic Analysis (Sandboxing) Advanced Static Code Analysis (Reverse Engineering) MOBILE APPLICATION ANALYSIS

19 ©2015 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals Should look like: Actually looks like: Developer Certificate SHA1 Fingerprint: Issuer Distinguished Name: OU=Unknown, O=Unknown, L= Unknown, ST=Unknown, C=Unknown. 342A56F9902A384B443E322AD34 Number of apps, certificate, download scoring, etc. APPLICATION REPUTATION

20 ©2015 Check Point Software Technologies Ltd. 20 [Restricted] ONLY for designated groups and individuals REAL TIME REMEDIATION On-Device resolution Block C&C communication Disconnect from organization network while infected

21 ©2015 Check Point Software Technologies Ltd. 21 [Restricted] ONLY for designated groups and individuals BECOME KNOWN? What to do when the unknown

22 ©2015 Check Point Software Technologies Ltd. 22 [Restricted] ONLY for designated groups and individuals Staying one step ahead: COLLABORATION WITH MULTIPLE INTELLIGENCE SOURCES

23 ©2015 Check Point Software Technologies Ltd. 23 WE PROVIDE PROTECTIONS AGAINST NEW THREATS EVERY DAY 10,000,000 Bad-Reputation Events 700,000 Malware Connections Events 30,000 Malware Files Events

24 ©2015 Check Point Software Technologies Ltd. 24 [Restricted] ONLY for designated groups and individuals INTELLIGENCE COLLABORATION Security Analysis IntelliStore Sensors CERTs Security Events Analysis Security Community Malware Research

25 ©2015 Check Point Software Technologies Ltd. 25 [Restricted] ONLY for designated groups and individuals CHECK POINT WE SECURE THE FUTURE Thank You

Download ppt "©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.
Hacker Zombie Computer Reflectors Target.

Hacker Zombie Computer Reflectors Target.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.

©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

Similar presentations

Ads by Google