Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd.
Check Point vSEC
Bezpečnostní řešení pro
moderní datová centra
Peter Kovalčík
SE Manager, Check Point Software Technologies

©2015 Check Point Software Technologies Ltd. 2[Protected] Non-confidential content
Who we are:
 Established 1993
 Stateful Inspection invented
 Leader in Enterprise Security
 Leader in Threat Protection Security
 NSS Recommended
 Best Management in a field

©2015 Check Point Software Technologies Ltd. 3
Commited for Best Security for our Customers
(protecting against known, unknown and emerging threats…)
Secure All Business Platforms
(physical, virtual, cloud, mobile, endpoint, scada …)
Best Management for maintaining complex security
(unified management of security policy for all platforms and protections)
The vision of Check Point

Bezpečnosť včera, dnes a zajtra
[Highly Restricted] ONLY for designated individuals

Včera
 Firewall / ACL
 Signature based attacks
 Anti-virus
 UTM
Dnes
 Unknown malware attacks
 Behavior based detections
 Event correlation
 Reporting
 Mobile security
 Datacenter security
Zajtra
 SDN
 Hybrid clouds
 Operation efficiency
 SCADA security

NEW SECURITY
CHALLENGES
MODERN DATA CENTER

• Perimeter Gateway doesn’t
protect traffic inside the data
center
• Lack of security between
applications
• Threats attack low-priority
service and then move to
critical systems
Modern threats can spread laterally inside the data
center,
moving from one application to another
CHALLENGE #1:
LATERAL THREATS

• New applications
provisioned rapidly
• Virtual-app movement
• Change IP address
• Unpatched dormant VMs
that wakes up
Traditional static security fail to protect dynamic
datacenter
CHALLENGE #2:
DYNAMIC CHANGES

Complex to manage different security products
in a multi-clouds environment?
CHALLENGE #3:
COMPLEX ENVIRONMENT

©2015 Check Point Software Technologies Ltd. 10[Restricted] ONLY for designated groups and individuals
Ransomware rises

Source: Symantec: The evolution of ransomware
Ransomware Begins
What encrypts:
- Personal and Data files
- Local files
- File-shares available to pc
- Share data if not paid
Typical resolutions:
- Recover data from backup
- Use removal tools
- Re-image machine

Source: Symantec: The evolution of ransomware
Ransomware Evolution
“Silent encryption”:
- After few months – backups got
encrypted
New way of spread - worm:
- Spread as work
- Ransomware + Conficter
RansomWeb
- Encrypt web application DB on
the fly
- “Silent encryption”
- Encrypts DB + backups

©2015 Check Point Software Technologies Ltd. 13[Restricted] ONLY for designated groups and individuals
Anti-virus is dead
• Antivirus cannot detect ~55% of malware
• New malware is delivered as a zero-day attack

Hey, I can spin-up VMs
in minutes.
Why does it take
a week to get
network/firewall changes
State of Virtualization vs. Networking

Securing SDDC - goals
 Better SECURITY
 Better FLEXIBILITY
 Better PERFORMANCE

Securing SDDC - goals
 Increased visibility and control
 DEEP inspection, CLOSE to applications
 Security is natural part of modern SDDC design
 Improved security policy management
 avoid overhead by knowing CONTEXT
 FLEXIBLE for application deployments and changes
 Performance and scalability
 SCALABLE - growing with datacenter growth
 no choke point design

Building blocks
• Automated security provisioning (new ESXi hosts
deployed with security from beginning)
• Transparent security insertion – configurable
redirection to deep inspection engine
• Cloud management systems integration into Security
Management – consume objects and state of
NSX/vCenter (using SDDC context)
• Tagging VMs with security incidents
• API and CLI for security automation and
orchestration

End-to-End Next Generation Security
All Protections
Across All business Platforms
Best in class Management
Firewall Application
Control
IPS DLPWeb
Security
Anti-bot Threat
Emulation
Antivirus Threat
Extraction
Next Generation Firewall Malware Protection Zero-day protection Data protection
Document
Security
Security Appliances Virtual Appliances and SDN Endpoint and Mobile devices
Centrally Managed Monitoring and Reporting Incident Response

©2015 Check Point Software Technologies Ltd. 21[Protected] Non-confidential content
Datacenter Security Sensor
APP
FW
DB
FW
APP
FW
APP
FW
Front-End
Segments
Application
Segments
Database
Segments
DC firewall layer
North-South
DC Security
Activity Monitoring
Check Point DC activity
monitoring sensor:
 Ongoing attacks inside
DC (east-west traffic)
 Botnet activities
 Malware activities
 Suspicious behavior
monitoring
 Application flow
monitoring
 Real-time segmented
views
 Event correlation
 Reporting and Alerting
20% of
all DC traffic
80% of
all DC traffic
Non-intrusive incident detection & response

vSEC
Solution Components

vSEC solution components

vSEC
Key Features

Automatically & instantly
scale vSEC to secure VMs
on new host members
CHECK POINT vSEC AUTO-DEPLOYMENT

SECURITY FOR EAST-WEST TRAFFIC
NSX chains Check Point vSEC gateway between VMs
Traffic between VMs goes through
VMware NSX and Check Point vSEC
gateways

Use vSEC for Advanced Threat Prevention inside data center
PREVENT LATERAL THREATS

UNIFIED MANAGEMENT
Use Check Point unified management for consistent policy control
and threat visibility across virtual and perimeter gateways

APPLICATION-AWARE POLICY
Check Point Access Policy
Rule From To Service Action
3
WEB_VM
(vCenter Object)
Database
(NSX SecGroup)
SQL Allow
Use Fine-grained security policies tied to NSX Security Groups
and Virtual Machine identities
Check Point dynamically
fetches objects from NSX
and vCenter

SHARED-CONTEXT POLICY
NSX Policy
From To Action
Infected VM
(Tagged by Check Point)
Any Quarantine
Shared security context between vSEC and NSX Manager to
automatically quarantine and trigger remediation by other services
Check Point tags
infected Virtual Machines
in NSX manager

Use Check Point SmartEvent to monitor and investigate threats
across north-south and east-west traffic
THREAT VISIBILITY INSIDE THE DATACENTER
4800
12400
Infected Virtual Machines
VM Identity Severity Date
VM_Web_22 High 3:22:12 2/4/20
VM_DB_12 High 5:22:12 2/4/20
VM_AD_15 Medium 5:28:12 2/4/20
VM_SAP_34 Medium 7:28:12 2/4/20

Summary

Securing SDDC - values
 Increased visibility and control
 DEEP inspection, CLOSE to applications
 existing and proved tools known to customers –
same CP tools customer knows and adopted for DC
 Improved security policy management
 avoid overhead by knowing CONTEXT
 FLEXIBLE for application deployments and changes
 smoother cooperation within customer’s teams
 Performance and scalability
 SCALABLE - growing with datacenter growth
 no choke point design
 East-West security is complementary to existing
North-South solution

Dakujem

Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

More Related Content

Check Point vSEC - Bezpečnostní řešení pro moderní datová centra