Csa summit seguridad en el sddc

Lucas S. García
Security Engineer

©2015 Check Point Software©2015 Check Point Software [Protected] Non-confidential
WE ARE
CHECK POINT
WE SECURE
THE FUTURE

©2015 Check Point Software Technologies Ltd. 4
TODAY
ONE ATTACK CAN SHUT
DOWN AN ENTIRE
COUNTRY’S POWER GRID,
DISRUPT TRANSPORTATION
SYSTEMS, OR STEAL
THE PERSONAL
INFORMATION OF MILLIONS.

FROM START-UPS TO
LARGE CORPORATIONS
NO ONE IS
IMMUNE

2014WORLD’S BIGGEST
DATA BREACHES
EBAY
145M
Customers
at Risk
SONY
48K
Employees
Exposed
HOME
DEPOT
56M
Customers
at Risk
JP MORGAN
CHASE
76M
Customers
at Risk
TARGET
70M
Customers
at Risk
JAPAN
AIRLINES
750K
Customers at Risk
DOMINOS
PIZZA FRANCE
600K
Customers at Risk
APPLE
275K
Customers at Risk

ATTACKS ARE CONSTANTLY
EVOLVING
INCREASE OF
CYBER THREATS
OVER THE
PREVIOUS YEAR
125% MORE
SOCIAL MEDIA PHISHING SITES
42% MORE
TARGETED CYBER ATTACKS
58% MORE
MOBILE MALWARE FAMILIES
WEB-BASED ATTACKS
30% MORE

BY 2020:
1 Billion
SMART METERS
100 Million
SMART LIGHT BULBS
7 Manufacturers
WILL HAVE
DRIVERLESS CARS
USE SMART WEARABLES
(CLOTHING AND WATCHES)
50%ofConsumers

Will have access to every part of our work and daily lives: how
we commute, how we operate, how we feel, what we seek
HACKERS

WE NEED
SECURITY
TODAY
AGAINST
TOMORROW’S
THREATS

WE PROVIDE
PROTECTIONS
AGAINST NEW THREATS EVERY DAY
10,000,000
Bad-Reputation
Events
700,000
Malware
Connections
Events
30,000
Malware
Files Events

WE OFFER THE ARCHITECTURE
THE MOST ADVANCED MANAGEMENT AND
REAL TIME PROTECTION
SOFTWARE
DEFINED
PROTECTION

©2015 Check Point Software Technologies Ltd. 13©2015 Check Point Software Technologies Ltd. 13[Protected] Non-confidential content
SDP
Management layer
Control Layer
Enforcement Layer
SOFTWARE-DEFINED PROTECTION
Cloud
Phone
Internet
of Things
Network Home
Appliances

©2015 Check Point Software Technologies Ltd. 14©2015 Check Point Software Technologies Ltd. 14[Protected] Non-confidential content
BUILT ON A COMPREHENSIVE ARCHITECTURE
ENFORCEMENT LAYER
Inspects traffic and enforces
protection
in well-defined segments
CONTROL LAYER
Delivers real-time protections to the
enforcement points
MANAGEMENT LAYER
Integrates security with business
process

©2015 Check Point Software Technologies Ltd. 15©2015 Check Point Software Technologies Ltd. [Protected] Non-confidential content
Lucas S. García
Security Engineer | AR PY UY
CHECK POINT vSEC
Security for the Modern Datacenter

©2015 Check Point Software Technologies Ltd. 16[Protected] Non-confidential content
HACKERS TARGET THE
DATACENTER

BIG INSURANCE COMPANY BEEN HACKED
Hacker breached few of the 37 company’s affiliates
Gain unauthorized access to databaseDec
2013
January
2015
13 months later, first affiliate found it has been breached
Effecting 11 M people records
May-Sep
2015
More affiliates companies found they has been breached
Effecting over 100M people & employees records

©2015 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals
KNOWN DATACENTER SECURITY INCIDENTS
Many universities in the US been breached
“..Attack originated in China gained access to servers..”
Big bank datacenter been hacked
“…million accounts were stolen from bank’s databases..”
Hacking dating service datacenter
“…33 million accounts, passwords, credit cards, addresses were published..”

©2015 Check Point Software Technologies Ltd. 19[Protected] Non-confidential content
ENTERPRISE MOVE
FROM VIRTUAL DATACENTER
TO HYBRID CLOUD*
Hybrid Cloud =Private Cloud & Public IaaS

DATA CENTER EVOLUTION
VIRTUAL DATA CENTER THE HYBRID CLOUD
• Manual operation
• Perpetual licensing
• Automation & Orchestration
• Pay as you go licensing

THE NEW CLOUD ENVIROMENT
Cloud Management
One place to orchestrate and
automate all applications
Hypervisor
The virtual compute
SDN
Central place to control
the entire networks

NEW SECURITY CHALLENGES
MODERN DATA CENTER

• Perimeter Gateway doesn’t protect
traffic inside the data center
• Lack of security between applications
• Threats attack low-priority service and
then move to critical systems
Modern threats can spread laterally inside the data center,
moving from one application to another
CHALLENGE #1:
LATERAL THREATS

• New applications provisioned rapidly
• Virtual-app movement
• Change IP address
• Unpatched dormant VMs that wakes up
Traditional static security fail to protect dynamic datacenter
CHALLENGE #2:
DYNAMIC CHANGES

Complex to manage different security products
in a multi-clouds environment?
CHALLENGE #3:
COMPLEX ENVIRONMENT

HOW TO PROTECT THE
SOFTWARE DEFINED
DATACENTER?

vSEC ELEMENTS:
vSEC GATEWAY
Secure traffic between applications
in the hybrid cloud
vSEC CONTROLLER
Automated security
with unified management

vSEC GATEWAY
Use vSEC Gateway to prevent lateral threat movement between
applications inside the datacenter

vSEC CONTROLLER
TO AUTOMATE YOUR SECURITY
vSEC Controller
Check Point Smart Center

UNIFIED MANAGEMENT
UNIFIED VISIBILITY
Unified security management and threat visibility
across virtual, physical & public cloud gateways

DELEGATE SECURITY CHANGES
*Available in R80
Use security policy that is easily correlated to micro-segmented environment
R80 Sub-Policies
The only NGTP solution with
policy designed for micro-
segmented environment

SOFTWARE DEFINED DATACENTER
DEMO ENVIRONMENT

VMWARE NSX
Network and Security Extention
Key Benefits
 Combine virtual systems to Security Groups
 Control traffic that is passing between virtual systems
 Apply Tags to virtual systems and declare a security state
Hardware
Hypervisor
vm vm
Web Server
vm vm
DB Server Isolated
DBDBWebWeb
vm
Infected
[Protected] Non-confidential content

SDDC Demo Environment
NSX Security Groups
Check Point
Anti-Bot Blade

NSX Configuration:
Tag infected VM’s «Infected»
Check Point Security Policy
NSX Configuration:
«Infected» VM’s belong to «Isolated
Security Group»

LOG
WEB_Server
is infected!
MOID of WEB_Server =
abcd-efgh
WEB_Server = MOID
abcd-efgh
Need to Tag
MOID «Infected»
Infected

38©2015 Check Point Software Technologies Ltd.
Early detection and rapid response is essential!
Organizations today are facing unprecedented growth in the diversity and
number of security threats from advanced and sophisticated malware.
Introduction
To help stay ahead of modern malware,

Investigate if a host is truly infected with malware
Introduction
Providing easy-to-use tools and guidelines for implementing
malware investigation process, using the Threat Prevention
Software Blades.
Identify the malware type and potential damages
Remediate infected computers
Using this guide you will be able to:
Detect suspicious behavior that might indicate additional infected
computers
Remediate infected computers

Advanced Threat Prevention
Anti-Virus
Anti-Bot
Threat Emulation
Block access to
malware-infested websites
Block downloads of
known malware
Fight targeted attacks that
use unknown malware
Identify and Prevent
bot communications
IPS
Stop attacks exploiting known vulnerabilities

Incident Handling Process
Identify
Investigate
Track
Monitor Threat Prevention events to
identify suspicious hosts
Conclude if the host is infected and with
what type of malware and its behavior
Track infected computers’ activity to
identify additional infected computers
Remediate
Recover infected machines
Investigate
Track
Identify
Remediate
Prepare
Optimizing configuration based on
network topologyPrepare

SUMMARY

SUMMARY:
Security
Automation
Unified
Security Control
&Visibility
Advanced
Security for
Hybrid Cloud
SECURITY THAT TAKES YOUR MODERN DATACENTER
ONE STEP AHEAD

GRACIAS !!!
• Email: garcial@checkpoint.com

Csa summit seguridad en el sddc

Related slideshows

More Related Content

Csa summit seguridad en el sddc

Editor's Notes