Csa summit seguridad en el sddc
- 3. ©2015 Check Point Software©2015 Check Point Software [Protected] Non-confidential
WE ARE
CHECK POINT
WE SECURE
THE FUTURE
- 4. ©2015 Check Point Software Technologies Ltd. 4
TODAY
ONE ATTACK CAN SHUT
DOWN AN ENTIRE
COUNTRY’S POWER GRID,
DISRUPT TRANSPORTATION
SYSTEMS, OR STEAL
THE PERSONAL
INFORMATION OF MILLIONS.
- 5. ©2015 Check Point Software Technologies Ltd. 5
FROM START-UPS TO
LARGE CORPORATIONS
NO ONE IS
IMMUNE
- 6. ©2015 Check Point Software Technologies Ltd. 6
2014WORLD’S BIGGEST
DATA BREACHES
EBAY
145M
Customers
at Risk
SONY
48K
Employees
Exposed
HOME
DEPOT
56M
Customers
at Risk
JP MORGAN
CHASE
76M
Customers
at Risk
TARGET
70M
Customers
at Risk
JAPAN
AIRLINES
750K
Customers at Risk
DOMINOS
PIZZA FRANCE
600K
Customers at Risk
APPLE
275K
Customers at Risk
- 7. ©2015 Check Point Software Technologies Ltd. 7
ATTACKS ARE CONSTANTLY
EVOLVING
INCREASE OF
CYBER THREATS
OVER THE
PREVIOUS YEAR
125% MORE
SOCIAL MEDIA PHISHING SITES
42% MORE
TARGETED CYBER ATTACKS
58% MORE
MOBILE MALWARE FAMILIES
WEB-BASED ATTACKS
30% MORE
- 8. ©2015 Check Point Software Technologies Ltd. 8
BY 2020:
1 Billion
SMART METERS
100 Million
SMART LIGHT BULBS
7 Manufacturers
WILL HAVE
DRIVERLESS CARS
USE SMART WEARABLES
(CLOTHING AND WATCHES)
50%ofConsumers
- 9. ©2015 Check Point Software Technologies Ltd. 9
Will have access to every part of our work and daily lives: how
we commute, how we operate, how we feel, what we seek
HACKERS
- 10. ©2015 Check Point Software Technologies Ltd. 10
WE NEED
SECURITY
TODAY
AGAINST
TOMORROW’S
THREATS
- 11. ©2015 Check Point Software Technologies Ltd. 11
WE PROVIDE
PROTECTIONS
AGAINST NEW THREATS EVERY DAY
10,000,000
Bad-Reputation
Events
700,000
Malware
Connections
Events
30,000
Malware
Files Events
- 12. ©2015 Check Point Software Technologies Ltd. 12
WE OFFER THE ARCHITECTURE
THE MOST ADVANCED MANAGEMENT AND
REAL TIME PROTECTION
SOFTWARE
DEFINED
PROTECTION
- 13. ©2015 Check Point Software Technologies Ltd. 13©2015 Check Point Software Technologies Ltd. 13[Protected] Non-confidential content
SDP
Management layer
Control Layer
Enforcement Layer
SOFTWARE-DEFINED PROTECTION
Cloud
Phone
Internet
of Things
Network Home
Appliances
- 14. ©2015 Check Point Software Technologies Ltd. 14©2015 Check Point Software Technologies Ltd. 14[Protected] Non-confidential content
BUILT ON A COMPREHENSIVE ARCHITECTURE
ENFORCEMENT LAYER
Inspects traffic and enforces
protection
in well-defined segments
CONTROL LAYER
Delivers real-time protections to the
enforcement points
MANAGEMENT LAYER
Integrates security with business
process
- 15. ©2015 Check Point Software Technologies Ltd. 15©2015 Check Point Software Technologies Ltd. [Protected] Non-confidential content
Lucas S. García
Security Engineer | AR PY UY
CHECK POINT vSEC
Security for the Modern Datacenter
- 16. ©2015 Check Point Software Technologies Ltd. 16[Protected] Non-confidential content
HACKERS TARGET THE
DATACENTER
- 17. ©2015 Check Point Software Technologies Ltd. 17
BIG INSURANCE COMPANY BEEN HACKED
Hacker breached few of the 37 company’s affiliates
Gain unauthorized access to databaseDec
2013
January
2015
13 months later, first affiliate found it has been breached
Effecting 11 M people records
May-Sep
2015
More affiliates companies found they has been breached
Effecting over 100M people & employees records
- 18. ©2015 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals
KNOWN DATACENTER SECURITY INCIDENTS
Many universities in the US been breached
“..Attack originated in China gained access to servers..”
Big bank datacenter been hacked
“…million accounts were stolen from bank’s databases..”
Hacking dating service datacenter
“…33 million accounts, passwords, credit cards, addresses were published..”
- 19. ©2015 Check Point Software Technologies Ltd. 19[Protected] Non-confidential content
ENTERPRISE MOVE
FROM VIRTUAL DATACENTER
TO HYBRID CLOUD*
Hybrid Cloud =Private Cloud & Public IaaS
- 20. ©2015 Check Point Software Technologies Ltd. 20[Restricted] ONLY for designated groups and individuals
DATA CENTER EVOLUTION
VIRTUAL DATA CENTER THE HYBRID CLOUD
• Manual operation
• Perpetual licensing
• Automation & Orchestration
• Pay as you go licensing
- 21. ©2015 Check Point Software Technologies Ltd. 21[Restricted] ONLY for designated groups and individuals
THE NEW CLOUD ENVIROMENT
Cloud Management
One place to orchestrate and
automate all applications
Hypervisor
The virtual compute
SDN
Central place to control
the entire networks
- 22. ©2015 Check Point Software Technologies Ltd. 22
NEW SECURITY CHALLENGES
MODERN DATA CENTER
- 23. ©2015 Check Point Software Technologies Ltd. 23
• Perimeter Gateway doesn’t protect
traffic inside the data center
• Lack of security between applications
• Threats attack low-priority service and
then move to critical systems
Modern threats can spread laterally inside the data center,
moving from one application to another
CHALLENGE #1:
LATERAL THREATS
- 24. ©2015 Check Point Software Technologies Ltd. 24
• New applications provisioned rapidly
• Virtual-app movement
• Change IP address
• Unpatched dormant VMs that wakes up
Traditional static security fail to protect dynamic datacenter
CHALLENGE #2:
DYNAMIC CHANGES
- 25. ©2015 Check Point Software Technologies Ltd. 25
Complex to manage different security products
in a multi-clouds environment?
CHALLENGE #3:
COMPLEX ENVIRONMENT
- 26. ©2015 Check Point Software Technologies Ltd. 26
HOW TO PROTECT THE
SOFTWARE DEFINED
DATACENTER?
- 27. ©2015 Check Point Software Technologies Ltd. 27[Restricted] ONLY for designated groups and individuals
vSEC ELEMENTS:
vSEC GATEWAY
Secure traffic between applications
in the hybrid cloud
vSEC CONTROLLER
Automated security
with unified management
- 28. ©2015 Check Point Software Technologies Ltd. 28
vSEC GATEWAY
Use vSEC Gateway to prevent lateral threat movement between
applications inside the datacenter
- 29. ©2015 Check Point Software Technologies Ltd. 29
vSEC CONTROLLER
TO AUTOMATE YOUR SECURITY
vSEC Controller
Check Point Smart Center
- 30. ©2015 Check Point Software Technologies Ltd. 30
UNIFIED MANAGEMENT
UNIFIED VISIBILITY
Unified security management and threat visibility
across virtual, physical & public cloud gateways
- 31. ©2015 Check Point Software Technologies Ltd. 31
DELEGATE SECURITY CHANGES
*Available in R80
Use security policy that is easily correlated to micro-segmented environment
R80 Sub-Policies
The only NGTP solution with
policy designed for micro-
segmented environment
- 32. ©2015 Check Point Software Technologies Ltd. 32
SOFTWARE DEFINED DATACENTER
DEMO ENVIRONMENT
- 33. ©2015 Check Point Software Technologies Ltd. 33
VMWARE NSX
Network and Security Extention
Key Benefits
Combine virtual systems to Security Groups
Control traffic that is passing between virtual systems
Apply Tags to virtual systems and declare a security state
Hardware
Hypervisor
vm vm
Web Server
vm vm
DB Server Isolated
DBDBWebWeb
vm
Infected
[Protected] Non-confidential content
- 34. ©2015 Check Point Software Technologies Ltd. 34
SDDC Demo Environment
[Protected] Non-confidential content
NSX Security Groups
Check Point
Anti-Bot Blade
- 35. ©2015 Check Point Software Technologies Ltd. 35
SDDC Demo Environment
[Protected] Non-confidential content
NSX Configuration:
Tag infected VM’s «Infected»
Check Point Security Policy
NSX Configuration:
«Infected» VM’s belong to «Isolated
Security Group»
- 36. ©2015 Check Point Software Technologies Ltd. 36
SDDC Demo Environment
[Protected] Non-confidential content
LOG
WEB_Server
is infected!
MOID of WEB_Server =
abcd-efgh
WEB_Server = MOID
abcd-efgh
Need to Tag
MOID «Infected»
Infected
- 37. 37©2015 Check Point Software Technologies Ltd. 37
Investigative Best
Practices
with Threat
Prevention
- 38. 38©2015 Check Point Software Technologies Ltd.
Early detection and rapid response is essential!
Organizations today are facing unprecedented growth in the diversity and
number of security threats from advanced and sophisticated malware.
Introduction
To help stay ahead of modern malware,
- 39. 39©2015 Check Point Software Technologies Ltd.
Investigate if a host is truly infected with malware
Introduction
Providing easy-to-use tools and guidelines for implementing
malware investigation process, using the Threat Prevention
Software Blades.
Identify the malware type and potential damages
Remediate infected computers
Using this guide you will be able to:
Detect suspicious behavior that might indicate additional infected
computers
Remediate infected computers
- 40. 40©2015 Check Point Software Technologies Ltd.
Advanced Threat Prevention
Anti-Virus
Anti-Bot
Threat Emulation
Block access to
malware-infested websites
Block downloads of
known malware
Fight targeted attacks that
use unknown malware
Identify and Prevent
bot communications
IPS
Stop attacks exploiting known vulnerabilities
- 41. 41©2015 Check Point Software Technologies Ltd.
Incident Handling Process
Identify
Investigate
Track
Monitor Threat Prevention events to
identify suspicious hosts
Conclude if the host is infected and with
what type of malware and its behavior
Track infected computers’ activity to
identify additional infected computers
Remediate
Recover infected machines
Investigate
Track
Identify
Remediate
Prepare
Optimizing configuration based on
network topologyPrepare
- 43. ©2015 Check Point Software Technologies Ltd. 43[Restricted] ONLY for designated groups and individuals
SUMMARY:
Security
Automation
Unified
Security Control
&Visibility
Advanced
Security for
Hybrid Cloud
SECURITY THAT TAKES YOUR MODERN DATACENTER
ONE STEP AHEAD
Editor's Notes
- Today’s corporations need a single approach that combines high-performance network security devices with real-time proactive protections.
Software-defined Protection is Check Point’s pragmatic security architecture and methodology.
It offers an infrastructure that is modular, agile and most importantly, SECURE.
Watch the next video to understand how Check Point’s SDP can secure today’s architecture from tomorrow’s threats.<<<
- The SDP architecture partitions the security infrastructure into three interconnected layers:
An Enforcement Layer that is based on physical and virtual security enforcement points which segment the network.
A Control Layer that analyzes different sources of threat information and generates protections and policies to be executed by the Enforcement Layer.
A Management Layer that orchestrates the infrastructure and brings the highest degree of agility to the entire architecture.
- http://www.enterprisenetworkingplanet.com/datacenter/idc-sdn-a-2-billion-market-by-2016.html
https://blogs.vmware.com/management/2015/07/align-cloud-management-initiative-market-leader.html
http://blogs.gartner.com/thomas_bittman/2015/03/05/some-perspective-on-the-explosion-of-vms-in-the-cloud/
- \\
- Security teams should actively seek to identify infections before they proliferate in the network.
This proactive approach minimizes malware damage and helps to save organization time and resources.
- It should help you answer the following key questions when analyzing Anti-Bot incidents:
- As threats become increasingly more sophisticated, security challenges continue to grow. To maximize network security, a multi-tier protection mechanism is required to secure against different vectors of network threats in order to break the infection lifecycle.
Check Point's comprehensive Threat Prevention solution offers a multi-layered, pre- and post-infection defense approach. This consolidated platform provides enterprise security to protect against modern malware
- Organizations must implement incident investigation practices that are well defined, and constructed to enable security administrators to efficiently identify and respond to with new malware outbreaks.
This sample investigation workflow should help to streamline and simplify incident handling process.