Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Ivan Štrbac
Security engineer Adriatic
©2016 Check
CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies [Protected] Non-confidential content 2
Successful Defense Strategy
©2016 Check
CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies [Protected] Non-confidential content 5
How
Howdodoyou
youprotect
protectagainst
your infrastructure against
WHAT
WHATYOU
YOU
DON’T
DON’T KNOW…
KNOW…
…ZERO-DAY
…ZERO-DAY
Malware
Malwarethat
thathas
hasnot
notpreviously
previouslybeenbeenseen
seen
can
canoften
oftengetgetpast
pasttraditional
traditionaltechnology
technology
[Protected] Non-confidential content
©2016 Check
©2015 CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies 6
FROM START-UPS TO
LARGE CORPORATIONS
NO ONE IS IMMUNE
©2016 Check
©2015 CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies
THE TRADITIONAL SANDBOX
HOW IT WORKS
Open and detonate any files
THREAT CONTAINED
Examine:
• System Registry
• Network Connections
• File System Activity
• System Processes
• Encrypted channels
©2016 Check
CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies 9
Staying One Step Ahead…
Highest Proactive
Catch Rate Prevention
Evasion-resistant Deployable in
malware blocking mode
detection
CPU-level Threat
Detection Extraction
Thousands
VULNERABILITY
Only a Handful
EXPLOIT
©2015 Check
©2016 CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies [Protected] Non-confidential content 11
CPU-LEVEL & • Highest catch rate
OS-LEVEL • Evasion-resistant
EXPLOIT • Efficient and fast
DETECTION
©2016 Check Point Software Technologies Ltd.
• Unique to Check Point
[Protected] Non-confidential content 12
STAYING ONE STEP AHEAD
OF USER EXPECTATIONS
©2016 Check
CheckPoint
PointSoftware Technologies
Software Ltd. Ltd.
Technologies [Protected] Non-confidential content 13
Traditional Sandboxes are Slow
BEFORE AFTER
Malware Activated Malware Removed
SANDBLAST SANDBLAST
APPLIANCE
CLOUD
CHECK POINT
GATEWAY
Threat Extraction
Deliver safe version of content quickly
THREAT EXTRACTION
O/S Level Emulation CPU-Level Detection
Stops zero-day and unknown malware in wide range of Catches the most sophisticated malware before evasion
file formats techniques deploy
Malware Malware
Safe Doc
Original Doc
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 21
Check Point SandBlast Agent
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 22
Protect from What You Don’t Know
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 23
UsersSome
working threats
remotely External
are best storage devices
prevented
at the endpoint
Encrypted content Lateral movement
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 24
SandBlast Agent Zero Day Prevention
Block UNKNOWN and ZERO-DAY ATTACKS on your endpoints
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 25
Eliminate Zero Day Malware at the Endpoint
SANDBLAST
CLOUD
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 27
Timing is Everything
Days to Identify and Contain a Cyber Attack The Longer an attack
MINIMUM 20 7
goes UNDETECTED,
the more time it
MEAN 206 69 Identify takes to CONTAIN it
Contain
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 29
Look for Malicious Outgoing Traffic at the Endpoint
Outgoing traffic
2 inspected by local
ANTI-BOT
THREAT INTELLIGENCE
1 continuously delivered to
the Agent
3 data exfiltration
are BLOCKED
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 30
Check Point SandBlast Agent
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 31
How did it enter? Is there business impact?
How can I block the attack vector? How do I mitigate? Who should I notify
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 32
SandBlast Agent Forensics Analysis
AUTOMATED incident analysis for EFFECTIVE incident response
ACTIONABLE GENERATED
INFORMATION AUTOMATICALLY
Interactive Triggered
Attack Summary when it matters
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 33
Collect Forensics Data and Trigger Report Generation
FORENSICS data
Report generation
1 continuously collected
from various OS sensors
Digested incident
2 automatically triggered
upon detection of network
events or 3rd party AV
Network
Files
Registry
Processes 4 report sent to
SmartEvent
Advanced
3 algorithms analyze
raw forensics data
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 34
Identify Attack Origin Exploit Code Schedule Execution
Chrome exploited while Dropper process Malware registered to
browsing launched by Chrome launch after boot
Dropped Malware
From Trigger to Infection Attack Traced Dropper downloads and
Automatically trace back the Even across system boots installs malware
infection point Data Breach
Malware reads
sensitive documents
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 35
STAYING ONE STEP AHEAD
IN IMPLEMENTATION
Flexible deployment
minimizes TCO and provides complete
threat visibility
©2016Check
©2015 Check Point
Point Software
Software Technologies
Technologies Ltd. Ltd. 36
Unified Management
FOR BEST ROI AND OPTIMAL PROTECTION
Catches Complete
More Proactive
Prevention Integrated
Malware Protection
©2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 40
THANK YOU