Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.

Similar presentations


Presentation on theme: "©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security."— Presentation transcript:

1 ©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security Posture

2 ©2015 Check Point Software Technologies Ltd. 2 1,000,000,000

3 ©2015 Check Point Software Technologies Ltd. 3 According to IBM X-Factor Threat Intelligence, roughly: 1,000,000,000 Personal Records were leaked in 2014 due to Online Threats and Cyberattacks. http://www.zdnet.com/article/one-billion-records-leaked-designer-vulnerability-use-rose-in-2014/

4 ©2015 Check Point Software Technologies Ltd. 4 [Restricted] ONLY for designated groups and individuals 2015 Security Report Sources: 16,000+ Organizations Over 300,000 monitoring hours 1,300 Security Checkup Reports 1 Million Smartphones 3,000 Security Gateways 122 Countries and Various Industries

5 ©2015 Check Point Software Technologies Ltd. 5

6 6

7 7

8 8

9 9

10 10 Let’s start with a true story A German steel mill – thousands of employees Source: http://www.wired.com/2015/01/german-steel-mill-hack-destruction/

11 ©2015 Check Point Software Technologies Ltd. 11 [Restricted] ONLY for designated groups and individuals The story starts with a spear-phishing attack on the steel mill’s business network

12 ©2015 Check Point Software Technologies Ltd. 12 [Restricted] ONLY for designated groups and individuals Phase 1: Infiltration Attackers send a targeted email that appears to come from a trusted source tricking employee to open a malicious attachment.

13 ©2015 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals The malware exploited a vulnerability on the employee computers

14 ©2015 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals Phase 2: Lateral Movement This established a beachhead for horizontal movement

15 ©2015 Check Point Software Technologies Ltd. 15 [Restricted] ONLY for designated groups and individuals Phase 3: Compromised Control Systems Failures accumulated in individual control components and entire systems.

16 ©2015 Check Point Software Technologies Ltd. 16 [Restricted] ONLY for designated groups and individuals Phase 4: Unable to shut down a blast furnace. Massive damage to the factory.

17 ©2015 Check Point Software Technologies Ltd. 17 2014 KEY FINDINGS UNKNOWN MALWARE KNOWN MALWARE MOBILITY HIGH-RISK APPLICATIONS DATA LOSS

18 ©2015 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals 2014 2013 2012 2011 2010 2009 142M 83M 34M 18.5M 18M 12M 142M New Malware in 2014 and a 71% increase versus 2013 2015 Security Report Statistics

19 ©2015 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals UnknownKnown

20 ©2015 Check Point Software Technologies Ltd. 20 Known Unknown IPS/Anti Virus work by: ̶ Looking for specific patterns ̶ Enforce compliance of protocols to standards ̶ Detect variations from the protocols Attackers evade signature based detection by obfuscating the attacks and creating attacks variants So how tough is it? ̶ Zeus and SpyEye ‘builder’s, generating Zeus or Spyeye variants in a click, are sold at 1-10K$ ̶ www.styx-crypt.com will obfuscate HTML, Javascript, Executable files, PDF & Flash files at 5-25$ per file, quantity discounts apply. www.styx-crypt.com

21 ©2015 Check Point Software Technologies Ltd. 21 [Restricted] ONLY for designated groups and individuals 41% of organizations downloaded at least one unknown malware 34 sec unknown malware is downloaded Unknown Malware

22 ©2015 Check Point Software Technologies Ltd. 22 [Restricted] ONLY for designated groups and individuals Bots 1 Command and Control min Infected organizations 2013 73% 2014 83% Known Malware

23 ©2015 Check Point Software Technologies Ltd. 23 [Restricted] ONLY for designated groups and individuals DDoS Known Malware 2014 2013 TOP ATTACK VECTORS 30 DDoS attack min

24 ©2015 Check Point Software Technologies Ltd. 24 [Restricted] ONLY for designated groups and individuals Known Malware: Top IPS Events Percent of Total 60% 40% CLIENT SERVER NO ONE TO BLAME BUT OURSELVES

25 ©2015 Check Point Software Technologies Ltd. 25 [Restricted] ONLY for designated groups and individuals Known Malware: Endpoint Vulnerabilities and Misconfigurations

26 ©2015 Check Point Software Technologies Ltd. 26 [Restricted] ONLY for designated groups and individuals Mobility: Corporate Data at Risk

27 ©2015 Check Point Software Technologies Ltd. 27 [Restricted] ONLY for designated groups and individuals Mobile Threat Research 60% 40% ANDROID iOS SURVEY: 500K+ Android and 400K iOS devices in 100+ countries 42% Suffered mobile security incidents costing more than $250,000

28 ©2015 Check Point Software Technologies Ltd. 28 [Restricted] ONLY for designated groups and individuals Mobile Threat Research 20+ Malware variants 18 MRAT families found

29 ©2015 Check Point Software Technologies Ltd. 29 [Restricted] ONLY for designated groups and individuals 2013 75% 2014 77% P2P File Sharing Applications

30 ©2015 Check Point Software Technologies Ltd. 30 [Restricted] ONLY for designated groups and individuals 305x per day, Once every 5 mins High-risk Applications used 2013 56% 2014 62% Anonymizer Proxy Applications

31 ©2015 Check Point Software Technologies Ltd. 31 [Restricted] ONLY for designated groups and individuals Data Loss 36 sensitive data sent min 2013 88% 2014 81%

32 ©2015 Check Point Software Technologies Ltd. 32 [Restricted] ONLY for designated groups and individuals sent credit card data 30% sent sensitive personal information 25% Data Sent Outside Organization by Employees % of Organizations

33 ©2015 Check Point Software Technologies Ltd. 33 [Restricted] ONLY for designated groups and individuals EVERY 24 SECONDS a host accesses a malicious website EVERY 34 SECONDS an unknown malware is downloaded EVERY 1 MINUTE a bot communicates with its command and control center EVERY 5 MINUTES a high risk application is used EVERY 6 MINUTES a known malware is downloaded EVERY 36 MINUTES sensitive data is sent outside the organization AN AVERAGE DAY

34 ©2015 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals Summary Security Statistics in 2014 New malware increased 71% 106 downloads of unknown malware occurred per hour 86% of organizations accessed a malicious site 83% of organizations had existing bot infections

35 ©2015 Check Point Software Technologies Ltd. 35 [Restricted] ONLY for designated groups and individuals Summary Security Statistics in 2014 42% of businesses suffered mobile security incidents costing more than $250,000 to remediate 96% of organizations used at least one high-risk application 81% of organizations suffered a data loss incident Loss of proprietary information increased 71% over the past three years

36 ©2015 Check Point Software Technologies Ltd. WHAT DO WE DO ABOUT IT?

37 ©2015 Check Point Software Technologies Ltd. 37 Segments reduce the size of the challenge Limit the scope of a breach Segmentation

38 ©2015 Check Point Software Technologies Ltd. 38 Weaponized PDF Threat Emulation (CPU and OS level) / Threat Extraction Command and ControlAnti - Bot Malware infestationIPS and Anti-Malware Multi-Layered Threat Prevention

39 ©2015 Check Point Software Technologies Ltd. 39 High-Risk Applications Application Control / Mobile Threat Prevention Malicious Websites URL Filtering / Mobile Threat Prevention Data Loss DLP and Data/ Document Security Access Control & Data Protection

40 ©2015 Check Point Software Technologies Ltd. 40 A question: Who configures their security technologies to prevent and not just detect?

41 ©2015 Check Point Software Technologies Ltd. 41 Pre-Infection

42 ©2015 Check Point Software Technologies Ltd. 42 Post-Infection

43 ©2015 Check Point Software Technologies Ltd. 43 Source: http://www.cvedetails.com/top-50-vendors.php?year=2013

44 ©2015 Check Point Software Technologies Ltd. 44 College – Server Compromise Incident Response Team (IRT) investigates possible server compromise Server in DMZ was flooding external hosts with UDP traffic Application control log detected IRC over HTTPS to machine in Russia IRT finds JSP RAT and Bitcoin Mining Malware on server College IPS was configured for Detect mode only (IDS). IPS Logs show Oracle server was exploited via JSP injection vulnerability IPS Signatures specific to the environment should be configured to Prevent

45 ©2015 Check Point Software Technologies Ltd. 45 Large Pharmaceutical – Malware Infection IRT contacted about possible Bot infection Examination of Anti-Bot logs show events with critical severity configured for Detect mode

46 ©2015 Check Point Software Technologies Ltd. 46 Large Pharmaceutical – Malware Infection IRT Identifies specific malware IRT investigates traffic #TotalHash shows 2151 unique malware hashes hosted on this IP Customer finds malware on host VirusTotal shows 29 AV products identify as malicious and confirms H-Worm malware H-Worm Ponmocup Conficker Critical Anti-Bot events should be configured to Prevent

47 ©2015 Check Point Software Technologies Ltd. 47 Professional Sports Team – Ransomware Customer infected with CryptoWall Ransomware Correlating source IP and user info with time of infection shows Cubby Cloud File Sharing application detected Intelligence sources confirm CryptoWall campaign uses Cubby Cloud for distribution IP of Infected Host Username Time of Infection Allowed High Risk High Risk Application Control events should be configured to Prevent Back-ups are Critical in recovery from Crypto Malware

48 ©2015 Check Point Software Technologies Ltd. 48 Leveraging IPS to address known exploits CVE-2013-2471 Vulnerability specific signatures provide protection until systems are patched

49 ©2015 Check Point Software Technologies Ltd. 49 And why Threat Prevention incorporates integrated Anti-Virus. URLs with Malware: Gateway blocks access to known infected websites URLs with Malware: Gateway blocks access to known infected websites Viruses: Gateway scans traffic for known viruses and malware Viruses: Gateway scans traffic for known viruses and malware Anti-Malware

50 ©2015 Check Point Software Technologies Ltd. 50 Botnet Protections Checks for URLs, IPs, Domain reputation Looks for unique patterns in files or in the network Finds infected machines Looks for such as C&C patterns Blocks outbound C&C traffic

51 ©2015 Check Point Software Technologies Ltd. 51 ThreatEmulation Emulated OSs Threat Emulation provides a closed environment to analyze files for unknown attacks Emulated OSs Threat Emulation provides a closed environment to analyze files for unknown attacks Focus is on behavior How a file interacts with the operating system gives a view into malicious content Focus is on behavior How a file interacts with the operating system gives a view into malicious content

52 ©2015 Check Point Software Technologies Ltd. 52 Take the leap of faith Configure your security to “Prevent” Apply the protections to everything

53 ©2015 Check Point Software Technologies Ltd. 53 WE SECURE THE FUTURE Download the 2015 Security Report at: www.checkpoint.com


Download ppt "©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security."

Similar presentations


Ads by Google