Threat Management Server Eusebio Nieva Director Técnico Check Point España y Portugal
WE BELIEVE ONLY IN THE BEST SECURITY WE ARE THE STANDARD BY WHICH ALL SECURITY SOLUTIONS ARE MEASURED [Restricted] ONLY for designated groups and individuals
*Source: THREATS BECOME A COMMODITY [Restricted] ONLY for designated groups and individuals
©2016 Check Point Software Technologies Ltd. 4 9 hours Check Point Palo Alto 4 days Fortinet 5 days Heartbleed Shellshock Poodle-TLS Venom 22 hours Check Point 18 hours Check Point 30 hours Check Point Palo Alto 29 days Fortinet 14 days Palo Alto 56 days Fortinet 10 days Palo Alto 10 days Fortinet 9 days But once known, we’re the fastest to react
[Restricted] ONLY for designated groups and individuals
Malware that has not previously been seen can often get past traditional technology WHAT YOU DON’T KNOW… …ZERO-DAY How do you protect against [Restricted] ONLY for designated groups and individuals ©2015 Check Point Software Technologies Ltd. Malwares can infect internal networks through USB flash drives, spread across network and connect to C&C through infected hosts Let’s disconnect… WHAT I CAN’T SEE WON’T HURT ME The Internet is full of scary stuff! ?
Case Study: Stuxnet (offline network) Infection via USB Communication with C&C Infecting another host and operator [Restricted] ONLY for designated groups and individuals
©2015 Check Point Software Technologies Ltd. CAN YOU REALLY KEEP UP? Offline updates… [Restricted] ONLY for designated groups and individuals
Download Center Check Point Cloud Services Overview [Restricted] ONLY for designated groups and individuals Anti-BotAnti-VirusApplication Control URL Filtering IPSThreat Emulation Sources of threat data Anti-BotURL Filtering Anti-Malware & Forensics CPUSE Software Updates
Check Point Cloud-based Services [Restricted] ONLY for designated groups and individuals CPUSE IPS and Application Control Updates ThreatCloud – Advanced Threat Prevention Cloud enables operational efficiencies, security Smart, fast, safe gateway software updates Automation for multi-domain environments Real-time threat intelligence
The Offline Challenge [Restricted] ONLY for designated groups and individuals How to harness Cloud… While keeping off the Internet?
©2015 Check Point Software Technologies Ltd. THE ANSWER: PRIVATE THREATCLOUD [Restricted] ONLY for designated groups and individuals
On-premises Private ThreatCloud Check Point Cloud Private ThreatCloud Delta updates Packages Software updates Updates MDM Packages, queries logs Indicators files AV/AB APCL, URLF, IPS Packages Sub-cloud [Restricted] ONLY for designated groups and individuals
Sample Use Cases [Restricted] ONLY for designated groups and individuals Customers with offline networks Managed Security Service Providers Security Aggregation Points All use cases share a need for private cloud Govt., Defense, ICS, regulated industries Distribution of custom threat intelligence Endpoints, SDDC micro-segmentation, IoT
Self-contained ThreatCloud Appliance Gaia OS w. onboard software blades for self protection Managed by Check Point Management Server – Existing MDM; dedicated management; or standalone Plus: CLI / APIs [Restricted] ONLY for designated groups and individuals CLI RESTful APIs Management Monitoring MDM AppDB
Stateless Load Sharing / HA Load Balancing Download Agent Public ThreatCloud [Restricted] ONLY for designated groups and individuals ThreatCloud Appliances Management (Active, Standby) ThreatCloud clients GatewaysEndpointsManagementSandBlast Each appliance rated to serve up to 1,000 clients (constrained by license)
Guaranteed one-way cloud updates [Restricted] ONLY for designated groups and individuals
Download Agent Options (On-board) [Restricted] ONLY for designated groups and individuals On-board Download Agent Public ThreatCloud Load Balancing GatewaysEndpointsManagement All queries are local to the environment SandBlast
Download Agent Options (DMZ) [Restricted] ONLY for designated groups and individuals Security Gateway enforces uni-directionality Public ThreatCloud Load Balancing DMZ All queries are local to the environment GatewaysEndpointsManagementSandBlast
Download Agent Options (Data Diode) [Restricted] ONLY for designated groups and individuals Public ThreatCloud Load Balancing All queries are local to the environment Diodes enforce uni-directionality GatewaysEndpointsManagementSandBlast
Download Agent Options (Manual) Public ThreatCloud Load Balancing All queries are local to the environment Sneakernet GatewaysEndpointsManagementSandBlast [Restricted] ONLY for designated groups and individuals
Roadmap [Restricted] ONLY for designated groups and individuals
©2015 Check Point Software Technologies Ltd. A MULTI-TENANT CONTENT DISTRIBUTION NETWORK FOR SECURITY DATA, SERVING ENFORCEMENT POINTS WITH REAL-TIME DATA IN SUPPORT OF SECURITY AUTOMATION What is ThreatCloud? [Restricted] ONLY for designated groups and individuals
Roadmap Expanded data services – Custom threat indicators and signatures – Automated indicator generators (SandBlast, Forensics) – Intellistore feeds – Intelligence sharing (STIX/TAXII) – ThreatWiki and other metadata (e.g. intelligence reports) Additional cloud client types – Sub-clouds – Dedicated threat prevention appliances Feedback mechanisms – Anonymized indicator match statistics and analytics – Controlled sharing (upstream, peer to peer) [Restricted] ONLY for designated groups and individuals
Sub-clouds [Restricted] ONLY for designated groups and individuals Download Agent Threat Management Server
Sandblast Cloud Front-end Emulator Monitoring Average processing time Average emulation time POD Monitoring # Of connections #Of open sessions Collector and queue manager Emulators Public ThreatCloud Updates [Restricted] ONLY for designated groups and individuals
Summary
[Restricted] ONLY for designated groups and individuals Threat prevention requires online access Online updates reduce admin overhead Private ThreatCloud lets you enjoy Cloud If you’re not up to date, you’re vulnerable Especially in multi-management networks While keeping your network off the ‘Net
[Restricted] ONLY for designated groups and individuals