Security Observations & Ideas from the field *Texas, Oklahoma, Arkansas Hank Johnson | Area Manager Oscar Grider Sales Representative Stephen Systems Engineer

What’s driving Security Spending ? Upgrade of existing, aged equipment Consolidation of multiple point products Consolidation + New Security Features Compliance Redefinition of the Enterprise to include Locations Mobile A Good Offense is the Best Defense Advanced Threat Protection = Known & Unknown Reporting & Forensics = More Data & Visibility

Data : Dashboard , Detail & Forensics Security Trends Security Readiness Data : Dashboard , Detail & Forensics Product Enterprise Security Strategies Monitor / React Proactive / Trend User Involvement ** Redefine the Enterprise: Remote sites & Mobile **Client Execs involved at a new level **

Let’s get serious – Shall We?

Security has been underfunded… By other valid IT & Business Priorities including: IP Telephony / Unified Communications Storage & Server Virtualization ;Converged Computing SAP , Oracle, other applications SF.com & other CRM systems Cloud & Hybrid Data Center Initiatives Impact to Security: Most are in Catch Up Mode Security is “MainStream” Key issues: Personnel / Organizational Structure Policy ( Social media, Document Retention, Breach planning ) Strategy ( Current State to Future State ) Show up as entire paragraph 1 then 2

Start Here Self Assessment

Client Assessments: Work to be Done 1st Key Question: “Where am I today?” Follow up questions: Desired Future State First Priority What’s possible today Where do I start

High Level Security Planning Framework - 4 things Infrastructure Threat Mobility Management & Visibility Knowing that business is dynamic and the threat landscape is dynamic….CP is centered in our innovation and our passion to deliver uncompromising security, performance, agility, etc….to ensure client success

More control & reporting Infrastructure Consolidation is real but you own Architecture Firewall and VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Antivirus & Anti-Malware Software Blade URL Filtering Software Blade DLP Software Blade Anti-Bot Software Blade Fewer Suppliers & Maintenance contracts More control & reporting

Granular Control of All Security Layers Network Threat Prevention IPS Anti-Bot Antivirus Granular Visibility Mobile Access Mobile Access Sensitive Data DLP Internet Applications Usage SmartEvent Application Control URLF User Access Identity Awareness

Priority: Keep System Software Current Check Point Research Industry Feeds Sensors & Sites Priority: Keep System Software Current We are feeding the ThreatCloud with many sources, both internal and external, and pushing security protections back to all Check Point products around the globe.

One of the most dynamic areas of Security Threat Prevention

Known ( IPS / IDS / URL / App ) Unknown ( SandBox / Zero Day / APT ) Email & Mobile Reporting / Context / Forensics / Trending Knowing that business is dynamic and the threat landscape is dynamic….CP is centered in our innovation and our passion to deliver uncompromising security, performance, agility, etc….to ensure client success

We Spend Time and Budget On.. While Positioning for Future Challenges TODAY’S INFRASTRUCTURE FUTURE ATTACK VECTORS Firewall VPN IPS Anti-Spam URL Filtering Anti-Virus DDoS Polymorphic Malware APTs Mobility 12B: FW – $4.9M IPS – $1M SWG - $1.6M Aspam – $1M AV ( EP) – $3.4M $400M FEYE – $260M ( ~65% organic growth from 2013 $160M) PAN – 12M Check Point - 24 Others – dambala, sourcefire Have the Platform Built 1st !!

Multi-Layer Threat Prevention Industry Feeds Global Sensor Data Check Point Research Known Known ThreatCloud Emulation Service As threats have evolved so has our technology. Where threats are concerned, we are all in this fight together. We have created the largest collaborative threat prevention cloud that collects input from 100’s of check point researchers, industry feeds and our own Check Point gateway sensors, the most extensive in geography and deployment. We call it ThreatCloud. Once it collects the intelligence, it translates it into real-time protections that are implemented in the Check Point gateways to stop threats.   We also have created an intelligence marketplace with TC IntelliStore that gives organizations more protection and access to unique intelligence feeds that may be relevant to their industry, geography or specific attack types. Beyond protecting against the known threats, we have also innovated to build threat emulation technologies so that we can protect you against unknown malware. Today, IPS, Antivirus and Anti-Bot are effective technologies against known malware. But hackers create variants to evade signature-based detection. To detect these unknown variants and to find zero-day attacks we run the malware in a virtual sandbox to detect and prevent these malicious files. As these unknowns are found and become known, we feed the information to our ThreatCloud and then update other gateways so that all of our customers have the most up to date protection. Unknown Known and Unknown Malware X X

“Threat” requires a holistic view Managing Unknowns Sandbox Quarantine Emulation INSPECT EMULATE PREVENT SHARE “Threat” requires a holistic view ** New CPU level solution – Stop before threats get to the OS level. [Protected] Non-confidential content

Priority: Speed & Time to address major vulnerabilities 9 hrs Check Point 22 hrs Check Point 18 hrs Check Point Heart Bleed Shell Shock Poodle Lets see how fast check point patched the 3 major vulnerabilities of 2014 HeartBleed, Shell Shock & poodle TLS PAN TBD: https://live.paloaltonetworks.com/thread/12098 PAN rest: http://securityadvisories.paloaltonetworks.com/ Fortinet: http://www.fortiguard.com/updates/ips.html?version=4.476 Others ? Others? Others ?

You can’t manage what you can’t measure Optics & Reporting

Management Security Management Event Management Log Management Simplicity & Power in One Plate of Glass “Our evaluation of Global Management put the Check Point Security Gateway on top by a wide margin.” Network World – May 2012 Check Point Management is the “gold standard against which other consoles are measured.” Gartner 2013 Security Management Event Management Log Management Built-In Compliance Engine

SPOG Management & Visibility

360o Visibility of Network Security Time shows topline security events Map shows origin of attacks and threats Let’s take a look at one view in our management console. This example shows top line information from multiple angles, including summary of critical attacks over time, geographic information on source or destination of attacks, lists of important events, and counts of events by type. Each of these views can be expanded to show more detail and exported as reports for additional analysis. Important security events highlighted Rate and frequency of potential attacks

Mobility

Today’s Mobile Solutions have Security Gaps MDM = Management NOT Security Mobile Security Same policies as On Net APT protection Document Security Mgt & Reporting Script: Today organizations are trying to put together solutions to address these challenges. But, assembling independent, unrelated solutions to address all the mobile security challenges creates security gaps that leave the organization potentially vulnerable to threats. The main solutions today are predominantly focused on device management, and focus very minimally on actual device and data security. They may secure data that is in a container, but provide no security for documents once they leave the device. They don’t protect devices from threats, and do not prevent users from accessing potentially malicious websites and content. Companies are utilizing independent methods such as: Controlling access to devices, device management, file and disk encryption; and secure containers These independent methods do not provide a complete and unified solution that can protect organizations from the threats facing them today, or in the future, and they do not protect organizational data throughout its life, wherever it goes. How do you protect devices from THREATS? How do you protect DATA wherever it goes? [Restricted] ONLY for designated groups and individuals

Customers are still looking for a solution of enterprises see mobile support to employees as critical priority 70% of firms see implementing a BYOD policy as critical priority 50% The State Of Enterprise Mobile Security, Q1 2014: Strategies Shift From Devices To Apps of large enterprises will have deployed technologies to secure access to enterprise resources by 2016 75% Forrester Gartner [Restricted] ONLY for designated groups and individuals

Has your mobile device been used … To access Dropbox? By your kids? Facebook? Over 30% of parents let their kids use their corporate devices1 71% of adults over 18 have a Facebook account2 1 in 5 employees use consumer cloud storage for work documents3 Script: For a moment, think about your use of mobile devices and how you share data today. Has your mobile device been used by your children? Have you used your phone or tablet to access Facebook? Have you accessed Dropbox or another service to work on a project out of the office, or to share a file with a customer or fellow employee? As you can see from these statistics, these activities are not just passing fads. Mobile devices have become integral to our lives, and we unintentionally put our devices, data, and network at risk every day. 12013 Norton Report, Oct 2013, by Symantec 22013 Pew Research Center Internet Project Tracking Survey 3Nasuni Survey of 1300 business users as reported by GigaOm [Restricted] ONLY for designated groups and individuals

Infection or Loss … Easy as 1, 2, 3 UPLOAD FILES TO THE CLOUD SURF THE INTERNET FORGET DEVICE Script: Unfortunately, many of us don’t actively consider the risks associated with expanding use of mobile devices. Have you used your work devices at home or at a coffee shop or airport? When you or your children use your corporate device to access Facebook, online gaming websites, and other content, you may unintentionally access a malicious site, or download a virus. The next time you access your corporate network, you may unknowingly transfer that virus. Have you ever left your phone in a taxi? Over 4.5 million phones were lost or stolen last year. Lost or stolen employee phones can have significant consequences for the company especially when they contain sensitive customer data and corporate intelligence. Often times, when your device is lost or stolen, you will notify your company and they will wipe all data from your phone. But this has consequences for all your data on the phone, business AND personal. Have you ever used Dropbox to share/store a corporate file?  In over 85% of organizations, employees do use Dropbox. If you use Dropbox or another similar service, you unintentionally risk the confidentiality of your organizations information. That information is now no longer secure, and can be susceptible to cybercrime. ©2014 Check Point Software Technologies Ltd. 26

Vision: Enterprise = 100% of the Enterprise Mobile Security Single solution End to end protection APT protection Reporting & Forensics Intuitive UI See if there is a differnet one to show  hackers are touching everything Data center, mobility, ……? Over looking every element of the enterprise . Closing off the gaps Entire enterprise Script: Today organizations are trying to put together solutions to address these challenges. But, assembling independent, unrelated solutions to address all the mobile security challenges creates security gaps that leave the organization potentially vulnerable to threats. The main solutions today are predominantly focused on device management, and focus very minimally on actual device and data security. They may secure data that is in a container, but provide no security for documents once they leave the device. They don’t protect devices from threats, and do not prevent users from accessing potentially malicious websites and content. Companies are utilizing independent methods such as: Controlling access to devices, device management, file and disk encryption; and secure containers These independent methods do not provide a complete and unified solution that can protect organizations from the threats facing them today, or in the future, and they do not protect organizational data throughout its life, wherever it goes. Mobile Security must be part of the Strategy [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. 27

The Internet So many points of entry! Connected via the internet Data Center Internal Servers Remote offices Virtual Servers Cloud computing Remote workers Mobile devices

Final Thoughts The Issues are Real The Solutions are Many Assess – Plan – Execute For the entire Enterprise Hold the industry accountable Network / Idea share with others Don’t overthink it – get after it!

Everyone has a plan ‘till they get punched in the mouth Mike Tyson So you have a track record market leadership With an excellent product but then “shellshock” happens or “poodle” or Heartbleed and I can go on That catches the entire industry vulnerable This is where the people come into play

Hank Johnson | Area Manager Thank You ! Hank Johnson | Area Manager

Build a Plan ; Execute the Plan Any Security Function NGFW NGTP SWG NGDP More URL Filtering Firewall IPS ID Awareness Anti-Virus App Control URL Filtering DLP GRC VPN App Control Anti-Bot Anti-Spam Anti-Virus Mobile Access Mobile Data Protection Threat Emulation Integration with OPSEC Central Management and Reporting Any Platform Appliances Open servers COTS Servers Virtual Cloud IAS and COTS servers 2012 Appliances

How do you view your Enterprise? How do you secure your Enterprise ? ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 33