Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов Консультант по безопасности.

Published byAlexia Julie Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов Консультант по безопасности."— Presentation transcript:

1 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов arazumov@checkpoint.com Консультант по безопасности Check Point Software Technologies

2 2 2©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Agenda 1 Eventia vs SmartEvent 2 SmartEvent look and feel 3 Packaging

3 3 3©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SmartEvent vs Eventia SmartEvent blade is based on Eventia Analyzer technology, designed and tuned for event management leveraging Eventia’s sophisticated engines and displays SmartEvent Intro is tuned for a specific product (like IPS or DLP in R71).

4 4 4©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SmartEvent Intro vs. SmartEvent Full SmartEvent Intro SmartEvent Full Timeline visibility Single productFull Geo-location view Single productFull Graphical views Single productFull Automatic Actions Single productFull Events Forensics and Analysis Single productFull Reports Basic – Fixed reportsAdvanced – supports full reporting blade capabilities Support 3 rd Party Devices NoYes Custom events NoYes

5 5 5©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SmartEvent deployment Corporate Network Branch Offices Internet Extranet Partners Remote Users SmartEvent Server + Correlation Unit + Log server Additional SmartEvent Correlation Unit + Log Server NOC + SOC SmartEvent GUI Security Management + Log Server Adding an additional SmartEvent (Full) Correlation Unit + Log Server SmartEvent Intro has a default correlation unit on every Log Server In addition SmartEvent Into Package does not require any policy configuration or policy install

6 6 6©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Agenda 1 Eventia vs SmartEvent 2 SmartEvent look and feel 3 Packaging

7 7 7©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SmartEvent Intro features Timelines – See real time information, trends, and anomalies at a glance. Charts – View event statistics in bar charts or pie graphs. Maps – Locate source or destination IP on a world map. Forensics – Drill down by double clicking on Timelines, Charts or Maps. Group By – Group events based on severity, source, destination or other fields. Ticketing – Assign events to administrators for analysis User Identification – Every log can be associated with Active Directory user names. ClientInfo – Right click IP address to see processes, hotfixes, and vulnerabilities

8 8 8©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Monitor Only what is Important! Timeline view  Number and severity of attacks over time  Simple mouse-click drill down to forensic analysis  Customizable – allows user to define his own timelines Recent critical events  At-a-glance view of recent critical events  Simple mouse-click drill down to forensic analysis Timeline view Recent critical events Monitor what is Important

9 9 9©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Search in any field Timeline view  Number and severity of attacks over time  Simple mouse-click drill down to forensic analysis  Customizable – allows user to define his own timelines Recent critical events  At-a-glance view of recent critical events  Simple mouse-click drill down to forensic analysis Search in any field or combination of fields

10 10 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Easy Analysis Top views simplify analysis and allow easy drill-down

11 11 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Group Events for Better Understanding Data can be grouped by any field or combination of fields

12 12 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Assign a Ticket Attacks must be investigated Jim is assigned to investigate Hacker Land

13 13 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | User and Machine Names within Eventia Jim looks up the User Name and Machine Info Jim can also see the client and server types

14 14 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | View Client Information Jim wants more information about the client machine

15 15 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Client Information ClientInfo provides full details about the client machine: software and security patches installed, processes and services running and more using WMI (Windows Management Instrumentation) By Comparing this info ClientInfo can also state whether the client machine is vulnerable to specific Microsoft issues ClientInfo investigates a specific attack that exploits a vulnerability based on Microsoft Security Bulletin ClientInfo requires credentials with administrator-level privileges on the target computer.

16 16 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Sending an event Jim can decide to send the event by mail to Mark his colleague for further investigation Hacker Land Jim can decide to report the event to Check Point with or without packet capture The information is analyzed to better understand customer environments and potential false positives

17 17 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | IPS Events Packet capture – retrieves the data packet that caused the attack if it is still stored on the gateway Add exception, go to protection launches SmartDashboard Advisory, Protection Description attack description as in SmartDashboard CVEs – hyperlink to Mitre and other standard sources Follow-up for new events Report to Check Point ( Note: we don’t give the user any status update)

18 18 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Agenda 1 Eventia vs SmartEvent 2 SmartEvent look and feel 3 Packaging

19 19 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Pricing & Packaging Available packages: Pre-defined Systems Intro package included in SM2506 and SMU007 pre- defined systems Package NameDescriptionPrice SmartEvent Intro Package Intro Package: event analysis for one single product - IPS, DLP, etc… $4000 SmartEvent Full Package Full Event Analysis capabilities: Full Check Point products support 3 rd party products support Custom Events definitions Reporting $8000 / $16,000 / $32,000 (Based on container size)

20 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Антон Разумов arazumov@checkpoint.com Консультант по безопасности Check Point Software Technologies

Download ppt "©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов Консультант по безопасности."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.

Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Advanced Workgroup System. Printer Admin Utility Monitors printers over IP networks Views Sharp and non-Sharp SNMP Devices Provided Standard with Sharp.

Advanced Workgroup System. Printer Admin Utility Monitors printers over IP networks Views Sharp and non-Sharp SNMP Devices Provided Standard with Sharp.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.

(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
MiVoice Office v6.0. 2 MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
HiVision SNMP Software.

HiVision SNMP Software.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.

Similar presentations

Ads by Google