INFINITY: THE CYBERSECURITY ARCHITECTURE OF THE FUTURE - IN A DIGITAL WORLD

Transcription

1 INFINITY: THE CYBERSECURITY ARCHITECTURE OF THE FUTURE - IN A DIGITAL WORLD Nathan Shuchami VP of Emerging Products 2017 Check Point Software Technologies Ltd. 1

2 WE LIVE IN AN AMAZING WORLD

3 age WE LIVE LONGER LIFE EXPECTANCY Source: ourworldindata.org

4 WE HAVE BETTER LIVING STANDARDS EXTREME POVERTY % of population living in poverty Source: ourworldindata.org

5 WE GET BETTER EDUCATION LITERACY % of literate population Source: ourworldindata.org

6 And did you know? OZONE LAYER APPEARS TO BE HEALING!

7 Why? Why Now? EXPONENTIAL GROWTH OF TECHNOLOGIES

8 WHERE WE THINK WE ARE

9 WE ARE HERE EXPONENTIAL TECHNOLOGY

10 TAKE 30 LINEAR PACES Meters

11 TAKE 30 EXPONENTIAL Steps 26X Around the Earth! 1,073,741,824 Meters

12 THE FUNDAMENTAL OF EXPONENTIAL TECHNOLOGY Moore's law Transistors 1971 Intel Transistors $ Nvidia GPU 7.1 B Transistors $

13 By David.Monniaux, CC BY-SA 2.0, = Apple Watch 2X Cray-2 Supercomputer Source: dailymail.co.uk

14 (Global population (Billions) THE CONNECTED WORLD 5 BILLION NEW MINDS % world population using the Internet % 23% 66% Connected Total Population Source: PHD Ventures, Inc.

15 IMAGINE WHAT 5 BILLION NEW MINDS WILL CREATE, DISCOVER, CONSUME, INVENT.

16 AUTONOMOUS CARS

17 3D PRINTED FOOD

18 REVOLUTIONIZING DELIVERY SERVICES

19 DISRUPTIVE BUSINESS MODELS #1 Taxi company owns no cars #1 Accommodation company owns no real estate #1 Media provider creates no content #1 Fastest growing TV network lays no cables #1 Valuable retailer has no inventory

20 NEW POSSIBILITIES

21 USERS ARE CHANGING IT IS ABOUT FAST AND AGILE EVERY 9 MONTHS 2013 Source: 2016 State of DevOps Report, puppet.com Time to deliver new app: EVERY 48 HOURS 2015 EVERY 6 HOURS 2016

22 THE INFRASTRUCTURE IS CHANGING NOW

23 Security is the biggest barrier to IoT adoption Security concerns continue amid Cloud adoption ITPRO InformationWeek Cybersecurity is biggest risk of Autonomous Cars Bloomberg

24 PUBLIC CLOUD SERVERS HACKED Exposing 1.5 million Americans private health records SEPT 2015 Source: theregister.co.uk

25 HACKERS STRUCK POWER GRID in Ukraine leaving 230,000 residents in the dark. DEC 2015 Source: wired.com

26 WIKILEAKS CIA uses zero day exploits on Samsung TVs turning them into covert microphones MAR 2017 Source: wikileaks.org

27 CONNECTED DOLL HACKED FEB 2017 Source: euronews.com

28 MAY 2017 WANNACRY RANSOMWARE ATTACK One of the biggest ransomware attacks ever; Tens of thousands of infected computers in nearly 100 countries.

29 WHAT SHOULD WE EXPECT THIS YEAR? ATTACKS WILL CONTINUE TO GROW. WE ARE ALL TARGETS. ADVANCED THREATS Our networks will still be targeted! CLOUDIFICATION The shift is accelerating MOBILITY Fundamental part of each business 2017 Check Point Software Technologies Ltd. 29

30 A R E W E R E A D Y F O R I T? ARE WE TAKING THE RIGHT APPROACH? 2017 Check Point Software Technologies Ltd. 30

31 A global cyber attack just happened again! PETYA 27 June 2017 WannaCry May 2017 Ukraine Russia United States Denmark Criminals are using superpower technology This attack could have been avoided! Germany Advanced threat prevention tools exist, but are STILL insufficiently used 2017 Check Point Software Technologies Ltd. 31

32 HOW DO YOU INNOVATE, INSPIRE AND COMPETE WHILE REMAINING SECURE?

33 THE TRADITIONAL APPROACH Virus Anti-Virus Malicious Websites URL Filtering Intrusion Intrusion Detection Botnet Anti-Bot High Risk Applications Application Control

34 Most security technologies today stay ONE STEP BEHIND Looking for yesterday s signatures Detection instead of prevention PATCHWORK OF POINT SOLUTIONS. COMPLEX SOLUTIONS WITH UNCERTAIN SECURITY COVERAGE.

35 NOW IMAGINE THE FUTURE OF CYBER SECURITY

36 EFFECTIVE SECURITY

37 4.9 MONTHS is the average time to detect a data breach in an organization. 8 months 8 months 8 months ~1 year ~1 year ~1 year Source: infocyte.com

38 PREVENTION IN WHICH THREATS ARE BEING BLOCKED BEFORE THEY DAMAGE YOUR NETWORKS AND SYSTEMS

39 SECURITY THAT PREVENTS BOTH THE KNOWN UNKNOWN THREATS

40 ONE STEP AHEAD MEANS BLOCK THE ATTACK AT EVERY STAGE Reconnaissance Delivery Exploitation Control

41 PREVENTING THE KILL CHAIN RECONNAISSANCE Block suspicious network activity DELIVERY Block malicious download EXPLOITATION Block exploitation of vulnerabilities CONTROL Block command & control activity

42 SECURITY EVERYWHERE

43 ATTACKS CAN BEGIN FROM ANYWHERE Stuxnet started with USB Aug 2010 Target started with air conditioning Fed 2014 Pawn storm, APT ios Espionage App started from Mobile Jan % of cyber attacks start with a phishing

44

45 ARCHITECTURE THAT PROVIDES SECURITY EVERYWHERE Combining enforcement points, threat intelligence and management MANAGEMENT Indicators of Compromise (IOCs) THREAT PREVENTION ENDPOINT SECURITY NETWORK SECURITY GATEWAY MOBILE SECURITY VIRTUAL SYSTEMS CLOUD SECURITY

46 EFFICIENT SECURITY

47 BIGGER INVESTMENT DOES NOT MEAN BETTER SECURITY $84B $72B $76B 41% 34% 31%

48 [Restricted] ONLY for designated groups and individuals Security Consolidation FROM - complex - monolithic TO - simple - modular FW IPS Threat Prevention Zero Day End Point Mobile Data security

49 SIMPLE 20% REDUCTION in SECURITY SPEND consolidating on single architecture IPS VPN URLF Firewall DDos Mobile Security IPS VPN URLF App Control Anti Virus Anti Spam Firewall DDos Mobile Security Anti Bot Sandboxing App Control Anti Bot Anti Virus Sandboxing Anti Spam

50 SCALABLE BIG DATA GLOBAL KNOWLEDGE MACHINE LEARNING OFFLOAD Security inspection to the cloud SHARED IOCs NEW PROTECTIONS UPDATE IN NEAR REAL TIME PERFORMANCE OFFLOAD IPS VPN URLF App Control Anti Virus Anti Spam Firewall DDos Mobile Security Anti Bot Sandboxing

51 SINGLE MANAGEMENT SINGLE MANAGEMENT 50% REDUCTION in HUMAN INVESTMENT with single management platform

52 THE SECURITY YOU DESERVE Effective Efficient Everywhere

53 LET S LOOK AT WHAT CUSTOMERS USE TODAY 100% NOT PROTECTED 50% 93% 99% 98% PROTECTED 0% ADVANCED THREAT PREVENTION MOBILE SECURITY CLOUD SECURITY 2017 Check Point Software Technologies Ltd. 53

54 THE EXPLANATIONS IT S TOO COMPLICATED I DIDN T REALIZE IT WAS SUCH A PROBLEM TOO MANY POINT PRODUCTS NOT ENOUGH TRAINED PEOPLE I DIDN T THINK IT COULD HURT US 2017 Check Point Software Technologies Ltd. 54

55 It s time for us to step up! WE MUST INVEST IN THE FUTURE OF CYBER SECURITY! 2017 Check Point Software Technologies Ltd. 55

56 THE THREAT LANDSCAPE PLAYERS TARGET MOTIVATION CYBER CRIMINALS CONSUMERS AND ENTERPRISES Mass infection, the more the better MAKE MONEY STATE SPONSORED CYBER AGENCIES CRITICAL INFRASTRUCTURE, LARGE ENTERPRISES, C-LEVEL MANAGERS Targeted attacks CYBER WARFARE, CYBER TERRORISM, CYBER SUBVERSION, ESPIONAGE THREATS GENERIC ZERO-DAY SOPHISTICATION LEVEL MEDIUM VERY HIGH, WEAPON SYSTEMS INVESTMENT LOW NATIONAL LEVEL BUDGETS EXAMPLES 2017 Check Point Software Technologies Ltd. ATTACK ON SAN FRANCISCO MTA, NOV 2016 SPEAR PHISHING ATTACK ON UKRAINE POWER GRID, DEC

57 THE THREAT LANDSCAPE PROLIFERATION OF KNOWLEDGE e.g. The Shadow Brokers PLAYERS TARGET CYBER CRIMINALS CONSUMERS AND ENTERPRISE Mass infection, the more the better STATE SPONSORED CYBER AGENCIES CRITICAL INFRASTRUCTURE, LARGE ENTERPRISES, C-LEVEL MANAGERS Targeted attacks MOTIVATION THE OUTCOME: MAKE MONEY CYBER WARFARE, CYBER TERRORISM, CYBER SUBVERSION, ESPIONAGE MORE THREATS, MORE GENERIC SOPHISTICATION ZERO-DAY SOPHISTICATION LEVEL MEDIUM VERY HIGH, WEAPON SYSTEMS INVESTMENT LOW NATIONAL LEVEL BUDGETS EXAMPLES 2017 Check Point Software Technologies Ltd. ATTACK ON SAN FRANCISCO MTA, NOV 2017 SPEAR PHISHING ATTACK ON UKRAINE POWER GRID, DEC

58 TRADITIONAL SECURITY PRODUCTS ARE NOT ENOUGH Only 45% of malware attacks can be detected by Antivirus* Attackers bypass signature based security products by using unknown threats Polymorphic engines, permutations etc Cyber agencies evasive techniques bypass 1st generation sandboxes Time triggers, extended sleep, sandbox exposure, fast flux etc 2017 Check Point Software Technologies Ltd. *Source: 58

59 ORGANIZATIONS ARE BREACHED BY MULTIPLE ATTACK VECTORS WEB MOBILE DEVICES Malicious attachment Malicious links Malware Phishing Malicious apps Malicious Networks Phishing 2017 Check Point Software Technologies Ltd. 59

60 THE PATH TO YOUR CROWN JEWEL HAS SEVERAL STEPS 1 Gain admin permissions to run a shellcode on victim s endpoint (laptop, desktop, mobile) in order to download or install malware or encrypt/damage the endpoint 2 Then by lateral movements to gain access to the crown jewel! Phishing attacks do not require any download of malicious code BREACHED TO GAIN ACCESS TO Laptop Mobile SCADA server Data center/servers Desktop 2017 Check Point Software Technologies Ltd. Social security data base 60

61 THE ATTACK SURFACE IS ALSO EXPANDING ENTERPRISE NETWORK + Virtual Data Centers Employees connected to corporate network using mail and web REMOTE EMPLOYEES Employees connected from home using laptop, personal mail and web CLOUD 3 rd party cloud business services such as Microsoft Office 365 MOBILE Employees connected using mobile devices especially BYOD 2017 Check Point Software Technologies Ltd. 61

62 CONCLUSION 1 Protecting the enterprise from advanced threats requires security that covers ANY ATTACK SURFACE When connected to corporate network Remote employees: At home using your endpoint Using cloud business services Inside or outside corporate network using mobile device 2017 Check Point Software Technologies Ltd. 62

63 CONCLUSION 2 Protecting the enterprise from advanced threats requires security that covers ALL ATTACK VECTORS WEB MOBILE DEVICES Attachments, web based malware and phishing websites 2017 Check Point Software Technologies Ltd. 63

64 SUCCESSFUL PROTECTION NEEDS TO HAVE 3 LINES OF DEFENSE 1 DETECT & PREVENT 2 CONTAIN 3 FORENSIC ANALYSIS It is critical to use the best detection engine together with real prevention capabilities Contain attacks as soon as possible. Once infected the cost of the attack will just keep on rising Effectively respond and remediate. Address the real business impact Make sure the infection doesn t come back 2017 Check Point Software Technologies Ltd. 64

65 ADVANCED THREATS PREVENTION: PROTECTING ALL SURFACES network remote employees cloud mobile FROM ANY ATTACK VECTOR web mobile threats WITH 3 LINES OF DEFENSE NGTX GATEWAYS SANDBLAST AGENT SANDBLAST CLOUD SANDBLAST MOBILE 2017 Check Point Software Technologies Ltd. 65

66 Check Point INFINITY for the cloud ONE SECURITY PLATFORM FOCUS ON THREAT PREVENTION CONSOLIDATED MANAGEMENT 2017 Check Point Software Technologies Ltd. 66

67 THE CHECK POINT ADVANTAGE 500,000,000+ malicious activities detected daily The world s largest IoC database Real-time inputs from traffic across 100K customer s security gateways world wide 11,000,000 malware signatures 250,000,000 addresses analyzed for bot discovery per year 2017 Check Point Software Technologies Ltd. 67

68 UNIFIED MANAGEMENT ACROSS ALL CHECK POINT'S SECURITY OFFERINGS POWERED BY: USERS DEVICES APPLICATIONS DATA GATEWAYS PRIVATE CLOUD PUBLIC CLOUD VIRTUAL GW 2017 Check Point Software Technologies Ltd. 68

69 A SINGLE VIEW INTO SECURITY RISK POWERED BY: 2017 Check Point Software Technologies Ltd. 69

70 NWP NATIONWIDE PROTECTION SYSTEM ThreatCloud 250 MILLION BOT ADDRESSES 11 MILLION MALWARE SIGNATURES 5.5 MILLION INFECTED WEBSITES Intelligence POD Private STIX Feeds Analyst CSOC Operation & System Maintenance SENSE ANALYZE PREVENT Sentry Sentry Sentry Sentry Sentry Delegate reports & Controls to Site and / or Sector POWERED BY: IPS, Anti Virus, Anti BOT, Threat Emulation

71 W E L C O M E T O T H E F U T U R E O F C Y B E R S E C U R I T Y! CLOUD MOBILE THREAT PREVENTION CONSOLIDATED SYSTEM THE FIRST CONSOLIDATED SECURITY ACROSS NETWORKS, CLOUD, AND MOBILE, PROVIDING THE HIGHEST LEVEL OF THREAT PREVENTION 2017 Check Point Software Technologies Ltd. 71

72 THANK YOU 2017 Check Point Software Technologies Ltd. 72