ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them Social engineering Malware attacks Check Point SandBlast Agent Competitive Comparison 2018 Check Point Software Technologies Ltd. 2
WE ARE AT AN INFLECTION POINT! Gen V THREATS Gen IV Gen I Gen II Gen III Payload Mega Applications Virus Networks 1990 2000 2010 2017
2018 GEN V OF ATTACKS 1 2 3 4 Large scale (across country and industry) State-sponsored technologies Devastating damages MULTI-SURFACE Network Cloud Mobile Endpoint
Why is endpoint protection essential? Remote Connection Employees that connect from remote sites to corporate assets are more vulnerable as they lack the perimeter security Lateral Movement Malware spread from one endpoint to the other evading network controls Last Line Defense Sophisticated malware can be detected only during runtime on the endpoint device Forensics Enables recording of all endpoint traffic and actions to create detailed forensics 2018 Check Point Software Technologies Ltd. 5
TYPES OF ATTACKS : Account take over Credential Theft Phishing Malicious files File-less attacks Most endpoint solutions focus on malware based attacks Source: thesslstore.com, HelpnetSecurity.com
SOCIAL ENGINEERING CAN BE PREVENTED 2018 Check Point Software Technologies Ltd. 7
SOCIAL ENGINEERING BASED ATTACKS Phishing Attacks Spear Phishing Whaling Attacks Credential theft Sensitive Information theft Account Takeover Targeted to specific employees Harder to Detect Targeting C-Level Highly Sophisticated 2018 Check Point Software Technologies Ltd. 8
Why traditional methods aren t enough? ZERO DAY SOCIAL ENGINEERING Anti Spam is not enough Malicious URL directing to Phishing sites can also get through : Social media channels Instant messaging Personal emails URL filtering is not enough Outdated quickly Phishing campaigns are quick& dirty Needs constant updating
PROTECTS USERS FROM PHISHING SITES Even those never seen before Zero Phishing Demo IP Reputation URL Similarity Title Similarity Visual Similarity Text Similarity Domain Reputation Lookalike Characters Image Only Site Multiple Top-Level Domain Lookalike Favicon User access to new site triggers review Evaluation based on reputation and advanced heuristics Verdict issued in seconds
Zero Phishing Demo PREVENTING REUSE OF CORPORATE CREDENTIALS Corporate Credentials Keeps business credentials safe by preventing usage of corporate passwords on external sites
THE ONLY SOLUTION THAT PROVIDES PROTECTION AGAINST SOCIAL ENGINEERING THREATS Endpoint Device Threats Other 15% Malware 35 % Social engineering 50% Social Engineering Malware Others 2018 Check Point Software Technologies Ltd. 12
Zero-Day Malware
HOW MALWARE IS SPREAD SURFACE VECTOR Endpoint Type Email Web File Sharing Phishing Man in the Middle Malicious Networks Data breach Bot infections Encryption of data Ransomware Wiper Crypto mining Trojans Bankers
APPROACHES OF DEFENSE FOR ENDPOINT PROTECTION STRATEGY SIGNATURES BASED DETECTION Quick detection Detects known Malware Dependent on frequent updates ON-DEVICE INSPECTION (STATIC/BEHAVIORAL) Quick decisive decision Works offline Susceptible to False positives SANDBOX Zero day detection Low false positives Not real time No Zero Day Solution EP Resource intensive Connectivity based
Highest scores in 1 st ever Breach Prevention System test Lowest TCO Single consolidated gateway, running at 10Gbps 100% Breach Prevention System Combined Score 100% Block rate 99.2% Evasion score 0.0% False Positives 2018 Check Point Software Technologies Ltd. *Against drive-by exploits, social exploits, HTTP malware, email malware and off-line infections 16
SANDBOX offers superior detection! But, How to get highest level of security in real time and in offline mode and with no delays? 2018 Check Point Software Technologies Ltd. 17
INTRODUCING 500,000,000+ Malicious file hashes and sites 3,000,000 + ZERO DAY SIGNATURES Malware detection daily 250,000,000 C & C addresses 17,000,000 Cyber attacks detected weekly 11,000,000 Malware behavioral signatures LEVERAGING THE POWER OF THE LARGEST CYBER SECURITY COMMUNITY 2018 Check Point Software Technologies Ltd. 18
ZERO DAY SIGNATURES REAL TIME SECURITY UPDATES Daily inputs from network traffic across 150K security gateways world wide Extensive geographical spread enabling regional based detections Immediate daily base translation of threat intelligence data into distributed signatures Based on feeds from the most accurate Sandbox in the industry ONE OF THE LARGEST GLOBAL CYBER SECURITY COMMUNITY 2018 Check Point Software Technologies Ltd. 19
The evolution of the endpoint market Players in the Endpoint security Market EDR 2018 Check Point Software Technologies Ltd. 20
THE ONLY ENDPOINT SOLUTION THAT CONSOLIDATES ALL TECHNOLOGIES AND LEVERAGES 2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees 21
Augmentation is better than replacement DATA PROTECTION ACCESS PROTECTION ZERO DAY SIGNATURES BEHAVIORAL SANDBOX ZERO PHISHING EDR Endpoint Complete + Full Disk Encryption, Anti Ransomware, Media Protection, Compliance, Application Control, FW and VPN Signatures 2018 Check Point Software Technologies Ltd. 22
CHECK POINT S ENDPOINT SECURITY SUITE SANDBLAST EDR VISIBILITY & RESPONSE FORENSICS AUTOMATED INCIDENT ANALYSIS REPORTS FULL ATTACK CHAIN REMEDIATION AUTOMATED MACHINE QUARANTINE ADVANCED PREVENTION OFFLINE PROTECTIONS ANTI-RANSOMWARE ZERO-PHISHING ANTI-EXPLOIT CADET (AI BASED) ADVANCED PREVENTION ONLINE PROTECTIONS THREAT EMULATION THREAT EXTRACTION ANTI-BOT URL FILTERING TRADITIONAL PREVENTION ANTI-MALWARE ACCESS CONTROL & SECURE COMMS ENDPOINT FIREWALL APPLICATION CONTROL ENDPOINT COMPLAINCE ENDPOINT IPSEC VPN SSL VPN DATA PROTECTION FULL DISK ENCRYPTION EXTERNAL MEDIA ENCRYPTION DOCUMENT ENCRYPTION DOCUMENT ACCESS CONTROL PORT PROTECTION
Summary & key takeaways Social engineering becomes a growing concern Niche solutions can t prevent social engineering based attacks (50%) Malware spread require an holistic solution SandBlast agent provides a complete solution by augmenting technologies Zero phishing Social engineering PREVENTION Zero Day Signatures- leveraging the unique power of a global cyber community Immediate Signatures creation & distribution based on global traffic Wide global coverage Wide geographical spread (localization& regional issues) Real time updates Highest level of security, Unique community leveraging
CYBER CRIME CAN BE PREVENTED