advanced threat protection – digital era - ajit pillai, director sales – india & saarc,...
TRANSCRIPT
©2015 Check Point Software Technologies Ltd. 1[Restricted] ONLY for designated groups and individuals
Ajit Pillai/ Director Sales- India & SAARCCheckpoint Technologies
Advanced Threat protection – Digital Era
©2015 Check Point Software Technologies Ltd. 5[Restricted] ONLY for designated groups and individuals
WE DRIFT ALONG, BUT CAN’T CONTROL EVOLUTION?
©2015 Check Point Software Technologies Ltd. 6
Top-3 Gartner, Forrester, IEEE Trends (Consolidated)
Internet of
ThingsMobile Cloud
Extreme/Big Data
TECHNOLOGY EVOLUTION IN LAST 5 YEARS
©2015 Check Point Software Technologies Ltd. 7
Digital IndiaA programme to transform India into a digitally empowered
society and knowledge economy
©2015 Check Point Software Technologies Ltd. 8
Nine Pillars of Digital India
1. Broadband Highways
2. Universal Access to Phones
3. Public Internet Access Programme
4. E-Governance – Reforming government
through Technology
5. eKranti – Electronic delivery of
services
6. Information for All
Electronics Manufacturing
7. Electronics Manufacturing –
Target NET ZERO Imports
8. IT for Jobs
9. Early Harvest Programmes
©2015 Check Point Software Technologies Ltd. 14
FwVPN
WAF
DAMSIEM Anti-
DDoS
Anti -APT
c
c
cc
c
c
Availabilityc
Scalability
Compliance
Security
Incident Mitigation
Incident Recovery
Linear Action
Non Linear Objective
Complexity
Fraud Detection & Management
Diffi
cult
to E
xecu
te
cSLA
cIPS
Design
c SSL VPN
MOST COMMON RESPONSE IN LAST 5 YEARS
©2015 Check Point Software Technologies Ltd. 16
THE REALITY GETS EXPOSED OWING TO NON-LINEAR OBJECTIVES
©2015 Check Point Software Technologies Ltd. 17[Restricted] ONLY for designated groups and individuals
STAYINGONESTEPAHEAD
©2015 Check Point Software Technologies Ltd. 18
IT HAPPENS EVERYDAY
IT HAPPENS TO EVERYONE
The Writing is on the Wall
©2015 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals
THERE ARE MORE AND MORE THINGS WE DON’T KNOWZERO DAY,
Virus
CVEs
Bad URLs
UNKNOWN MALWARESignatures
Exploits TrojansBotnets
THE GROWTH OF THE UNKNOWN MALWARE
©2015 Check Point Software Technologies Ltd. 20[Restricted] ONLY for designated groups and individuals
Modern Threats Are…
TARGETEDSTRATEGIC
MULTI-STAGEPERSISTENT
SOPHISTICATED EVASIVE
ATTACKS ARE MORE DANGEROUS THAN EVER
©2015 Check Point Software Technologies Ltd. 21
Modern threats require SOPHISTICATED DEFENSE
STRATEGY
Simple protections are FAILING
©2015 Check Point Software Technologies Ltd. 22
THE VICTIM’S PERSPECTIVET h e B a n a l i t y o f C y b e r A t t a c k s
©2015 Check Point Software Technologies Ltd. 23[Restricted] ONLY for designated groups and individuals
Source: ComputerWeekly.com
Raymond unsuspectingly opens the attached file
A seemingly innocent mail from a familiar customer
©2015 Check Point Software Technologies Ltd. 24[Restricted] ONLY for designated groups and individuals
All files on Raymond's computer are encryptedAll company files on shared volumes are also encrypted
Raymond's computer is infected with ransomwareWITHIN SECONDS
WITHIN MINUTES
WITHIN HOURS
©2015 Check Point Software Technologies Ltd. 25[Restricted] ONLY for designated groups and individuals
Security Director’s Dilemma
PAY RANSO
M
RESTORE FROM
BACKUP
I’ve been assured it is
fully operational
Re-image Raymond’s computer Use backup repositories to restore company data
I’m not paying
money to criminals!
©2015 Check Point Software Technologies Ltd. 26[Restricted] ONLY for designated groups and individuals
BACKUP IS BROKEN, RESTORE FAILS
HUGE FINANC
IAL LOSS
7 months of business data are LOSTMonths later, still scrambling to find lost files in mail attachments
©2015 Check Point Software Technologies Ltd. 27
THE ATTACKER’S PERSPECTIVEP l a n n i n g a n d E x e c u t i n g a
C y b e r A t t a c k
©2015 Check Point Software Technologies Ltd. 28[Restricted] ONLY for designated groups and individuals
Planning and Executing A Cyber Attack
Reconnaissance
Identify the target and exploitable weaknesses
Weaponization
Create/select attack vector
Delivery
Deliver the malicious payload to the victim
Exploitation
Gain execution privileges
Installation
Install the malware on infected host
Command & Control
Establish a channel of communication
Act on Objectives
Data collection or corruption, Lateral movement and exfiltration
Planning the Attack Getting In Carrying out the Attack
• Look for potential victims • Collect relevant social data• Build, find or buy your weapon of
choice ‒ Exploit kit, Malware package
• Adapt to your specific needs• Package for delivery
Weeks in Advance• Bypass detection• Convince the
victim to open your crafted file
• Bypass system security control
• Install your malware
Within Seconds• Wait for your
malware to “call home”
• Instruct it what to do on the victim’s computer
• Continuously monitor its progress
From Here On…
©2015 Check Point Software Technologies Ltd. 29[Restricted] ONLY for designated groups and individuals
Identify the target and exploitable weaknesses
Create/select attack vector
Deliver the malicious payload to the victim
Gain execution privileges
Install the malware on infected host
Establish a channel of communication
T h e C y b e r K i l l C h a i n
Data collection or corruption, Lateral movement and exfiltration
Reconnaissance
Weaponization Delivery Exploitatio
n Installation Command & Control
Act on Objectives
©2015 Check Point Software Technologies Ltd. 30
Simple Attack Timeline: Australian Ransomware
Act On
Recon
Weapon
Delivery
Exploit
Install
C&C
Locate email addresses
Create an infected
Send a spoofed email
with PDF
Key obtained from C&C
server
Cryptolocker installed
Files gradually encrypted
Victim double clicks attachment
T I M E
Some kill-chain steps take hours or even weeks, while others take mere seconds
©2015 Check Point Software Technologies Ltd. 31
Multi-Stage Attack Timeline:
Act On
Recon
Weapon
Delivery
Exploit
Install
C&C
Install Citadel-Zeus
malware
Bypass supplier’s security systems Send data to
Attacker, receive instructions
Activate malware to
move laterally Receive new
Malware for POS
Periodically send collected data to remote FTP server
Construct credential theft
malware
Construct POS RAM Scraping
malware
Search online for
Target suppliers
Grab secure credentials used
to access internal Target systems
Exploit vulnerability in supplier web-portal to
gain Target foothold
Extract credit card data upon reading swipes and relay to local staging server
Establish C&C
ChannelMalicious
attachment sent to Target’s HVAC supplier
Add malware to POS Update
Server
Install POS malware on all systems
Install a staging
server on a Target host
Summer 2013
Nov. 2013
Dec. 2013
T I M E
A complex attack repeats the kill-chain stages as it moves laterally towards its ultimate goal
©2015 Check Point Software Technologies Ltd. 32[Restricted] ONLY for designated groups and individuals
TIMING IS EVERYTHING
©2015 Check Point Software Technologies Ltd. 33[Restricted] ONLY for designated groups and individuals
Timing is Everything
Source: 2015 cost of data breach study: global analysis, Ponemon Institute
The Longer an attack goes UNDETECTED, the more time it takes to CONTAIN IT
The longer it takes to CONTAIN IT, the more it will COST
MAXIMUM
MEAN
MINIMUM
0 100 200 300 400 500 600 700 800
582
206
20
175
69
7
Days to Identify and Contain a Cyber Attack
IdentifyContain
©2015 Check Point Software Technologies Ltd. 35
AVOID it if you can
Make every effort to PREVENT it
DETECT and CONTAIN it as soon as possible
Don’t make it easier for attackers by publicly volunteering your data
The only way to avoid the cost of an attack is to prevent it altogether
Minimize Your Exposure
Don’t linger.Once infected the cost just keeps on rising
©2015 Check Point Software Technologies Ltd. 36
Successful Defense Strategy
Reconnaissance
Weaponization Delivery Exploitatio
nInstallatio
nCommand & Control
Act on Objectives
P r e - C o m p r o m i s e C o m p r o m i s e P o s t -C o m p r o m i s e
[Restricted] ONLY for designated groups and individuals
Apply protection for EACH of the stages
No single step protection is enoughTackle attackers at each stage of their attack
Strong preventive defense BEFORE infection
Prevention is the most cost-effective form of protectionProtect against the devastating cost of a successful attack
Effective POST compromise defense
Damage and cost are proportional to timeMinimize the time it takes to detect and contain attacks
©2015 Check Point Software Technologies Ltd. 37
Successful Defense Strategy
Reconnaissance
Weaponization Delivery Exploitatio
nInstallatio
nCommand & Control
Act on Objectives
P r e - C o m p r o m i s e C o m p r o m i s e P o s t -C o m p r o m i s e
[Restricted] ONLY for designated groups and individuals
Apply signature-based protection at every step for quick prevention based on Threat Intelligence
Prevent KNOWN attacks
Prevent even the most sophisticated and dangerous attacks with advance prevention technologies
Prevent UNKNOWN attacks
©2015 Check Point Software Technologies Ltd. 39
Successful Defense with Check Point
[Restricted] ONLY for designated groups and individuals
Reconnaissance
Weaponization Delivery Exploitatio
nInstallatio
nCommand & Control
Act on Objectives
P r e - C o m p r o m i s e C o m p r o m i s e P o s t -C o m p r o m i s e
DLPThreat Intelligence
Firewall Anti-Virus Anti-Bot Anti-Bot IPS
Firewall
DLP
Document Security
Anti-Spam
URL FilteringThreat Emulation Threat ExtractionMobile Threat Prevention
IPS
Threat Emulation
Endpoint Security
Endpoint Security
ForensicsMobile Threat Prevention
Document Security
Firewall
IPSWINNING TECHNOLOGY AT EVERY
STEP
• Extensive research• Collaboration with
industry leading services• Sharing across users
community
• Multi-layer architecture• Evasion-resistant
detection • Best catch rate
• Proactive practical prevention
• Effective containment• Clear visibility and insight
BEST INTELLIGENCE BEST DETECTION BEST
PREVENTION
©2015 Check Point Software Technologies Ltd. 40
DLPThreat Intelligence
Firewall Anti-Virus Anti-Bot Anti-Bot IPS
Firewall
DLP
Document Security
Anti-Spam
URL FilteringThreat Emulation Threat ExtractionMobile Threat Prevention
IPS
Threat Emulation
Endpoint Security
Endpoint Security
ForensicsMobile Threat Prevention
Document Security
Firewall
IPS
A Single Unified Platform
[Restricted] ONLY for designated groups and individuals
P r e - C o m p r o m i s e C o m p r o m i s e P o s t -C o m p r o m i s e
Reconnaissance
Weaponization Delivery Exploitatio
nInstallatio
nCommand & Control
Act on Objectives
Efficient consolidated management and monitoring of numerous technologies
A single proven platform delivering the best Threat Prevention at every step
Mutual infrastructure allows Blades to cross feed one another with up-to-the-second Threat Intelligence
B E T T E R S E C U R I T Y, T O G E T H E R
POWERFUL COLLABORATION
SEAMLESS INTEGRATION
UNIFIED MANAGEMENT
©2015 Check Point Software Technologies Ltd. 41[Restricted] ONLY for designated groups and individuals
PROTECT FROM THE UNKNOWN
Proactively eliminate malware
vehicles of delivery
THREAT EXTRACTIO
NCPU-Level
and OS-Level evasion resistantengines
THREAT EMULAT
ION
©2015 Check Point Software Technologies Ltd. 42lock [Restricted] ONLY for designated groups and individuals
ACCELERATE RESPONSE TO INFECTIONS
Automatic forensics analysis makes
detections actionable
CONTAINAND
RESPONDDetect and
block malicious
infections and activity
BLOCK AND
IDENTIFY
©2015 Check Point Software Technologies Ltd. 43[Restricted] ONLY for designated groups and individuals
Mobile
Endpoint
Network
Data Center
Cloud
ICS
Server
WE PROTECT EVERYWHERE
©2015 Check Point Software Technologies Ltd. 44[Restricted] ONLY for designated groups and individuals
SUMMARY