комплексная защита от современных интернет угроз с...
-
Upload
diana-frolova -
Category
Presentations & Public Speaking
-
view
33 -
download
1
Transcript of комплексная защита от современных интернет угроз с...
![Page 1: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/1.jpg)
©2016 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | [email protected] Security Engineer - CIS
Комплексная защита от
современных Интернет угроз
с помощью решения
Check Point Sandblast
![Page 2: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/2.jpg)
©2016 Check Point Software Technologies Ltd. 2
Фокус на безопасности и лидерство
► $1,6 Млрд (Оборот) Оборот в 2015 году
Стратегия Software Blades обеспечивает постоянный рост
► 100% (Безопасность) Специализация исключительно на ИТ-безопасности
Все компании из Fortune 500 - заказчики Check Point
► Мировое признание Признание NSS Labs, Gartner, Miercom, SC Magazine
“Leader” в Gartner Enterprise Firewall уже 17 лет
Кому вы доверяете вашу IT безопасность?
![Page 3: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/3.jpg)
©2016 Check Point Software Technologies Ltd. 3
CHECK POINT SOFTWARE TECHNOLOGIES NAMED A LEADER IN THE
GARTNER MAGIC QUADRANTS FOR
ENTERPRISE NETWORK FIREWALLS3
UNIFIED THREAT MANAGEMENT4
MOBILE DATA PROTECTION5
4 YEARS IN A ROW
SINCE 1997
8 YEARS IN A ROW
3Gartner, Inc., Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D'Hoinne, 22 April 2015. 4Gartner, Inc., Magic Quadrant for Unified Threat Management, Jeremy D’Hoinne, Adam Hils, Greg Young, 07 August 2014. 5Gartner, Inc., Magic Quadrant for Mobile Data Protection, John Girard, 08 September 2014. 3-5Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
![Page 4: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/4.jpg)
©2016 Check Point Software Technologies Ltd. 4
Key Technology
[Restricted] ONLY for designated groups and individuals
Unified Management
Network Security Next Generation
Threat Prevention
Mobile and Endpoint Security
Virtualized Security / Cloud Security
![Page 5: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/5.jpg)
©2016 Check Point Software Technologies Ltd. 5
Malware that has not previously been seen,
which can often get past traditional security products
WHAT ARE
Unknown Threats?
![Page 6: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/6.jpg)
©2016 Check Point Software Technologies Ltd. 6
Spear Phishing Email
![Page 7: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/7.jpg)
©2016 Check Point Software Technologies Ltd. 7
Enable Macro…..
![Page 8: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/8.jpg)
©2016 Check Point Software Technologies Ltd. 8
Boom…..
![Page 9: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/9.jpg)
©2016 Check Point Software Technologies Ltd. 9
• Encrypts local content rendering user files unusable
• In many cases then encrypts network storage
o Impacting many more users
• Once encrypted, almost no chance to decrypt yourself
• Two choices
o Reimage and restore, losing work since last backup
o Pay up
[Protected] Non-confidential content
Damage and Response
![Page 10: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/10.jpg)
©2015 Check Point Software Technologies Ltd. 10
How are these bypassing AV? Exploit kits turn known into unknown
So long bankers…hello crypto lockers
[Protected] Non-confidential content
Polymorphic changes
Packing and Obfuscation
![Page 11: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/11.jpg)
©2016 Check Point Software Technologies Ltd. 12
CHECK POINT Next-Generation Threat Prevention
![Page 12: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/12.jpg)
©2016 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals
IPS
Anti Virus
SandBlast
Anti Bot
SandBlast Agent
Комплексный подход
SECURITY GATEWAY
![Page 13: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/13.jpg)
©2016 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals
Check Point IPS
![Page 14: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/14.jpg)
©2016 Check Point Software Technologies Ltd. 15 [Protected] Non-confidential content
Check Point IPS
Prevents Exploits of Known Vulnerabilities
Enforce Protocol Specifications
Detect Protocol Anomalies and Attacks
Signature based Engine
![Page 15: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/15.jpg)
©2016 Check Point Software Technologies Ltd. 16 ©2016 Check Point Software Technologies Ltd.
16
3466
3140
1297
813
# CVE's
# CVE's in Recommended Profile
Microsoft CVE's
Adobe CVE's
2260
3443
2082
2685
2984
854
1129
716
1177 1168
540
805
468
770 705
Number of CVE’s covered by IPS (2010-2016)
Information is current as of Jan 2010 - May 2016 | Source: Check Point Advisories| Palo Alto ThreatVault |Fortinet FortiGuard|Mcafee Threat Intelligence|Tipping Point Digital Vaccine|SourceFire Advisories
![Page 16: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/16.jpg)
©2016 Check Point Software Technologies Ltd. 17
NSS LABS- Check Point’s Track Record of Security Leadership and Excellence!
IPS Recommended – Jan 2011 Best integrated IPS Security Score of 97.3%!
NGFW Recommended – April 2011 World’s first NSS Recommended NGFW!
FW Recommended – April 2011 Only vendor to pass the initial test!
NGFW Recommended – Jan 2012 Continued NGFW Leadership and Excellence!
IPS Recommended – July 2012 Leading integrated IPS Security Score of 98.7%!
FW Recommended – Jan 2013 Best Security + Management score of 100%!
IPS Individual Test – Feb 2013* 61000 IPS Security Score of 99%! 26.5G IPS
IPS Recommended – Nov 2013 100% Management score and Best annual Management Labor Cost (Upkeep and Tuning)!
NGFW Recommended – Feb 2013 Best Security + Management Score of 98.5%!
• Individual product test and not part of a Group Test.
NSS only awards “Recommended” in Group Tests.
NGFW Recommended – Sept 2014 4th NGFW Recommended
BDS Recommended – Aug 2015 1st time tested , 100% unknown malware catch-rate
©2016 Check Point Software Technologies Ltd.
17
NGFW Recommended – Mar 2016 Best Catch rate 99.8% Continuing Leadership and Excellence …
NGFW Recommended – Mar 2016 99.8% Catch rate and 5th NSS NGFW Recommended!
![Page 17: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/17.jpg)
©2016 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals
Check Point Network AV
![Page 18: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/18.jpg)
©2016 Check Point Software Technologies Ltd. 19 [Protected] Non-confidential content
Check Point Anti-Virus
Blocks Download of Known Malware
Signatures and MD5 based Engines
Malware Feeds Blocks Access to Malware Sites
![Page 19: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/19.jpg)
©2016 Check Point Software Technologies Ltd. 20 [Restricted] ONLY for designated groups and individuals
Check Point Network Anti Bot
![Page 20: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/20.jpg)
©2016 Check Point Software Technologies Ltd. 21
Stop Traffic to Remote Operators
Multi-tier Discovery
Check Point Anti-Bot
[Protected] Non-confidential content
Blocks Bot Communication
PREVENT Bot Damage
IDENTIFY Bot infected
Devices Reputation Patterns SPAM
![Page 21: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/21.jpg)
©2016 Check Point Software Technologies Ltd. 22 [Protected] Non-confidential content
![Page 22: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/22.jpg)
©2016 Check Point Software Technologies Ltd. 23
PROTECT FROM THE UNKNOWN
Rapid delivery of sanitized
content
PROACTIVE
PREVENTION
Evasion resistant malware detection
ADVANCED
SANDBOX
![Page 23: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/23.jpg)
©2016 Check Point Software Technologies Ltd. 24
Sandblast Threat Extraction Providing Clean Files
B E F O R E A F T E R
Malware Activated Malware Removed
Immediate Access. Proactive Prevention. Attack Visibility.
![Page 24: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/24.jpg)
©2016 Check Point Software Technologies Ltd. 25 [Restricted] ONLY for designated groups and individuals
.cleaned.doc.pdf
Less than 1% of users need the original
For those who do, it’s a simple click
Original becomes available after found clean by the sandbox
![Page 25: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/25.jpg)
©2016 Check Point Software Technologies Ltd. 26 [Restricted] ONLY for designated groups and individuals
Examine:
• System Registry
• Network Connections
• File System Activity
• System Processes
Open and detonate any files
THE TRADITIONAL SANDBOX HOW IT WORKS (1st Generation)
Watch for telltale signs of malicious code
at the Operating System level
T H R E A T C O N T A I N E D
![Page 26: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/26.jpg)
©2016 Check Point Software Technologies Ltd. 27
VULNERABILITY
EXPLOIT
SHELLCODE
MALWARE
©2016 Check Point Software Technologies Ltd.
THE ONLY SANDBOX WITH CPU-LEVEL TECHNOLOGY
Traditional Sandbox
• Behavioral detection
• Can be evaded
SANDBLAST
• CPU-Level detection
• EVASION RESISTANT
![Page 27: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/27.jpg)
©2015 Check Point Software Technologies Ltd. 28 28 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
A B C
D E
F
CPU OPERATION
Normal execution
![Page 28: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/28.jpg)
©2015 Check Point Software Technologies Ltd. 29 29 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
ROP EXPLOIT (Return Oriented Programming)
A B C
D E
F 2
1 3
4 5
6 Hijacks small pieces of legitimate code from the memory and manipulates the CPU to load and execute the actual malware.
![Page 29: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/29.jpg)
©2016 Check Point Software Technologies Ltd. 30 [Protected] Non-confidential content
• Highest catch rate
• Evasion-resistant
• Efficient and fast
• Unique to Check Point
CPU-LEVEL & OS-LEVEL EXPLOIT DETECTION
![Page 30: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/30.jpg)
©2016 Check Point Software Technologies Ltd. 31
Борьба с атаками нулевого дня
INSPECT EMULATE
PREVENT SHARE
On site Dedicated APPLIANCE SECURITY GATEWAY
Exe files, PDF and
Office documents
![Page 31: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/31.jpg)
©2015 Check Point Software Technologies Ltd. 32 32 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 32 ©2014 Check Point Software Technologies Ltd.
14,000,000+ FILES INSPECTION / WEEK February 2016
THREAT EMULATION
CLOUD SERVICE:
55,000+ UNKNOWN MALWARE
DETECTION / WEEK February 2016
We have the experience!
![Page 32: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/32.jpg)
©2016 Check Point Software Technologies Ltd. 33 [Restricted] ONLY for designated groups and individuals
Block UNKNOWN and ZERO-DAY ATTACKS in Microsoft Office 365™
SANDBLAST CLOUD PROTECTS CLOUD-BASED EMAIL
• Advanced Threat Prevention for Office 365
• Fast and Transparent User Experience
• Easy to Deploy and Manage
OFFICE 365 PROTECTION
![Page 33: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/33.jpg)
©2016 Check Point Software Technologies Ltd. 34
I N T R O D U C I N G …
THE POWER TO PROTECT. THE INSIGHT TO UNDERSTAND.
![Page 34: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/34.jpg)
©2016 Check Point Software Technologies Ltd. 35
SANDBLAST
CLOUD
Eliminate Zero Day Malware at the Endpoint
[Restricted] ONLY for designated groups and individuals
Web downloads sent to SandBlast cloud 1 Sanitized version
delivered promptly 2 Original file emulated in the background 3
![Page 35: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/35.jpg)
©2016 Check Point Software Technologies Ltd. 36
CONVERT to PDF for best security,
or SANITIZE keeping the original format
Instant Protection for Web Downloads
[Restricted] ONLY for designated groups and individuals
![Page 36: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/36.jpg)
©2016 Check Point Software Technologies Ltd. 37
Access to the Original File
[Restricted] ONLY for designated groups and individuals
Only After Threat Emulation when verdict is benign
Self-Catered No Helpdesk Overhead
![Page 37: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/37.jpg)
©2016 Check Point Software Technologies Ltd. 38
SANDBLAST CLOUD
Browser Extension Web downloads
Threat Extraction &
Threat Emulation
File-System Monitor Any file copied or created
Threat Emulation
Zero-day Protection – in two layers
![Page 38: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/38.jpg)
©2016 Check Point Software Technologies Ltd. 40
Collect Forensics Data and Trigger Report Generation
[Restricted] ONLY for designated groups and individuals
FORENSICS data continuously collected from various OS sensors 1
Report generation automatically triggered upon detection of network events or 3rd party AV
2 Digested incident report sent to SmartEvent 4 Processes
Registry Files
Network
Advanced algorithms analyze raw forensics data 3
![Page 39: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/39.jpg)
©2016 Check Point Software Technologies Ltd. 42
SandBlast – A Recognized Leader
COOLEST CYBERSECURITY
PRODUCTS
2 0 1 5
Leader in the Forrester WaveTM
For Advanced Malware Analysis, Q2 2016
Highest Overall Score, Top Score for Strategy
Top-scoring ‘Recommended’ Vendor
Breach Detection Systems, 2015
Leading TCO @ $27 / Protected Mbps
100% Malware
Catch Rate
Highest Detection
Rate of Malicious URLS
![Page 40: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/40.jpg)
©2016 Check Point Software Technologies Ltd.
SUMMARY
[Protected] Non-confidential content
![Page 41: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/41.jpg)
©2016 Check Point Software Technologies Ltd. 44
Family of Solutions Staying One Step Ahead of Zero-Day Attacks
SandBlast Appliance GW + Cloud Service
ENDPOINT OFFICE 365™ EMAIL NETWORK
![Page 42: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/42.jpg)
©2016 Check Point Software Technologies Ltd. 45
One Step Ahead in Zero-Day Protection
Proactive Prevention
Catches More
Malware
Complete Integrated Protection
Emulation
CPU-Level
Detection
Threat
Extraction
Threat
Prevention Suite
![Page 43: комплексная защита от современных интернет угроз с помощью Check point sandblast](https://reader033.fdocuments.us/reader033/viewer/2022051318/5888ce201a28ab200f8b7657/html5/thumbnails/43.jpg)
©2016 Check Point Software Technologies Ltd. 46 ©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | [email protected] Security Engineer – CIS
QUESTIONS