BESKYTTELSE AF SaaS - når sikkerheden skal følge med Jan Johannsen SE Manager, Nordics & Benelux 2016 Check Point Software Technologies Ltd. 1
Agenda DAGENS IT VIRKELIGHED SCENARIER TRUSLER/UDFORDRINGER SIKKERHEDSLØSNINGER DESIGNET FOR CLOUD AFRUNDING 2016 Check Point Software Technologies Ltd. 2
01 DAGENS IT VIRKELIGHED 2016 Check Point Software Technologies Ltd.
Cloud enabled IT Effektivitet Skalérbarhed Time To Deploy Redundans PAYG Uafhængighed af HW, SW, licenser, plads... Efficient, Scalable & Agile 2016 Check Point Software Technologies Ltd. 4
Cloud enabled IT Source: Cisco Global Cloud Index 2014-2019 2016 Check Point Software Technologies Ltd. 5
Cloud enabled IT Source: Cisco Global Cloud Index 2014-2019 2016 Check Point Software Technologies Ltd. 6
02 SCENARIER 2016 Check Point Software Technologies Ltd.
A 2016 Check Point Software Technologies Ltd. 8
B 2016 Check Point Software Technologies Ltd. 9
C 2016 Check Point Software Technologies Ltd. 10
D 2016 Check Point Software Technologies Ltd. 11
E 2016 Check Point Software Technologies Ltd. 12
F 2016 Check Point Software Technologies Ltd. 13
G 2016 Check Point Software Technologies Ltd. 14
03 TRUSLER/ UDFORDRINGER 2016 Check Point Software Technologies Ltd.
Cloud udfordringer Snowden-afsløringen Brud på lovgivning (geografisk afgrænsning) Lækage Zero-day, ransomware 3. parts adgang til data Styr på adgangskontroller, logs osv. Nye administrative grænseflader 2016 Check Point Software Technologies Ltd. 16
04 SIKKERHEDSLØSNINGER DESIGNET FOR CLOUD 2016 Check Point Software Technologies Ltd.
Med Cloud skal utøj fordrives... 2016 Check Point Software Technologies Ltd. 18
Check Points tilgang til enabling af Cloud Services: Samme niveau af sikkerhed som i Enterprise miljø Brugervenlighed feature integration - look & feel På tværs af platforme og devices Single point of management Enkelhed i licensering og skalérbarhed Genbrug af systemer og licenser Provisionering af services, brugere og sikkerhed 2016 Check Point Software Technologies Ltd. 19
Check Point SaaS sikkerhed CLOUD CONNECTIVITY BLADE MTP CAPSULE DOCS CAPSULE CLOUD SANDBLAST CLOUD EMAIL SECAAS GW IN THE CLOUD R80, MANAGING FULL ENTERPRISE & HYBRID CLOUD 2016 Check Point Software Technologies Ltd. 20
Cloud Connectivity Blade Enkel og sikker adgang til cloud services Bruger har kun behov for ét sæt credentials/sso Central styring af adgang til SaaS Support for interne, remote access og mobile brugere Bruger/location awareness Enkel opsætning og vedligehold Fuld log og aktivitetsrapportering
Cloud Connectivity Blade Single point of management Supporterer førende SaaS applikationer Baseret på SAML Kan deployes i enterprise/virtual/cloud GW
Cloud connectivity blade flow The user tries to access the cloud application Internet 2016 Check Point Software Technologies Ltd. 23
Cloud connectivity blade flow The browser is redirected to the cloud connectivity blade Internet 2016 Check Point Software Technologies Ltd. 24
Cloud connectivity blade flow - Authentication (SSO) - Authorization - Identity mapping - Logging Internet 2016 Check Point Software Technologies Ltd. 25
Cloud connectivity blade flow The blade generates a signed token and the browser can login Internet 2016 Check Point Software Technologies Ltd. 26
Cloud connectivity blade log info 2016 Check Point Software Technologies Ltd. 27
MTP Mobile Thread Prevention Cloud baseret sikkerhed af mobile enheder Sikring mod Ondsindede Apps Netværks angreb (MitM) OS Exploits Aflytning samt tyveri af information og credentials Afværg og undgå misbrug af SaaS fra mobile enheder
MDM EMM Secured Device 2016 Check Point Software Technologies Ltd. 29
Capsule Docs Cloud baseret sikkerhed af data @rest og i transit Default kryptering af MS Office/PDF dokumenter + Office 365 (more fileformats upon request) Ejer/udgiver er ansvarlig for klassificering Eksterne parter kan inkluderes Public cloud vs. private cloud løsning
Portal Server LDAP SSL\HTTPS Users\Groups Keys Classifications Policy Settings 2016 Check Point Software Technologies Ltd. 31
Capsule Cloud Cloud baseret netværkssikkerhed for Windows & MacOS Al trafik tunnelles til Cloud gateway Alle lag af sikkerhed kan aktiveres LDAP tilslutning (authentication) Cloud eller Enterprise management Valgfri roaming (pt. 35 DC WW) PAYG model
Laptops CAPSULE CLOUD VPN Internet Enterprise Management Cloud Based Management 2016 Check Point Software Technologies Ltd. 33
SandBlast Cloud Email SandBoxing as a Service beskyttelse af Office 365 mail Real-time beskyttelse mod ukendt malware, zero-day og targeted attacks Native Office 365 API Sikkerhedsfeatures: Beskyttelse mod ondsindet filvedhæftning Skadelige weblinks Spam Trusselsmonitorering
SandBlast Cloud Mail Protection for Office 365 API Mode - Prevent Mail delivered to Office 365 servers SANDBLAST CLOUD Attachments are sent to SandBlast Mail is placed in temporary quarantine within Office 365 Mail becomes accessible if attachment is benign Enterprise Users Delivered to enterprise users 2016 Check Point Software Technologies Ltd. 35
SECaaS GW in the Cloud Standardbaseret GW deployed som cloud front-end Integreres på niveau med Enterprise GW s Beskyttelse af data og systemer i cloud Sikker integration i hybrid cloud Supporteret af MS Azure, AWS, vcloud Air Forskellige licensmuligheder
VMware vcloud Air 2016 Check Point Software Technologies Ltd. 37
R80, Managing full Enterprise & hybrid Cloud Single point of management for Enterprise Datacenter Cloud Granuleret delegering af funktioner Portal for dedikerede opgaver Commandline instruktion/restful API Cloud orkestrering/sdn OpenStack - integration
One Console to Manage Everything Enterprise ONE CONSOLE ONE POLICY 2016 Check Point Software Technologies Ltd. 39
Dynamic Security Rules vsec Controller for OpenStack Security Group Web openstack_web 172.16.100.127 172.16.100.128 172.16.100.129 172.16.100.130 Sync Objects vsec Controller for OpenStack Sync Objects OpenStack Controller 2016 Check Point Software Technologies Ltd. 40
Check Point SaaS sikkerhed, wrap-up CLOUD CONNECTIVITY BLADE MTP CAPSULE DOCS CAPSULE CLOUD SANDBLAST CLOUD EMAIL SECAAS GW IN THE CLOUD R80, MANAGING FULL ENTERPRISE & HYBRID CLOUD 2016 Check Point Software Technologies Ltd. 41
I eftermiddag 15.30-16.00: Check Point som cloudbaseret sikkerhedsplatform sikring af private & public cloud
Tak for opmærksomheden Jan Johannsen SE Manager janj@checkpoint.com 2016 Check Point Software Technologies Ltd. 43