360 grader it-sikkerhed med Check Point Jan Johannsen SE Manager, Nordics & Benelux Juni 2013 2013 Check Point Software Technologies Ltd. [Protected] ONLY for designated groups and individuals
Indhold Introduktion En skalerbar platform med udbygningsmuligheder Endpoint Sikkerhed Security Management DDoS 2
Om Check Point 100% fokus på IT-sikkerhed Siden 1993 US $ 1.3 mia. omsætning Over 130,000 forretningskunder + 2,500 dedikerede medarb. 100% af Fortune 100 3
Gartner Magic Quadrant - NGFW 4
No reason for not integrating Firewall and IPS IPS is a central part of the NGFW 5
Omfattende kontrol med alle sikkerhedslag IPS Anti-Bot Antivirus Threat- Emulation Mobile Access DLP Application Control URL- Filtering Security Management Kritisk Infrastruktur/SCADA Finansfokuseret sikkerhed Governance-Risk-Compliance Granular Visibility SmartEvent Identity Awareness 6
Indhold Introduktion En skalérbar platform med udbygningsmuligheder Endpoint Sikkerhed Security Management DDoS 7
Appliance eller Software Sensitive Environment Finance/Banking Critical Infrastructure Complex Architecture Appliances incl. management Pre-Defined System / Modular & blade functionality Open Server/IAS Virtual Edition RX-series 8
The Basic Security Platform Embedded IPS Firewall and VPN Software Blades IPS Software Blade Flexible expandable highly scalable 9
NGFW - Consolidation NGFW Firewall and VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Flexible expandable highly scalable 10
Top Score on NSS Labs NGFW SVM Security Value Map NSS Labs 2013 NGFW Group Test 11
NGFW - Consolidation Compliance Software Blade Threat Emulation Software Blade Firewall and VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Antivirus & Anti-Malware Software Blade URL Filtering Software Blade DLP Software Blade Anti-Bot Software Blade Flexible expandable highly scalable 12
Software Blades Anti-Bot Software Blade Threat Emulation Software Blade Activates on Security Gateways 13
The Power of Collaboration A-Bot Global Collaboration to Fight New Threats Attack data ATTACK Real-time Updates Attack Information Shared Across Organizations 14
Bot Damage Prevention Stop Traffic between Infected Hosts and Remote Operator Bot remote operator Identify infected user/system Stop Data Theft Enable User Work Continuity 15
Check Point introducing Check Point Threat Emulation PREVENTION OF ZERO-DAY ATTACKS! 16
INSPECT EMULATE SHARE PREVENT Stop undiscovered attacks with Check Point Threat Emulation 17
Emulation in the Cloud or Onsite IN THE CLOUD SECURITY GATEWAY On site Dedicated APPLIANCE THE ONLY SOLUTION TO PROVIDE MULTIPLE DEPLOYMENT OPTIONS 18
Check Point Multi-Layered Threat Prevention IPS Anti-Bot Antivirus MARKET LEADING AND MOST COMPREHENSIVE THREAT PREVENTION SOLUTION Threat Emulation Stop zero-day malware in files 19
Introducing Check Point R75.40VS/R76 Tapping the POWER of virtualization 20
Software Blades for Virtual Systems Firewall IPS Application Control Identity Awareness URL Filtering Antivirus Anti-Bot Software Blades on Virtual Systems Virtual System on any Platform and Open Servers Software Blade Security on Every Virtual System * SSL VPN available in later release 21
3D Security Analysis - Report 22
The New Security Appliances New Models for the Entire Range 61000 System & 21000 Appliance (3 Models) 600 Appliance 1100 Appliances 4000 Appliances (4 Models) 12000 Appliances (3 Models) Ultra High-End 2200 Appliance Datacenter Grade Small Office / Branch Office Enterprise Grade 23
Indhold Introduktion En skalerbar platform med udbygningsmuligheder Endpoint Sikkerhed Security Management DDoS 24
Mobile Security 25
Control business data on mobile devices Isolate & encrypt business data Business Data Authentication required to access data Prevent usage on modified devices Personal Data & Apps Data expiration & remote wipe 26
Easy to deploy from the R76 management 27
Simple User Experience Easily connect with 4 digit pin lock Tap required business app Native & Intuitive experience * * * * Check Point Mobile 28
Unified Endpoint Security Unify all endpoint security protection in a single management console and server Anti-Malware/ Program Control Firewall/ Compliance Check Full Disk Encryption Media Encryption Remote Access 29
Document Security 30
What is Document Security? Protect & Share Business Documents Simple to the end user Share data with business partners 31
Manage Check Point Mobile security policies with SMART-1 Endpoint Security Management E80 Endpoint Policy Network Policy Alongside with Network Security management R76 SMART-1 Security Management 32
Indhold Introduktion En skalerbar platform med udbygningsmuligheder Endpoint Sikkerhed Security Management DDoS 33
Security Management/Compliance Single domain management Multiple domains multiple managers Service provider Multiple domains multiple managers VSX VE VE VE Internet Gateways VE Enterprise VE VSX Customer VSX Hosting Customer VSX Customer 34
Indhold Introduktion En skalerbar platform med udbygningsmuligheder Endpoint Sikkerhed Security Management DDoS 35
Lidt statistik DDoS angreb Varighed af angreb Typisk angrebsstørrelse: 1,56Gbps (juni/2012) Spamhaus attack: +300Gbps, mere end 7 dage Angreb mod større finansielle instit.: 150Gbps Kilde: Neustar Insights, http://www.neustar.biz/enterprise/docs/whitepapers/ddos-protection/2012-ddos-attacks-report.pdf 36
DDoS angreb, eksempeltyper Volumetric Attacks Rå pakkebeskydning DNS Amplification Attacks Udnyttelse af sårbare applikationer til forstærkning af angreb SYN Attacks Opbrug ressourcer Application Attack Eks. sæt tryk på SSL Logins 37
DNS Amplification angreb, eksempel Attacker Open DNS Server Attack Target Simple DNS Request Able to amplify DNS request to victim Victim 38
SYN Attacks Spoofed Traffic, Random Sources Random SYN Packets Attack Target Utilize State Table on Firewalls and Servers Victim 39
Application Layer DDoS angreb Nye Application layer angreb er diskrete Udnyttelse af svagheder med Low&Slow angreb Relativt lav trafikvolumen og få connections Udnyttes ofte sammen med volumenbaserede angreb Vanskeligt at detektere med tærskeleller volumen baserede løsninger 40
Application angrebs eksempler SSL Login Attack Really Simple Thousands of login requests to web login page, consuming web and database resources Network and Server Resource Consumption Repeated PDF Get Attack Find a large PDF and download it thousands of times 41
DDoS angreb efter type Application Layer Attacks TCP SYN Flood Network Layer Attacks Stigende andel af angreb er af typen Application Layer Radware 2011 42
Check Point DDoS Protector Customized multi-layered DDoS protection Protects against attacks within seconds Integrated security management and expert support CPE or xsp placed 43
Løsningsmuligheder CPE løsning ISP Scrubbing Center Uafhængighed Optimal beskyttelse af driftsmiljø Hurtig reaktionstid Alle typer attacks Investering Implementering Drift & vedligehold Fjerner ikke linie load Intet onsite udstyr eller invest./opex Reducerer linie load Langsom reaktion evt. manuelt aktiveret Ingen automatik Ikke fuldt effektiv Primært flood Intet onsite udstyr eller invest./opex Reducerer linie load Hurtig/automatisk reaktion Primært flood based attacks Latency 44
Løsningsvalg Service Brancheeksempler Ingen Ukritisk Ukritisk Ukritisk Mindre virksomheder CPE ISP Kritisk Kritisk e-commerce sites, alm. virksomheder Ukritisk Ukritisk Scrubbing Kritisk Ukritisk Ukritisk Update-services (Spamhaus), e-commerce sites, alm. virksomheder CPE+ISP Tilgængelighed Reaktionstid Følsomhed Mediumkritisk Mediumkritisk Medium- Kritisk kritisk Kritisk Advokat, sundhedsportaler CPE+Scrubbing Kritisk Kritisk Kritisk Større financielle virksomheder, nationale services, børs-sensitive virksomheder 45
DDoS Begivenheder (eksempler) Organisationer udsat for DDoS angreb eller trusler Organisation Dato Anledning/source Amazon.com, ebay.com Februar 2000?/mafiaboy 3F fagforening Juli 2012 Sympati/Elan0r1 Swedish public authorities September 2012 Protest/Anonymous Spamhaus Marts 2013 Skade/Stophaus ING/Dutch Banks/On-line services April 2013 Chikane/? Kommunernes Landsforening April 2013 Protest /Geek Nets April 2013 Chikane/? Banker generelt Konstant Chikane-kriminel aktivitet US Governments/Banks (#OpUSA) 7. Maj 2013 Protest/Anonymous Belgian Public Internet 15. Juni 2013 Protest/Anonymous 46
Real life scenario IT-driften: Én af de mest stressfyldte situationer vi har oplevet 47
DDoS recap Lessons learned: Alle ringer og spørger efter status De sædvanlige IT-værktøjer er ikke tilgængelige eller responderer langsomt evt. stationære telefoner kan også være sat ud af spillet Igangsatte tiltag mister deres effekt fordi angriber ændrer taktik Hav en plan mod DDoS og test om den fungerer Involverer bl.a. kombination af automatiske og manuelle værktøjer og procedurer samt evt. samarbejde med ISP eller anden serviceudbyder Forbered organisationen på et angreb (IT-drift, PR, medarbejdere, samarbejdsrelationer) Vær opmærksom på om angrebet anvendes som afledning for andre kriminelle aktiviteter Firewall og backend services bør trimmes til at imødegå DDoS-angreb Investeringen i kontrolforanstaltninger bør stå mål med risikoen ved, IT-mæssigt, at blive sat ud af spillet i timer eller dage 48
Afslutningsvis Skalérbare løsninger fra small office til store datacentre Sikkerhed gennem etablering af flere lag Bredt erfaringsgrundlag ift. cyber sikkerheds-udfordringen Robust og stabil teknologi på et bredt spektrum af platforme Mangeårig erfaring med partnerskab på support og udviklingsniveau med både mindre og store kunder 49