Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – India & SAARC, Check Point Software Technologies

©2015 Check Point Software Technologies Ltd. 1[Restricted] ONLY for designated groups and individuals

Ajit Pillai/ Director Sales- India & SAARCCheckpoint Technologies

Advanced Threat protection – Digital Era

©2015 Check Point Software Technologies Ltd. 2

Our Children Toys & Play Area


Year 2025 - Children Toys


Year 2025 - Children Play Area


WE DRIFT ALONG, BUT CAN’T CONTROL EVOLUTION?


Top-3 Gartner, Forrester, IEEE Trends (Consolidated)

Internet of

ThingsMobile Cloud

Extreme/Big Data

TECHNOLOGY EVOLUTION IN LAST 5 YEARS


Digital IndiaA programme to transform India into a digitally empowered

society and knowledge economy


Nine Pillars of Digital India

1. Broadband Highways

2. Universal Access to Phones

3. Public Internet Access Programme

4. E-Governance – Reforming government

through Technology

5. eKranti – Electronic delivery of

services

6. Information for All

Electronics Manufacturing

7. Electronics Manufacturing –

Target NET ZERO Imports

8. IT for Jobs

9. Early Harvest Programmes


Personnel Users Data Leak – Independent Breach Event


Ashley Madison Data Leak – Independent Breach Event


Correlation of two Independent Breach Events


FROM START-UPS TOLARGE CORPORATIONS

NO ONE ISIMMUNE


It’s not easy being a CISO


FwVPN

WAF

DAMSIEM Anti-

DDoS

Anti -APT

c

c

cc

c

c

Availabilityc

Scalability

Compliance

Security

Incident Mitigation

Incident Recovery

Linear Action

Non Linear Objective

Complexity

Fraud Detection & Management

Diffi

cult

to E

xecu

te

cSLA

cIPS

Design

c SSL VPN

MOST COMMON RESPONSE IN LAST 5 YEARS


WE STRONGLY BELIEVE IN OURLINEAR ACTIONS


THE REALITY GETS EXPOSED OWING TO NON-LINEAR OBJECTIVES


STAYINGONESTEPAHEAD


IT HAPPENS EVERYDAY

IT HAPPENS TO EVERYONE

The Writing is on the Wall

©2015 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals

THERE ARE MORE AND MORE THINGS WE DON’T KNOWZERO DAY,

Virus

CVEs

Bad URLs

UNKNOWN MALWARESignatures

Exploits TrojansBotnets

THE GROWTH OF THE UNKNOWN MALWARE


Modern Threats Are…

TARGETEDSTRATEGIC

MULTI-STAGEPERSISTENT

SOPHISTICATED EVASIVE

ATTACKS ARE MORE DANGEROUS THAN EVER


Modern threats require SOPHISTICATED DEFENSE

STRATEGY

Simple protections are FAILING


THE VICTIM’S PERSPECTIVET h e B a n a l i t y o f C y b e r A t t a c k s


Source: ComputerWeekly.com

Raymond unsuspectingly opens the attached file

A seemingly innocent mail from a familiar customer


All files on Raymond's computer are encryptedAll company files on shared volumes are also encrypted

Raymond's computer is infected with ransomwareWITHIN SECONDS

WITHIN MINUTES

WITHIN HOURS


Security Director’s Dilemma

PAY RANSO

M

RESTORE FROM

BACKUP

I’ve been assured it is

fully operational

Re-image Raymond’s computer Use backup repositories to restore company data

I’m not paying

money to criminals!


BACKUP IS BROKEN, RESTORE FAILS

HUGE FINANC

IAL LOSS

7 months of business data are LOSTMonths later, still scrambling to find lost files in mail attachments


THE ATTACKER’S PERSPECTIVEP l a n n i n g a n d E x e c u t i n g a

C y b e r A t t a c k


Planning and Executing A Cyber Attack

Reconnaissance

Identify the target and exploitable weaknesses

Weaponization

Create/select attack vector

Delivery

Deliver the malicious payload to the victim

Exploitation

Gain execution privileges

Installation

Install the malware on infected host

Command & Control

Establish a channel of communication

Act on Objectives

Data collection or corruption, Lateral movement and exfiltration

Planning the Attack Getting In Carrying out the Attack

• Look for potential victims • Collect relevant social data• Build, find or buy your weapon of

choice ‒ Exploit kit, Malware package

• Adapt to your specific needs• Package for delivery

Weeks in Advance• Bypass detection• Convince the

victim to open your crafted file

• Bypass system security control

• Install your malware

Within Seconds• Wait for your

malware to “call home”

• Instruct it what to do on the victim’s computer

• Continuously monitor its progress

From Here On…


Identify the target and exploitable weaknesses

Create/select attack vector

Deliver the malicious payload to the victim

Gain execution privileges

Install the malware on infected host

Establish a channel of communication

T h e C y b e r K i l l C h a i n

Data collection or corruption, Lateral movement and exfiltration

Reconnaissance

Weaponization Delivery Exploitatio

n Installation Command & Control

Act on Objectives


Simple Attack Timeline: Australian Ransomware

Act On

Recon

Weapon

Delivery

Exploit

Install

C&C

Locate email addresses

Create an infected

PDF

Send a spoofed email

with PDF

Key obtained from C&C

server

Cryptolocker installed

Files gradually encrypted

Victim double clicks attachment

T I M E

Some kill-chain steps take hours or even weeks, while others take mere seconds


Multi-Stage Attack Timeline:

Act On

Recon

Weapon

Delivery

Exploit

Install

C&C

Install Citadel-Zeus

malware

Bypass supplier’s security systems Send data to

Attacker, receive instructions

Activate malware to

move laterally Receive new

Malware for POS

Periodically send collected data to remote FTP server

Construct credential theft

malware

Construct POS RAM Scraping

malware

Search online for

Target suppliers

Grab secure credentials used

to access internal Target systems

Exploit vulnerability in supplier web-portal to

gain Target foothold

Extract credit card data upon reading swipes and relay to local staging server

Establish C&C

ChannelMalicious

attachment sent to Target’s HVAC supplier

Add malware to POS Update

Server

Install POS malware on all systems

Install a staging

server on a Target host

Summer 2013

Nov. 2013

Dec. 2013

T I M E

A complex attack repeats the kill-chain stages as it moves laterally towards its ultimate goal


TIMING IS EVERYTHING


Timing is Everything

Source: 2015 cost of data breach study: global analysis, Ponemon Institute

The Longer an attack goes UNDETECTED, the more time it takes to CONTAIN IT

The longer it takes to CONTAIN IT, the more it will COST

MAXIMUM

MEAN

MINIMUM

0 100 200 300 400 500 600 700 800

582

206

20

175

69

7

Days to Identify and Contain a Cyber Attack

IdentifyContain


IT’S TIME TO BREAK THE CHAIN


AVOID it if you can

Make every effort to PREVENT it

DETECT and CONTAIN it as soon as possible

Don’t make it easier for attackers by publicly volunteering your data

The only way to avoid the cost of an attack is to prevent it altogether

Minimize Your Exposure

Don’t linger.Once infected the cost just keeps on rising


Successful Defense Strategy

Reconnaissance


nInstallatio

nCommand & Control

Act on Objectives

P r e - C o m p r o m i s e C o m p r o m i s e P o s t -C o m p r o m i s e

[Restricted] ONLY for designated groups and individuals

Apply protection for EACH of the stages

No single step protection is enoughTackle attackers at each stage of their attack

Strong preventive defense BEFORE infection

Prevention is the most cost-effective form of protectionProtect against the devastating cost of a successful attack

Effective POST compromise defense

Damage and cost are proportional to timeMinimize the time it takes to detect and contain attacks


Successful Defense Strategy

Reconnaissance


nInstallatio

nCommand & Control

Act on Objectives



Apply signature-based protection at every step for quick prevention based on Threat Intelligence

Prevent KNOWN attacks

Prevent even the most sophisticated and dangerous attacks with advance prevention technologies

Prevent UNKNOWN attacks


SUCCESSFUL DEFENSE WITH CHECK POINT


Successful Defense with Check Point


Reconnaissance


nInstallatio

nCommand & Control

Act on Objectives


DLPThreat Intelligence

Firewall Anti-Virus Anti-Bot Anti-Bot IPS

Firewall

DLP

Document Security

Anti-Spam

URL FilteringThreat Emulation Threat ExtractionMobile Threat Prevention

IPS

Threat Emulation

Endpoint Security

Endpoint Security

ForensicsMobile Threat Prevention

Document Security

Firewall

IPSWINNING TECHNOLOGY AT EVERY

STEP

• Extensive research• Collaboration with

industry leading services• Sharing across users

community

• Multi-layer architecture• Evasion-resistant

detection • Best catch rate

• Proactive practical prevention

• Effective containment• Clear visibility and insight

BEST INTELLIGENCE BEST DETECTION BEST

PREVENTION


DLPThreat Intelligence

Firewall Anti-Virus Anti-Bot Anti-Bot IPS

Firewall

DLP

Document Security

Anti-Spam

URL FilteringThreat Emulation Threat ExtractionMobile Threat Prevention

IPS

Threat Emulation

Endpoint Security

Endpoint Security

ForensicsMobile Threat Prevention

Document Security

Firewall

IPS

A Single Unified Platform



Reconnaissance


nInstallatio

nCommand & Control

Act on Objectives

Efficient consolidated management and monitoring of numerous technologies

A single proven platform delivering the best Threat Prevention at every step

Mutual infrastructure allows Blades to cross feed one another with up-to-the-second Threat Intelligence

B E T T E R S E C U R I T Y, T O G E T H E R

POWERFUL COLLABORATION

SEAMLESS INTEGRATION

UNIFIED MANAGEMENT


PROTECT FROM THE UNKNOWN

Proactively eliminate malware

vehicles of delivery

THREAT EXTRACTIO

NCPU-Level

and OS-Level evasion resistantengines

THREAT EMULAT

ION

©2015 Check Point Software Technologies Ltd. 42lock [Restricted] ONLY for designated groups and individuals

ACCELERATE RESPONSE TO INFECTIONS

Automatic forensics analysis makes

detections actionable

CONTAINAND

RESPONDDetect and

block malicious

infections and activity

BLOCK AND

IDENTIFY


Mobile

Endpoint

Network

Data Center

Cloud

ICS

Server

WE PROTECT EVERYWHERE


SUMMARY


CHECK POINT THREAT PREVENTIONDetects

Protects some

BLOCKS attacks faster

ALL of your modern IT assets

Separated INTEGRATED technologies working together

Engineering

Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – India & SAARC, Check Point Software Technologies