54
1 1 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | [Restricted] ONLY for designated groups and individuals

festival ICT 2013: Check Point 2013 Security Report

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: festival ICT 2013: Check Point 2013 Security Report

11©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals

Page 2: festival ICT 2013: Check Point 2013 Security Report

22©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

A comprehensive survey – and much more !

888 companies

1,494 gateways

120,000 Monitoring hours

112,000,000 security events

[Restricted] ONLY for designated groups and individuals

Page 3: festival ICT 2013: Check Point 2013 Security Report

33©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

40%

40%

20%

39%

14%10%7%

4%

26%

A comprehensive survey% of companies

Americas

EMEA

APACIndustrial

FinanceGovernment

Telco

Consulting

Other

By geography By sector

[Restricted] ONLY for designated groups and individuals

Page 4: festival ICT 2013: Check Point 2013 Security Report

44©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Multiple sources of data

SensorNet

3D Reports

Threat Cloud

[Restricted] ONLY for designated groups and individuals

Page 5: festival ICT 2013: Check Point 2013 Security Report

55©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Looking back and forward

Main security threats & risks

Security architectureRecommendations

2012 2013 and beyond

[Restricted] ONLY for designated groups and individuals

Page 6: festival ICT 2013: Check Point 2013 Security Report

66©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

The Check Point Security Report 2013

About the research

Key findings

Security strategy

Summary

[Restricted] ONLY for designated groups and individuals

Page 7: festival ICT 2013: Check Point 2013 Security Report

77©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

We will talk about 3 issues

Threatsto the

organization

Riskyenterprise

applications

Data loss incidents in the network

[Restricted] ONLY for designated groups and individuals

Page 8: festival ICT 2013: Check Point 2013 Security Report

88©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Another day, another major hack

[Restricted] ONLY for designated groups and individuals

Page 9: festival ICT 2013: Check Point 2013 Security Report

99©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Just this week….

[Restricted] ONLY for designated groups and individuals

“Hackers in China Attacked The Times for Last 4 Months”(NY Times , Jan 30, 2013)

“Wall Street Journal also hit by hack” (WSJ , Jan 31 2013)

Page 10: festival ICT 2013: Check Point 2013 Security Report

1010©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

2012: the year of hacktivism

Arab SpringPolitical freedom

FoxconWorking conditions

Justice DepartmentAnti-corruption

VaticanUnhealthy transmitters

UN ITUInternet deep packet inspection

[Restricted] ONLY for designated groups and individuals

Page 11: festival ICT 2013: Check Point 2013 Security Report

1111©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

This does not affect me, right?

[Restricted] ONLY for designated groups and individuals

Page 12: festival ICT 2013: Check Point 2013 Security Report

1212©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

The majority of companies are infected

63%

100% = 888 companies

of the organizations (2 out of 3) in the research were infected with bots

[Restricted] ONLY for designated groups and individuals

Page 13: festival ICT 2013: Check Point 2013 Security Report

1313©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Once in … always on

Communicating with command & control every

21minutes

[Restricted] ONLY for designated groups and individuals

Page 14: festival ICT 2013: Check Point 2013 Security Report

1414©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Top 2012 Bots

[Restricted] ONLY for designated groups and individuals

Page 15: festival ICT 2013: Check Point 2013 Security Report

1515©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Exploit kits are easy to buy

Rental costsOne day – 50$Up to 1 month – 500$3 month – 700$

Rental costsOne day – 50$Up to 1 month – 500$3 month – 700$

Available online

[Restricted] ONLY for designated groups and individuals

Page 16: festival ICT 2013: Check Point 2013 Security Report

1616©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

But there is more than Bots, right?

MalwareINSIDE

How does malwareget to my network?

[Restricted] ONLY for designated groups and individuals

Page 17: festival ICT 2013: Check Point 2013 Security Report

1717©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Going to the wrong places…

[Restricted] ONLY for designated groups and individuals

Page 18: festival ICT 2013: Check Point 2013 Security Report

1818©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Downloading malware all the time

53%of organizations saw malware downloads

[Restricted] ONLY for designated groups and individuals

Page 19: festival ICT 2013: Check Point 2013 Security Report

1919©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Anatomy of an attack

Recon

Exploit

Toolkit

Backdoor

Damage4

3

2

1

BOT

Virus

RAT

[Restricted] ONLY for designated groups and individuals

Page 20: festival ICT 2013: Check Point 2013 Security Report

2020©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Two major trends

BOT

Virus

Damage

Profit driven A

Ideological driven B

4RAT

[Restricted] ONLY for designated groups and individuals

Page 21: festival ICT 2013: Check Point 2013 Security Report

2121©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Case example

Massive SQL injection attack

Italian University

[Restricted] ONLY for designated groups and individuals

Page 22: festival ICT 2013: Check Point 2013 Security Report

2222©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Case StudyHacker injected the following string…

In normal language:“Please give me the usernames and

passwords from the database”

In normal language:“Please give me the usernames and

passwords from the database”

[Restricted] ONLY for designated groups and individuals

Page 23: festival ICT 2013: Check Point 2013 Security Report

2323©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

BLOCKED

by Check Point IPS Software Blades

From around the world…

Case study - the success

[Restricted] ONLY for designated groups and individuals

Page 24: festival ICT 2013: Check Point 2013 Security Report

2424©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Main takeaways…

63%63% of organizations were infected with bots

53%53% of organizations experienced malware downloads

[Restricted] ONLY for designated groups and individuals

Page 25: festival ICT 2013: Check Point 2013 Security Report

2525©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

We will talk about 3 issues

Threatsto the

organization

Riskyenterprise

applications

Data loss incidents in the network

[Restricted] ONLY for designated groups and individuals

Page 26: festival ICT 2013: Check Point 2013 Security Report

2626©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

No longer a game

[Restricted] ONLY for designated groups and individuals

Page 27: festival ICT 2013: Check Point 2013 Security Report

2727©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

What are risky applications?

Bypassing security or hiding identity

Do harm without the user knowing it

P2P file sharing

Anonymizers

File sharing / storage

Social networks

[Restricted] ONLY for designated groups and individuals

Page 28: festival ICT 2013: Check Point 2013 Security Report

2828©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Just this week….

[Restricted] ONLY for designated groups and individuals

We discovered one live attack and were able to shut it down in process moments later,

However, our investigation has thus far indicated that the attackers may have had access to limited user information — usernames, email addresses and passwords — for approximately 250,000 users.”Bob Lord, Twitter’s director of information securit y. (Friday, Feb 1, 2013)

Page 29: festival ICT 2013: Check Point 2013 Security Report

2929©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Risky applications

Anonymizers

[Restricted] ONLY for designated groups and individuals

Page 30: festival ICT 2013: Check Point 2013 Security Report

3030©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

What is an anonymizer?

Firewall

OK

User Proxy Site

[Restricted] ONLY for designated groups and individuals

Page 31: festival ICT 2013: Check Point 2013 Security Report

3131©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

History of Anonymizers

Began as “The Onion Router”

Officially sponsored by the US Navy

80% of 2012 budget from US Government

Used widely during Arab Spring

[Restricted] ONLY for designated groups and individuals

Page 32: festival ICT 2013: Check Point 2013 Security Report

3232©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

The risk of anonymizers

Bypasses security infrastructure

Used by botnets to communicate

Hide criminal, illegal activity

[Restricted] ONLY for designated groups and individuals

Page 33: festival ICT 2013: Check Point 2013 Security Report

3333©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Anonymizers inside the corporation

47%of organizations had users of Anonymizers(80% were not aware that their employees use Anonymizers)

100% = 888 companies

[Restricted] ONLY for designated groups and individuals

Page 34: festival ICT 2013: Check Point 2013 Security Report

3434©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Risky applications

P2P file sharing

[Restricted] ONLY for designated groups and individuals

Page 35: festival ICT 2013: Check Point 2013 Security Report

3535©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

The Risk of P2P Applications

Downloading the latest

“24” episoderight now ☺

Pirated content liability

Malware downloads

“Back door” network access

[Restricted] ONLY for designated groups and individuals

Page 36: festival ICT 2013: Check Point 2013 Security Report

3636©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

P2P inside the corporation

61%of organizations had a P2P file sharing app in use

100% = 888 companies

[Restricted] ONLY for designated groups and individuals

Page 37: festival ICT 2013: Check Point 2013 Security Report

3737©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Case example: P2P

3,800personal details shared

on P2P

95,000personal details shared

on P2P

Fines for information disclosers

[Restricted] ONLY for designated groups and individuals

Page 38: festival ICT 2013: Check Point 2013 Security Report

3838©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Main takeaways…

61% of organizations had a P2P file sharing app in use

47% of organizations had users of anonymizers

[Restricted] ONLY for designated groups and individuals

Page 39: festival ICT 2013: Check Point 2013 Security Report

3939©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

We will talk about 3 issues

Threatsto the

organization

Riskyenterprise

applications

Data loss incidents in the network

[Restricted] ONLY for designated groups and individuals

Page 40: festival ICT 2013: Check Point 2013 Security Report

4040©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

How common is it?

54%of organizations experienced data loss

[Restricted] ONLY for designated groups and individuals

Page 41: festival ICT 2013: Check Point 2013 Security Report

4141©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Many types of data leaked

[Restricted] ONLY for designated groups and individuals

Page 42: festival ICT 2013: Check Point 2013 Security Report

4242©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

PCI compliance can be improved

Of financial organizations sent credit card data outside the organization

[Restricted] ONLY for designated groups and individuals

Page 43: festival ICT 2013: Check Point 2013 Security Report

4444©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

We have all had this problem

Error 552 : sorry, that message exceeds my maximum message size limit

Dropbox ?YouSendIt?

Windows Live?

[Restricted] ONLY for designated groups and individuals

Page 44: festival ICT 2013: Check Point 2013 Security Report

4545©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Storing and Sharing applications

80%of organizations use file storage and sharing applications

100% = 888 companies

[Restricted] ONLY for designated groups and individuals

Page 45: festival ICT 2013: Check Point 2013 Security Report

4646©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Top sharing and storage apps

70

51

25

22

13

10

Dropbox

Windows Live

Curl

YouSendIt

Sugarsync

PutLocker

% of organizations

But sharing is not always caring…

[Restricted] ONLY for designated groups and individuals

Page 46: festival ICT 2013: Check Point 2013 Security Report

4747©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

The Check Point Security Report 2013

About the research

Key findings

Security strategy

Summary

[Restricted] ONLY for designated groups and individuals

Page 47: festival ICT 2013: Check Point 2013 Security Report

4848©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

We talked about three issues

Threatsto the

organization

Riskyenterprise

applications

Data loss incidents in the network

[Restricted] ONLY for designated groups and individuals

Page 48: festival ICT 2013: Check Point 2013 Security Report

4949©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Anatomy of an attack

Recon

Exploit

Toolkit

Backdoor

Damage4

3

2

1

BOT

Virus

RAT

[Restricted] ONLY for designated groups and individuals

Page 49: festival ICT 2013: Check Point 2013 Security Report

5050©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Addressing external threats

FW AVIPS

Anti B

ot

UR

LF

Threat E

mulation

[Restricted] ONLY for designated groups and individuals

Page 50: festival ICT 2013: Check Point 2013 Security Report

5151©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Enabling secure application use

UR

LF

Ant

iviru

s

App

licat

ion

Con

trol

[Restricted] ONLY for designated groups and individuals

End

poin

t

Page 51: festival ICT 2013: Check Point 2013 Security Report

5252©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Preventing data loss

Doc

Sec

DLP

Data

End

Poi

nt

App

licat

ion

Con

trol

Use

r ch

eck

[Restricted] ONLY for designated groups and individuals

Page 52: festival ICT 2013: Check Point 2013 Security Report

5353©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Seeing attacks and protections

SmartEvent

SmartLog

SmartDashboard

[Restricted] ONLY for designated groups and individuals

Page 53: festival ICT 2013: Check Point 2013 Security Report

5454©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

Summary

63%

47%

54%

Infected with bots3 key

Takeaways Used Anonymizer

Experienced data leak

Multi Layer SecurityCentral Management

Manage &

Monitor

Protect fromexternal threatsProtect fromexternal threats

Prevent accessto bad sourcesPrevent accessto bad sources

Keep the organization secured

Keep the organization secured

[Restricted] ONLY for designated groups and individuals

Page 54: festival ICT 2013: Check Point 2013 Security Report

5555©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |[Restricted] ONLY for designated groups and individuals