Upload
festival-ict-2014
View
454
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Cloud Services Prevent Zero-day
and Targeted Attacks
2©2013 Check Point Software Technologies Ltd.
WOULD YOU OPEN
THIS ATTACHMENT?
WOULD YOU OPEN
THIS ATTACHMENT?
3©2013 Check Point Software Technologies Ltd.
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
Duqu Worm Causing Collateral Damage in a
Silent Cyber-WarWorm exploiting zero-day vulnerabilities in a Word document
4©2013 Check Point Software Technologies Ltd.
Exploiting Zero-day vulnerabilities
New vulnerabilities Countless new variants
“nearly 200,000 new malware samples appear
around the world each day” - net-security.org, June 2013
5©2013 Check Point Software Technologies Ltd.
WHAT ABOUT
NEW ATTACKS? Block download of
malware infested files
Detect and prevent
bot damage
Stops exploits of
known vulnerabilities
Check Point Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
6©2013 Check Point Software Technologies Ltd.
Check Point introducing
Check Point ThreatCloud Emulation Service
PREVENTION OF ZERO-DAY ATTACKS !
7©2013 Check Point Software Technologies Ltd.
INSPECT
FILE
PREVENTSHARE
Stop undiscovered attacks with
Check Point Threat Emulation
INSPECT
FILEEMULATE
PREVENTSHARE
8©2013 Check Point Software Technologies Ltd.
Exe files, PDF and
Office documents
Identify files in email
attachments and downloads over the web
Send file to virtual sandbox
INSPECT
Requires no infrastructure change or
adding devices
9©2013 Check Point Software Technologies Ltd.
EMULATE
Open file and monitor abnormal behavior
Emulating
Multi OS
environmentsWIN 7, 8, XP & user
customized
Monitored behavior:
• file system
• system registry
• network connections
• system processes
10©2013 Check Point Software Technologies Ltd.
A STANDARD CV?
Emulation @ Work
11©2013 Check Point Software Technologies Ltd.
Emulation @ Work
12©2013 Check Point Software Technologies Ltd.
Emulation @ Work
File System
Activity
System
Registry
System
Processes
Network
Connections
Abnormal file activity
Tampered system registry
Remote Connection to
Command & Control Sites
“Naive” processes created
13©2013 Check Point Software Technologies Ltd.
PREVENT
Security
Gateway
Inline stopping of malicious files on any gateway
14©2013 Check Point Software Technologies Ltd.
Immediate update of all gateways
SHARE
15©2013 Check Point Software Technologies Ltd.
INSPECT
FILEEMULATE
PREVENTSHARE
Stop undiscovered attacks with
ThreatCloud Emulation Service
16©2013 Check Point Software Technologies Ltd.
New exploit variant of vulnerability
(CVE-2012-0158)
Installs a bot agent
Opens network ports for bot
communication
Steals user credentials
Real Life Example
Prevented 140 phishing emails
targeting 4 customers in 2 days!
17©2013 Check Point Software Technologies Ltd.
Most Accurate and Fastest Prevention
Optimize analysis by
inspecting only files at risk
Optimize analysis by
inspecting only files at risk
Zero false-positive in
document emulation
Zero false-positive in
document emulation
THREAT EMULATION with ongoing innovation
18©2013 Check Point Software Technologies Ltd.
ThreatCloud Emulation Service
BranchBranch
HeadquartersHeadquarters
BranchBranch
Agent for Exchange ServerAgent for Exchange Server
ThreatCloud
Emulation Service
ThreatCloud
Emulation Service
Single Global Solution –For the entire organization
19©2013 Check Point Software Technologies Ltd.
ThreatCloud Emulation Service Advantages
Cloud based service—
works with your
existing infrastructure.
No need to install new
equipment
Control expenses with
manageable lower
monthly costs
Organizations can choose from
5 subscription options for global
file inspections, starting at
10,000 files per month and up
20©2013 Check Point Software Technologies Ltd.
threatemulation.checkpoint.com
Anyone can submit files for
THREAT EMULATION
21©2013 Check Point Software Technologies Ltd.
Multi-Layered Protection Against all Incoming Cyber Threats
Check Point Threat Prevention Solution
22©2013 Check Point Software Technologies Ltd.
Top Reasons customers pick Check Point Threat Emulation
works with your
existing infrastructure
-- No need to install
any new equipment
A Complete Threat
Prevention Solution
for Known and
Unknown threats
23©2013 Check Point Software Technologies Ltd.
Other Threat Emulation Solutions
Miss malicious files hiding in encrypted communication
Require multiple appliances per each network
Cannot prevent threats from infecting the organization.
Emulating Win XP only leaves Windows 7 attacks vulnerable
Don’t have a protection against unknown threats
24©2013 Check Point Software Technologies Ltd.
Summary
Check Point Prevents Zero-day Attacks
Stopping undiscovered malware
Simple deployment – requires no
Infrastructure change
Prevent infections from malicious
documents & executables
Part of Check Point multi-layered
Threat Prevention
Thank You