CPX 2016 Moti Sagey Security Vendor Landscape

©2016 Check Point Software Technologies Ltd. 1 ©2016 Check Point Software Technologies Ltd. ©2016 Check Point Software Technologies Ltd. [Protected] Non-confidential content

Moti Sagey | Head of Competitive Intelligence

SECURITY VENDOR LANDSCAPE WHAT TO ASK, WHAT TO KNOW

AND HOW TO DECIDE

©2016 Check Point Software Technologies Ltd. 2

Uncompromised Security

Dynamic Architecture

Operational Simplicity

Commitment to Customer Success

WHAT DOES IT TAKE

TO WIN YOUR TRUST?

©2016 Check Point Software Technologies Ltd. 3 [Protected] Non-confidential content

U N C O M P R O M I S E D S E C U R I T Y

In other words… Can you keep

the bad guys out????


“Not If You Are Using Outdated Thinking”?

“For the imagination of man's heart

is EVIL from his youth” -Genesis 8:21


What does advanced threat defense look \like today? The 5 styles

Real Time/ Near Real Time

Post Compromise (Days/Weeks)

Payload Analysis/

Sandbox S T Y L E 3

S T Y L E 2

Network Forensics

Network Traffic Analysis

S T Y L E 1

Endpoint Behavior Analysis

S T Y L E 4

Endpoint Forensics

S T Y L E 5

Time

Detective/ Detection

Retrospective/ Response

Check Point, Damballa,

Lancope, Fidelis,

Check Point, FireEye, Cisco

,Fortinet, Trend Micro, PAN

Check Point, Bromium,

CounterTack, Invincea,

Palo Alto Networks, IBM

(trusteer)

IBM (QRadar),FireEye

(nPulse) RSA

NetWitness, Blue

Coat (Solera)

Check Point, Bit9

(Carbon

Black),FireEye,

Tanium,Cisco

PAYLOAD

NETWORK

Source: http://www.gartner.com/newsroom/id/2595015

ENDPOINT


Firewall IPS VPN

Web AV URLF A-Spam AV Anti-X

Enterprise and Upper-Midsize Businesses

Small and Lower-Midsize Businesses

UTM

SSL VPN APP ID FW+IPS

Network Security Today - the Role of Convergence

Next-Generation

Firewall

Secure Mail

Gateway

Secure Web

Gateway SandBox


IN GOD WE TRUST, ALL OTHERS MUST BRING DATA

THE CHALLENGE – EVERY VENDOR WILL TELL YOU THEY ARE THE BEST

W.H Deming


IPS Recommended – Jan 2011

Best integrated IPS Security Score of 97.3%!

NGFW Recommended – April 2011

World’s first NSS Recommended NGFW!

FW Recommended – April 2011

Only vendor to pass the initial test!

NGFW Recommended – Jan 2012

Continued NGFW Leadership and Excellence!

IPS Recommended – July 2012

Leading integrated IPS Security Score of 98.7%!

FW Recommended – Jan 2013

Best Security + Management score of 100%!

IPS Individual Test – Feb 2013*

61000 IPS Security Score of 99%! 26.5G IPS

IPS Recommended – Nov 2013

100% Management score and Best annual Management Labor Cost

(Upkeep and Tuning)!

NGFW Recommended – Feb 2013

Best Security + Management Score of 98.5%!

• Individual product test and not part of a Group Test.

NSS only awards “Recommended” in Group Tests.

NGFW Recommended – Sept 2014

4th NGFW Recommended

BDS Recommended – Aug 2015

1st time tested , 100% unknown malware catch-rate

NGFW Recommended – Mar 2016

99.8% Catch rate and 5th NSS NGFW Recommended!

NSS labs- Check Point’s track record of security leadership and excellence!

©2016 Check Point Software Technologies Ltd. 9 ©2016 Check Point Software Technologies Ltd.

0 1

0 0

4

2

0

3

5 4

3

0

11

4

6

8

2

0

Caution

Neutral

Recommended

©2016 Check Point Software Technologies Ltd.

9

NSS LABS: CHECK POINT THE ONLY VENDOR WITH CONSISTENT “RECOMMENDED” RATING

• Source: NSS Labs * WAF & EPP not calculated

*


Check Point Sandblast

Recommended for Security Effectiveness and Value


100% HTTP Malware

100% SMB Malware

100% Email Malware

100% Drive-by-Exploits

(only vendor)

97.2% Detection Rate

Fastest solution (7Gbps)

Lowest TCO

SandBlastTM


NSS security value map breach detection Systems

*updated with 10Gb nic retest Source:http://public.brighttalk.com/resource/core/89391/nss-bds-group-test-update-dec-2015_133131.pdf

10Gb nic retest

CHECK POINT

http://public.brighttalk.com/resource/core/89391/nss-bds-group-test-update-dec-2015_133131.pdf















Yet another Proof, Industry’s Best Catch-rate

U N K N O W N M AL W AR E

I N M AL I C I O U S D O C U M E N T S 100

90

80

70

60

50

40

30

20

10

0

95

50 40

60

80

CHECK POINT FIREEYE PALO ALTO

NETWORKS

CISCO

SOURCEFIRE

FORTINET

Source: Miercom APT Industry Assessment

%


U N K N O W N M AL W AR E

I N M O B I L E AP P L I C AT I O N S 100

90

80

70

60

50

40

30

20

10

0

99 88

21

90

71

CHECK POINT FIREEYE PALO ALTO

NETWORKS

AVG LOOKOUT

Source: Lacoon competitive benchmark 2015

%

Yet another Proof, Industry’s Best Catch-rate


14


Check Point One Step Ahead in Detection and Prevention of Threat Focused Apps

Potentially Risky Apps Check

Point

Palo Alto

Networks

Fortinet Cisco

# of Anonymizers proxy/tunnel apps

(e.g. TOR, UltraSurf, HideMyAss…) 167 78 107 32

# of P2P apps

(e.g. Bitorrent, WinMX…) 341 129 85 51

# of File sharing apps

(e.g. Dropbox, Google Drive, Mega…) 885 270 291 246

# of Remote Admin apps

(e.g. TeamViewer, LogMeIn…) 136 93 91 93

Total number of apps 7,000 2,177 2,661 4,218

Average released apps per month

(Jan 2015-March 2016) 37 14 10 15

Source: Check Point AppWiki, PAN Applipedia, Fortinet FortiGuard, Cisco FirePower , as of March 30st 2016

[Protected ] Non-confidential content


Security Shortcuts Risk and Reward

Hidden configuration page


How to Expose Security Shortcuts in POC’s

DOWNLOAD THE GUIDE http://tiny.cc/poc-shortcuts

http://tiny.cc/poc_shortcuts




Traditional Sandboxes are Prone to Evasions

ATTACKERS CONSTANTLY DEVELOP

NEW DECPETION TECHNIQUES TO

BYPASS SANDBOXES

DECEPTION


Can the solution prevent threats from getting to the network or it just tells you after the fact? 1

Evaluating A Sandbox?: Top Questions you should ask the vendor and Check for yourself


What is the maximum file size for inspection? 2



Which file types you support (what about archives)? 3



What type of Hypervisor for OS Images?

How To Import A Custom Image

From VMware Onto The McAfee ATD

4



23

Vulnerable (Bypassed More Than 100 Different Ways)

GOOGLE “HTTP EVADER” ©2016 Check Point Software Technologies Ltd.

23


24

Protected. Period.

R77.30


24


25

VULNERABILITIES AND HOW VENDORS DEAL WITH THEM


26


234 Days


27


134 Days


28



29


1096 Days






WHAT DOES IT TAKE

TO WIN YOUR TRUST?


D Y N A M I C A R C H I T E C T U R E

In other words…I don’t even know where my

own ecosystems begins and ends, how do I

deal with that?

[Protected] Non-confidential content


THE CHALLENGE OF SECURING BORDERLESS NETWORKS


Check Point Software Based Architecture means Dynamic Agile Security






WHAT DOES IT TAKE

TO WIN YOUR TRUST?


OPERATIONAL SIMPLICITY In other words… don’t tell me I will need

more people to run this stuff


The KISSME Challenge Keeping IT Security Simple Manageable & Effective

http://tiny.cc/kissme1

Security function

Check Point Palo Alto Fortinet Cisco NGFW

Challenge 1:

How Many Consoles Does it

Take?

Challenge 2:

A Day in the Life of an IT Admin Allow G.Docs Download, Block CC Data

Challenge 4:

Ease of visibility

Challenge 3:Scaling for Growth multi-tenancy , Obj. Separation, Global

pol. across domains, concurrent admins

4X

5 locations

3X

2 locations

1 Fastest

Time

1 location

sees it all

5X

5 locations

3 3 4 4:03 71 mouse

clicks

5:03 148 mouse

clicks

8:05 141 mouse

clicks

R80 PAN-OS 7.1 Forti-OS 5.4 6.0.1 (FTD)

1:45 45 mouse

clicks

http://tiny.cc/kissme1


1000

1500 1500

2000 2000

Check Point Fortinet Juniper PAN Cisco

Source: NSS Labs NGFW Group Test 2013

Improved Productivity Man hours required for yearly management of 20 gateways per site

“The Check Point management remains the de facto “gold standard”

against which other consoles are measured” Gartner


Unmatched Unified Access Policy

[Restricted] ONLY for designated groups and individuals

Users Devices Applications Data Gateways Mobile Public Cloud Private Cloud






WHAT DOES IT TAKE

TO WIN YOUR TRUST?


CUSTOMER SUCCESS

In other words… how long will I be exposed

if something bad does happen?



41

9 hours

Check Point

Cisco

2 days

Fortinet

5 days

Heartbleed Shellshock Poodle-TLS Venom

22 hours

Check Point

18 hours

Check Point

30 hours

Check Point

Palo Alto

29 days

Fortinet

14 days

Palo Alto

56 days

Fortinet

10 days

Palo Alto

10 days

Fortinet

9 days

Sense of Urgency is in Our DNA

Full references at http://tiny.cc/dna-cp


2015,2016

Average Response Time for Top Vulnerabilities(ips)

SSL Drown Attack

50 minutes

Check Point

Palo Alto

900 min.

Cisco

98 min.

0 hours

Check Point

13 hours

Check Point

Palo Alto

10 days

Fortinet

9 hours

Palo Alto

5 days

Fortinet

5 days

Flash (In The Wild) 0days 2016

Full references at http://tiny.cc/dna-cp

11 Minutes

Check Point

Palo Alto

540 min.

Fortinet

60 min.

BADLOCK

Microsoft Patch Tuesday


Competitors “IDEAL TESTING CONDITIONS” Sizing

Marketing Numbers Vs. Predictable Production Performance


Check Point , The Only Vendor to Provide Predictable Production Performance for its customers

Marketing Numbers Vs. Predictable Production Performance


THE WORLD’S LARGEST SECURITY ECOSYSTEM

ENFORCEMENT

MANAGEMENT

THREAT INTELLIGENCE

INFRASTRUCTURE

MOBILITY

CLOUD

101 TECHNOLOGY

PARTNERS


Operational Simplicity Operational Simplicity

Uncompromised Security Dynamic Architecture Dynamic Architecture


Commitment to Customer Success Commitment to Customer Success

SUMMARY- CHECK POINT

ONE STEP AHEAD OF THE INDUSTRY


AVOID THE HYPE,

GET THE FACTS



THANK YOU


Internet

CPX 2016 Moti Sagey Security Vendor Landscape