Csa summit seguridad en el sddc

Lucas S. GarcíaSecurity Engineer

©2015 Check Point Software

Technologies Ltd. ©2015 Check Point Software

Technologies Ltd.

[Protected] Non-confidential

content

WE ARECHECK POINTWE SECURETHE FUTURE

©2015 Check Point Software Technologies Ltd. 4

TODAYONE ATTACK CAN SHUT

DOWN AN ENTIRE

COUNTRY’S POWER GRID,

DISRUPT TRANSPORTATION

SYSTEMS, OR STEAL

THE PERSONAL

INFORMATION OF MILLIONS.


FROM START-UPS TO

LARGE CORPORATIONS

NO ONE ISIMMUNE


2014WORLD’S BIGGEST

DATA BREACHES

EBAY

145MCustomers

at Risk

SONY

48KEmployees

Exposed

HOME

DEPOT

56MCustomers

at Risk

JP MORGAN

CHASE

76MCustomers

at Risk

TARGET

70MCustomers

at Risk

JAPAN

AIRLINES

750KCustomers at Risk

DOMINOS

PIZZA FRANCE


APPLE



ATTACKS ARE CONSTANTLY

EVOLVINGINCREASE OF

CYBER THREATS

OVER THE

PREVIOUS YEAR

125% MORESOCIAL MEDIA PHISHING SITES

42% MORETARGETED CYBER ATTACKS

58% MOREMOBILE MALWARE FAMILIES

WEB-BASED ATTACKS

30% MORE


BY 2020:

1 BillionSMART METERS

100 MillionSMART LIGHT BULBS

7 ManufacturersWILL HAVE

DRIVERLESS CARS

USE SMART WEARABLES(CLOTHING AND WATCHES)

50% of Consumers


Will have access to every part of our work and daily lives: how we commute, how we operate, how we feel, what we seek

HACKERS


WE NEED

SECURITY

TODAY

AGAINST

TOMORROW’S

THREATS


WE PROVIDEPROTECTIONSAGAINST NEW THREATS EVERY DAY

10,000,000Bad-Reputation

Events

700,000Malware

Connections

Events

30,000Malware

Files Events


WE OFFER THE ARCHITECTURETHE MOST ADVANCED MANAGEMENT AND

REAL TIME PROTECTION

SOFTWAREDEFINEDPROTECTION

©2015 Check Point Software Technologies Ltd. 13©2015 Check Point Software Technologies Ltd. 13[Protected] Non-confidential content

SDPManagement layer

Control Layer

Enforcement Layer

SOFTWARE-DEFINED PROTECTION

Cloud

Phone

Internet

of Things

Network Home

Appliances

©2015 Check Point Software Technologies Ltd. 14©2015 Check Point Software Technologies Ltd. 14[Protected] Non-confidential content

BUILT ON A COMPREHENSIVE ARCHITECTURE

ENFORCEMENT LAYERInspects traffic and enforces protection in well-defined segments

CONTROL LAYERDelivers real-time protections to the enforcement points

MANAGEMENT LAYERIntegrates security with business process

©2015 Check Point Software Technologies Ltd. 15©2015 Check Point Software Technologies Ltd. [Protected] Non-confidential content

Lucas S. GarcíaSecurity Engineer | AR PY UY

CHECK POINT vSEC

Security for the Modern Datacenter

©2015 Check Point Software Technologies Ltd. 16[Protected] Non-confidential content

HACKERS TARGET THE DATACENTER


BIG INSURANCE COMPANY BEEN HACKED

Hacker breached few of the 37 company’s affiliates

Gain unauthorized access to databaseDec2013

January 2015

13 months later, first affiliate found it has been breached

Effecting 11 M people records

May-Sep 2015

More affiliates companies found they has been breached

Effecting over 100M people & employees records

©2015 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals

KNOWN DATACENTER SECURITY INCIDENTS

Many universities in the US been breached “..Attack originated in China gained access to servers..”

Big bank datacenter been hacked“…million accounts were stolen from bank’s databases..”

Hacking dating service datacenter“…33 million accounts, passwords, credit cards, addresses were published..”

©2015 Check Point Software Technologies Ltd. 19[Protected] Non-confidential content

ENTERPRISE MOVE FROM VIRTUAL DATACENTER TO HYBRID CLOUD*

Hybrid Cloud =Private Cloud & Public IaaS


DATA CENTER EVOLUTION

VIRTUAL DATA CENTER THE HYBRID CLOUD

• Manual operation

• Perpetual licensing

• Automation & Orchestration

• Pay as you go licensing


THE NEW CLOUD ENVIROMENT

Cloud Management

One place to orchestrate and

automate all applications

Hypervisor

The virtual compute

SDN

Central place to control

the entire networks


NEW SECURITY CHALLENGESMODERN DATA CENTER


• Perimeter Gateway doesn’t protect traffic inside the data center

• Lack of security between applications

• Threats attack low-priority service and then move to critical systems

Modern threats can spread laterally inside the data center,

moving from one application to another

CHALLENGE #1:

LATERAL THREATS


• New applications provisioned rapidly

• Virtual-app movement

• Change IP address

• Unpatched dormant VMs that wakes up

Traditional static security fail to protect dynamic datacenter

CHALLENGE #2:

DYNAMIC CHANGES


Complex to manage different security products

in a multi-clouds environment?

CHALLENGE #3:

COMPLEX ENVIRONMENT


HOW TO PROTECT THESOFTWARE DEFINED DATACENTER?


vSEC ELEMENTS:

vSEC GATEWAYSecure traffic between applications

in the hybrid cloud

vSEC CONTROLLERAutomated security

with unified management


vSEC GATEWAY

Use vSEC Gateway to prevent lateral threat movement between

applications inside the datacenter


vSEC CONTROLLERTO AUTOMATE YOUR SECURITY

vSEC Controller

Check Point Smart Center


UNIFIED MANAGEMENTUNIFIED VISIBILITY

Unified security management and threat visibility

across virtual, physical & public cloud gateways


DELEGATE SECURITY CHANGES

*Available in R80

Use security policy that is easily correlated to micro-segmented environment

R80 Sub-Policies The only NGTP solution with

policy designed for micro-

segmented environment


SOFTWARE DEFINED DATACENTER DEMO ENVIRONMENT


VMWARE NSXNetwork and Security Extention

Key Benefits

Combine virtual systems to Security Groups

Control traffic that is passing between virtual systems

Apply Tags to virtual systems and declare a security state

Hardware

Hypervisor

vm vm

Web Server

vm vm

DB Server Isolated

DBDBWebWeb

vmInfected

[Protected] Non-confidential content


SDDC Demo Environment


NSX Security Groups

Check Point

Anti-Bot Blade




NSX Configuration:

Tag infected VM’s «Infected»

Check Point Security Policy

NSX Configuration:

«Infected» VM’s belong to «IsolatedSecurity Group»




LOG

WEB_Serveris infected!

MOID of WEB_Server = abcd-efgh

WEB_Server = MOID abcd-efgh

Need to Tag MOID «Infected»

Infected

37©2015 Check Point Software Technologies Ltd. 37

Investigative Best Practices

with Threat Prevention

38©2015 Check Point Software Technologies Ltd.

Early detection and rapid response is essential!

Organizations today are facing unprecedented growth in the diversity and

number of security threats from advanced and sophisticated malware.

Introduction

To help stay ahead of modern malware,


Investigate if a host is truly infected with malware

Introduction

Providing easy-to-use tools and guidelines for implementing

malware investigation process, using the Threat Prevention

Software Blades.

Identify the malware type and potential damages

Remediate infected computers

Using this guide you will be able to:

Detect suspicious behavior that might indicate additional infected

computers

Remediate infected computers


Advanced Threat Prevention

Anti-Virus

Anti-Bot

Threat Emulation

Block access to malware-infested websites

Block downloads of known malware

Fight targeted attacks that

use unknown malware

Identify and Prevent

bot communications

IPS

Stop attacks exploiting known vulnerabilities


Incident Handling Process

Identify

Investigate

Track

Monitor Threat Prevention events to identify suspicious hosts

Conclude if the host is infected and with what type of malware and its behavior

Track infected computers’ activity to identify additional infected computers

RemediateRecover infected machines

Investigate

Track

Identify

Remediate

Prepare

Optimizing configuration based on network topology

Prepare


SUMMARY


SUMMARY:

Security Automation

Unified Security Control

&Visibility

Advanced Security for

Hybrid Cloud

SECURITY THAT TAKES YOUR MODERN DATACENTER

ONE STEP AHEAD

GRACIAS !!!

• Email: [email protected]

Technology

Csa summit seguridad en el sddc