Security Zone We Secure the Internet

Transcription

1 September 2013 Security Zone We Secure the Internet The Biggest Cybersecurity Threats of 2013 ALSO INSIDE: Four Steps to Successful Zero-Day Protection The New Face of Web Security

2 September 2013 Security Zone The Biggest CLICO is Value Added Distributor, CYBERSECURITY THREATS of focused on IT Security and Management, operating in Poland and Central & Eastern Europe p. 4 W H AT S I N S I D E Check Point Contacts FEATURES The Biggest Cybersecurity Threats of Four Steps to Successful Zero-Day Protection The Check Point Vision for Security Current Trends: Distributed Denial of Service Attacks The New Face of Web Security First Experience with Check Point Compliance Software Blade DePARTMENTS Letter from CEO Gil Shwed... 3 Interview: Dorit Dor The Real World in Real TIme... 7 Discover the Latest Solutions from Check Point... 8 Featured Check Point Solutions Headquarters Check Point Software Technologies Ltd. 5 Ha Solelim Street Tel Aviv 67897, Israel United States Headquarters Check Point Software Technologies Inc. 959 Skyway Road Suite 300 San Carlos, CA Global Offices US Sales Did You Know? Spotlight on Technology Check Point Software Technologies Ltd. All rights reserved. All other prodcut names mentioned herein are trademarks or registered trademarks of their respective owners, Security classification: [Protected] 1

3 2013 CEO LETTER GREETINGS FROM GIL SHWED Threat Emulation Zero-Day Attacks Stopped at the Zero-Hour Check Point Threat Emulation Software Blade prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects suspicious files, emulates how they run to discover malicious behavior, and prevents malware from entering the network. Threat Emulation immediately reports new threats to Check Point s ThreatCloud service and automatically shares the newly identified threats with other customers. Learn about Threat Emulation: Last year, to measure the IT Security threat level, we decided to turn to our customers environments. We monitored the networks of 900 organizations and discovered what is hiding in them. Over 100 Million events from about 1,500 Security Gateways were analyzed. From threats, bots, to usage of risky applications and potential data loss, the analysis of 120,000 hours of monitoring was eye-opening. We learned that there is no slowing down of malware. On the contrary, the intensity of risks thrown at enter prises is strengthening, and the sophistication and deceptive nature of each threat is increasing. We also learned that corporations are often unaware of such risks despite having complex security infrastructures in place. We realized that the fight against cybercrime needed to add another dimension, one that will expo nentially multiply the speed of prevention. That dimension is collaboration. Imagine the intelligence that thousands of networks, from around the world could generate. Imagine this intelligence updating a threat knowledge base real-time on all sorts of threats, virus, bots and unknown attacks. And imagine this knowledge base updating your security gateways on an on-going basis. What I am describing is not imagination, it is reality and it is called Check Point ThreatCloud. The data gathered for Check Point 2013 Security Report came mainly from ThreatCloud. ThreatCloud is based on the power of global collaboration and is our chance to win the fight against cybercrime. Earlier this year we unveiled new security technologies which make this knowledge database a deadly weapon against cybercrime. First are our Threat Prevention and Secure Web Gateway Appliances. These dedicated gateways will provide the multi-layered protection needed in this evolving threat environment and will protect your network while enabling your business to use Web 2.0 tools securely. Second is our DDoS Protector line of appliances. DDoS attacks have become all too common, but their damage is serious. Today, having a plan against a DDoS attack is a necessity and providing a technology that mitigates in seconds such attacks was our priority. In addition, as we need to continue our journey towards a security blueprint that relies not just on technologies, but also on establishing policies that enable businesses to do more securely. The new Compliance Software Blade is making that journey easier by providing continuous compliance monitoring, ensuring that security policies are aligned with global regulations and validating that appropriate security levels are maintained. Lastly, is the Threat Emulation Software Blade, powered by ThreatCloud. Adding to our multi-layer threat prevention solution and joining the IPS, Antibot, Antivirus, Application Control and URL Filtering Software Blades, this new Software Blade tackles threats we do not yet know: the zero-day attacks. By emulating potentially malicious files in a sandbox environment, this technology will ensure that no threats infect your network, not even new, undiscovered threats. Our quest against cyber-crime is not over. We will continue, as we have in the past, to develop innovative solutions, bringing you, our customers, the best technologies to ensure you are secure Check Point Software Technologies Ltd. All rights reserved. 3

4 The BiggestCYBERSECURITY As we round out our 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats targeting specific computer systems and organizations big and small. In the past year, businesses have seen several serious hacks and breaches. As the arms race between attackers and businesses continues to evolve in 2013, IT departments and security professionals will need to stay on top of the changing tactics and approaches used by criminal hackers in order to protect their organizations. Below are nefarious hackers top resolutions and the greatest security threats to businesses in T H REAT #1 : SOCIAL ENGINEERING This begins with focusing on a tried-and-true blackhat tactic in both the physical and digital worlds social engineering. Before the computer age, this meant sneaking one s way past a company s defenses with the gift of gab as opposed to a cleverly-worded . Now social engineering has moved onto social networks, including Facebook and LinkedIn. Attackers are increasing their use of social engineering, which goes beyond calling targeted employees and trying to trick them into giving up information. In years past, they might call a receptionist and ask to be transferred to a targeted employee so that the call appears to be coming from within the enterprise if caller ID is being used. However, such tactics aren t needed if the details the cybercriminal is looking for are already posted on social networks. After all, social networks are about connecting people, and a convincing-looking profile of a company or person followed by a friend or connection request can be enough to get a social engineering scam rolling. T H REAT #2 : APTS Being aware of social engineering is important, of course, because it can be the precursor for a sophisticated attack meant to breach the wall of your organization. This year saw a number of high-profile attacks (think: Gauss and Flame) targeting both corporations and governments. These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success. Additionally, APTs need not always target well-known programs, such as Microsoft Word; they may also target other vectors, such as embedded systems. In a world where a growing number of devices have Internet protocol addresses, building security into these systems has never been more important. 4 APTs will continue as governments and other wellfunded organizations look to cyber-space to conduct their espionage. In fact, APT attacks are running as we speak so look out for those anomalies in your network traffic. T HREAT # 3: INTERNAL THREATS But some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access. In a study funded by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University s Software Engineering Institute and the U.S. Secret Service, researchers found malicious insiders within the financial industry typically get away with their fraud for nearly 32 months before being detected. Trust, as they say, is a precious commodity but too much trust can leave you vulnerable. T HREAT # 4: BYOD The issue of trust comes into play in the mobile world as well, with many businesses struggling to come up with the right mix of technologies and policies to hop aboard the bring-your-own-device (BYOD) trend. Users are increasingly using their devices as they would their PCs, and by doing so are opening themselves up to web-based attacks the same as they would if they were operating a desktop computer. For attackers, it is likely as well that there will be more attempts to circumvent the app review and detection mechanisms mobile vendors use to guard their app markets. All this means that the flood of iphones, Google Android phones and other devices making their way into the workplace are opening up another potential gateway for attackers that needs to be secured. Think about it your smartphone has a camera. It has a microphone. It can record conversations. Add these features to the ability to access your corporate network, and you have the ideal stepladder to climb the walls we are talking about. THREATS BY TOMER TELLER, SECURITY EVANGELIST AND RESEARCHER AT CHECK POINT SOFTWARE TECHNOLOGIES of 2013 T H REAT # 5 : CLOUD SECURITY T H REAT # 7 : BOTNETS BYOD is not the only thing changing the walls corporations must build around critical data however. There is also this little trend called cloud computing. With more companies putting more information in public cloud services, those services become juicy targets, and can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers, and the needs of the business should be made clear. But even though the arms race between researchers and attackers favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay. T H REAT # 6 : HTML5 T H REAT # 8 : PRECISION TARGETED MALWARE Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. Earlier this year, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5 s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality. Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. So, expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time. Attackers are also learning from the steps researchers are taking to analyze their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted. Examples of these attacks include Flashback and Gauss. Both have been successful, especially Gauss, at stopping researchers from automated malware analysis. In the coming year, attackers will continue to improve and implement these techniques and make their malware more dedicated so that it only attacks computers with a specific configuration. One thing is for certain 2013 is sure to bring an army of exploits and malware through vectors ranging from social networks to mobile devices to employees themselves. As computer and operating system security continues to improve so will cybercriminals new techniques to bypass these defenses. All the more reason to make security a priority. Learn more at 5

5 interview The Real World in Real Time Think of it as Compliance 2.0 Check Point Compliance Software Blade the first integrated and fully automated security and compliance monitoring The Check Point Compliance Software Blade leverages decades of security expertise and an extensive knowledge of regulatory requirements and IT security best practices. The Compliance Software Blade ensures that security policies are aligned with global regulations and validates that appropriate security levels are maintained shortening audit times, improving security and reducing costs for businesses. This solution is fully integrated into the Check Point Software Blade Architecture, providing a complete view of compliance status across Check Point Gateways and Network Security Software Blades. Learn more about Compliance Software Blade: DORIT DOR, CHECK POINT S VP OF PRODUCTS, TALKS ABOUT WHAT WE KNOW AND WHERE WE RE HEADING WITH THREAT PREVENTION. IT S ALL ABOUT COLLABORATION. WHAT HAVE THE LAST TWO YEARS TAUGHT US IN TERMS OF THREAT PREVENTION? It is a long-established fact that businesses can and should protect themselves. Research shows that 80% 90% of threats require only the most basic prevention techniques (as they exploit well-known vulnerabilities, weak authentication, and the absence of basic protection). What has become clearer over the past couple of years is that organizations MUST build comprehensive security architectures to minimize attack vectors and bring their security under control. Businesses require a network of check points that can provide secure access combined with advanced protection, as well as comprehensive security management to orchestrate and monitor all these components. They need to be sure that their check points provide realtime and collaborative threat prevention capabilities, enabling them to defend against the challenges of today and tomorrow. MANY NEW TECHNOLOGIES HAVE BEEN LAUNCHED: ANTI-BOT, THREAT EMULATION, THREAtcLOUD. WHY SHOULD CUSTOMERS EMBRACE THEM ALL, AND HOW CAN THEY PRIORITIZE? Different technologies come to serve different scenarios. In some we aim to identify threats as they attempt to penetrate the organization and in others we try to identify malware that is already within the system. Some might be post-infection but pre-damage. This is why I believe organizations should embrace the use of all technologies in order to achieve optimum security. An organization should have a comprehensive security policy outlining its risk appetite. It needs to prioritize the types of threats it faces according to the organization s risk profile and the people involved. When it comes to responses and remediation, customers need to prioritize their responses, taking into consideration their security policy as well as software updates and malware-infected PCs. Threat prevention has been a prominent theme for Check Point since We have introduced the industry s first collaborative network to fight cybercrime, ranging from collaboration between customers to increased collaboration directly inside the segments between technologies. WHAT IS YOUR VISION FOR THE FUTURE OF CYBER SECURITY? Cyber attacks are constantly gaining more and more presence in our lives, and as its influence grows it will remain an easy route for attacks ranging from criminal to political, and even inter-governmental (as such actions shift from the physical to the virtual world). Over the last two years, we have witnessed the rapid evolution of cyber security. We have learned from this process and started to deliver fundamental technologies in order to evolve protections at a similar rate. The security architecture of the future will continue to strengthen fundamental protection, access and manageability, minimizing the attack vector while dramatically evolving advanced protections including sophisticated real-time analysis of attacks and collaboration between internal and external data sources. All security components will have built-in dynamic methods to enjoy real-time feeds as well as granular and flexible controls over these specific feeds. This vision led us to create ThreatCloud, connecting it to the active gateways deployed around the world, and opening interfaces to leverage collaborative data from different sources. Cybercrime is evolving every day. To win the fight against it, cyber security must evolve faster and smarter. Today, collaboration is the key to winning this battle Check Point Software Technologies Ltd. All rights reserved. 7

6 Discover the Latest Solutions from Check Point Compliance Software Blade Think of it as Compliance 2.0 Continuous security monitoring across Check Point Software Blades Over 300 security best practices align security and compliance Fully integrated into Check Point Software Blade architecture and security management Threat Emulation Software Blade Prevents Zero-day Attacks Prevent infections from first-time malicious documents (MS Office and PDFs) and executable Innovative technology offers the fastest and most accurate prevention Completes Check Point s leading multi-layered Threat Prevention Solution to fully protect against the most current malware We Secure the Internet Check Point Appliance Blazing fast cyber-security for data centers Quantum-leap in security performance Fully featured and easy to operate platform for data centers New family with industry leading security for data centers Check Point 600 Appliance Big security, small size Secure your small business with Enterprise leading security Security made easy with simple and intuitive management Check Point 1100 Appliance Big security for small branches Secure branch offices with industry-leading security and great value Manage and control branch gateways with local or central management One stop shop for connectivity and security Compact desktop form-factor suitable for 2013 Check Point Software Technologies Ltd. All rights reserved. offices of up to 50 employees 8 9

7 Four Steps to Successful WOULD YOU OR ANYONE ON STAFF OPEN THE ATTACHMENT below? Zero-Day Protection BY DUANE KURODA, CHECK POINT SOFTWARE TECHNOLOGIES What could be more inviting than an from your own human resources department that lists salaries of the entire staff? What s more, the looks like it was sent from HR and the attachment is an Excel file. You use Excel files every day, including that status report you just updated. You might indeed be the lucky recipient of a mistyped that just so happens to include the salaries of the entire staff, OR you might be the next victim in a targeted attack and join the 63% of organizations in Check Point s research that are infected with bots. These files often attack vulnerabilities in the operating system or in business document applications such as MS Office or Adobe Reader. In many cases, these new attacks leverage Zero-day exploits, which have no known defenses. The odds are that once this Zero-day infected reaches your network, someone will click it and you or your network will be infected. From: To: Cc: Message Jim, Human Resources Jim User staff-salaries.xlsx (140 kb) staff salaries OR WILL YOU? Even if there are no known defenses, it is possible to discover and stop these attacks. In order to insure continued business operations and provide a high level of protection, there are 4 key steps: 1. File Inspection, to reduce false positives and accelerate protection 2. File Emulation, to actually see what the files attempt to do 3. Prevention, to stop discovered malicious files from infecting the network 4. Sharing, to distribute new protection information DISCOVER AND PREVENT ZERO-DAY ATTACKS THAT HAVE NO KNOWN DEFENSES INSPECT share emulate prevent Existing technologies focus on the Emulate step and stress remediation after infection. This is a time consuming process that can violate corporate policy when internal files are sent off the corporate network to the cloud. While file behavior is analyzed, the file is allowed to breach the network, and you only learn that the file is malicious after the fact. The infection could reach one or more systems and start stealing data for hours or even days before remediation could be attempted. Following the 4 key steps, infections are prevented, not just detected, in an accurate and timely manner that insures business operations continue and eliminates after infection remediation. Check Point introduced the Threat Emulation Software Blade specifically to discover and prevent Zero-day attacks that have no known defenses. Instead of relying on known signatures and patterns, Threat Emulation launches and analyzes the behavior of business documents in attachments and downloads to see what the files do when opened. Malicious files may create or modify files, modify or start processes, change or add registry entries, communicate with command and control servers, and more. The 4 Key steps are delivered by Check Point s Threat Emulation Software Blade. INSPECTION Files in and downloads are identified for processing. Check Point applies advanced pre-filtering to filter out safe files using heuristics and a proprietary analysis engine, leaving only suspect files selected for emulation. The selected files are uploaded to a virtual sandbox. EMULATION The selected files are opened and monitored in multiple Windows OS environments and MS Office versions. Unusual activity such as network connections, changes to the file system, registry, or system processes tells us that the file is malicious. PREVENTION Files identified as malicious are blocked. Malicious files are stopped at the gateway, before infecting the network. No infection means that remediation time and effort are eliminated. SHARING Newly discovered threats are finger printed, with signatures, IP addresses, and domains for threats sent to ThreatCloud. Once the threat information is on Threat- Cloud, it is instantly available to protect other gateways. One important issue is the balancing point between allowing good documents to pass through while increasing security with file emulation. In the Threat Emulation Software Blade, this is accomplished during the inspection step, where over 250,000 documents were used to validate a zero false-positive rate. This means that good documents are not stopped or labeled as malicious, while documents marked as malicious were verified as such. Only documents that are not eliminated by the pre-filter are emulated, incurring a 1 to 2 minutes emulation delay. This insures minimal business delay while preventing discovered malicious files from reaching network systems. Another issue is the deployment options for emulation. Technologies that only allow emulation in the cloud may risk violation of corporate policies when corporate business documents were sent outside the corporate network. On the other hand, solutions that require one or more dedicated appliances to detect new threats force organizations to buy expensive appliances, even when their emulation needs may only be required by a department or two. With Check Point s Threat Emulation Software Blade, organizations can choose the emulation solution that matches their policy, best practices, budget and network configuration. So, if your organization is at risk of attacks designed to steal secrets, intellectual property, financial information, or more, consider the Threat Emulation Software Blade that applies 4 key steps to prevent infection from zero-day and unknown attacks, uses patent-pending pre-filtering techniques leading to zero false positives, and has flexible deployment for local or cloud-based emulation. Learn more at threat-emulation/index.html 10 11

8 The Check Point Vision for Security Check Point Software Technologies Ltd. is the worldwide leader in securing the Internet. Check Point provides its customers with uncompromised protection against all types of threats. Its product offerings reduce security complexity and lower total cost of ownership. Check Point first pioneered the security industry with FireWall-1 and its patented Stateful Inspection technology. Today, Check Point continues to develop innovative products based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point 3D Security Check Point 3D Security redefines security as a 3-dimensional business process that combines policies, people and enforcement for stronger protection across all layers of security including network, data and endpoints. To achieve the level of protection needed in the 21st century, security needs to grow from a collection of disparate technologies to an integrated business process. With 3D Security, organizations can implement a blueprint for security that goes beyond technology to ensure information security integrity. Check Point 3D Security enables organizations to redefine security by integrating these dimensions into an effective business process: Policies that support business needs and transform security into a business process Security that involves People in policy definition, education and incident remediation Enforce, consolidate and control all layers of security (i.e. network, data, application, content and user) Check Point Software Blade Architecture As a key tool in creating true 3D Security, the Check Point Software Blade Architecture allows companies to enforce security policies while helping to educate users on those policies. This is the first and only security architecture that delivers total, flexible and manageable security to companies of any size. More importantly, as new threats and needs emerge, the Software Blade Architecture quickly and flexibly extends security services on-demand and without the addition of new hardware or management complications. Solutions are centrally managed through a single console that reduces complexity and operational overhead. Multilayered protection is critical to combat dynamic threats such as bots, Trojans and Advanced Persistent Threats (APTs). Current firewalls behave like multi-function gateways, but not all companies want the same level of security throughout their entire system. Companies seek flexibility and control of their security resources. Software Blades are security applications or modules such as: firewalls, Virtual Private Networks (VPN), Intrusion Prevention Systems (IPS), or application controls that are independent, modular and centrally managed. They allow organizations to customize a security configuration that targets the right mix of protection and investment. Software Blades can be quickly enabled and configured on any gateway or management system with no additional hardware, firmware or driver upgrades. As needs evolve, additional Software Blades can be easily activated to extend the security parameters of an existing configuration running on the same security hardware. Centralized Management Check Point offers centralized event management features for all Check Point products and third-party devices. This provides real-time views of security events as they take place, enables quick analysis of the security situation, and allows for immediate mitigating actions, all conducted via a single console. The SmartEvent timeline view enables the visualization of trends and propagation of attacks. The charts view provides event statistics in either a pie chart or a bar graph format. The maps view shows potential threats by country. Security Appliances Check Point appliances combine high performance multicore capabilities with fast networking technologies providing the highest level of security for your data, network and employees. Empowered by Check Point GAiA, the next-generation security operating system, and optimized for the extensible Software Blades Architecture, each appliance is capable of running any combination of Software Blades providing the flexibility and the precise level of security for any business at every network location. Check Point serves customers of all sizes, industries and geographies. Its client portfolio includes all Fortune and Global 100 companies. As well, Check Point s awardwinning ZoneAlarm security solutions protect millions of individuals and small businesses from hackers, spyware and identity theft. Check Point Recognized as a Leader in Enterprise Network Firewall Magic Quadrant for the Sixteenth Consecutive Year Check Point was positioned once again and for the 16th consecutive year, as a leader in the latest Gartner 2013 Enterprise Network Firewall Magic Quadrant. In our opinion, Check Point is the industry leader in providing robust firewall technology. As the firewall market has evolved to include integrated IPS and other next generation firewall capabilities, Check Point continuously expands its firewall capabilities to maintain that leadership. Check Point not only has the vision for next generation firewall security technologies, but also leads in the ability to execute and deliver the most advanced firewall

9 CURRENT TRENDS distributed denial of service attacks BY DANIEL WILEY AND ALON KANTOR, CHECK POINT SOFTWARE TECHNOLOGIES During the last couple of years Check Point customers have seen a significant evolution in cyber-attacks against organizations of all sizes and across all geographies. Distributed Denial of Service (DDoS) attacks have become a mainstream attack vector that is being used by both hacktivist groups and crime organizations. The recent wave of DDoS attacks on high-profile Web sites demonstrates a mainstream threat that causes significant damage across the world. Since September 2012 many large financial institutions in the US have been attacked in a series of large scale DDoS campaigns. These targeted attacks inflicted significant damage to daily operations, causing web access delays for millions of customers and significant costs to ensure Web site availability. Today s attacks, including a recent attack in Sweden, typically use tools that are easy to obtain and use. Examples include WebHive, LOIC and HOIC. A simple Google search for WebHive provides access to the tool and an elaborate YouTube tutorial. A UDP Amplification and TCP SYN attacks can be ordered in 30 minutes increments for as little as $ Anyone with any prior knowledge of DDoS can get up to speed on how to launch an attack within minutes. All it takes is to press a button on a user-friendly DDoS application. Check Point engineers have responded to over 75 DDoS attacks within the last 3 months, assisting customers in mitigating such attacks. In most cases the attackers are using several DDoS methods simultaneously, generating high volumes of network-layer noise, along with lower volumes of application-layers attack tools that target Web servers and DNS. Furthermore, under-the-radar attacks, also called Low & Slow attacks, that covertly exploit application implementation weaknesses for long periods of time, are becoming more popular to attackers, as they are difficult to detect and to block. A relatively new attack method encountered during recent months utilizes vulnerable servers in datacenters. This new vector is generating unprecedentedly high volume of attack traffic, as the exploited datacenter servers have significant resources available and are connected through high-speed connections to the Web. The targeted servers will perform two DoS attacks, one against victim organizations and another one against infected servers at hosting centers. With a small number of compromised, well connected servers, hackers can levy large scale attacks using any number of vectors in a dynamic nature. The motivation for these attacks is difficult to pinpoint, but Check Point has observed individuals with personal vendettas, corporations attacking rivals or even governments attacking another countries critical infrastructure to disrupt vital segments of the economy. More attackers have realized that DDoS attacks are relatively inexpensive and very effective. Check Point has also observed a significant increase in DDoS attacks against all industries around the world. Attacks have even been considered by some groups as a valid way to protest against social agendas, in what is now widely known as Hacktivism. DDoS has become a mainstream business challenge everywhere, in most industries and organizations of all sizes. To address this significant security threat, Check Point introduced the DDoS Protector Appliance product line. Offering a customized multilayered DDoS protection solution, DDOS Protector effectively protects, within seconds, both the network and application layers from attacks. DDoS Protector learns and distinguishes between normal, legitimate traffic, and rogue traffic that should be blocked using sophisticated behavioral analysis algorithms as well as signatures of known attacks. The solution offers flexible deployment options including Are You Prepared for a DDoS Attack? on-premise and inline connectivity to the organization s Internet connection. Leveraging the benefits of the on-premise presence, the solution can be deployed as an additional layer of protection along with an off-premises solution provided by ISPs / MSPs and Cloud providers. Today, it is not whether you will be attacked, but when and how. Make sure your business is protected with the right solution. Learn more at: products/ddos-protector/ DDoS attacks are attempts to disrupt or disable network services by flooding the bandwidth or resources of the targeted systems. Even well-protected networks are at risk. Check Point DDoS Protector Appliances block Denial of Service attacks within seconds with multi-layered protection and up to 12 Gbps of throughput performance. DDoS Protector provides protection against network flood and application denial of service attacks. A range of models and integration with Check Point Management offer flexible deployment options to protect all businesses. 14 Learn about DDoS Protector solutions: Check Point Software Technologies Ltd. All rights reserved.

10 The New Face of WEB SECURITY The face of web security has changed. Web 2.0 introduces new security risks that are very different from what we faced with Web 1.0. Just a few years ago, web content was more static, and Web 1.0 was segregated into the good and the bad when it came to risky sites and malware. Malware was usually spread by known websites that hosted malicious content and didn t need to change often nor take advantage of advanced browser and website features. Knowing the URL of these bad sites, such as net or was sufficient to protect users while they used the Web. Secure Web Gateways provided the security for Web 1.0 by focusing on URL based content filtering for both policy enforcement and stopping malware infections from known malicious sites. HOW CAN YOU SECURE WEB 2.0 WITH A WEB 1.0 APPROACH? THE WEB 2.0 REALITY Web 2.0 has brought about considerable changes web usage has shifted from static information consumption to dynamic interaction. Social media and internet applications, once considered a pass-time activity, have become essential business enablers. Companies are utilizing Internet applications such as Facebook, Twitter, WebEx and LinkedIn to communicate with customers, partners and colleagues, and collaborate with each other to help achieve business goals. These new applications are power ful business tools, but they have caught the attention of attackers, and thus introduce new risks. For example, in February 2013 the NBC.com website was hacked, exposing visitors to a drive-by-download attack. In such attacks malicious software is downloaded into visitors computers by simply visiting the website, potentially infecting millions of visitors in a very short time. In another example in 2012, hackers used Twitter and Facebook social engineering technique to distribute malicious content and steal users credentials. The acquired information was possibly used not only to gain access to sensitive information of the hacked accounts, such as passwords, bank account information, and vital company data, but also to acquire more passwords to continuously repeat the same process. These and other web-based attacks are not rare. Websites hacked with malicious code inserted, social media messages with malicious links, and an abundance of browser vulnerabilities are just a few among many. Many of these potential threats cannot be stopped by the Web 1.0 practice of blocking website URLs. To effectively protect users in an environment with diverse web-based applications, rapidly changing malware infected websites, social media, and P2P usage, there is a need to go beyond Web 1.0 security technology. A NEW WEB SECURITY PARADIGM Next generation web security needs to intelligently protect against the threats posed by Web 2.0. In order to be truly effective, web security requires the most up-to-date protections, global collaborative threat intelligence, unified management of all web threats both from applications and websites, effective end-user engagement, and full visibility into web security events. UP-TO-DATE PROTECTIONS In a rapidly and constantly changing threat environment, having the most up-to-date security intelligence is critical. Imagine a legitimate website that is hacked and infected with malware. How could you protect users from accessing the malware-infected website if it is a legitimate site and your web security is not aware it has been infected? In a recent attack targeting large internet companies, Facebook employees were hacked via a compromised website. Unsuspicious employees downloaded software from a popular mobile developer s website which contained malware. Although the security breach was discovered fairly quickly, many employees computers were hacked, some of the company s systems became infected, and security of more than a billion users around the world was jeopardized. In such instances, up-to-date threat information is critical for protection. The old way is to download a database to a gateway, which is only as good as the last database and is limited by the physical capacity of the gateway. Having an unrestricted cloud-based repository that is constantly updated with newly discovered threats minimizes damages and ensures the best protection against new malware and the most up-to-date URL categorization. BY TAMAR SHAFLER, CHECK POINT SOFTWARE TECHNOLOGIES GLOBAL COLLABORATIVE THREAT INTELLIGENCE The most up to date threat intelligence is not the only requirement for the next generation web security solution. Imagine that the site in the previous example was hacked in Europe, with the next target located in United States. Is the US company doomed? Very likely, if it uses old fashioned URL filtering solutions that rely on limited 16 17

11 information. For this company to have a good chance of being protected, its security technology needs to be able to pull most recent, multisource information from feeds, threat information sensors, research, and intelligence from a global network of active gateways. The incident in Europe should be shared among all active gateways, including the endangered company in the US, warning and preparing it for a potential attack. APPLICATIONS: FRIENDS OR FOES? The new reality of threat intelligence and protections is about speed of reaction and multi-sourced information. What about the new reality of applications and new dangers that they carry? Web 2.0 prominent applications, such as Anonymizers, File Storage and Sharing, Peerto-Peer File Sharing, Remote Administrative Tools and Social Media have legitimate use intentions at their roots. However, they have been increasingly used to exploit organizations. For example, file sharing and storage applications simplify information delivery and management. But they may also cause data leak or malware infection without user knowledge. Dropbox, a top file storage and sharing application, had two major security incidents in two years. In one incident hackers logged into a Dropbox employee s account that contained a document with users addresses, and used those addresses to send spam. In another incident, a bug in a Dropbox software update exposed users shared documents and information, giving access to potentially sensitive information. Remote admin tools are legitimate tools when used by admins and helpdesk, but can also be used to remotely control infected machines to further infiltrate the network, log keystrokes and steal confidential information. From July to September 2011, in an attack campaign coined Nitro, attackers used Poison Ivy to sniff out secrets from nearly 50 companies. Another popular application, used by 43% of organizations (source: Check Point 2013 Security Report) and highly favored by hackers, Anonymizers, can be used to bypass security policies built around users identities and destination URLs, and to hide user activity. To make sure that these applications and their functions are controlled and not allowed to introduce unnecessary risk, application control should be an integral part of a next generation secure web gateway. UNIFIED SECURITY FOR WEBSITES AND APPLICATIONS Applications introduce potential threats; so do websites. Each has its own specificity. The old way is to treat them separately, possibly using separate vendors, a costly and time consuming endeavor. However, a threat is a threat whether it is a proxy avoidance site (Anonymizer), web application or client application. A new approach dictates that web or non-web based internet traffic should be handled in the same manner and be subject to the same policy. The next generation secure web gateway should apply the same rules, actions, and interactions to both websites and applications, and be managed in the same rule to achieve an optimal level of security and manageability. END-USER EDUCATION AND ENGAGEMENT User education and engagement is another aspect of achieving effective and practical web security in the new web security paradigm. Many sites, platforms and applications are powerful business enablers, but certain use of them can violate company policies. Should the company allow Bob from Sales to use Facebook chat to connect with potential customers? How about QA engineer Anna? Should Manish from R&D be able to access a website on the newest black hat hacks? What about Peggy from event catering? Informing end-users about an acceptable use policy and allowing them to provide input enables organizations to define policies that best fit business and user needs. It empowers employees and makes them more aware of company policies. VISIBILITY AND MANAGEMENT And finally, having all the latest bells and whistles in security technologies is not effective if there is limited visibility into security events and the threat landscape. In order to protect the organization and stop attacks an organization needs to be armed with granular and easy to read reports, user-friendly centralized management, and 360 visibility into web activities. MAKE THE SHIFT TO 2.0 SECURITY The Web and its usage are critical to businesses and here to stay. To remain secure, a shift must occur in security, much like we saw a shift from Web 1.0 to 2.0. New security approaches must be intelligent and powerful and provide multi-layered protection that is easily managed and cost effective. The attackers have realized this and are using the latest tools and techniques to target your users and their use of the web and web-based applications. Your web security should be next-generation and make use of global cloud intelligence, the most up-to-date protections, effective management, user engagement and full visibility. Do you want to continue trying to secure Web 2.0 with 1.0 technology? Learn more at secure-web-gateway-appliance/index.html featured check point solutions DDoS Protector Check Point DDoS Protector Appliances block Denial of Service attacks within seconds with multilayered protection and up to 12Gbps of performance. Modern DDoS attacks use new techniques to exploit areas where traditional security solutions are not equipped to protect. These attacks can cause serious network downtime to businesses that rely on networks and Web services to operate. DDoS Protector extends a company s security perimeters to block destructive DDoS attacks before they cause damage. Next generation Threat Prevention Attackers are becoming more creative in how they reach corporate resources and exposing security threats. Businesses not only need to worry about network attacks, but also attacks directed at end users computers, such as viruses, bots and drive-by downloads. Left unchecked, any of these threats can increase risk to your business or your data. The Check Point Threat Prevention Appliance is an integrated solution for enterprises looking to prevent growing internet attacks, all on a single security gateway with: ThreatCloud for real-time security intelligence, Antivirus, Anti-bot, IPS, URL Filtering, Identity Awareness, Unified Policy, Logging and Status Software Blades. Next generation Secure Web Gateway Embracing the current paradigm shift from simple URL filtering to comprehensive malware protection, the Check Point Secure Web Gateway provides an intuitive solution that enables secure use of Web 2.0 with real time multi-layered protection against web-borne malware, largest application coverage in the industry, advanced granular control, intuitive centralized management and essential end-user education functionality

12 Did you know? SPOTLIGHT ON TECHNOLOGY C-Suite Challenges Security challenges CIOs and CSOs face in the current environment: 63% keeping up with security threats and advances 63% growing number of employee mobile devices connecting to network 55% managing the complexity of security 50% managing data security Source: Check Point C-level Customer Survey, July 2012 BYOD Security 9 out of 10 organizations permit employees with mobile devices to connect to the network Slightly more than half of organizations allow both personal and company owned devices There is a significant increase in penetration of mobile devices to organizations in comparison from 75% in 2011 up to 90% in 2012 Most customers store corporate and contact information on mobile devices connecting to network Source: Check Point Mobility and Data Security Survey, December 2012 Get Multi-Layer Protection Against Web-Borne Malware Say goodbye to your Web Security 1.0 with Check Point Next Generation Secure Web Gateway. Secure Web Gateway enables secure use of Web 2.0 with an integrated approach of malware protection URL filtering, application control, and user awareness. Secure Web Gateway enhances operational efficiency with expertise and best-of-breed security management. Learn about Next Generation Secure Web Gateway: When Bots Go Bad 63% of organizations surveyed were infected with bots Bot toolkits can be found online for as little as $500, but their damage can cost organizations millions of dollars More than half of organizations were infected with new malware at least once a day Source: Check Point 2013 Security Report Data Loss in Your Network 54% of organizations had at least one potential data loss incident. Sensitive data included anything from pay slip files, source code, credit card information, password protected files, confidential s, and salary information In 36% of financial institutions surveyed, credit card information was sent outside the company Source: Check Point 2013 Security Report Perception Gap in the Cloud One third of IT and Security administrators allow employees to upload and share information over the web. However, in Check Point s 2013 Annual Security Report, sharing applications rates were 60%, twice what the admins perceive it is. Source: Check Point Mobility and Data Security Survey, December 2012 Anonymizer Anxiety 91% of organizations included in the report used applications with potential security risks 80% reported using file sharing and reporting applications 47% of organizations saw the use of anonymizers by employees. The most popular anonymizer network, Tor, was reported last year to be infiltrated by attackers running a botnet hidden in the service. Check Point ThreatCloud ThreatCloud is a collaborative network and cloud-driven knowledgebase that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. ThreatCloud powers the Anti-Bot Software Blade which allows gateways to investigate dynamic IPs, URLs and DNS addresses where Command & Control centers are known to exist. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time. ThreatCloud s knowledgebase is dynamically updated using feeds from a network of global threat sensors, attack information from worldwide gateways, Check Point research labs and the industry s best malware feeds. Correlated security threat information is then shared among all gateways collectively Check Point Software Technologies Ltd. All rights reserved. Source: Check Point 2013 Security Report 21

13 CHECK POINT 2013 SECURITY REPORT 900 ORGANIZATIONS 120,000 HOURS OF TRAFFIC MONITORED Our research reveals: % VISITED MALICIOUS WEBSITES % INFECTED BY BOTS % EXPERIENCED DATA LOSS FIRST EXPERIENCE with CHECK POINT compliance software BLADE BY JEREMY KAYE AND JENNIFER TOSCANO, CHECK POINT SOFTWARE TECHNOLOGIES The world of security has become increasingly complex and challenging. Security managers are faced with limited budgets and resources and need to keep up with the latest security trends and industry best practices. Adding further complexity to the world of security is the tightening of the regulatory landscape. While security is The Check Point Compliance Software Blade recommends needed changes to bring any noncompliant issues into compliance. Tim bulu, usf health their top priority, security managers must work with compliance and risk managers to balance their efforts and resources to maintain optimum security levels, prepare for regulatory compliance audits, and comply with dozens of regulatory requirements that are often vague, difficult to understand, and unclear as to how to implement them. 47 % USED ANONYMIZERS COMPLIANCE CHALLENGES FACING SECURITY MANAGERS Balancing efforts and resources to maintain optimum security AND comply with dozens of regulatory requirements Preparations for internal and external audits demonstrating on-going compliance READ THE FULL REPORT MAINTAINING COMPLIANCE AND SECURITY One organization facing this chal lenge head-on is the University of South Florida Health. Comprised of seven large colleges and schools, USF Health is a global research university. Tim Bulu, Information Security Officer, and Director of Network Services and Information Security, manages the information security team that takes care of day to day security operations. They currently have 8 Check Point gateways and 3 clusters, all linked to a single management console. The main priority of the information security team at USF Health is to manage security, but they also must contend with additional regulatory requirements, as they need to comply with HIPAA and PCI DSS. Security personnel are not always well versed in the small print of regulations. According to Bulu, The Compliance Software Blade acts as a second set of eyes for security administrators looking over the changes they make and alerting them to any potential compliance issues. Because the Compliance Software Blade automatically notifies users of any attempt to change security policy that would negatively impact 22 23

14 compliance, security administrators can focus their time on managing what they know best: security. At the same time, they can ensure that they maintain security policies in alignment with the relevant regulatory requirements on an on-going basis, a must for compliance management. With the time saved by using the Compliance Software Blade, the security team can devote themselves to additional activities as needed. The Check Point Compliance team spent two days with USF Health, introducing them to the software and how it works. At the end of their product evaluation, USF Health found tremendous value in the Compliance Software Blade. Bulu explains, The Check Point Compliance Software Blade brings a multitude of benefits to the table. The dashboard provides me quick-glance insight into our current compliance posture. If something displayed needs attention, I can easily drill down to the level of detail I need to make an informed decision on how to proceed. The crowning feature is that the Compliance Software Blade recommends needed changes to bring any noncompliant issues into compliance and helps improve the security policies of my organization. I can rest assured in the trust that with frequent updates from Check Point and dynamic rescanning every day the system will alert me as soon as we fall out of compliance. PREPARING FOR AUDITS A second challenge facing security managers is working with the compliance and risk management team to prepare for internal and external audits. Historically, auditing an organization for regulatory compliance was often a painful, costly, and time consuming process that, at best, provided a snapshot of the security status a few times a year. However, the world of compliance has evolved, requiring proof of on-going compliance with regulatory requirements. For many organizations, this has further complicated the audit preparation process. 24 WHAT S YOUR COMPLIANCE STATUS? Get an immediate view of your compliance status by having a Check Point Sales Engineer conduct an onsite proof of concept. Swedbank, one of the largest banks in Sweden and the Baltics, has successfully addressed this challenge using the Compliance Software Blade. Aleksandr Nositsh is the System Architect for the Network Security Area within IT Operations, and is utilizing 20 gateways that are all linked to a single management console. Nositsh spent two days with the Check Point team reviewing the new Compliance Software Blade. Like all businesses in the Banking industry, Swedbank is subject to many regulations, including PCI DSS, Sarbanes Oxley, and ISO Additionally, the bank is required to prepare for many internal audits during The Check Point Compliance Software Blade is an incredible resource saver. ALEKSANDR NOSITSH, SWEDBANK the year. Nositsh commented, During security audits, the Compliance Software Blade is an incredible resource-saver; with all checks running in the background at scheduled intervals results can be presented to auditors almost immediately upon request. There is no need to go through all settings during an auditor s on-site visit, saving time, effort and hassle for both administrator and auditor. Swedbank found value in the relationship and the balance between the security best practices and the regulatory requirements. Check Point looks at each regulation and the thousands of individual regulatory requirements within them. It then translates those requirements into security best practices. Since many different regulations (like PCI-DSS and HIPAA) have individual requirements with similarities between them, each security best practice can have several individual regulatory requirements tied to it. Therefore, if a change is made to the security policy that improves a best practice score, by extension compliance is being improved for several regulations/r egulatory requirements at the same time. Often it is not clear how to modify or improve the configuration. Nositsh continued: Not only does the Compliance Software Blade check if a specific requirement is met or not, but it also advises the security administrator how to change the configuration in order to pass that specific check all via the SmartDashboard with its familiar GUI. During sessions with customers and partners, Check Point is often asked about the value of the Compliance Software Blade for clients who are not subject to regulations and standards. It is rare to find a client that doesn t have any regulatory obligations, but it could be that the security administrator does not have responsibility for them and is therefore not involved in those processes. Swedbank felt that even if an organization is not subject to any specific industry standards, the Compliance Software Blade offers the capability to reference Check Point infra structure setup against that of vendor best practices. Learn more at products/compliance-software-blade ThreatCloud. You are not alone. Check Point ThreatCloud is the first collaborative knowledge base to fight cybercrime, gathering threat data from multiple sources sensors, gateways and industry feeds, and distributing threat intelligence to security gateways around the globe. ThreatCloud sends real-time, collective threat information and attack trends directly to customers to enforce protection against bots, APTs and other sophisticated forms of malware. Customers can collaborate by feeding ThreatCloud with their own threat data and receive incoming protection updates through their security gateways. Start collaborating with ThreatCloud and get comprehensive Threat Protection: Check Point Software Technologies Ltd. All rights reserved.

15 Check Point s next generation firewall is the most mature and feature complete in its class NSS Labs 2013 Check Point Software Technologies Ltd. All rights reserved. THE LEADER IN NEXT GENERATION FIREWALL