Security Zone We Secure the Internet
|
|
- Lionel Davis
- 8 years ago
- Views:
Transcription
1 September 2013 Security Zone We Secure the Internet The Biggest Cybersecurity Threats of 2013 ALSO INSIDE: Four Steps to Successful Zero-Day Protection The New Face of Web Security
2 September 2013 Security Zone The Biggest CLICO is Value Added Distributor, CYBERSECURITY THREATS of focused on IT Security and Management, operating in Poland and Central & Eastern Europe p. 4 W H AT S I N S I D E Check Point Contacts FEATURES The Biggest Cybersecurity Threats of Four Steps to Successful Zero-Day Protection The Check Point Vision for Security Current Trends: Distributed Denial of Service Attacks The New Face of Web Security First Experience with Check Point Compliance Software Blade DePARTMENTS Letter from CEO Gil Shwed... 3 Interview: Dorit Dor The Real World in Real TIme... 7 Discover the Latest Solutions from Check Point... 8 Featured Check Point Solutions Headquarters Check Point Software Technologies Ltd. 5 Ha Solelim Street Tel Aviv 67897, Israel United States Headquarters Check Point Software Technologies Inc. 959 Skyway Road Suite 300 San Carlos, CA Global Offices US Sales Did You Know? Spotlight on Technology Check Point Software Technologies Ltd. All rights reserved. All other prodcut names mentioned herein are trademarks or registered trademarks of their respective owners, Security classification: [Protected] 1
3 2013 CEO LETTER GREETINGS FROM GIL SHWED Threat Emulation Zero-Day Attacks Stopped at the Zero-Hour Check Point Threat Emulation Software Blade prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects suspicious files, emulates how they run to discover malicious behavior, and prevents malware from entering the network. Threat Emulation immediately reports new threats to Check Point s ThreatCloud service and automatically shares the newly identified threats with other customers. Learn about Threat Emulation: Last year, to measure the IT Security threat level, we decided to turn to our customers environments. We monitored the networks of 900 organizations and discovered what is hiding in them. Over 100 Million events from about 1,500 Security Gateways were analyzed. From threats, bots, to usage of risky applications and potential data loss, the analysis of 120,000 hours of monitoring was eye-opening. We learned that there is no slowing down of malware. On the contrary, the intensity of risks thrown at enter prises is strengthening, and the sophistication and deceptive nature of each threat is increasing. We also learned that corporations are often unaware of such risks despite having complex security infrastructures in place. We realized that the fight against cybercrime needed to add another dimension, one that will expo nentially multiply the speed of prevention. That dimension is collaboration. Imagine the intelligence that thousands of networks, from around the world could generate. Imagine this intelligence updating a threat knowledge base real-time on all sorts of threats, virus, bots and unknown attacks. And imagine this knowledge base updating your security gateways on an on-going basis. What I am describing is not imagination, it is reality and it is called Check Point ThreatCloud. The data gathered for Check Point 2013 Security Report came mainly from ThreatCloud. ThreatCloud is based on the power of global collaboration and is our chance to win the fight against cybercrime. Earlier this year we unveiled new security technologies which make this knowledge database a deadly weapon against cybercrime. First are our Threat Prevention and Secure Web Gateway Appliances. These dedicated gateways will provide the multi-layered protection needed in this evolving threat environment and will protect your network while enabling your business to use Web 2.0 tools securely. Second is our DDoS Protector line of appliances. DDoS attacks have become all too common, but their damage is serious. Today, having a plan against a DDoS attack is a necessity and providing a technology that mitigates in seconds such attacks was our priority. In addition, as we need to continue our journey towards a security blueprint that relies not just on technologies, but also on establishing policies that enable businesses to do more securely. The new Compliance Software Blade is making that journey easier by providing continuous compliance monitoring, ensuring that security policies are aligned with global regulations and validating that appropriate security levels are maintained. Lastly, is the Threat Emulation Software Blade, powered by ThreatCloud. Adding to our multi-layer threat prevention solution and joining the IPS, Antibot, Antivirus, Application Control and URL Filtering Software Blades, this new Software Blade tackles threats we do not yet know: the zero-day attacks. By emulating potentially malicious files in a sandbox environment, this technology will ensure that no threats infect your network, not even new, undiscovered threats. Our quest against cyber-crime is not over. We will continue, as we have in the past, to develop innovative solutions, bringing you, our customers, the best technologies to ensure you are secure Check Point Software Technologies Ltd. All rights reserved. 3
4 The BiggestCYBERSECURITY As we round out our 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats targeting specific computer systems and organizations big and small. In the past year, businesses have seen several serious hacks and breaches. As the arms race between attackers and businesses continues to evolve in 2013, IT departments and security professionals will need to stay on top of the changing tactics and approaches used by criminal hackers in order to protect their organizations. Below are nefarious hackers top resolutions and the greatest security threats to businesses in T H REAT #1 : SOCIAL ENGINEERING This begins with focusing on a tried-and-true blackhat tactic in both the physical and digital worlds social engineering. Before the computer age, this meant sneaking one s way past a company s defenses with the gift of gab as opposed to a cleverly-worded . Now social engineering has moved onto social networks, including Facebook and LinkedIn. Attackers are increasing their use of social engineering, which goes beyond calling targeted employees and trying to trick them into giving up information. In years past, they might call a receptionist and ask to be transferred to a targeted employee so that the call appears to be coming from within the enterprise if caller ID is being used. However, such tactics aren t needed if the details the cybercriminal is looking for are already posted on social networks. After all, social networks are about connecting people, and a convincing-looking profile of a company or person followed by a friend or connection request can be enough to get a social engineering scam rolling. T H REAT #2 : APTS Being aware of social engineering is important, of course, because it can be the precursor for a sophisticated attack meant to breach the wall of your organization. This year saw a number of high-profile attacks (think: Gauss and Flame) targeting both corporations and governments. These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success. Additionally, APTs need not always target well-known programs, such as Microsoft Word; they may also target other vectors, such as embedded systems. In a world where a growing number of devices have Internet protocol addresses, building security into these systems has never been more important. 4 APTs will continue as governments and other wellfunded organizations look to cyber-space to conduct their espionage. In fact, APT attacks are running as we speak so look out for those anomalies in your network traffic. T HREAT # 3: INTERNAL THREATS But some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access. In a study funded by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University s Software Engineering Institute and the U.S. Secret Service, researchers found malicious insiders within the financial industry typically get away with their fraud for nearly 32 months before being detected. Trust, as they say, is a precious commodity but too much trust can leave you vulnerable. T HREAT # 4: BYOD The issue of trust comes into play in the mobile world as well, with many businesses struggling to come up with the right mix of technologies and policies to hop aboard the bring-your-own-device (BYOD) trend. Users are increasingly using their devices as they would their PCs, and by doing so are opening themselves up to web-based attacks the same as they would if they were operating a desktop computer. For attackers, it is likely as well that there will be more attempts to circumvent the app review and detection mechanisms mobile vendors use to guard their app markets. All this means that the flood of iphones, Google Android phones and other devices making their way into the workplace are opening up another potential gateway for attackers that needs to be secured. Think about it your smartphone has a camera. It has a microphone. It can record conversations. Add these features to the ability to access your corporate network, and you have the ideal stepladder to climb the walls we are talking about. THREATS BY TOMER TELLER, SECURITY EVANGELIST AND RESEARCHER AT CHECK POINT SOFTWARE TECHNOLOGIES of 2013 T H REAT # 5 : CLOUD SECURITY T H REAT # 7 : BOTNETS BYOD is not the only thing changing the walls corporations must build around critical data however. There is also this little trend called cloud computing. With more companies putting more information in public cloud services, those services become juicy targets, and can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers, and the needs of the business should be made clear. But even though the arms race between researchers and attackers favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay. T H REAT # 6 : HTML5 T H REAT # 8 : PRECISION TARGETED MALWARE Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. Earlier this year, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5 s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality. Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. So, expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time. Attackers are also learning from the steps researchers are taking to analyze their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted. Examples of these attacks include Flashback and Gauss. Both have been successful, especially Gauss, at stopping researchers from automated malware analysis. In the coming year, attackers will continue to improve and implement these techniques and make their malware more dedicated so that it only attacks computers with a specific configuration. One thing is for certain 2013 is sure to bring an army of exploits and malware through vectors ranging from social networks to mobile devices to employees themselves. As computer and operating system security continues to improve so will cybercriminals new techniques to bypass these defenses. All the more reason to make security a priority. Learn more at 5
5 interview The Real World in Real Time Think of it as Compliance 2.0 Check Point Compliance Software Blade the first integrated and fully automated security and compliance monitoring The Check Point Compliance Software Blade leverages decades of security expertise and an extensive knowledge of regulatory requirements and IT security best practices. The Compliance Software Blade ensures that security policies are aligned with global regulations and validates that appropriate security levels are maintained shortening audit times, improving security and reducing costs for businesses. This solution is fully integrated into the Check Point Software Blade Architecture, providing a complete view of compliance status across Check Point Gateways and Network Security Software Blades. Learn more about Compliance Software Blade: DORIT DOR, CHECK POINT S VP OF PRODUCTS, TALKS ABOUT WHAT WE KNOW AND WHERE WE RE HEADING WITH THREAT PREVENTION. IT S ALL ABOUT COLLABORATION. WHAT HAVE THE LAST TWO YEARS TAUGHT US IN TERMS OF THREAT PREVENTION? It is a long-established fact that businesses can and should protect themselves. Research shows that 80% 90% of threats require only the most basic prevention techniques (as they exploit well-known vulnerabilities, weak authentication, and the absence of basic protection). What has become clearer over the past couple of years is that organizations MUST build comprehensive security architectures to minimize attack vectors and bring their security under control. Businesses require a network of check points that can provide secure access combined with advanced protection, as well as comprehensive security management to orchestrate and monitor all these components. They need to be sure that their check points provide realtime and collaborative threat prevention capabilities, enabling them to defend against the challenges of today and tomorrow. MANY NEW TECHNOLOGIES HAVE BEEN LAUNCHED: ANTI-BOT, THREAT EMULATION, THREAtcLOUD. WHY SHOULD CUSTOMERS EMBRACE THEM ALL, AND HOW CAN THEY PRIORITIZE? Different technologies come to serve different scenarios. In some we aim to identify threats as they attempt to penetrate the organization and in others we try to identify malware that is already within the system. Some might be post-infection but pre-damage. This is why I believe organizations should embrace the use of all technologies in order to achieve optimum security. An organization should have a comprehensive security policy outlining its risk appetite. It needs to prioritize the types of threats it faces according to the organization s risk profile and the people involved. When it comes to responses and remediation, customers need to prioritize their responses, taking into consideration their security policy as well as software updates and malware-infected PCs. Threat prevention has been a prominent theme for Check Point since We have introduced the industry s first collaborative network to fight cybercrime, ranging from collaboration between customers to increased collaboration directly inside the segments between technologies. WHAT IS YOUR VISION FOR THE FUTURE OF CYBER SECURITY? Cyber attacks are constantly gaining more and more presence in our lives, and as its influence grows it will remain an easy route for attacks ranging from criminal to political, and even inter-governmental (as such actions shift from the physical to the virtual world). Over the last two years, we have witnessed the rapid evolution of cyber security. We have learned from this process and started to deliver fundamental technologies in order to evolve protections at a similar rate. The security architecture of the future will continue to strengthen fundamental protection, access and manageability, minimizing the attack vector while dramatically evolving advanced protections including sophisticated real-time analysis of attacks and collaboration between internal and external data sources. All security components will have built-in dynamic methods to enjoy real-time feeds as well as granular and flexible controls over these specific feeds. This vision led us to create ThreatCloud, connecting it to the active gateways deployed around the world, and opening interfaces to leverage collaborative data from different sources. Cybercrime is evolving every day. To win the fight against it, cyber security must evolve faster and smarter. Today, collaboration is the key to winning this battle Check Point Software Technologies Ltd. All rights reserved. 7
6 Discover the Latest Solutions from Check Point Compliance Software Blade Think of it as Compliance 2.0 Continuous security monitoring across Check Point Software Blades Over 300 security best practices align security and compliance Fully integrated into Check Point Software Blade architecture and security management Threat Emulation Software Blade Prevents Zero-day Attacks Prevent infections from first-time malicious documents (MS Office and PDFs) and executable Innovative technology offers the fastest and most accurate prevention Completes Check Point s leading multi-layered Threat Prevention Solution to fully protect against the most current malware We Secure the Internet Check Point Appliance Blazing fast cyber-security for data centers Quantum-leap in security performance Fully featured and easy to operate platform for data centers New family with industry leading security for data centers Check Point 600 Appliance Big security, small size Secure your small business with Enterprise leading security Security made easy with simple and intuitive management Check Point 1100 Appliance Big security for small branches Secure branch offices with industry-leading security and great value Manage and control branch gateways with local or central management One stop shop for connectivity and security Compact desktop form-factor suitable for 2013 Check Point Software Technologies Ltd. All rights reserved. offices of up to 50 employees 8 9
7 Four Steps to Successful WOULD YOU OR ANYONE ON STAFF OPEN THE ATTACHMENT below? Zero-Day Protection BY DUANE KURODA, CHECK POINT SOFTWARE TECHNOLOGIES What could be more inviting than an from your own human resources department that lists salaries of the entire staff? What s more, the looks like it was sent from HR and the attachment is an Excel file. You use Excel files every day, including that status report you just updated. You might indeed be the lucky recipient of a mistyped that just so happens to include the salaries of the entire staff, OR you might be the next victim in a targeted attack and join the 63% of organizations in Check Point s research that are infected with bots. These files often attack vulnerabilities in the operating system or in business document applications such as MS Office or Adobe Reader. In many cases, these new attacks leverage Zero-day exploits, which have no known defenses. The odds are that once this Zero-day infected reaches your network, someone will click it and you or your network will be infected. From: To: Cc: Message Jim, Human Resources Jim User staff-salaries.xlsx (140 kb) staff salaries OR WILL YOU? Even if there are no known defenses, it is possible to discover and stop these attacks. In order to insure continued business operations and provide a high level of protection, there are 4 key steps: 1. File Inspection, to reduce false positives and accelerate protection 2. File Emulation, to actually see what the files attempt to do 3. Prevention, to stop discovered malicious files from infecting the network 4. Sharing, to distribute new protection information DISCOVER AND PREVENT ZERO-DAY ATTACKS THAT HAVE NO KNOWN DEFENSES INSPECT share emulate prevent Existing technologies focus on the Emulate step and stress remediation after infection. This is a time consuming process that can violate corporate policy when internal files are sent off the corporate network to the cloud. While file behavior is analyzed, the file is allowed to breach the network, and you only learn that the file is malicious after the fact. The infection could reach one or more systems and start stealing data for hours or even days before remediation could be attempted. Following the 4 key steps, infections are prevented, not just detected, in an accurate and timely manner that insures business operations continue and eliminates after infection remediation. Check Point introduced the Threat Emulation Software Blade specifically to discover and prevent Zero-day attacks that have no known defenses. Instead of relying on known signatures and patterns, Threat Emulation launches and analyzes the behavior of business documents in attachments and downloads to see what the files do when opened. Malicious files may create or modify files, modify or start processes, change or add registry entries, communicate with command and control servers, and more. The 4 Key steps are delivered by Check Point s Threat Emulation Software Blade. INSPECTION Files in and downloads are identified for processing. Check Point applies advanced pre-filtering to filter out safe files using heuristics and a proprietary analysis engine, leaving only suspect files selected for emulation. The selected files are uploaded to a virtual sandbox. EMULATION The selected files are opened and monitored in multiple Windows OS environments and MS Office versions. Unusual activity such as network connections, changes to the file system, registry, or system processes tells us that the file is malicious. PREVENTION Files identified as malicious are blocked. Malicious files are stopped at the gateway, before infecting the network. No infection means that remediation time and effort are eliminated. SHARING Newly discovered threats are finger printed, with signatures, IP addresses, and domains for threats sent to ThreatCloud. Once the threat information is on Threat- Cloud, it is instantly available to protect other gateways. One important issue is the balancing point between allowing good documents to pass through while increasing security with file emulation. In the Threat Emulation Software Blade, this is accomplished during the inspection step, where over 250,000 documents were used to validate a zero false-positive rate. This means that good documents are not stopped or labeled as malicious, while documents marked as malicious were verified as such. Only documents that are not eliminated by the pre-filter are emulated, incurring a 1 to 2 minutes emulation delay. This insures minimal business delay while preventing discovered malicious files from reaching network systems. Another issue is the deployment options for emulation. Technologies that only allow emulation in the cloud may risk violation of corporate policies when corporate business documents were sent outside the corporate network. On the other hand, solutions that require one or more dedicated appliances to detect new threats force organizations to buy expensive appliances, even when their emulation needs may only be required by a department or two. With Check Point s Threat Emulation Software Blade, organizations can choose the emulation solution that matches their policy, best practices, budget and network configuration. So, if your organization is at risk of attacks designed to steal secrets, intellectual property, financial information, or more, consider the Threat Emulation Software Blade that applies 4 key steps to prevent infection from zero-day and unknown attacks, uses patent-pending pre-filtering techniques leading to zero false positives, and has flexible deployment for local or cloud-based emulation. Learn more at threat-emulation/index.html 10 11
8 The Check Point Vision for Security Check Point Software Technologies Ltd. is the worldwide leader in securing the Internet. Check Point provides its customers with uncompromised protection against all types of threats. Its product offerings reduce security complexity and lower total cost of ownership. Check Point first pioneered the security industry with FireWall-1 and its patented Stateful Inspection technology. Today, Check Point continues to develop innovative products based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point 3D Security Check Point 3D Security redefines security as a 3-dimensional business process that combines policies, people and enforcement for stronger protection across all layers of security including network, data and endpoints. To achieve the level of protection needed in the 21st century, security needs to grow from a collection of disparate technologies to an integrated business process. With 3D Security, organizations can implement a blueprint for security that goes beyond technology to ensure information security integrity. Check Point 3D Security enables organizations to redefine security by integrating these dimensions into an effective business process: Policies that support business needs and transform security into a business process Security that involves People in policy definition, education and incident remediation Enforce, consolidate and control all layers of security (i.e. network, data, application, content and user) Check Point Software Blade Architecture As a key tool in creating true 3D Security, the Check Point Software Blade Architecture allows companies to enforce security policies while helping to educate users on those policies. This is the first and only security architecture that delivers total, flexible and manageable security to companies of any size. More importantly, as new threats and needs emerge, the Software Blade Architecture quickly and flexibly extends security services on-demand and without the addition of new hardware or management complications. Solutions are centrally managed through a single console that reduces complexity and operational overhead. Multilayered protection is critical to combat dynamic threats such as bots, Trojans and Advanced Persistent Threats (APTs). Current firewalls behave like multi-function gateways, but not all companies want the same level of security throughout their entire system. Companies seek flexibility and control of their security resources. Software Blades are security applications or modules such as: firewalls, Virtual Private Networks (VPN), Intrusion Prevention Systems (IPS), or application controls that are independent, modular and centrally managed. They allow organizations to customize a security configuration that targets the right mix of protection and investment. Software Blades can be quickly enabled and configured on any gateway or management system with no additional hardware, firmware or driver upgrades. As needs evolve, additional Software Blades can be easily activated to extend the security parameters of an existing configuration running on the same security hardware. Centralized Management Check Point offers centralized event management features for all Check Point products and third-party devices. This provides real-time views of security events as they take place, enables quick analysis of the security situation, and allows for immediate mitigating actions, all conducted via a single console. The SmartEvent timeline view enables the visualization of trends and propagation of attacks. The charts view provides event statistics in either a pie chart or a bar graph format. The maps view shows potential threats by country. Security Appliances Check Point appliances combine high performance multicore capabilities with fast networking technologies providing the highest level of security for your data, network and employees. Empowered by Check Point GAiA, the next-generation security operating system, and optimized for the extensible Software Blades Architecture, each appliance is capable of running any combination of Software Blades providing the flexibility and the precise level of security for any business at every network location. Check Point serves customers of all sizes, industries and geographies. Its client portfolio includes all Fortune and Global 100 companies. As well, Check Point s awardwinning ZoneAlarm security solutions protect millions of individuals and small businesses from hackers, spyware and identity theft. Check Point Recognized as a Leader in Enterprise Network Firewall Magic Quadrant for the Sixteenth Consecutive Year Check Point was positioned once again and for the 16th consecutive year, as a leader in the latest Gartner 2013 Enterprise Network Firewall Magic Quadrant. In our opinion, Check Point is the industry leader in providing robust firewall technology. As the firewall market has evolved to include integrated IPS and other next generation firewall capabilities, Check Point continuously expands its firewall capabilities to maintain that leadership. Check Point not only has the vision for next generation firewall security technologies, but also leads in the ability to execute and deliver the most advanced firewall
9 CURRENT TRENDS distributed denial of service attacks BY DANIEL WILEY AND ALON KANTOR, CHECK POINT SOFTWARE TECHNOLOGIES During the last couple of years Check Point customers have seen a significant evolution in cyber-attacks against organizations of all sizes and across all geographies. Distributed Denial of Service (DDoS) attacks have become a mainstream attack vector that is being used by both hacktivist groups and crime organizations. The recent wave of DDoS attacks on high-profile Web sites demonstrates a mainstream threat that causes significant damage across the world. Since September 2012 many large financial institutions in the US have been attacked in a series of large scale DDoS campaigns. These targeted attacks inflicted significant damage to daily operations, causing web access delays for millions of customers and significant costs to ensure Web site availability. Today s attacks, including a recent attack in Sweden, typically use tools that are easy to obtain and use. Examples include WebHive, LOIC and HOIC. A simple Google search for WebHive provides access to the tool and an elaborate YouTube tutorial. A UDP Amplification and TCP SYN attacks can be ordered in 30 minutes increments for as little as $ Anyone with any prior knowledge of DDoS can get up to speed on how to launch an attack within minutes. All it takes is to press a button on a user-friendly DDoS application. Check Point engineers have responded to over 75 DDoS attacks within the last 3 months, assisting customers in mitigating such attacks. In most cases the attackers are using several DDoS methods simultaneously, generating high volumes of network-layer noise, along with lower volumes of application-layers attack tools that target Web servers and DNS. Furthermore, under-the-radar attacks, also called Low & Slow attacks, that covertly exploit application implementation weaknesses for long periods of time, are becoming more popular to attackers, as they are difficult to detect and to block. A relatively new attack method encountered during recent months utilizes vulnerable servers in datacenters. This new vector is generating unprecedentedly high volume of attack traffic, as the exploited datacenter servers have significant resources available and are connected through high-speed connections to the Web. The targeted servers will perform two DoS attacks, one against victim organizations and another one against infected servers at hosting centers. With a small number of compromised, well connected servers, hackers can levy large scale attacks using any number of vectors in a dynamic nature. The motivation for these attacks is difficult to pinpoint, but Check Point has observed individuals with personal vendettas, corporations attacking rivals or even governments attacking another countries critical infrastructure to disrupt vital segments of the economy. More attackers have realized that DDoS attacks are relatively inexpensive and very effective. Check Point has also observed a significant increase in DDoS attacks against all industries around the world. Attacks have even been considered by some groups as a valid way to protest against social agendas, in what is now widely known as Hacktivism. DDoS has become a mainstream business challenge everywhere, in most industries and organizations of all sizes. To address this significant security threat, Check Point introduced the DDoS Protector Appliance product line. Offering a customized multilayered DDoS protection solution, DDOS Protector effectively protects, within seconds, both the network and application layers from attacks. DDoS Protector learns and distinguishes between normal, legitimate traffic, and rogue traffic that should be blocked using sophisticated behavioral analysis algorithms as well as signatures of known attacks. The solution offers flexible deployment options including Are You Prepared for a DDoS Attack? on-premise and inline connectivity to the organization s Internet connection. Leveraging the benefits of the on-premise presence, the solution can be deployed as an additional layer of protection along with an off-premises solution provided by ISPs / MSPs and Cloud providers. Today, it is not whether you will be attacked, but when and how. Make sure your business is protected with the right solution. Learn more at: products/ddos-protector/ DDoS attacks are attempts to disrupt or disable network services by flooding the bandwidth or resources of the targeted systems. Even well-protected networks are at risk. Check Point DDoS Protector Appliances block Denial of Service attacks within seconds with multi-layered protection and up to 12 Gbps of throughput performance. DDoS Protector provides protection against network flood and application denial of service attacks. A range of models and integration with Check Point Management offer flexible deployment options to protect all businesses. 14 Learn about DDoS Protector solutions: Check Point Software Technologies Ltd. All rights reserved.
10 The New Face of WEB SECURITY The face of web security has changed. Web 2.0 introduces new security risks that are very different from what we faced with Web 1.0. Just a few years ago, web content was more static, and Web 1.0 was segregated into the good and the bad when it came to risky sites and malware. Malware was usually spread by known websites that hosted malicious content and didn t need to change often nor take advantage of advanced browser and website features. Knowing the URL of these bad sites, such as net or was sufficient to protect users while they used the Web. Secure Web Gateways provided the security for Web 1.0 by focusing on URL based content filtering for both policy enforcement and stopping malware infections from known malicious sites. HOW CAN YOU SECURE WEB 2.0 WITH A WEB 1.0 APPROACH? THE WEB 2.0 REALITY Web 2.0 has brought about considerable changes web usage has shifted from static information consumption to dynamic interaction. Social media and internet applications, once considered a pass-time activity, have become essential business enablers. Companies are utilizing Internet applications such as Facebook, Twitter, WebEx and LinkedIn to communicate with customers, partners and colleagues, and collaborate with each other to help achieve business goals. These new applications are power ful business tools, but they have caught the attention of attackers, and thus introduce new risks. For example, in February 2013 the NBC.com website was hacked, exposing visitors to a drive-by-download attack. In such attacks malicious software is downloaded into visitors computers by simply visiting the website, potentially infecting millions of visitors in a very short time. In another example in 2012, hackers used Twitter and Facebook social engineering technique to distribute malicious content and steal users credentials. The acquired information was possibly used not only to gain access to sensitive information of the hacked accounts, such as passwords, bank account information, and vital company data, but also to acquire more passwords to continuously repeat the same process. These and other web-based attacks are not rare. Websites hacked with malicious code inserted, social media messages with malicious links, and an abundance of browser vulnerabilities are just a few among many. Many of these potential threats cannot be stopped by the Web 1.0 practice of blocking website URLs. To effectively protect users in an environment with diverse web-based applications, rapidly changing malware infected websites, social media, and P2P usage, there is a need to go beyond Web 1.0 security technology. A NEW WEB SECURITY PARADIGM Next generation web security needs to intelligently protect against the threats posed by Web 2.0. In order to be truly effective, web security requires the most up-to-date protections, global collaborative threat intelligence, unified management of all web threats both from applications and websites, effective end-user engagement, and full visibility into web security events. UP-TO-DATE PROTECTIONS In a rapidly and constantly changing threat environment, having the most up-to-date security intelligence is critical. Imagine a legitimate website that is hacked and infected with malware. How could you protect users from accessing the malware-infected website if it is a legitimate site and your web security is not aware it has been infected? In a recent attack targeting large internet companies, Facebook employees were hacked via a compromised website. Unsuspicious employees downloaded software from a popular mobile developer s website which contained malware. Although the security breach was discovered fairly quickly, many employees computers were hacked, some of the company s systems became infected, and security of more than a billion users around the world was jeopardized. In such instances, up-to-date threat information is critical for protection. The old way is to download a database to a gateway, which is only as good as the last database and is limited by the physical capacity of the gateway. Having an unrestricted cloud-based repository that is constantly updated with newly discovered threats minimizes damages and ensures the best protection against new malware and the most up-to-date URL categorization. BY TAMAR SHAFLER, CHECK POINT SOFTWARE TECHNOLOGIES GLOBAL COLLABORATIVE THREAT INTELLIGENCE The most up to date threat intelligence is not the only requirement for the next generation web security solution. Imagine that the site in the previous example was hacked in Europe, with the next target located in United States. Is the US company doomed? Very likely, if it uses old fashioned URL filtering solutions that rely on limited 16 17
11 information. For this company to have a good chance of being protected, its security technology needs to be able to pull most recent, multisource information from feeds, threat information sensors, research, and intelligence from a global network of active gateways. The incident in Europe should be shared among all active gateways, including the endangered company in the US, warning and preparing it for a potential attack. APPLICATIONS: FRIENDS OR FOES? The new reality of threat intelligence and protections is about speed of reaction and multi-sourced information. What about the new reality of applications and new dangers that they carry? Web 2.0 prominent applications, such as Anonymizers, File Storage and Sharing, Peerto-Peer File Sharing, Remote Administrative Tools and Social Media have legitimate use intentions at their roots. However, they have been increasingly used to exploit organizations. For example, file sharing and storage applications simplify information delivery and management. But they may also cause data leak or malware infection without user knowledge. Dropbox, a top file storage and sharing application, had two major security incidents in two years. In one incident hackers logged into a Dropbox employee s account that contained a document with users addresses, and used those addresses to send spam. In another incident, a bug in a Dropbox software update exposed users shared documents and information, giving access to potentially sensitive information. Remote admin tools are legitimate tools when used by admins and helpdesk, but can also be used to remotely control infected machines to further infiltrate the network, log keystrokes and steal confidential information. From July to September 2011, in an attack campaign coined Nitro, attackers used Poison Ivy to sniff out secrets from nearly 50 companies. Another popular application, used by 43% of organizations (source: Check Point 2013 Security Report) and highly favored by hackers, Anonymizers, can be used to bypass security policies built around users identities and destination URLs, and to hide user activity. To make sure that these applications and their functions are controlled and not allowed to introduce unnecessary risk, application control should be an integral part of a next generation secure web gateway. UNIFIED SECURITY FOR WEBSITES AND APPLICATIONS Applications introduce potential threats; so do websites. Each has its own specificity. The old way is to treat them separately, possibly using separate vendors, a costly and time consuming endeavor. However, a threat is a threat whether it is a proxy avoidance site (Anonymizer), web application or client application. A new approach dictates that web or non-web based internet traffic should be handled in the same manner and be subject to the same policy. The next generation secure web gateway should apply the same rules, actions, and interactions to both websites and applications, and be managed in the same rule to achieve an optimal level of security and manageability. END-USER EDUCATION AND ENGAGEMENT User education and engagement is another aspect of achieving effective and practical web security in the new web security paradigm. Many sites, platforms and applications are powerful business enablers, but certain use of them can violate company policies. Should the company allow Bob from Sales to use Facebook chat to connect with potential customers? How about QA engineer Anna? Should Manish from R&D be able to access a website on the newest black hat hacks? What about Peggy from event catering? Informing end-users about an acceptable use policy and allowing them to provide input enables organizations to define policies that best fit business and user needs. It empowers employees and makes them more aware of company policies. VISIBILITY AND MANAGEMENT And finally, having all the latest bells and whistles in security technologies is not effective if there is limited visibility into security events and the threat landscape. In order to protect the organization and stop attacks an organization needs to be armed with granular and easy to read reports, user-friendly centralized management, and 360 visibility into web activities. MAKE THE SHIFT TO 2.0 SECURITY The Web and its usage are critical to businesses and here to stay. To remain secure, a shift must occur in security, much like we saw a shift from Web 1.0 to 2.0. New security approaches must be intelligent and powerful and provide multi-layered protection that is easily managed and cost effective. The attackers have realized this and are using the latest tools and techniques to target your users and their use of the web and web-based applications. Your web security should be next-generation and make use of global cloud intelligence, the most up-to-date protections, effective management, user engagement and full visibility. Do you want to continue trying to secure Web 2.0 with 1.0 technology? Learn more at secure-web-gateway-appliance/index.html featured check point solutions DDoS Protector Check Point DDoS Protector Appliances block Denial of Service attacks within seconds with multilayered protection and up to 12Gbps of performance. Modern DDoS attacks use new techniques to exploit areas where traditional security solutions are not equipped to protect. These attacks can cause serious network downtime to businesses that rely on networks and Web services to operate. DDoS Protector extends a company s security perimeters to block destructive DDoS attacks before they cause damage. Next generation Threat Prevention Attackers are becoming more creative in how they reach corporate resources and exposing security threats. Businesses not only need to worry about network attacks, but also attacks directed at end users computers, such as viruses, bots and drive-by downloads. Left unchecked, any of these threats can increase risk to your business or your data. The Check Point Threat Prevention Appliance is an integrated solution for enterprises looking to prevent growing internet attacks, all on a single security gateway with: ThreatCloud for real-time security intelligence, Antivirus, Anti-bot, IPS, URL Filtering, Identity Awareness, Unified Policy, Logging and Status Software Blades. Next generation Secure Web Gateway Embracing the current paradigm shift from simple URL filtering to comprehensive malware protection, the Check Point Secure Web Gateway provides an intuitive solution that enables secure use of Web 2.0 with real time multi-layered protection against web-borne malware, largest application coverage in the industry, advanced granular control, intuitive centralized management and essential end-user education functionality
12 Did you know? SPOTLIGHT ON TECHNOLOGY C-Suite Challenges Security challenges CIOs and CSOs face in the current environment: 63% keeping up with security threats and advances 63% growing number of employee mobile devices connecting to network 55% managing the complexity of security 50% managing data security Source: Check Point C-level Customer Survey, July 2012 BYOD Security 9 out of 10 organizations permit employees with mobile devices to connect to the network Slightly more than half of organizations allow both personal and company owned devices There is a significant increase in penetration of mobile devices to organizations in comparison from 75% in 2011 up to 90% in 2012 Most customers store corporate and contact information on mobile devices connecting to network Source: Check Point Mobility and Data Security Survey, December 2012 Get Multi-Layer Protection Against Web-Borne Malware Say goodbye to your Web Security 1.0 with Check Point Next Generation Secure Web Gateway. Secure Web Gateway enables secure use of Web 2.0 with an integrated approach of malware protection URL filtering, application control, and user awareness. Secure Web Gateway enhances operational efficiency with expertise and best-of-breed security management. Learn about Next Generation Secure Web Gateway: When Bots Go Bad 63% of organizations surveyed were infected with bots Bot toolkits can be found online for as little as $500, but their damage can cost organizations millions of dollars More than half of organizations were infected with new malware at least once a day Source: Check Point 2013 Security Report Data Loss in Your Network 54% of organizations had at least one potential data loss incident. Sensitive data included anything from pay slip files, source code, credit card information, password protected files, confidential s, and salary information In 36% of financial institutions surveyed, credit card information was sent outside the company Source: Check Point 2013 Security Report Perception Gap in the Cloud One third of IT and Security administrators allow employees to upload and share information over the web. However, in Check Point s 2013 Annual Security Report, sharing applications rates were 60%, twice what the admins perceive it is. Source: Check Point Mobility and Data Security Survey, December 2012 Anonymizer Anxiety 91% of organizations included in the report used applications with potential security risks 80% reported using file sharing and reporting applications 47% of organizations saw the use of anonymizers by employees. The most popular anonymizer network, Tor, was reported last year to be infiltrated by attackers running a botnet hidden in the service. Check Point ThreatCloud ThreatCloud is a collaborative network and cloud-driven knowledgebase that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. ThreatCloud powers the Anti-Bot Software Blade which allows gateways to investigate dynamic IPs, URLs and DNS addresses where Command & Control centers are known to exist. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time. ThreatCloud s knowledgebase is dynamically updated using feeds from a network of global threat sensors, attack information from worldwide gateways, Check Point research labs and the industry s best malware feeds. Correlated security threat information is then shared among all gateways collectively Check Point Software Technologies Ltd. All rights reserved. Source: Check Point 2013 Security Report 21
13 CHECK POINT 2013 SECURITY REPORT 900 ORGANIZATIONS 120,000 HOURS OF TRAFFIC MONITORED Our research reveals: % VISITED MALICIOUS WEBSITES % INFECTED BY BOTS % EXPERIENCED DATA LOSS FIRST EXPERIENCE with CHECK POINT compliance software BLADE BY JEREMY KAYE AND JENNIFER TOSCANO, CHECK POINT SOFTWARE TECHNOLOGIES The world of security has become increasingly complex and challenging. Security managers are faced with limited budgets and resources and need to keep up with the latest security trends and industry best practices. Adding further complexity to the world of security is the tightening of the regulatory landscape. While security is The Check Point Compliance Software Blade recommends needed changes to bring any noncompliant issues into compliance. Tim bulu, usf health their top priority, security managers must work with compliance and risk managers to balance their efforts and resources to maintain optimum security levels, prepare for regulatory compliance audits, and comply with dozens of regulatory requirements that are often vague, difficult to understand, and unclear as to how to implement them. 47 % USED ANONYMIZERS COMPLIANCE CHALLENGES FACING SECURITY MANAGERS Balancing efforts and resources to maintain optimum security AND comply with dozens of regulatory requirements Preparations for internal and external audits demonstrating on-going compliance READ THE FULL REPORT MAINTAINING COMPLIANCE AND SECURITY One organization facing this chal lenge head-on is the University of South Florida Health. Comprised of seven large colleges and schools, USF Health is a global research university. Tim Bulu, Information Security Officer, and Director of Network Services and Information Security, manages the information security team that takes care of day to day security operations. They currently have 8 Check Point gateways and 3 clusters, all linked to a single management console. The main priority of the information security team at USF Health is to manage security, but they also must contend with additional regulatory requirements, as they need to comply with HIPAA and PCI DSS. Security personnel are not always well versed in the small print of regulations. According to Bulu, The Compliance Software Blade acts as a second set of eyes for security administrators looking over the changes they make and alerting them to any potential compliance issues. Because the Compliance Software Blade automatically notifies users of any attempt to change security policy that would negatively impact 22 23
14 compliance, security administrators can focus their time on managing what they know best: security. At the same time, they can ensure that they maintain security policies in alignment with the relevant regulatory requirements on an on-going basis, a must for compliance management. With the time saved by using the Compliance Software Blade, the security team can devote themselves to additional activities as needed. The Check Point Compliance team spent two days with USF Health, introducing them to the software and how it works. At the end of their product evaluation, USF Health found tremendous value in the Compliance Software Blade. Bulu explains, The Check Point Compliance Software Blade brings a multitude of benefits to the table. The dashboard provides me quick-glance insight into our current compliance posture. If something displayed needs attention, I can easily drill down to the level of detail I need to make an informed decision on how to proceed. The crowning feature is that the Compliance Software Blade recommends needed changes to bring any noncompliant issues into compliance and helps improve the security policies of my organization. I can rest assured in the trust that with frequent updates from Check Point and dynamic rescanning every day the system will alert me as soon as we fall out of compliance. PREPARING FOR AUDITS A second challenge facing security managers is working with the compliance and risk management team to prepare for internal and external audits. Historically, auditing an organization for regulatory compliance was often a painful, costly, and time consuming process that, at best, provided a snapshot of the security status a few times a year. However, the world of compliance has evolved, requiring proof of on-going compliance with regulatory requirements. For many organizations, this has further complicated the audit preparation process. 24 WHAT S YOUR COMPLIANCE STATUS? Get an immediate view of your compliance status by having a Check Point Sales Engineer conduct an onsite proof of concept. Swedbank, one of the largest banks in Sweden and the Baltics, has successfully addressed this challenge using the Compliance Software Blade. Aleksandr Nositsh is the System Architect for the Network Security Area within IT Operations, and is utilizing 20 gateways that are all linked to a single management console. Nositsh spent two days with the Check Point team reviewing the new Compliance Software Blade. Like all businesses in the Banking industry, Swedbank is subject to many regulations, including PCI DSS, Sarbanes Oxley, and ISO Additionally, the bank is required to prepare for many internal audits during The Check Point Compliance Software Blade is an incredible resource saver. ALEKSANDR NOSITSH, SWEDBANK the year. Nositsh commented, During security audits, the Compliance Software Blade is an incredible resource-saver; with all checks running in the background at scheduled intervals results can be presented to auditors almost immediately upon request. There is no need to go through all settings during an auditor s on-site visit, saving time, effort and hassle for both administrator and auditor. Swedbank found value in the relationship and the balance between the security best practices and the regulatory requirements. Check Point looks at each regulation and the thousands of individual regulatory requirements within them. It then translates those requirements into security best practices. Since many different regulations (like PCI-DSS and HIPAA) have individual requirements with similarities between them, each security best practice can have several individual regulatory requirements tied to it. Therefore, if a change is made to the security policy that improves a best practice score, by extension compliance is being improved for several regulations/r egulatory requirements at the same time. Often it is not clear how to modify or improve the configuration. Nositsh continued: Not only does the Compliance Software Blade check if a specific requirement is met or not, but it also advises the security administrator how to change the configuration in order to pass that specific check all via the SmartDashboard with its familiar GUI. During sessions with customers and partners, Check Point is often asked about the value of the Compliance Software Blade for clients who are not subject to regulations and standards. It is rare to find a client that doesn t have any regulatory obligations, but it could be that the security administrator does not have responsibility for them and is therefore not involved in those processes. Swedbank felt that even if an organization is not subject to any specific industry standards, the Compliance Software Blade offers the capability to reference Check Point infra structure setup against that of vendor best practices. Learn more at products/compliance-software-blade ThreatCloud. You are not alone. Check Point ThreatCloud is the first collaborative knowledge base to fight cybercrime, gathering threat data from multiple sources sensors, gateways and industry feeds, and distributing threat intelligence to security gateways around the globe. ThreatCloud sends real-time, collective threat information and attack trends directly to customers to enforce protection against bots, APTs and other sophisticated forms of malware. Customers can collaborate by feeding ThreatCloud with their own threat data and receive incoming protection updates through their security gateways. Start collaborating with ThreatCloud and get comprehensive Threat Protection: Check Point Software Technologies Ltd. All rights reserved.
15 Check Point s next generation firewall is the most mature and feature complete in its class NSS Labs 2013 Check Point Software Technologies Ltd. All rights reserved. THE LEADER IN NEXT GENERATION FIREWALL
End-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationSimplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks
Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware
More informationThe Attacker s Target: The Small Business
Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationTop 10 Reasons Enterprises are Moving Security to the Cloud
ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationUncover security risks on your enterprise network
Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationThe Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know
The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,
More informationSimplifying the Challenges of Mobile Device Security
WHITE PAPER Three Steps to Reduce Mobile Device Security Risks Table of Contents Executive Overview 3 Mobile Device Security: 3 Just as Critical as Security for Desktops, Servers, and Networks 3 Find the
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationBuyers Guide to Web Protection
Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationExecutive Brief on Enterprise Next-Generation Firewalls
Executive Brief on Enterprise Next-Generation Firewalls How security technology can reduce costs, improve compliance and increase employee productivity Enterprise Next-Generation Firewalls protect businesses
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationSIZE DOESN T MATTER IN CYBERSECURITY
SIZE DOESN T MATTER IN CYBERSECURITY WE SECURE THE FUTURE SIZE DOESN T MATTER IN CYBERSECURITY WE SECURE THE FUTURE TABLE OF CONTENTS SIZE DOESN T MATTER IN CYBERSPACE 03 SUMMARY 05 TOP REASONS WHY SMBS
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationZone Labs Integrity Smarter Enterprise Security
Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationEnabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media
Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationHow Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail
How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationEnd-to-End Application Security from the Cloud
Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationThe New Face of Next Generation Firewalls
The New Face of Next Generation Firewalls Martin Koldovský SE Manager Eastern Europe 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationAVG AntiVirus. How does this benefit you?
AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationCutting the Cost of Application Security
WHITE PAPER Cutting the Cost of Application Security Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage,
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationSSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES
SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES Contents Introduction 3 SSL Encryption Basics 3 The Need for SSL Traffic Inspection
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationPutting Web Threat Protection and Content Filtering in the Cloud
Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationSOLUTION CARD WHITE PAPER
WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationSecuring Your Business with DNS Servers That Protect Themselves
Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationProtecting Your Data, Intellectual Property, and Brand from Cyber Attacks
White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It
More information