Check Point: Sandblast Zero-Day protection



Similar documents
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals

Cloud Services Prevent Zero-day and Targeted Attacks

Uncover security risks on your enterprise network

ONE STEP AHEAD of hackers, cybersecurity, threats and the competition

Unified Security, ATP and more

Threat Intelligence. How to Implement Software-Defined Protection. Nir Naaman, CISSP Senior Security Architect

Cisco Advanced Malware Protection for Endpoints

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

You ll learn about our roadmap across the Symantec and gateway security offerings.

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

Modular Network Security. Tyler Carter, McAfee Network Security

Analyzing HTTP/HTTPS Traffic Logs

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

End to End Security do Endpoint ao Datacenter

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

ENABLING FAST RESPONSES THREAT MONITORING

Chapter 9 Firewalls and Intrusion Prevention Systems

How Attackers are Targeting Your Mobile Devices. Wade Williamson

15 JAAR VOOROP IN ICT SECURITY

Cisco Advanced Malware Protection

What is Next Generation Endpoint Protection?

Integrating MSS, SEP and NGFW to catch targeted APTs

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

WildFire. Preparing for Modern Network Attacks

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Cisco Advanced Malware Protection for Endpoints

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Getting Ahead of Malware

Unknown threats in Sweden. Study publication August 27, 2014

Advanced Endpoint Protection

IBM Security re-defines enterprise endpoint protection against advanced malware

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Next Generation Firewalls and Sandboxing

Deep Discovery. Technical details

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Fighting Advanced Threats

SourceFireNext-Generation IPS

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Zak Khan Director, Advanced Cyber Defence

Cisco IPS Tuning Overview

Security Intelligence

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Security Administration R77

Content-ID. Content-ID URLS THREATS DATA

Persistence Mechanisms as Indicators of Compromise

McAfee Network Security Platform

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

AppGuard. Defeats Malware

5 Steps to Advanced Threat Protection

COORDINATED THREAT CONTROL

FROM PRODUCT TO PLATFORM

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

Endpoint Threat Detection without the Pain

Securing OS Legacy Systems Alexander Rau

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

WEBSENSE SECURITY SOLUTIONS OVERVIEW

On-Premises DDoS Mitigation for the Enterprise

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Security Intelligenece: tracking obfuscated and unrecognized attacks Check Point Software Technologies Ltd.

Symantec Advanced Threat Protection: Network

Securing the endpoint and your data

TRITON APX. Websense TRITON APX

Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year

Simple security is better security Or: How complexity became the biggest security threat

The Hillstone and Trend Micro Joint Solution

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Security Services. 30 years of experience in IT business

Comprehensive Advanced Threat Defense

Symantec Endpoint Protection

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

QRadar SIEM and FireEye MPS Integration

Content Security: Protect Your Network with Five Must-Haves

Defending Against Cyber Attacks with SessionLevel Network Security

Trend Micro. Advanced Security Built for the Cloud

Cisco Advanced Malware Protection Sandboxing Capabilities

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

Cisco Cyber Threat Defense - Visibility and Network Prevention

21/12/2015 CLOUD ADOPTION TRENDS. Agenda. Cloud Adoption. Cloud Deployment Model. Public Cloud Usage

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Securing Cloud-Based

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

Lab Validation Report

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Symantec Endpoint Protection Datasheet

Symantec Endpoint Protection Analyzer Report

Transcription:

Check Point: Sandblast Zero-Day protection Federico Orlandi Itway Support Engineer 2015 Check Point Software Technologies Ltd. 1

Check Point Threat Prevention SandBlast IPS Antivirus SandBlast stops zero-day and unknown malware SandBlast Zero-day Protection Anti-Bot 2015 Check Point Software Technologies Ltd. 2

WHAT IS SANDBLAST? Unprecedented real-time prevention against unknown malware, zero-day and targeted attacks Threat Emulation with CPU-Level Detection Evasionresistant malware detection Threat Extraction Prompt Delivery of safe reconstructed files 2015 Check Point Software Technologies Ltd. 3

Check Point SandBlast Zero-Day Protection Introducing CPU-Level Detection Advanced Malware use various techniques to evade traditional Sandboxes Check Point s Advanced deep CPU-Level inspection Detects malware at exploitation stage - No chance to attempt evasion Vulnerability Trigger an attack through an unpatched or zero-day vulnerability Exploit Bypass the CPU and OS security controls using exploitation methods Shellcode Activate an embedded payload to retrieve the malware Malware Run malicious code 2015 Check Point Software Technologies Ltd. 4

Threat Emulation Exploit Detection and Prevention Prevent Zero-Day Attacks Constantly Update ThreatCloud Original Document Document is sent for sandboxing, where it is opened and inspected Original Document If no infection found If infected with unknown Malware -Document is deleted, -ThreatCloud is updated, -Admin is notified Attack is PREVENTED 2015 Check Point Software Technologies Ltd. 5

ACCESS TO ORIGINALS AFTER EMULATION 2015 Check Point Software Technologies Ltd. 6

Threat Emulation Admin has comprehensive Attack Visibility Summary Details 2015 Check Point Software Technologies Ltd. 7

Threat Extraction Document Reconstruction Reconstructed safe copy of documents Original Document Document Reconstructed Safe Copy of Document Delivered immediately Customizable Protection Level 2015 Check Point Software Technologies Ltd. 8

A STEP FASTER FOR USERS PROMPTLY PROVIDING CLEAN FILES 2015 Check Point Software Technologies Ltd. 9

FAST, FLEXIBLE DEPLOYMENT SANDBLAST APPLIANCE SANDBLAST CLOUD CHECK POINT GATEWAY 2015 Check Point Software Technologies Ltd. 10

SandBlast Cloud Check Point SandBlast Zero-Day Protection Check Point SandBlast Cloud Real-time security intelligence delivered from Check Point ThreatCloud. Turns zero-day attacks into known and preventable attacks. No new hardware is needed Requires Check Point Security Gateway withr77 and above Internet Check Point Security Gateway (Requires R77 and above) SANDBLAST CLOUD Threat Extraction (Prompt delivery of reconstructed clean files) on Local Appliance Corporate Network (LAN) Threat Emulation O/S Level Sandboxing and CPU-Level Detection in Cloud 2015 Check Point Software Technologies Ltd. 11

On Premise Deployment Check Point SandBlast Zero-Day Protection On-Premises Check Point SandBlast Appliance Added to existing Check Point Security Gateway in two ways: Prevent: Inline Emulate before allowing into network Detect: Duplicate network traffic (via SPAN port) Internet Check Point Security Gateway (Requires R77 and above) Corporate Network (LAN) Inline or SPAN Port Threat Emulation (O/S Level Sandboxing with CPU-Level Evasion detection) Check Point SandBlast Appliance Threat Extraction (Prompt delivery of reconstructed clean files) 2015 Check Point Software Technologies Ltd. 12

I N T R O D U C I N G T HE POWER T O PROTECT. T HE I NSIGHT T O UNDERSTAND. 2016 Check Point Software Technologies Ltd. 13

SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation THREAT EXTRACTION & EMULATION FOR ENDPOINTS Deliver sanitized content Emulation of original files Protects web downloads and file copy 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 14

Eliminate Zero-Day Malware at the Endpoint SANDBLAST CLOUD 1 Web downloads sent to SandBlast cloud 2 Sanitized version delivered promptly 3 Original file emulated in the background 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 15

Instant Protection for Web Downloads CONVERT to PDF for best security, or SANITIZE keeping the original format 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 16

Access to the Original File Only After Threat Emulation when verdict is benign Self-Catered No Helpdesk Overhead 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 17

SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation ANTI-BOT FOR ENDPOINTS & ENDPOINT QUARANTINE Detect & Block C&C communications Pinpoint infections Quarantine infected host 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 18

Look for Malicious Outgoing Traffic at the Endpoint 2 Outgoing traffic inspected by local ANTI-BOT 1 THREAT INTELLIGENCE continuously delivered to the Agent 3 C&C traffic and data exfiltration are BLOCKED 4 QUARANTINE malicious process or LOCKDOWN the entire system 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 19

SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation AUTOMATIC FORENSIC ANALYSIS & ATTACK REMEDIATION Incident Analysis - saves time & cost Make network detections actionable Understand endpoint AV detections Clean & remediate the full attack 2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 20

Collect Forensics Data and Trigger Report Generation 1 FORENSICS data continuously collected from various OS sensors 2 Analysis automatically TRIGGERED upon detection of network events or AV Network Files Registry Processes 4 Digested INCIDENT REPORT sent to SmartEvent 3 Advanced ALGORITHMS analyze raw forensics data 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 21

Identify Attack Origin Chrome exploited while browsing Exploit Code Dropper process launched by Chrome Schedule Execution Malware registered to launch after boot From Trigger to Infection Automatically trace back the infection point Attack Traced Even across system boots Dropped Malware Dropper downloads and installs malware Data Breach Malware reads sensitive documents Investigation Activate Trigger Malware Identify the Scheduled process task that launches accessed the C&C after server boot 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 22

THANK YOU! 2015 Check Point Software Technologies Ltd. 23

Lascia il tuo feedback su www.itwaycampus.it Nella pagina Agenda clicca sul nostro intervento e poi su «Inserisci il tuo feedback» 2015 Check Point Software Technologies Ltd. 24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information