How UTM-1, DLP and Application Control Protect your IT environment Louis Cheung Security Consultant CISSP, CISA Dec 2010 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Agenda Security Evolution What s new on UTM-1 Appliance New Software blades DLP Application Control Q & A 2
Security Evolution In the past there were few security challenges and few solutions The Internet grew and so did security. and it became pretty complex. 3
The Security Maze 15 different point products 4
The Security Maze Try to find your way 5
The Security Maze or take the Check Point route. 6
The Security Maze or take the Check Point route. 7
Today Challenge Performance needs Investment Cost Operation Cost Product lifecycle Security needs Number of users Applications Internet bandwidth NETWORK SECURITY Firewall VPN IPS Web Filtering Anti-malware Email Protection SSL VPN DLP & more 8
What s New in UTM-1 R71 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
R71 AV and URLF Performance boost Anti Virus & Anti Malware Introduce new industry-leading AV engine by Kaspersky New Stream mode uses kernel stream Performance is significantly higher Improve stability and memory consumption URL Filtering Introduce enhanced URL Filtering engine Move to a new kernel architecture Performance is significantly higher eliminates the limitation of concurrent connections Improve stability and memory consumption. Support wild characters ( * ) in Allow/Block lists 10
Patented Acceleration Technology: SecureXL Accelerated path, optimized securityprocessing tier. Accelerates packet and session Hardware: IP ADP (former Nokia) Performance Pack (SecurePlatform, Crossbeam) IPSO SecureXL software implementation Throughput Performance Acceleration CPS 11
R71 UTM-1 Boost Maximum Performance and Capacity FW (1518 bytes), Mbps IPS Throughput - Default Protections, Mbps Anti-Virus, Mbps Connection rate (cps) Max concurrent HTTP AV & URLF UTM-1 276 UTM-1 1076 R70 R71 Boost R70 R71 Boost 600 1,500 X2.5 2,000 3,000 x1.5 380 1,000 X2.6 900 2,200 X2.7 30 120 X4 75 300 X4 3,400 10,000 X2.9 8,800 25,000 X2.8 2,500 50,000 X20 4,000 110,000 X27 All UTM-1 platforms include SecureXL (R71) 12
Firewall throughput (Gbps) Raising the Bar on UTM-1 Performance 5 Small office or branch SMB to medium branch 4 3 2 1 0 UTM-1 136 UTM-1 276 UTM-1 576 UTM-1 1076 UTM-1 2076 Up to 4x Firewall throughput improvement with SW update only!!! 13
Security Enhancement: DLP Application Control 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Data Loss Prevention What is DLP? John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 E-mail sent to the wrong recipient, intentionally or by mistake. Company document uploaded to an external website. Data breaches have happened to all of us 15
How Does Check Point DLP Work? MultiSpect Detection Engine Simple Rule-based Policy Management Full Network Enforcement 16
New MultiSpect Technology MultiSpect Detection Engine Correlates data from multiple sources using open language Item No. Name Social Security Number Job Title Gross Pay 1 John Smith 987-65-4320 CEO $200,000 2 Kevin Brian 987-65-4221 VP R&D $150,000 3 Margret White 250+ Data Types 600+ File Formats 769-65-7522 VP Marketing $153,000 4 Bob Johns 342-62-3323 CFO $140,000 5 Mike Riddle 777-43-4324 COO $180,000 Detects more than 600 file formats Over 250 pre-defined content data types Detect and recognize proprietary forms and templates 17
DLP Has Not Yet Been Solved! Technology IT Staff Challenge Computers can not reliably understand human content and context Challenge Burden of incident handling Exposure to sensitive data 18
Check Point Makes DLP Work Data Loss Prevention Alert John, An email that you have just sent has been quarantined. John John.Stevens@yahoo.com <john@greenworld.com> Corporate John.Stevens@yahoo.com Reason: Strategy attached document contains confidential internal data Green World Strategy Plan 2010 The message is being held until further action. Confidential data sent to the wrong recipient! User prompted to take action Let s review the corporate strategy in our morning meeting. Send, Discard, or Review Issue User remediates 19
Introducing Check Point Data Loss Prevention Check Point Combines Technology and Processes to Make DLP Work NEW! John, John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 Data Loss Prevention Alert An email that you have just sent has been quarantined. Let s review the corporate strategy in our morning meeting. Reason: attached document contains confidential internal data Prevent Move from detection to prevention Educate Users on corporate data policies The message is being held until further action. Send, Discard, or Review Issue Enforce Data loss business processes 20
Check Point Solves the DLP Challenge New UserCheck Technology Technology Challenge Empowers users to remediate incidents in real time IT Staff Challenge Educates users on DLP policies without involving IT staff 21
Ease-of-Deployment Software Blade Dedicated Appliance Network-based Inline Solution On Existing Gateways or Open Servers DLP-1 Be Up and Running Day-1! 22
Check Point DLP At-A-Glance Move from Detection to Prevention Proactively block intentional and unintentional data loss Inline network-based Software Blade running on any existing Check Point gateway Supporting HTTP, SMTP and FTP protocols UserCheck notification using either thin agent or a returning email to the user Scaling from hundred to thousands of users 23
The Problem with Internet Applications Malware Threats Bandwidth Hogging Productivity Loss 24
Introducing Check Point Application Control Software Blade Detect and control application usage AppWiki Industry s largest library with over 50,000 applications Educate users on corporate policies Available Soon Available on EVERY gateway 25
Introducing Check Point AppWiki Unparalleled Application Control Over 4,500 applications Over 50,000 social-network widgets Grouped in over 150 categories (including Web 2.0, IM, P2P, Voice & Video, File Share) http://appwiki.checkpoint.com/appwiki/applications.htm World s largest Application Classification Library 26
Granular Application Categorization Application Type IM Web conferencing Gaming. Advanced Properties Share files High bandwidth Use stealth techniques Security Risk Measures the potential risk 27
User and Machine Awareness Includes User Identification Corporate Active Directory Security Gateway User- and group-aware Machine-aware User identification with both agent-based and seamless, agentless Active Directory integration 28
Application Detection and Usage Controls Application Detection and Usage Controls Enable access for support team Identify, allow, block or limit usage of applications at user or group level 29
Practical Implementation Involve end-users using multiple policy actions Accept / Drop Traditional security policies are suitable for clear-cut cases Inform Allow but inform the user about the risks Ask Learn usage patterns to create better policies Limit Use to preserve resources (bandwidth) or control acceptable use 30
Certifications ICSA CC EAL4 VPNC FIPS 140-2 31
Awards Leader in the 2010 Magic Quadrant for UTM 32
The vision, More, Better and Simpler Application control UTM services Future technology KEEPING SSL YOUR INVESTMENT VPN DLP VPN Future technology IPS Future technology 33
Thank You 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals