transforming your endpoints from the weakest link …...©2019 heck point software technologies ltd....
TRANSCRIPT
1©2019 Check Point Software Technologies Ltd.
Konstantina Koukou, Security Engineer
Transforming your endpoints from the weakest link to the strongest defense
2©2019 Check Point Software Technologies Ltd.
A wake up call…
AND MANY MORE… ALL STARTED FROM VULNERABLE ENDPOINTS!
A criminal gang in Nigeria targeting the global maritime industry had been running multiple “business email compromise” scams for hundreds of thousands of dollars. The group calling had been sending messages to infiltrate payments within shipping companies. Among the victims was a South-Korean and a Japanese shipping company.
In June 2017, shipping giant Maersk was hit by a devastating cyber attack caused by the NotPetya malware, originating in Ukraine. The attack resulted in significant disruptions to Maersk’s operations and terminals worldwide, costing them up to USD 300 million.
In July 2018, COSCO Shipping Lines fell victim to a cyber attack. After a 5-day sprint to activate contingency plans, COSCO’s operations were back to normal. Apparently, Cosco was aware of what happened to Maersk and had taken proactive steps to minimize the risk
3©2019 Check Point Software Technologies Ltd.
ENDPOINTS CAN BE THE STRONGEST LINK!
Strong On-device Enforcement
Behavioral and Forensics Visibility
User Interaction
LEVERAGE ENDPOINTS TO BETTER PROTECT YOUR INFRASTRUCTURE
4©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
5©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
6©2019 Check Point Software Technologies Ltd.
1. REDUCE ATTACK SURFACE
Your corporate policy Endpoint compliance
Peripherals Port protection
Applications Application control
Data in motion Endpoint FirewallCONTROL
ENCRYPT
ENFORCE
Data in motion IPSec and SSL VPN
Data at rest & use FDE, Media Encryption and Document Security
7©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
8©2019 Check Point Software Technologies Ltd.
2. PREVENT BEFORE IT RUNS
Inhibit user mistakes
Zero-Phishing
Block known attacks
Endpoint anti-malware and reputation
Prevent unknown attacks
Pre-execution static and dynamic analysis
Thwart exploits
Anti-Exploit
9©2019 Check Point Software Technologies Ltd.
INHIBIT USER MISTAKES: with Zero-Phishing
BLOCKphishing sites
PREVENTcredential re-use
DETECTcompromised passwords
On-access activation
Real-time inspection
Dozens of indicators
Compares cached PW hashes
Collected on internal sites
Enforced on external sites
Compromised Password Used
Collected from Dark Web
Alerts user on usage
Notifies admin
10©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
11©2019 Check Point Software Technologies Ltd.
Detect signs of ransomware activities
Uncover running mutations of known malware
Discover unknown malware behaviors
Expose file-less attacks
Track evasion signs to reveal evasive malware
Prevent cached credentials scraping
3. RUNTIME PROTECTION
ANTI-RANSOMWARE
BEHAVIORAL GUARD: MALWARE FAMILIES
BEHAVIORAL GUARD : GENERIC RULES
BEHAVIORAL GUARD : FILE-LESS MALWARE
ANTI-EVASION
“ANTI-MIMI”
12©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
13©2019 Check Point Software Technologies Ltd.
4. CONTAIN AND REMEDIATE
Contain attacks and control damages
Detect and block C&C traffic
Prevent lateral movement by isolating infected machines
ANTI-BOT
ENDPOINT FIREWALL
Remediate and sterilize
Restore encrypted files
Quarantine files, kill processes
Sterilize FULL attack chain
ANTI-RANSOMWARE
FORENSICS REMEDIATION
14©2019 Check Point Software Technologies Ltd.
ROLES OF A SUCCESSFUL ENDPOINT SECURITY SOLUTION
Reduce attack surface
Prevent before it runs
Runtime protection
Contain & remediate
Understand & respond
15©2019 Check Point Software Technologies Ltd.
Collect Forensics Data and Trigger Report Generation
FORENSICS data continuously collected from various OS sensors1
Report generation automatically triggered upon detection of network events or 3rd party AV
2Digested incident report sent to SmartEvent4Processes
RegistryFiles
Network
Advanced algorithms analyze raw forensics data3
16©2019 Check Point Software Technologies Ltd.
UNDERSTAND THE FULL ATTACK
Attack elements What is the damage?
All cleaned?
Attack types
Triage: Should I Panic?
Is it a real attack?
Full attack flow
How did it get in?
17©2019 Check Point Software Technologies Ltd.
Investigation TriggerIdentify the process that accessed the C&C server
Identify Attack OriginChrome exploited while
browsing
From Trigger to InfectionAutomatically trace back the
infection point
Dropped Malware Dropper downloads and
installs malware
Exploit CodeDropper process
launched by Chrome
Activate MalwareScheduled task
launches after boot
Attack Traced Even across system boots
Schedule ExecutionMalware registered to
launch after boot
Data BreachMalware reads
sensitive documents
18©2019 Check Point Software Technologies Ltd.
SANDBLAST AGENT PROVIDES THE STRONGEST DEFENSE
DATA SECURITY
ACCESS CONTROL & SECURE COMMUNICATION
ENDPOINT DETECTION & RESPONSE (EDR)
ADVANCED THREAT PREVENTION
FORENSICS COLLECTIONAUTOMATED MACHINE
QUARANTINEDETECTION & RESPONSE (EDR)AUTOMATED
INCIDENT ANALYSIS REPORTSFULL ATTACK CHAIN
REMEDIATION
ACCESS CONTROL & SECURE COMM
ENDPOINT IPSEC VPN
ENDPOINT COMPLIANCE
ENDPOINT FIREWALL SSL VPNAPPLICATION
CONTROL
PORT PROTECTIONDOCUMENT ENCRYPTION
FULL DISK ENCRYPTION
DOCUMENT ACCESS CONTROL
EXTERNAL MEDIA ENCRYPTION
DATA SECURITY
THREATEMULATION
ADVANCED PREVENTIONONLINE PROTECTIONS ANTI-BOT
THREATEXTRACTION
URL FILTERING
BEHAVIORAL GUARD
ANTI-RANSOMWARE
ADVANCED PREVENTIONOFFLINE PROTECTIONS
ANTI-MALWAREBASELINE PREVENTIONTHR
EAT
PR
EVEN
TIO
N ANTI-EXPLOIT ZERO-PHISHING ANTI-EVASION ANTI-MIMIMACHINE LEARNING
STATIC
MACHINE LEARNING DYNAMIC
19©2019 Check Point Software Technologies Ltd.
CHECK POINT ENDPOINT SECURITY
5,000Protecting over
organizations
5,000,000Over
Endpoint deployed worldwide
SandBlast Agent named a leader in the Forrester Wave™ endpoint security suits
ESS Wave Q2 2018
• 17.5/18 possible points
• 100% protection, 0 false positives
SandBlast Agent earns top Product by AV-TEST
Highest possible scores in:
• Corporate Vision & Focus• Malware Prevention
• Data Security• Mobile Security
Check Point earns recommended status in NSS Labs Advanced Endpoint Protection (AEP) test
Zero False Positives
• 100% HTTP block rate• 100% Email block rate
• 100% Offline threats block rate• 100% Evasions block rate
20©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd.
A solution validated for ship’s Advanced Endpoint Protection
❖ Chosen for our strong offline and online protections against Zero-day attacks❖ Independent from existing network security gateway solution ❖ Cloud based management and reporting solution❖ Happy to help you deal with the maritime cyber risks and bring you closer to IMO
compliancy by 2021