you can get burned when
TRANSCRIPT
1©2018 Check Point Software Technologies Ltd. 1©2018 Check Point Software Technologies Ltd.
Christof Jacques | Security Engineer Check Point Belgium & Luxembourg
YOU CAN GET BURNED WHEN IT’S CLOUDY
2©2018 Check Point Software Technologies Ltd.
“I think that you will all agree that we are
living in most interesting times. I never
remember myself a time in which our
history was so full, in which day by day
brought us new objects of interest, and,
let me say also, new objects for
anxiety.”
Joseph Chamberlain, Bristol, England, 1898
3©2018 Check Point Software Technologies Ltd.
NEW OBJECTS OF INTEREST
0
20
40
60
80
100
120
2016 2017 2018 2019 2020
Rev
en
ue
(U
S$ B
illio
n)
Worldwide Cloud Services Revenue Forecast
Platform-as-a-Service
SaaS
Public Cloud
Source: Gartner
4©2018 Check Point Software Technologies Ltd.
Networks are more Inter-Connected
Threats are more Sophisticated and Automated
NEW OBJECTS OF ANXIETY
&
5©2018 Check Point Software Technologies Ltd.
CURRENT STATE OF CLOUD SECURITYNOT EVERY CLOUD HAS A SILVER LINING
6©2018 Check Point Software Technologies Ltd.
56 million users’ data got stolen... In 2016
7©2018 Check Point Software Technologies Ltd.
HOW EXPOSED ARE WE
REALLY IN THE
CLOUD?
8©2018 Check Point Software Technologies Ltd.
OUR CLOUD ENVIRONMENT
Internet
9©2018 Check Point Software Technologies Ltd.
WITHIN THE FIRST 15 MINUTESHouston we have a problem . . .
10©2018 Check Point Software Technologies Ltd.
Customer responsible for security in the cloud
Cloud Provider responsible for security of the cloud
CLOUD = SHARED RESPONSIBILITY
11©2018 Check Point Software Technologies Ltd.
Customer responsible for
security in the cloud
Cloud Provider responsible for
security of the cloud
CLOUD = SHARED RESPONSIBILITY
Provider Global Infrastructure
Regions
Availability ZonesEdge Locations
Compute Storage Database Networking
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configurations
Client-side Data Encryption & Data Integrity /
Authentication
Server-side Encryption (File System / Data)
Network Traffic Protection (Encryption, Integrity,
Identity)
12©2018 Check Point Software Technologies Ltd.
CLOUD NETWORKS ARE VULNERABLE
• Shared responsibility is unclear
• Increasingly sophisticated and automated attacks
• Lateral spread of threats
• Account hijacking
• Inconsistent tools for visibility, management and reporting
13©2018 Check Point Software Technologies Ltd.
IT’S TIME
FOR SOME
SUN BLOCK
14©2018 Check Point Software Technologies Ltd.
CLOUD SECURITY RECOMMENDATIONS
4. CENTRALIZED MANAGEMENTSingle pane-of-glass experience across all clouds
2. EASE OF OPERATIONSOne-click deployment, auto-provisioning templates
3. CONSUME & CONTRIBUTE CONTEXTAdjust to dynamic nature of cloud
1. COMPREHENSIVE PROTECTIONSPrevent attacks against cloud applications, data and workloads
15©2018 Check Point Software Technologies Ltd.
INTRODUCING CHECK POINT CLOUDGUARD
PROTECTING ANY CLOUD, ANY SERVICE, ANYWHERE
16©2018 Check Point Software Technologies Ltd.
COMPREHENSIVE SECURITY ARCHITECTURE
Headquarters
Remote Employees Branch
Private Cloud & SDN SAASPublic IAAS
©2018 Check Point Software Technologies Ltd.
BUILDING BLOCKSA bit more detail
18©2018 Check Point Software Technologies Ltd.
CLOUD = SHARED RESPONSIBILITY
Customer
responsible for
security in the
cloud
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data
Encryption & Data
Integrity Authentication
Server-side Encryption
(File System / Data)
Network Traffic
Protection (Encryption,
Integrity, Identity)
Cloud vendor
responsible for
security of the
cloud
Cloud Global
Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking
19©2018 Check Point Software Technologies Ltd.
NO Unified management for all Clouds & Traditional Data Center
NO Threat Prevention in real time (L4-L7 protections)
NO Identity based authentication access to applications
NO URL Filtering
NO Threat Extraction and Zero-day Sandboxing
WHERE CLOUD NATIVE SECURITY FALLS SHORT
20©2018 Check Point Software Technologies Ltd.
Lateral threat movements
Data breach due to misconfiguration
Abuse of cloud services
API hacking
Malicious insiders
THIS MIGHT EXPOSE YOU TO…
21©2018 Check Point Software Technologies Ltd.
ACI
SD
N
Public
Cloud
Private
Cloud
Hybrid Cloud
CloudGuard Family
22©2018 Check Point Software Technologies Ltd.
CLOUDGUARD SAAS
SAAS SECURITY IS ONE CLICK AWAY
Identity
Protection
Protect
Sensitive Data
Zero-day threats
Protection
End-to-End
SaaS Security
23©2018 Check Point Software Technologies Ltd.
Security Gateway
SAAS PROVIDERS
SECURITY STACK
Prevent
Account
Takeovers
Data Leak
PreventionReveal
Shadow IT
HOW IT WORKS
API & AD
…
CloudGuard SaaS
Documents
encryption
Zero-day
Threats
Protection
24©2018 Check Point Software Technologies Ltd.
CLOUDGUARD IAAS BUILDING BLOCKS
Centralized Management
Advanced Threat Prevention
Cloud Diversity
DevOps Ready
Adaptive and Automatic
25©2018 Check Point Software Technologies Ltd.
CloudGuard IaaS
• All the Advanced Threat Preventionfeatures of Check Point Security Gateways and R80 Management plus:
• For all these clouds
ACI
Automation and
Orchestration
Cross Environment
Dynamic Policies
Adaptive Security
26©2018 Check Point Software Technologies Ltd.
CloudGuard for VMware NSX
Hardware
Hypervisor
vm vm
ESXi ESXi
Security Management
Server
Hardware
vSphere API NSX vSphere API
NetX API
vCente
r
Hypervisor
vm vm
Clo
ud
Guard
Clo
ud
Guard
27©2018 Check Point Software Technologies Ltd.
CloudGuard for Cisco ACI
28©2018 Check Point Software Technologies Ltd.
CloudGuard IaaS Advanced Protection
Basic Firewall / Access Rule
Firewall IPS App Control
DLP
Zero-Day
Anti-bot
Forensics
FilteringAntivirus
Threat Emulation Threat Extraction
Multi-cloudVPNIdentity
Awareness
Anti-Spam
29©2018 Check Point Software Technologies Ltd.
CloudGuard Deployment
Single Gateway
Cluster/HA
Auto-scale
Automation
Hybrid Cloud
30©2018 Check Point Software Technologies Ltd.
APPLICATION-AWARE POLICY TIED TO CLOUD MANAGEMENT AND SDN
31©2018 Check Point Software Technologies Ltd.
CLOUDGUARD ADAPTIVE SECURITY
Check Point Access Policy
Rule From To Application Action
3
Web_SecurityGroup
Object
DB_VM
Object
MSSQL Allow
4
CRM_SecurityGroup
Object
SAP_SecurityGroup
Object
CRM Allow
5
AWS_VPC
Object
Azure_VNET
Object
ADFS Allow
Drag & Drop dynamic policy with cloud objects
32©2018 Check Point Software Technologies Ltd.
ADAPTIVE SECURITY THAT ENABLES INNOVATION
Easy to secure and connect
Multi-cloud applicationDevOps and IT Security
speak the same language
Policy is updated when
application is deleted
33©2018 Check Point Software Technologies Ltd.
SECURITY THAT ENABLES INNOVATION
Easy to secure and connect
Multi-clouds application
Applications are protected
with the best security
DevOps and IT Security
speaks the same language
Policy is updated when
application is deleted Application owner
never waits
Reduce security tickets
by 60%
34©2018 Check Point Software Technologies Ltd.
CloudGuard Ecosystem
NETWORK
Shared Threat Intelligence
Consolidated Security
Management
Multi & Hybrid Cloud
Headquarters Branch
Access Control
Multi Layered Security
Advanced Threat Prevention
Data Protection
Access Control
Multi Layered Security
Advanced Threat Prevention
Wi-Fi, DSL, PPoE Ready
MOBILE
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business Data
Protect Docs Everywhere
ENDPOINT
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
CLOUD
Advanced Threat Prevention
Adaptive Security
Automation and Orchestration
Cross Environment
Dynamic Policies
Infrastructure
Identity Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Applications
36©2018 Check Point Software Technologies Ltd. 36©2018 Check Point Software Technologies Ltd.
T H A N K Y O U