Mais conteúdo relacionado
Semelhante a Check Point Consolidation (20)
Mais de Group of company MUK (12)
Check Point Consolidation
- 1. Consolidation: Your
Best Move Towards
Stronger Security
Avi Rembaum
Director, 3D Consulting
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
- 2. Current Threat Vectors
Spear
Phishing
RATs
DoS
Security administrators
face multiple attacks
from the same source
that can occur
simultaneously or
over time
Web
attacks
Zero-day
Malware
Botnets
Network
breach
SPAM
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
2
- 3. Finding The Source of a Security Incident Is Like…
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
3
- 4. Average Cost of a Cyber Crime Attack
$8,389,828
$8,933,510
$6,459,362
2010
2011
2012
Source: Ponemon Cost of Cyber Crime Study, October 2012
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
4
- 5. What About Spending?
According to 12,396 security professionals,
spending on security during 2013 will:
Source: ISC(2), 2013
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
5
- 6. Are Thing Improving?
And how does the same group of people
feel about the success of their work?
Source: ISC(2), 2013
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
6
- 7. What’s Going On?
Security incidents are
becoming more
expensive
Security professionals
doubt their effectiveness
But, investment will stay
the same or go up
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
7
- 8. At some point we have to
realize that just maybe it’s time
for a different approach
But is this really a new conclusion?
Some interesting reading…
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
8
- 9. When Was This Written?
Malware and other forms of attack continue to be
alarmingly effective at eluding in-place safeguards
The vulnerability-threat window is continuing to close
Equally troublesome is the fact that propagation times for
threats are reaching new lows
Automated tools continue to lower the bar when it comes
to the degree of knowledge required to launch ever more
sophisticated attacks
The vast armies of “amateur” hackers are increasingly
being joined by ranks of “professionals”
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
9
- 10. How About 2005?
Admit it – it’s kind of scary that we can
tell the same story eight years later
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
10
- 11. At The Time, They Recommended
Figure 5 — Unified Threat Defenses
Pervasive
Perimeters
Multilayer
Awareness
Pervasive
Integration
Multiservice
Security
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
11
- 12. What They Were Really Saying
Defense-in-depth is not the
same as best-of-breed
An example…
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
12
- 13. IPS Software Blade:
Security Quality Comparison
99.00%
NSS 2012 IPS
Group Test
Competitive
Comparison
July 2012
97.00%
95.00%
93.00%
91.00%
Over-all Protection
Client Protections
Server Protections
89.00%
87.00%
Check Point
12600
SourceFire
3D8120
Fortinet
3240C
Palo Alto PA5020
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
13
- 14. The reality is that IPS
integrated into the firewall is
just as effective, if not
better, than stand-alone IPS
solutions
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
14
- 15. And Comparing Check Point in 2012
vs. 2013
100.0%
99.5%
99.0%
Getting
better every
year
98.5%
98.0%
97.5%
97.0%
96.5%
Over-all Protection
Client Protections
Server Protections
96.0%
95.5%
95.0%
2012
2013
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
15
- 16. And a look at costs
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
16
- 17. IPS Software Blade:
Three-Year TCO Comparison
Comparing Dedicated IPS Appliances to
IPS Software Blade
$80,000
$72,500
$70,000
$60,000
$50,000
$50,000
$40,000
$30,000
$20,000
$10,000
$13,500
$7,500
$4,500
$0
Dedicated IPS Dedicated IPS Annual Support One-Year TCOSoftware Blade
Product Price Three-Year Dedicated IPS IPS
Three-Year IPS Software Blade
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
17
- 18. What about other
security technologies?
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
18
- 19. Application Control:
Three-Year TCO Comparison
Comparing Dedicated Web Filter Appliances to
Application Control Blade
$60,000
$50,750
$50,000
$40,000
$35,000
$30,000
$20,000
$13,500
$10,000
$5,250
$4,500
$0
Dedicated Web Filter GatewayGateway Appliance Support Application Control Blade Control Bla
Dedicated Web Appliance
Three-Year Dedicated Web Gateway Three-YearTCO
One-Year Appliance Application
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
19
- 20. GRC: Three-Year TCO Comparison
Comparing Dedicated GRC Solutions with
the Compliance Blade
$90,000
$79,750
$80,000
$70,000
$60,000
$55,000
$50,000
$40,000
$30,000
$25,500
$20,000
$10,000
$8,250
$8,500
$0
Dedicated GRC Product Price Three-Year One-Year 25 Gateway Compliance Blade Blade T
Dedicated GRC Solution Support
Dedicated GRC TCO
Three-Year Compliance
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
20
- 21. Sandboxing:
Three-Year TCO Comparison
Comparing Dedicated Sandbox Solutions
$80,000
$72,500
$70,000
$60,000
$50,000
$50,000
$40,000
$30,000
$20,000
$10,000
$13,500
$7,500
$4,500
$0
Dedicated Sandbox Solution Solution Support
Dedicated Sandbox
Three-Year DedicatedOne-Year Threat Emulation BladeEmulation Bl
Sandbox Solution TCO Threat
Three-Year
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
21
- 22. Some questions for you
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
22
- 23. Please Raise Your Hand
Question #1: Who here is using IPS Software Blade?
Why?
What protections?
Question #2: Who here is using Anti-Bot?
Why?
Do you run the controls in protect mode?
Question #3: Who here is using SmartEvent?
Why?
Do you activate automated blocking?
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
23
- 24. Today, security solutions must provide:
Multi-layer, integrated protections
Real-time, actionable intelligence
Adaptive controls
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
24
- 26. Consider The Following Attack
All three attack
vectors are meant to
breach the perimeter
Server vulnerability
exploit
Weaponized
attachment
Network
access
Malware via social
engineering
Each attack uses a
distinct method
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
26
- 27. “Best-of-Breed” During The Attack
Server
vulnerability
exploit
Weaponized
attachment
Malware via social
engineering
Dedicated
Intrusion
Detection
Dedicated
Sandbox
Solution
Dedicated Web
Proxy
Probably not in
“prevent” mode
Captures and
analyzes
attachment
Sees Facebook
and allows data
to pass
Proprietary
Log
Proprietary
Log
Proprietary
Log
3rd Party Log
Aggregator
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
27
- 28. And The Outcome
Server
vulnerability
exploit
Weaponized
attachment
Malware via social
engineering
Dedicated
Intrusion
Detection
Dedicated
Sandbox
Solution
Dedicated Web
Proxy
Server
compromised, ad
Probably not in
min“prevent” mode
rights obtained
Proprietary
Log
Captures and
analyzes
attachment
Endpoint
Sees Facebook
compromised, dat
andextracted
allows
a to passdata
Proprietary
Log
Proprietary
Log
3rd Party Log
Aggregator
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
28
- 29. And Event Management?
Sandbox
shows
different
event
Log aggregator
collects multiple
feeds
Each individual
event appears
separate
Full picture and
individual events
have no relationship
[Protected] For public distribution
IDS event
shows
exploit
Proxy just
sees
Facebook
©2013 Check Point Software Technologies Ltd.
29
- 30. And Worse
Separate signature updates
No sharing of “bad actor”
information
Multiple policy changes required
for mitigation
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
30
- 31. And Finally, The Cost
Product
Dedicated
IDS
Dedicated
Sandbox
Dedicated
Web Proxy
CAPEX
OPEX
Three Year
Cost
$50,000
$7,500
$72,500
$50,000
$7,500
$72,500
$35,000
$5,250
$50,750
Three-Year Total
[Protected] For public distribution
$195,750
©2013 Check Point Software Technologies Ltd.
31
- 33. Starting With The GUI
Key is to build a security flow
Policy starts from the ground up
Firewall is that ground floor
IPS, App Ctrl, Anti-Bot flow from there
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
33
- 34. Check Point During The Attack
Centralized updates via the
ThreatCloud
Server vulnerability
exploit
Weaponized
attachment
Malware via social
engineering
Threat Emulation
Anti-Bot
Application Control
IPS
Firewall
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
34
- 35. What Administrators Would See
All attack vectors collected into a
single perspective
Protections report into a single location
Tools for high-level and detailed analysis
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
35
- 36. And Then…
When the attacker
gets desperate
and launches a
DDoS
Use the new DDoS
controls and/or CLI
the source IPs to
the firewall
[Protected] For public distribution
©2013 Check Point Software Technologies Ltd.
36
- 37. Costs With Check Point
Product
CAPEX
OPEX
12607 (25% Discount)
IPS Software Blade
$53,760
$10,080
Three Year
Cost
$84,000
$4,500
$9,000
$4,500
$13,500
$4,500
$9,000
(Included in Year 1)
Threat Emulation
Application Control
(Included in Year 1)
Anti-Bot Blade
$4,500
Three-Year Total
[Protected] For public distribution
$13,500
$129,000
©2013 Check Point Software Technologies Ltd.
37
- 39. Summary
Yes, it’s tempting
to do what’s
always been
done:
Multi-vendor
Data suggest
that it’s time for
an alternative
approach:
Consolidation
[Protected] For public distribution
Check Point’s
multi-layer
threat
prevention
makes it work
©2013 Check Point Software Technologies Ltd.
39