Check Point Consolidation

Consolidation: Your
Best Move Towards
Stronger Security

Avi Rembaum
Director, 3D Consulting

[Protected] For public distribution

©2013 Check Point Software Technologies Ltd.

Current Threat Vectors
Spear
Phishing

RATs

DoS

Security administrators
face multiple attacks
from the same source
that can occur
simultaneously or
over time

Web
attacks

Zero-day

Malware

Botnets

Network
breach

SPAM



2

Finding The Source of a Security Incident Is Like…



3

Average Cost of a Cyber Crime Attack

$8,389,828

$8,933,510

$6,459,362

2010

2011

2012

Source: Ponemon Cost of Cyber Crime Study, October 2012


4

What About Spending?
According to 12,396 security professionals,
spending on security during 2013 will:

Source: ISC(2), 2013



5

Are Thing Improving?
And how does the same group of people
feel about the success of their work?

Source: ISC(2), 2013



6

What’s Going On?

Security incidents are
becoming more
expensive
Security professionals
doubt their effectiveness

But, investment will stay
the same or go up



7

At some point we have to
realize that just maybe it’s time
for a different approach
But is this really a new conclusion?
Some interesting reading…



8

When Was This Written?
 Malware and other forms of attack continue to be
alarmingly effective at eluding in-place safeguards

 The vulnerability-threat window is continuing to close
 Equally troublesome is the fact that propagation times for
threats are reaching new lows

 Automated tools continue to lower the bar when it comes
to the degree of knowledge required to launch ever more
sophisticated attacks

 The vast armies of “amateur” hackers are increasingly
being joined by ranks of “professionals”


9

How About 2005?
Admit it – it’s kind of scary that we can
tell the same story eight years later



10

At The Time, They Recommended
Figure 5 — Unified Threat Defenses

Pervasive
Perimeters
Multilayer
Awareness

Pervasive
Integration

Multiservice
Security



11

What They Were Really Saying

Defense-in-depth is not the
same as best-of-breed
An example…



12

IPS Software Blade:
Security Quality Comparison
99.00%

NSS 2012 IPS
Group Test
Competitive
Comparison
July 2012

97.00%
95.00%
93.00%
91.00%

Over-all Protection
Client Protections
Server Protections

89.00%
87.00%
Check Point
12600

SourceFire
3D8120

Fortinet
3240C

Palo Alto PA5020



13

The reality is that IPS
integrated into the firewall is
just as effective, if not
better, than stand-alone IPS
solutions


14

And Comparing Check Point in 2012
vs. 2013
100.0%
99.5%
99.0%

Getting
better every
year

98.5%

98.0%
97.5%
97.0%
96.5%

Over-all Protection
Client Protections
Server Protections

96.0%
95.5%

95.0%
2012

2013



15

And a look at costs



16

IPS Software Blade:
Three-Year TCO Comparison
Comparing Dedicated IPS Appliances to
IPS Software Blade
$80,000
$72,500
$70,000
$60,000
$50,000

$50,000

$40,000
$30,000
$20,000

$10,000

$13,500
$7,500

$4,500

$0
Dedicated IPS Dedicated IPS Annual Support One-Year TCOSoftware Blade
Product Price Three-Year Dedicated IPS IPS
Three-Year IPS Software Blade


17

What about other
security technologies?



18

Application Control:
Comparing Dedicated Web Filter Appliances to
Application Control Blade
$60,000
$50,750
$50,000
$40,000

$35,000

$30,000
$20,000
$13,500
$10,000

$5,250

$4,500

$0
Dedicated Web Filter GatewayGateway Appliance Support Application Control Blade Control Bla
Dedicated Web Appliance
Three-Year Dedicated Web Gateway Three-YearTCO
One-Year Appliance Application


19

GRC: Three-Year TCO Comparison
Comparing Dedicated GRC Solutions with
the Compliance Blade
$90,000
$79,750

$80,000
$70,000
$60,000

$55,000

$50,000
$40,000
$30,000

$25,500

$20,000

$10,000

$8,250

$8,500

$0
Dedicated GRC Product Price Three-Year One-Year 25 Gateway Compliance Blade Blade T
Dedicated GRC Solution Support
Dedicated GRC TCO
Three-Year Compliance


20

Sandboxing:
Comparing Dedicated Sandbox Solutions
$80,000
$72,500
$70,000
$60,000
$50,000

$50,000

$40,000
$30,000
$20,000

$10,000

$13,500
$7,500

$4,500

$0
Dedicated Sandbox Solution Solution Support
Dedicated Sandbox
Three-Year DedicatedOne-Year Threat Emulation BladeEmulation Bl
Sandbox Solution TCO Threat
Three-Year


21

Some questions for you



22

Please Raise Your Hand
Question #1: Who here is using IPS Software Blade?

 Why?
 What protections?
Question #2: Who here is using Anti-Bot?

 Why?
 Do you run the controls in protect mode?
Question #3: Who here is using SmartEvent?

 Why?
 Do you activate automated blocking?


23

Today, security solutions must provide:
Multi-layer, integrated protections

Real-time, actionable intelligence
Adaptive controls



24

Why?



25

Consider The Following Attack

All three attack
vectors are meant to
breach the perimeter

Server vulnerability
exploit
Weaponized
attachment

Network
access

Malware via social
engineering

Each attack uses a
distinct method



26

“Best-of-Breed” During The Attack
Server
vulnerability
exploit

Weaponized
attachment

Malware via social
engineering

Dedicated
Intrusion
Detection

Dedicated
Sandbox
Solution

Dedicated Web
Proxy

Probably not in
“prevent” mode

Captures and
analyzes
attachment

Sees Facebook
and allows data
to pass

Proprietary
Log

Proprietary
Log

Proprietary
Log

3rd Party Log
Aggregator


27

And The Outcome
Server
vulnerability
exploit

Weaponized
attachment

Malware via social
engineering

Dedicated
Intrusion
Detection

Dedicated
Sandbox
Solution

Dedicated Web
Proxy

Server
compromised, ad
Probably not in
min“prevent” mode
rights obtained
Proprietary
Log

Captures and
analyzes
attachment

Endpoint
Sees Facebook
compromised, dat
andextracted
allows
a to passdata

Proprietary
Log

Proprietary
Log

3rd Party Log
Aggregator


28

And Event Management?

Sandbox
shows
different
event

Log aggregator
collects multiple
feeds
Each individual
event appears
separate
Full picture and
individual events
have no relationship


IDS event
shows
exploit

Proxy just
sees
Facebook


29

And Worse

Separate signature updates
No sharing of “bad actor”
information
Multiple policy changes required
for mitigation



30

And Finally, The Cost

Product
Dedicated
IDS
Dedicated
Sandbox
Dedicated
Web Proxy

CAPEX

OPEX

Three Year
Cost

$50,000

$7,500

$72,500

$50,000

$7,500

$72,500

$35,000

$5,250

$50,750

Three-Year Total


$195,750


31

Consolidating with
Check Point



32

Starting With The GUI

Key is to build a security flow
Policy starts from the ground up

 Firewall is that ground floor
 IPS, App Ctrl, Anti-Bot flow from there



33

Check Point During The Attack

Centralized updates via the
ThreatCloud

Server vulnerability
exploit

Weaponized
attachment

Malware via social
engineering

Threat Emulation
Anti-Bot
Application Control
IPS
Firewall



34

What Administrators Would See

All attack vectors collected into a
single perspective

 Protections report into a single location
 Tools for high-level and detailed analysis



35

And Then…

When the attacker
gets desperate
and launches a
DDoS

Use the new DDoS
controls and/or CLI
the source IPs to
the firewall



36

Costs With Check Point

Product

CAPEX

OPEX

12607 (25% Discount)
IPS Software Blade

$53,760

$10,080

Three Year
Cost
$84,000

$4,500

$9,000

$4,500

$13,500

$4,500

$9,000

(Included in Year 1)

Threat Emulation
Application Control
(Included in Year 1)

Anti-Bot Blade

$4,500
Three-Year Total


$13,500
$129,000


37

The Savings

$195,750

$135,000

$53,760

$129,000

$75,240
$60,750

Savings
Amount: $66,750
Percent: 35%

Multiple Vendors
Check Point

CAPEX

OPEX

3 Year Total



38

Summary

Yes, it’s tempting
to do what’s
always been
done:
Multi-vendor

Data suggest
that it’s time for
an alternative
approach:
Consolidation


Check Point’s
multi-layer
threat
prevention
makes it work


39

Check Point Consolidation

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Check Point Consolidation

Semelhante a Check Point Consolidation (20)

Mais de Group of company MUK

Mais de Group of company MUK (12)

Último

Último (20)

Check Point Consolidation