SlideShare una empresa de Scribd logo

Defining Your Security Blueprint

Group of company MUK
Group of company MUK

The document discusses Check Point's approach to defining a security blueprint. It recommends identifying the organization's environment and security zones, main threats and necessary protections. Performance requirements should be analyzed and modular packages defined to organize policies. Specific policies are then defined to address external threats, enable secure application use and prevent data loss. Analytics of security events help improve the security strategy. The overall approach aims to build modular security solutions that are easy to manage and enable the business while protecting the organization.

Tecnología
1 de 38
Defining Your Security Blueprint Jorge Steinfeld VP of Information Systems ©2013 Check Point Software Technologies Ltd.
Dynamic Environment, New Challenges We live in a VERY dynamic environment, IT needs to enable & support it ©2013 Check Point Software Technologies Ltd. 2
©2013 Check Point Software Technologies Ltd. 3
Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS More than 70 offices ©2013 Check Point Software Technologies Ltd. 4
Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS 4 major offices 2 co-location sites 6 development sites 12 medium offices, 38 small offices ©2013 Check Point Software Technologies Ltd. 5
Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 6
Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 7
Check Point Global Audiences LOCATIONS CUSTOMER GATEWAYS EMPLOYEES EXTERNAL PARTIES Customers’ Gateways ZoneAlarm Customers HR Employees Suppliers External Accountants R&D Employees APPLICATIONS Customers Security Admins AUDIENCES Leads Consultants Finance Employees Partners Marketing Employees PUBLIC Recruitment Agencies All Public ©2013 Check Point Software Technologies Ltd. 8
Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 9
Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 10
Check Point Global Applications LOCATIONS CUSTOMERS AND PUBLIC EMPLOYEES EMPLOYEES from anywhere at the office DESIGNATED EMPLOYEES only Public Site Wiki Performance Review R&D Source Code ZoneAlarm Store Call Center Business Warehouse Salary Customer Portal Sales Systems Time Attendance HR System Support Center Exchange AUDIENCES R&D Project Management APPLICATIONS ©2013 Check Point Software Technologies Ltd. 11
LOCATIONS AUDIENCES APPLICATIONS ©2013 Check Point Software Technologies Ltd. 12
Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data All Public Internal & Remote Employees Public Site Zone Alarm Store Sales Systems Exchange Customer Portal Support Center Wiki Call Center Internal Employees Business Warehouse Perf. Review R&D Employees R&D Systems R&D Project Mgmt. Time Attendance ©2013 Check Point Software Technologies Ltd. 13
Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data DMZ • Any User can reach the DMZ zone • Only corporate users can reach the SSA zone from internal SSA networks or through VPN • Only corporate users can reach the Internal zone from internal Internal networks only Departmental • Only specific users can reach the corresponding Departmental zone Any other access is considered an exception and must be approved ©2013 Check Point Software Technologies Ltd. 14
LOCATIONS AUDIENCES APPLICATIONS ©2013 Check Point Software Technologies Ltd. 15
Define Modular Packages Main Office and Data Center DMZ SSA Departmental Departmental Departmental Internal Servers Small Office Internal Servers & Users Internal Users ©2013 Check Point Software Technologies Ltd. 16
We Will Focus on the 3 Main Risks Risky enterprise applications Data loss incidents 63% 47% 54% infected with bots used anonymizers had a data loss event Threats to the organization Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 17
Adopt a multi-layer protection Firewall DLP Logging & Status VPN URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Anti-Virus Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 18
Adopt a multi-layer protection Firewall Firewall DLP DLP Logging & Status Logging & Status VPN VPN URLF URLF Full Disk Encryption Full Disk Encryption IPS IPS Application control Application control Policy Management Policy Management Mobile Mobile Anti-Spam Anti-Spam Anti-Bot Anti-Bot Compliance Compliance Anti-Virus Anti-Virus Media Encryption Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 19
Adopt a multi-layer protection Firewall Firewall URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Enable secure application use Logging & Status VPN Addressing external threats DLP Anti-Virus Media Encryption Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 20
Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control ©2013 Check Point Software Technologies Ltd. 21
Analyze Performance Requirements Download and Run Check Point Performance Sizing Utility Traffic Characteristics Resource Utilization Max. Throughput Max CPU Define future Target Environment Max. Packet Rate Max Define future Security Kernel CPU Requirements Max. Concurrent Connections Max Memory Security Requirements Firewall Get proposed solutions VPN IPS Anti Bot Anti Virus DLP URL Filtering ©2013 Check Point Software Technologies Ltd. 22
Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control 12600 1100 ©2013 Check Point Software Technologies Ltd. 24
Apply Policy for Your Main Risks Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 25
Case 1: Provoked Leakage Singapore November 28th, 2012 14:00 hrs. local time ©2013 Check Point Software Technologies Ltd. 26
Case 1: Leakage Prevention Daniel gets a notification from the DLP system Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. DLP Enforcement Send , Discard , or Review Issue ©2013 Check Point Software Technologies Ltd. 27
DLP Policy Definition Personal Public Confidential Restricted Highly Restricted Non confidential or personal information that has non or positive effect on the company Important information that has limited impact on the company Sensitive or highly sensitive information that may compromise the company • Sending out data classified as Personal or Public is allowed. • Sending out data classified as Restricted, Highly Restricted or Confidential is not allowed. Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 28
DLP Policy Implementation Data Type Action Our business information: Customers, contracts, etc ASK USER Source code ASK USER Financial data, Intellectual property ASK USER Personal employee data ASK USER Special documents BLOCK ©2013 Check Point Software Technologies Ltd. 29
DLP Incident Statistics Average monthly events • ASK USER: ~2,700 • BLOCK: ~7 ASK USER per employee ~1 ASK USER feedback distribution • Sent: 85% • Don’t send: 15% ©2013 Check Point Software Technologies Ltd. 30
Case 2: Unintended Exposure Minsk, Belarus Oct 22nd, 2012 13:30 hrs. local time Tel-Aviv, Israel Oct 22nd, 2012 13:45 hrs. local time ©2013 Check Point Software Technologies Ltd. 31
Case 2: Exposure Prevention BitTorrent detected on one of the lab machines which was connected to the internal network Open file sharing access App Name Action Risk ©2013 Check Point Software Technologies Ltd. 32
App Wiki—Applications Library Over 4,900 applications Over 300,000 social-network widgets Grouped in over 80 categories (including Web 2.0, IM, P2P, Voice & Video, File Share) appwiki.checkpoint.com ©2013 Check Point Software Technologies Ltd. 33
Application Control Policy Definition Low Risk Medium Risk Applications from the following categories: Business applications, Mobile software, Social networking,… Application from the following categories: Browser plugins, Personal mail, VoIP,… High Risk Application from the following categories: File storage & sharing, P2P file Sharing, Remote administration,... • Usage of Low Risk and Medium Risk applications Risk Medium Risk is allowed • Usage of High RiskRisk High Risk applications is not allowed Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 34
Application Control Implementation Application Type Action Critical or high risk Block Anonymizer, P2P file sharing, botnets, etc. Block Department special need (e.g., hacker sites) Medium risk Ask User Monitor ©2013 Check Point Software Technologies Ltd. 35
Application Control Statistics Monthly events: 20,000 Number of users: 600 Top block applications protocols • Dropbox — 52% • Sugarsync. — 43% • BitTorrent — 2% • Lync (Microsoft Chat tool) — 2% Top 4 covers ~90% of the cases ©2013 Check Point Software Technologies Ltd. 36
Defining Your Security Blueprint 1 Identify your environment 2 Define your security zones 3 Identify main threats & protections 4 5 Analyze performance requirements 1 5 Define Specific Security environment 4 2 7 Identify & ModuleDataRequirements Analyze PerformanceZones Define your SecurityDefine Protections Define Threats Packages 3 6 Identify MainOrganize your Policies Analyze your & Define modular packages 6 Define specific security Policies 7 DMZ SSA Analyze your data DMZ URLF Antivirus Anti-Bot IPS Firewall Internal Servers SSA DEPARTInternal Departmental Departmental INTERNAL To manage Departmental Users MENTAL all this: Anti-Spam Unified Management Application Control Tool 4 People! DLP ©2013 Check Point Software Technologies Ltd. 37
Summary My needs are customers’ needs; my security solutions are customers’ solutions DMZ URLF Antivirus Anti-Bot IPS SSA Build security modular packages, adopting a multi-layer protection: - Be a business enabler Analyze your data to improve your security Easy to manage with Software Blades ©2013 Check Point Software Technologies Ltd. 38
Thank You ©2013 Check Point Software Technologies Ltd.

Recomendados

BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPUL Transaction Security
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
It22015 slides
It22015 slidesIt22015 slides
It22015 slidesJim Kaplan CIA CFE
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 

Recomendados

BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPUL Transaction Security
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
It22015 slides
It22015 slidesIt22015 slides
It22015 slidesJim Kaplan CIA CFE
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...Symantec
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i SecuritySecureDBA
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and consIllumeo
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Cs credit card processor
Cs credit card processorCs credit card processor
Cs credit card processorLiora R. Herman
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 

Más contenido relacionado

La actualidad más candente

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...Symantec
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i SecuritySecureDBA
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and consIllumeo
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Cs credit card processor
Cs credit card processorCs credit card processor
Cs credit card processorLiora R. Herman
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certificationhodonoghue
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 

La actualidad más candente (20)

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i Security
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and cons
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Cs credit card processor
Cs credit card processorCs credit card processor
Cs credit card processor
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 

Similar a Defining Your Security Blueprint

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Sagara Gunathunga
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
ConnectTheGrid Overview Webinar - June 10, 2015
ConnectTheGrid Overview Webinar - June 10, 2015ConnectTheGrid Overview Webinar - June 10, 2015
ConnectTheGrid Overview Webinar - June 10, 2015West Monroe Partners
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Benoît H. Dicaire
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...Visa
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Clouditalia Telecomunicazioni
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 

Similar a Defining Your Security Blueprint (20)

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security Policy
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
DLP customer presentation
DLP customer presentationDLP customer presentation
DLP customer presentation
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
Check Point Mobile Security
Check Point Mobile SecurityCheck Point Mobile Security
Check Point Mobile Security
 
ConnectTheGrid Overview Webinar - June 10, 2015
ConnectTheGrid Overview Webinar - June 10, 2015ConnectTheGrid Overview Webinar - June 10, 2015
ConnectTheGrid Overview Webinar - June 10, 2015
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Check Point SMB Proposition
Check Point SMB PropositionCheck Point SMB Proposition
Check Point SMB Proposition
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 

Más de Group of company MUK

Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportGroup of company MUK
 
CheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botCheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botGroup of company MUK
 
Perfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintPerfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintGroup of company MUK
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data CenterGroup of company MUK
 
Check Point appliances brochure 2012
Check Point appliances brochure 2012Check Point appliances brochure 2012
Check Point appliances brochure 2012Group of company MUK
 

Más de Group of company MUK (18)

Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical Support
 
Check Point Products RU
Check Point Products RUCheck Point Products RU
Check Point Products RU
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
 
Check Point Ddos protector
Check Point Ddos protectorCheck Point Ddos protector
Check Point Ddos protector
 
Check Point: Compliance Blade
Check Point: Compliance BladeCheck Point: Compliance Blade
Check Point: Compliance Blade
 
CheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botCheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving bot
 
Check Point Virtual Systems
Check Point Virtual SystemsCheck Point Virtual Systems
Check Point Virtual Systems
 
Check Point Threat emulation 2013
Check Point Threat emulation 2013Check Point Threat emulation 2013
Check Point Threat emulation 2013
 
Perfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintPerfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security Blueprint
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point Consolidation
 
Check Point 2013
Check Point 2013Check Point 2013
Check Point 2013
 
Check Point appliances brochure 2012
Check Point appliances brochure 2012Check Point appliances brochure 2012
Check Point appliances brochure 2012
 
Check Point Report 2013 RU
Check Point Report 2013 RUCheck Point Report 2013 RU
Check Point Report 2013 RU
 
3D Security Report
3D Security Report3D Security Report
3D Security Report
 

Último

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Defining Your Security Blueprint

  • 1. Defining Your Security Blueprint Jorge Steinfeld VP of Information Systems ©2013 Check Point Software Technologies Ltd.
  • 2. Dynamic Environment, New Challenges We live in a VERY dynamic environment, IT needs to enable & support it ©2013 Check Point Software Technologies Ltd. 2
  • 3. ©2013 Check Point Software Technologies Ltd. 3
  • 4. Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS More than 70 offices ©2013 Check Point Software Technologies Ltd. 4
  • 5. Check Point Global Presence LOCATIONS AUDIENCES APPLICATIONS 4 major offices 2 co-location sites 6 development sites 12 medium offices, 38 small offices ©2013 Check Point Software Technologies Ltd. 5
  • 6. Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 6
  • 7. Check Point Global Audiences LOCATIONS Leads Finance Employees Customers AUDIENCES HR Employees Partners R&D Employees Suppliers Marketing Employees External Accountants Consultants Security Admins Recruitment Agencies Customers’ Gateways APPLICATIONS ZoneAlarm Customers All Public ©2013 Check Point Software Technologies Ltd. 7
  • 8. Check Point Global Audiences LOCATIONS CUSTOMER GATEWAYS EMPLOYEES EXTERNAL PARTIES Customers’ Gateways ZoneAlarm Customers HR Employees Suppliers External Accountants R&D Employees APPLICATIONS Customers Security Admins AUDIENCES Leads Consultants Finance Employees Partners Marketing Employees PUBLIC Recruitment Agencies All Public ©2013 Check Point Software Technologies Ltd. 8
  • 9. Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 9
  • 10. Check Point Global Applications LOCATIONS Wiki Customer Portal Performance Review Call Center Salary AUDIENCES Exchange Business Warehouse HR System Time Attendance Support Center Sales Systems R&D Project Management Public Site APPLICATIONS ZoneAlarm Store R&D Source Code ©2013 Check Point Software Technologies Ltd. 10
  • 11. Check Point Global Applications LOCATIONS CUSTOMERS AND PUBLIC EMPLOYEES EMPLOYEES from anywhere at the office DESIGNATED EMPLOYEES only Public Site Wiki Performance Review R&D Source Code ZoneAlarm Store Call Center Business Warehouse Salary Customer Portal Sales Systems Time Attendance HR System Support Center Exchange AUDIENCES R&D Project Management APPLICATIONS ©2013 Check Point Software Technologies Ltd. 11
  • 13. Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data All Public Internal & Remote Employees Public Site Zone Alarm Store Sales Systems Exchange Customer Portal Support Center Wiki Call Center Internal Employees Business Warehouse Perf. Review R&D Employees R&D Systems R&D Project Mgmt. Time Attendance ©2013 Check Point Software Technologies Ltd. 13
  • 14. Define Network Zones & Policy DMZ SSA INTERNAL DEPARTMENTAL Zone populated with Public Systems. Zone populated with Internal systems that contain or access confidential data. Zone populated with Internal systems that contain sensitive data Zone populated with Internal systems that contain highly restricted data DMZ • Any User can reach the DMZ zone • Only corporate users can reach the SSA zone from internal SSA networks or through VPN • Only corporate users can reach the Internal zone from internal Internal networks only Departmental • Only specific users can reach the corresponding Departmental zone Any other access is considered an exception and must be approved ©2013 Check Point Software Technologies Ltd. 14
  • 16. Define Modular Packages Main Office and Data Center DMZ SSA Departmental Departmental Departmental Internal Servers Small Office Internal Servers & Users Internal Users ©2013 Check Point Software Technologies Ltd. 16
  • 17. We Will Focus on the 3 Main Risks Risky enterprise applications Data loss incidents 63% 47% 54% infected with bots used anonymizers had a data loss event Threats to the organization Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 17
  • 18. Adopt a multi-layer protection Firewall DLP Logging & Status VPN URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Anti-Virus Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 18
  • 19. Adopt a multi-layer protection Firewall Firewall DLP DLP Logging & Status Logging & Status VPN VPN URLF URLF Full Disk Encryption Full Disk Encryption IPS IPS Application control Application control Policy Management Policy Management Mobile Mobile Anti-Spam Anti-Spam Anti-Bot Anti-Bot Compliance Compliance Anti-Virus Anti-Virus Media Encryption Media Encryption Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 19
  • 20. Adopt a multi-layer protection Firewall Firewall URLF Full Disk Encryption IPS Application control Policy Management Mobile Anti-Spam Anti-Bot Compliance Enable secure application use Logging & Status VPN Addressing external threats DLP Anti-Virus Media Encryption Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 20
  • 21. Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control ©2013 Check Point Software Technologies Ltd. 21
  • 22. Analyze Performance Requirements Download and Run Check Point Performance Sizing Utility Traffic Characteristics Resource Utilization Max. Throughput Max CPU Define future Target Environment Max. Packet Rate Max Define future Security Kernel CPU Requirements Max. Concurrent Connections Max Memory Security Requirements Firewall Get proposed solutions VPN IPS Anti Bot Anti Virus DLP URL Filtering ©2013 Check Point Software Technologies Ltd. 22
  • 23. Define Modular Packages Main Office and Data Center DMZ Internal Servers SSA Small Office Internal Servers & Users Internal Users Departmental Departmental Departmental Logging & Status Application Control Policy Management URLF Compliance Antivirus URLF Advanced Networking Anti-Bot Antivirus Mobile IPS Anti-Bot Identity Awareness Firewall IPS VPN Firewall DLP Anti-Spam Application Control 12600 1100 ©2013 Check Point Software Technologies Ltd. 24
  • 24. Apply Policy for Your Main Risks Addressing external threats Enable secure application use Preventing Data Loss ©2013 Check Point Software Technologies Ltd. 25
  • 25. Case 1: Provoked Leakage Singapore November 28th, 2012 14:00 hrs. local time ©2013 Check Point Software Technologies Ltd. 26
  • 26. Case 1: Leakage Prevention Daniel gets a notification from the DLP system Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. DLP Enforcement Send , Discard , or Review Issue ©2013 Check Point Software Technologies Ltd. 27
  • 27. DLP Policy Definition Personal Public Confidential Restricted Highly Restricted Non confidential or personal information that has non or positive effect on the company Important information that has limited impact on the company Sensitive or highly sensitive information that may compromise the company • Sending out data classified as Personal or Public is allowed. • Sending out data classified as Restricted, Highly Restricted or Confidential is not allowed. Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 28
  • 28. DLP Policy Implementation Data Type Action Our business information: Customers, contracts, etc ASK USER Source code ASK USER Financial data, Intellectual property ASK USER Personal employee data ASK USER Special documents BLOCK ©2013 Check Point Software Technologies Ltd. 29
  • 29. DLP Incident Statistics Average monthly events • ASK USER: ~2,700 • BLOCK: ~7 ASK USER per employee ~1 ASK USER feedback distribution • Sent: 85% • Don’t send: 15% ©2013 Check Point Software Technologies Ltd. 30
  • 30. Case 2: Unintended Exposure Minsk, Belarus Oct 22nd, 2012 13:30 hrs. local time Tel-Aviv, Israel Oct 22nd, 2012 13:45 hrs. local time ©2013 Check Point Software Technologies Ltd. 31
  • 31. Case 2: Exposure Prevention BitTorrent detected on one of the lab machines which was connected to the internal network Open file sharing access App Name Action Risk ©2013 Check Point Software Technologies Ltd. 32
  • 32. App Wiki—Applications Library Over 4,900 applications Over 300,000 social-network widgets Grouped in over 80 categories (including Web 2.0, IM, P2P, Voice & Video, File Share) appwiki.checkpoint.com ©2013 Check Point Software Technologies Ltd. 33
  • 33. Application Control Policy Definition Low Risk Medium Risk Applications from the following categories: Business applications, Mobile software, Social networking,… Application from the following categories: Browser plugins, Personal mail, VoIP,… High Risk Application from the following categories: File storage & sharing, P2P file Sharing, Remote administration,... • Usage of Low Risk and Medium Risk applications Risk Medium Risk is allowed • Usage of High RiskRisk High Risk applications is not allowed Exceptions are approved by the employee using User Check. ©2013 Check Point Software Technologies Ltd. 34
  • 34. Application Control Implementation Application Type Action Critical or high risk Block Anonymizer, P2P file sharing, botnets, etc. Block Department special need (e.g., hacker sites) Medium risk Ask User Monitor ©2013 Check Point Software Technologies Ltd. 35
  • 35. Application Control Statistics Monthly events: 20,000 Number of users: 600 Top block applications protocols • Dropbox — 52% • Sugarsync. — 43% • BitTorrent — 2% • Lync (Microsoft Chat tool) — 2% Top 4 covers ~90% of the cases ©2013 Check Point Software Technologies Ltd. 36
  • 36. Defining Your Security Blueprint 1 Identify your environment 2 Define your security zones 3 Identify main threats & protections 4 5 Analyze performance requirements 1 5 Define Specific Security environment 4 2 7 Identify & ModuleDataRequirements Analyze PerformanceZones Define your SecurityDefine Protections Define Threats Packages 3 6 Identify MainOrganize your Policies Analyze your & Define modular packages 6 Define specific security Policies 7 DMZ SSA Analyze your data DMZ URLF Antivirus Anti-Bot IPS Firewall Internal Servers SSA DEPARTInternal Departmental Departmental INTERNAL To manage Departmental Users MENTAL all this: Anti-Spam Unified Management Application Control Tool 4 People! DLP ©2013 Check Point Software Technologies Ltd. 37
  • 37. Summary My needs are customers’ needs; my security solutions are customers’ solutions DMZ URLF Antivirus Anti-Bot IPS SSA Build security modular packages, adopting a multi-layer protection: - Be a business enabler Analyze your data to improve your security Easy to manage with Software Blades ©2013 Check Point Software Technologies Ltd. 38
  • 38. Thank You ©2013 Check Point Software Technologies Ltd.

Notas del editor

  1. Check how many offices
  2. IT is very dynamicEvents every dayNew application, new system, new serverNew dbDRP projectsNew officesMigration of dept. New acquistionsMore outsourced systems that interact with internal systemsNew audiences interacting with our systems : partners, customers, external accountants, gateways  New threats – bots, constant new malwaresNew technologies – mobile synchronization, cloud synchNew trends – BYODTrying to balance time/moneyNeed to apply security measures toAccessInternal assets and informationTools and applicationsConserve bandwidth for business critical tasksOptimize employees’ productivityProtect internal assets from unauthorized accessEnable secure access from everywherePrevent sensitive information from getting to the wrong handsWho is allowed to access which tools?(Who? By IP – but IPs change as users are mobile; IP ranges/NW segments are not accurate – again, users are mobile)What are users allowed to do?(Which internal assets can be accessed? Which Internet tools?)What content can leave the organization?
  3. On the 24.2.2012 at approximately 14:00 Singapore time Daniel Phuan, a SE Manager from the Singapore office, received a phone call to his mobile phone from an undisclosed number. The caller spoke English with an Asian accent, and introduced himself as Mike Chen (Product Marketing Manager from US). He claimed that he is on the road from US to Japan for a business meeting, have a connection at Singapore airport and does not have access to Check Point web site as his laptop broke down. He requested contact information of Japan office personnel and provided an external e-mail address (biztrip@live.com).
  4. While getting the notification Daniel kept trying to authenticate the identity of the caller started to suspect when he failed to provide the name of his direct manager. The caller claimed that he reports directly to Marketing VP, Juliette Sultan. Daniel told the caller he cannot provide further information and the call ended.Daniel Contacted Check Point security officer by email and notified him of the incident and that Johnny Poh and Lum Soong Chee received a similar call.  
  5. Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  6. Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  7. Vladimir Antonovich, End Point system administrator, setting the environment to test an anti-malware productRan Ravid, Security on duty, reviews the log of application control.Ran - 13:47Please check why your host is running BitorrentVladimir - 13:55 Can’t find this host can you send more information Ran - 13:57According to my log it is using BiTorrent and UtorrentVladimir – 14:06Found it – A Laptop used for test we forgotto uninstall Torrent clients ConclusionsIt took ~20 min to close the “Hole”Even security experts can miss security policySecurity enforcement should be strict
  8. The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.
  9. The second dimension provides fine-grain internet application awareness to the Check Point security gateway. Check Point’s application control library scanning and detection of more than 4,500 distinct applications and over 50,000 social networking widgets across a wide range of categories including Instant Messaging, Peer-to-peer file sharing, Social Networking, Web 2.0, Voice-over-IP, Anonymizers, IPTV, Multimedia, Games, Virtual Worlds, and Unified Communication. These applications are classified in different levels of business and non-business categories enabling a strong and flexible choice of parameters for any given policy. The applications are organized into 150 categories including categories for communication, IM, entertainment, commercial, financial, computing, government and a lot more.
  10. Low risk applications are applications from the following categories: Business Applicatons (i.e Google Apps *), Download Managers (i.e 3wGet, Apt-get, Download Master), Media Sharing (only YouTube and Apple QuickTime are allowed), Mobile Software (i.e Google Play, Mobile Google Maps, WhatsApp Messenger), Social Networking (i.e Facebook, Geni), Tweeter Clients (i.eBinTweet, CheapTweet), and more.* Google apps may be used for personal use only. Uploading corporate data to Google apps is forbidden.Medium risk applications are applications from the following categories:  Brower plugins (i.e.AdobeFlase, Ask Toolbar, BingBar), Email * (I,e Gmail, Yahoo!),  VoIP (i.e Skype), Web Conferencing (only Adobe Connect is allowed), and more.High risk applicatons are applications from the following categories: File Storage and Sharing (i.eDropBox, Sugarsync, DropMe, ShareFile), Instant Messaging (i.e Miranda IM, CryptoChat, IceChat), P2P File Sharing (i.eKazaa, Sopcast, AllPeers, Bittorent, uTorent, Emule), Remote Administration (i.e Poison Ivy, Access Remore PC, Radmin, TeamViewer, pcAnywhere), and more.
  11. Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .
  12. Zbot Trojan is loaded onto a USB stickDerek plugs the USB stick into his computerZbot Trojan is installedZbot turns Derek’s computer into a bot !!The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.Trojan.Spy.MSIL.ZbotMalware that when loaded attempts to steal dataTurns systems into Botsto steal more dataMulti-vector attack
  13. The trojan attempted to communicate with the command and control center, but Anti-Bot Software Blade detected the communication and blocked it.
  14. Check Point Business information -  Missing classification, Highly Restricted Documents, Customer names, Sales reports, SSH private key, confidential security alerts, employee data (compensation, salaries, job offers)Check Point RnD specific data – Code (generic), templates, project namesFinancial data – SEC filings, financial report, large excel files send out of Finance outside the company Intellectual property – Patents and design filesCompliance – PCI and HIPPABest Practices –Database files, inappropriate language, password protected files, Social security #, passport # .