Más contenido relacionado La actualidad más candente (20) Similar a Check Point NGFW (20) Más de Group of company MUK (15) Check Point NGFW2. Agenda
NGFW 101
NGFW ‒ The Check Point Approach
NGFW ‒ Things to Look Out For
©2013 Check Point Software Technologies Ltd.
2
3. If you can’t explain it
simply, you don’t understand it
well enough.
Albert Einstein
NGFW 101
©2013 Check Point Software Technologies Ltd.
3
4. NGFW First Time Definition by Gartner
©2013 Check Point Software Technologies Ltd.
4
5. NGFW Must Haves
According to Gartner
Layer 2
Functionality
Integrated IPS
Stateful
Inspection
Application
Awareness
Identity
Awareness
©2013 Check Point Software Technologies Ltd.
5
6. NGFW vs. UTM
It’s more like Gartner (NGFW)
vs. IDC (UTM)
Gartner target NGFW as an
Enterprise Network FireWall
Gartner target UTM as an
SMB Segment FireWall
IDC which coined UTM refers
to it just the same as NGFW
Interesting read “Anitian Blog”
“UTM vs. NGFW a single
shade of gray”
©2013 Check Point Software Technologies Ltd.
6
7. Which Brings Us to the Question
―Is It All Just Marketing?‖
©2013 Check Point Software Technologies Ltd.
7
8. Agenda
NGFW 101
NGFW ‒ The Check Point Approach
NGFW ‒ Things to look out for or Buyer Beware
©2013 Check Point Software Technologies Ltd.
8
9. Proven NGFW Leadership:
NSS Labs 2013 NGFW SVM
98.5%
99.0%
100%
NGFW
IPS
Firewall
Management and
Security
Effectiveness
Overall Protection
Management and
Security
Effectiveness
2013 NGFW Group Test
Product Analysis Report
2013 Firewall Group Test
NSS ON Check Point
©2013 Check Point Software Technologies Ltd.
9
10. And a Little More…
Best IPS/IDS Product
Reader Trust Award
Leader, Magic Quadrant
Enterprise Network
Firewall
Best Enterprise FW
Reader Trust Award
2010–2013
2004–2013
Firewall Earns
―Recommend‖ Rating
from NSS
2013
NGFW Earns
―Recommend‖ Rating
from NSS
2013
Leader, Magic Quadrant UTM
IPS Earns
―Recommend‖ Rating
from NSS
2013
Network Security
Vendor of the Year
2011
©2013 Check Point Software Technologies Ltd.
10
11. This Is the Secret on How to Be #1 NGFW:
3D Security
Policies
Practical and relevant to daily operations
People
Different People – Different needs
Involve & Engage users in the security
process
Enforcement
Multi-layer controls for strong security
©2013 Check Point Software Technologies Ltd.
11
12. Let’s See Some of It in Action
©2013 Check Point Software Technologies Ltd.
12
13. Layered Defenses & Software Blades
IPS
Anti-Bot
Antivirus
Network Threat Prevention
Mobile Access
DLP
Sensitive Data
Application
Control
URLF
Identity
Awareness
Internet Applications Usage
Granular Visibility
Mobile
Access
SmartEvent
User Access
©2013 Check Point Software Technologies Ltd.
13
15. Check Point Multi-Layer
Product Architecture
Data Leakage Prevention
Antivirus
IPS
Anti-Bot
Anti-Spam
Application Control
URL Filtering
Protocol and Application Decoder
SSL
Stream Reassembly Engine
Identity Awareness
Layer 2–4 Firewall & IPS
IPsec
Multi-Core Packet Queuing and Dispatching
©2013 Check Point Software Technologies Ltd.
15
16. Check Point Multi Layered
Threat Prevention
©2013 Check Point Software Technologies Ltd.
16
17. Multi Layered Threat Prevention ‒
Firewall
Protect against
unauthorized access
Contain Infections in Network Segments
©2013 Check Point Software Technologies Ltd.
17
18. Multi Layered Threat Prevention –
IPS
Stop attacks
exploiting
vulnerabilities
Protect Against Exploit of Vulnerabilities in:
Word, Excel, PDF, Browsers, Operating Systems...
©2013 Check Point Software Technologies Ltd.
18
19. Multi Layered Threat Prevention –
Antivirus
Block Malware
Download
Block Malware File Download and
Access to Malware Containing Sites
©2013 Check Point Software Technologies Ltd.
19
20. Multi Layered Threat Prevention –
Anti-Bot
Discover and stop
Bot Attacks
Post Infection Solution to
Stop Data Theft and Targeted APT Attacks
©2013 Check Point Software Technologies Ltd.
20
21. Multi Layered Threat Prevention –
ThreatCloud™
Global collaboration
to fight new threats
Powering Threat Prevention Software Blades
with Real-time Security Intelligence
©2013 Check Point Software Technologies Ltd.
21
22. Introducing Check Point
Threat Emulation
Fight Against
Unknown Threats !
Stop Targeted Zero-day Attacks
©2013 Check Point Software Technologies Ltd.
22
23. Summary – Check Point Multi Layered
Threat Prevention
©2013 Check Point Software Technologies Ltd.
24
24. Things to Look Out for
When Selecting Your NGFW
©2013 Check Point Software Technologies Ltd.
25
26. Questions You Should Ask Yourself
and the Vendor
Security
Do you scan both Direction of traffic
ALWAYS?
Do you use caching mechanisms for
detection?
Do you by default leave all ports open?
Do you scan only part of the session?
Do you fail-open by default?
Can I run both IPS and APP-Ctrl at the
same time?
©2013 Check Point Software Technologies Ltd. 27 27
27. More is Better: Visibility and Security
Check Point has the largest application database in the industry
and the highest rate of adding new apps
Check Point
Nearest Competitor
Applications
~5000
~2500
Social Network Widgets
244,081
None
Less applications = less visibility and control
©2013 Check Point Software Technologies Ltd.
28
28. Shortcuts Can Cost You
Scanning part of IPS session and fail-open enable
gives better Performance, but what about Security?
©2013 Check Point Software Technologies Ltd.
29
29. Shortcuts Can Cost You
SIP traffic pollutes FW APP Cache allowing all HTTP traffic
Generates multiple
SIP connections to
www.facebook.com
Access to
www.facebook.com
allowed!
SIP connection
is blocked
[Protected] For public distribution
After multiple
SIP connections
system stops inspecting
©2013 Check Point Software Technologies Ltd.
30
30. Shortcuts Can Cost You
Results of port scan:
©2013 Check Point Software Technologies Ltd.
31
31. Security Summary:
Your Security Solution Should be Secure!
Security
We scan both Direction of traffic ALWAYS
We use no shortcuts for detection
it’s a Firewall all ports are closed by default
We scan all parts of the session
We fail-close by default
We can run both IPS and APP-Ctrl
at the same time
©2013 Check Point Software Technologies Ltd.
32
32. “God is in the Details”
— Ludwig Mies Van Der Rohe
Management
©2013 Check Point Software Technologies Ltd.
33
33. Questions You Should Ask Yourself
and the Vendor
Management
Do you have an Event Analysis Solution?
Are you able to add IPS-exception
from the LOG
Do you have an efficient way to
troubleshoot a session?
Do you have Hit Count , expiry…
in the security rules?
When you make a change does it
commit right away?
©2013 Check Point Software Technologies Ltd.
34
34. Check Point SmartLog ‒ Simple Log
Searches
Simple Log Analysis with 360o Visibility
John Smith yesterday
Check Point
SmartLog provides
simple, intuitive
search
Check Point split-second search results provide
instant visibility into billions of log records
©2013 Check Point Software Technologies Ltd.
35
35. Check Point Simplified 1-Step
Policy Creation
Check Point Provides 1-Step Policy Creation
©2013 Check Point Software Technologies Ltd.
36
36. Complemented by SmartEvent for Overall Security
Analysis and Forensics
SmartEvent
SmartEvent
Translates Security
Information into Action!
Unified view of all security events
Geo-location views and analysis of security events
Historical views with timeline analysis
Correlations and forensics activities
Reports
…and more!
©2013 Check Point Software Technologies Ltd.
37
37. “Less is More”
— Ludwig Mies Van Der Rohe
Performance
©2013 Check Point Software Technologies Ltd.
38
38. Questions You Should Ask Yourself
and the Vendor
Performance
How do you test Performance?
NAT?
How many rules?
What's the traffic blend?
Logging on or off?
What's the Packets sizes?
Any shortcuts?
©2013 Check Point Software Technologies Ltd.
39
39. How We Measure Real World
Performance
THE OLD WAY:
Firewall Throughput
Based on large UDP packets
Only firewall security
“Allow all” policy (one rule)
THE NEW WAY:
SecurityPower™
Based on real-world traffic mix
Advanced security functions
Real security policy (many rules)
SecurityPower The New Way To Measure the
Real Power of Security Appliances
©2013 Check Point Software Technologies Ltd.
40
40. SecurityPower—Traffic Blend
Measuring Real-World Traffic Blend
The Old Way
UDP large
packets
Real-World Traffic Blend*
10%
9%
13%
68%
HTTP
SMTP
HTTPS
Other
*Based on customer research conducted by Check Point performance labs
©2013 Check Point Software Technologies Ltd.
41
41. SecurityPower—Security Policy
Applying a True Security Policy
Policy with 100 Rules!
The Old Way
Protocol
Action
#1
One rule:
Allow all traffic
Rule
POP3
Accept
#2
FTP
Accept
#3
ICMP
Drop
# 98
HTTP
Accept
#99
SMTP
Accept
#100
ANY
Drop
©2013 Check Point Software Technologies Ltd.
42
42. Summary Performance
Applying a True Security Policy
The Old Way
Logging disabled
Address
translation
disabled
No IPS protection
No signatures
Log All Connections
Network Address Translation
IPS Recommended Protection
Up-to-Date Signature Databases
©2013 Check Point Software Technologies Ltd.
43
43. Summary
Today the NGFW Technologies Are Widely Tested and
Reviewed by Independent 3rd Parties
and they have spoken: we are the best!!
Security
Your NGFW should be
secure without shortcuts
Management
Your NGFW should have
super easy, intuitive and
scalable management
Performance
Your NGFW should perform well
in a real world traffic without
shortcuts
©2013 Check Point Software Technologies Ltd.
|
[Restricted] ©2013 for designated groups Technologies Ltd.|
ONLY Check Point Software and individuals
44
44
Notas del editor The data center circa 1936. Fort Know was built in 1936, stores about 5000 tons of US gold reserves.It has complex layered defenses: video, guards, massive vault doors, fortress structure, complete with minefieldsHardened perimeter (layered), very controlled access, high value assets in one locationIt is quite the impressive structure for protecting valuablesSo what does Fort Know have to do with data centers?Think about the data center it holds the valuable assets of a corporation, Fort Know held valuable assets of the USABoth pursue a multi-layered security approachBut Fort Knox was designed to lock things away securely away from everyone, protected.Today the data center has quite the opposite trend as it is becoming arguably more open to support the business. Check Point Product Architecture IPS / FW – access control i.e. looking at port, source and destination. Ex. Block FTP, allow http, etc.Identity Awareness – looks at IP address & user – if there is one it assigns an identity, if not it moves up the stackSSL – Decrypt packet so content inspection can be doneContent Inspection – DLP, AV, Anti-Bot, Anti Spam, IPS, App Control URLF http://www.istockphoto.com/stock-photo-9306896-man-pushing-blank-cube.php?st=396b026 http://www.istockphoto.com/stock-photo-9306896-man-pushing-blank-cube.php?st=396b026 http://www.istockphoto.com/stock-photo-9306896-man-pushing-blank-cube.php?st=396b026 http://www.istockphoto.com/stock-photo-9306896-man-pushing-blank-cube.php?st=396b026http://www.itworld.com/security/309422/baddest-botnets-2012?page=0,1 http://www.istockphoto.com/stock-photo-9306896-man-pushing-blank-cube.php?st=396b026http://www.itworld.com/security/309422/baddest-botnets-2012?page=0,1 (Genesis 8:21) PAN is vulnerable to cache poisoning. As an example a SIP session could initially be blocked accurately but by taking advantage of the cache poisoning vulnerability, a SIP session could bypass a PAN gateway.The vulnerability could be exploited as follows:Ports are open with firewall policyOpening a Session Initiation Protocol typically used with VoIP communications is correctly blockedGenerate http traffic which causes the cache to hit it threshold – meaning traffic is going through the cacheGenerate another SIP connection and it’s allowed Background: A Session Initiation Protocol (SIP) connection is a Voice over Internet Protocol (VoIP) service. A SIP connectiontypically uses the same Internet access that is used for data. Users should be aware that a SIP connection can be used as a channel for attacking the company's internal networks, similar to Web and Email attacks. Check Point provides a simple, intuitive search. Searches are entered in the system using basic English.Check Point yields results quickly, bringing instant visibility to potentially related events. Check Point makes policy creation simple.Security policies are easily viewed within tabs and policy creation is a simple, 1-step process.A Check Point customer recently told us, “With Fortinet, we had 2000 rules combined. When we went to Check Point were able to consolidate them to 230 rules. For us, the way we had it sitting in middle of our network, It was frustrating that you had to write a policy 6 different times. You couldn’t drag drop objects – had to do it manually” Major U.S. Financial Institution