Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Digitální transformace: zabezpečení agilních prostředí

776 visualizaciones

Publicado el

Prezentace Check Point z konference Virtualization Forum 2018
Clarion Congress Hotel Prague, 25.10.2018

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Digitální transformace: zabezpečení agilních prostředí

  1. 1. ©2018 Check Point Software Technologies Ltd. Peter Kovalcik, SE Manager CZR Zabezpečení agilních prostředí DIGITÁLNÍ TRANSFORMACE
  2. 2. „Budoucnost firewallování ?“
  3. 3. 3©2017 Check Point Software Technologies Ltd. #Vývoj hrozeb
  4. 4. 4©2017 Check Point Software Technologies Ltd. #Vývoj hrozeb #Digitální transformace
  5. 5. ©2016 Check Point Software Technologies Ltd. 6 Machine Learning inside Sandboxing Malware detection using Big Data and Machine Learning
  6. 6. 7©2018 Check Point Software Technologies Ltd. 02SMB EXPLOIT WANNACRY FLOW DESCRIPTION CHECK KILL SWITCHDROP & EXECUTE Mssecscv.exe Mssecscv.exe DroppingEXE FILE ENCRYPTION Fileencryption REGISTRY PERSISTENCY SHADOW COPY DELETION TOR COMMUNICATION RANSOM NOTE Drop&create @wanadecryptor@.exe MS17-010 CREATE & EXECUTE tasksche.exe 01 03 04 05 09 08 0607
  7. 7. 8©2018 Check Point Software Technologies Ltd. • Isolate Minimal Tree that uniquely identifies a malware family • Based on complete forensic context • Robust detection spans malware evolution over time Malicious DNA: PREDICTIVE Malware DETECTION & CLASIFICATION
  8. 8. 9©2018 Check Point Software Technologies Ltd. Dec 2016 Feb 2017 May 2017Aug 2017 PREDICTIVE DETECTION OF CERBER
  9. 9. ©2016 Check Point Software Technologies Ltd. 10 Normal Execution ROP Execution Shellcode push ebp mov ebp, esp mov eax, ebx pop ebp retn 4 db cc push ebp mov ebp, esp --- --- --- mov ebx,[var1] lea eax,[var2] call ebx --- mov eax,0xc394 --- pop ebp ret --- push ebp mov ebp, esp push 0xC359 call F2 add eax, eax inc eax inc eax inc eax pop ebp ret Addr1 Addr3 Addr4 Addr5 Addr2 Addr0 Stack F0_ptr push ebp mov ebp, esp mov eax, ebx pop ebp retn 4 db cc push ebp mov ebp, esp --- --- --- mov ebx,[var1] lea eax,[var2] call ebx --- mov eax,0xc394 --- pop ebp ret --- push ebp mov ebp, esp push 0xC359 call F2 add eax, eax inc eax inc eax inc eax pop ebp ret F1 Addr0 Stack Addr1 Addr2 Addr3 Addr4 Addr5 F1_ptr Data1 Data F2 F0_ptr F1_ptr F1_ptr Data1 Data esp F0eip SH G1 G2 Addr1 Addr2 G2_ptr SH_ptr G1_ptr Addr0 Stack2 var1 var2 esp G0_ptr Stack2 var1 var2 F0 G0 ret xchg esp, eax eip Building a ROP Gadgets Dictionary - To gain privileges to run the malware
  10. 10. ©2018 Check Point Software Technologies Ltd. PREDICTIVE THREAT INTELLIGENCE Expose unknown CnC and malicious domains Attribute attacks to campaigns Enrich threat intelligence for predictive campaign prevention Campaign Hunting Introduced +10% CAMPAIGN HUNTING
  11. 11. ©2018 Check Point Software Technologies Ltd. UNCOVER MALICIOUS EXECUTABLES Dynamically analyze executables is a Sandbox to collect system APIs Apply Machine Learning to reach malicious verdict Feedback loop for continued learning “HUNTRESS” Huntress Unique Detections +13%
  12. 12. ©2018 Check Point Software Technologies Ltd. CONTEXT AWARE DETECTION “CADET” Look at the full context of the inspected element Extract parameters from the environment THOUSANDS of discrete Indicators  ONE Accurate Verdict Missed Detection False Positive Old CADET 2-fold 10-fold
  13. 13. ©2018 Check Point Software Technologies Ltd. #DIGITAL TRANSFORMATION
  14. 14. 15©2017 Check Point Software Technologies Ltd. Agile vs. Waterfall
  15. 15. 16©2017 Check Point Software Technologies Ltd. BUSINESS VALUE • Cost savings • Operational efficiency • Time to market • Automated provisioning of applications, networks & security controls • Based on virtualization frameworks • Orchestration tools & APIs USE CASE SELF SERVICE IT
  16. 16. 17©2017 Check Point Software Technologies Ltd. •HA / Clustering • Legacy HA - long failover times • Load balancers instead • Upgrades •Auto-scaling • Scale Out • Scale In Auto-Scaling & Clustering
  17. 17. 18©2017 Check Point Software Technologies Ltd. Check Point Access Policy Rule From To Application Action 3 Finance_App1 (vCenter Object) Database_Group (NSX SecGroup) MSSQL Allow 4 HR_App2 (Open StackObject) Finance_Group (ACI EndPoint Group) CRM Allow 5 User_ID SAP_App (AWS Object) SAP Allow APPLICATION-AWARE POLICY Security policy with application identity tied to SDN and Cloud platforms
  18. 18. 19©2017 Check Point Software Technologies Ltd. SECURITY INSIDE YOUR CLOUD Securing the datacenter from the inside is now simple with SDN Micro segment the datacenter with advanced protection between applications App App App AppApp
  19. 19. 20©2017 Check Point Software Technologies Ltd. SECURITY INSIDE YOUR CLOUD Securing the datacenter from the inside is now simple with SDN Micro segment the datacenter with advanced protection between applications App App App AppApp
  20. 20. 21©2017 Check Point Software Technologies Ltd. Threat Protection Prevents bot damage from infected devicesAnti-Bot Stops unknown zero-day malware in files Threat Emulation KNOWNUNKNOWN Removes potentially malicious content from files Threat Extraction Real-time security intelligence Threat Cloud Stops exploits of known vulnerabilities IPS Blocks download of known malware infected filesAntivirus Proper network segmentationFW
  21. 21. 22©2017 Check Point Software Technologies Ltd. Security Visibility
  22. 22. 23©2017 Check Point Software Technologies Ltd. THE vSEC FAMILY ACI Consistent security policy and control across Private and Public Clouds and SAAS applications
  23. 23. 24©2017 Check Point Software Technologies Ltd. THE vSEC FAMILY Security Gateway SAAS PROVIDERS SECURITY STACK Prevent Account Takeovers Data Leak Prevention Reveal Shadow IT API & AD … CloudGuard SaaS Documents encryption Zero-day Threats Protection
  24. 24. „Budoucnost firewallování ?“
  25. 25. # Rozpoznávejte hrozby # Buďte agilní a flexibilní # Architektura
  26. 26. Check Point sál – live ukázky: # Office 365, Google suite, Salesforce, bezpečně # Proč nativní bezpečnostní nástroje nestačí
  27. 27. # Ďakujeme

×