check point presentation june 2014
DESCRIPTION
TRANSCRIPT
![Page 1: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/1.jpg)
1 ©2014 Check Point Software Technologies Ltd.
Cyber Attacks: Protecting against the
Unknown Unknowns
Keith D. Holtham Check Point Software Technologies Australia
![Page 2: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/2.jpg)
2 ©2014 Check Point Software Technologies Ltd.
The Internet of everything
![Page 3: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/3.jpg)
3 ©2014 Check Point Software Technologies Ltd.
The Internet of everything BRINGS WITH IT new challenges
![Page 4: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/4.jpg)
4 ©2014 Check Point Software Technologies Ltd.
Adobe breach hit more than 150
million usernames and passwords According to foreign media the organization behind the attack is suspected to be
an unnamed government organization...
Target credit card hack reveals
need for updated security The U.S. is the juiciest target for hackers hunting credit card information. And …
4.6 Million Snapchat usernames
and phone numbers leaked A new website called SnapchatDB! Has allegedly leaked 4.6 million Snapchat..
![Page 5: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/5.jpg)
5 ©2014 Check Point Software Technologies Ltd.
![Page 6: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/6.jpg)
6 ©2014 Check Point Software Technologies Ltd.
Value of a Hacked PC
http://krebsonsecurity.com
![Page 7: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/7.jpg)
7 ©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. Application patching
3. OS Patching
4. Restrict Admin privileges
5. User application configuration hardening
6. Automated dynamic analysis of email and web content (Sandboxing)
7. Operating system Generic exploit mitigation
8. Host based Intrusion Detection/Prevention
9. Disable Local Admin accounts
10.Network Segmentation
11.Multi-Factor Authentication
12.Software-Based Application firewall - Incoming
13.Software-Based Application firewall – Outgoing
14.Non-Persistent virtualised sandboxing
![Page 8: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/8.jpg)
8 ©2014 Check Point Software Technologies Ltd.
Target: 40 million credit & debit cards
![Page 9: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/9.jpg)
9 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 10: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/10.jpg)
10 ©2014 Check Point Software Technologies Ltd.
40 000 machines
1 797 stores
![Page 11: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/11.jpg)
11 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 12: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/12.jpg)
12 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 13: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/13.jpg)
13 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 14: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/14.jpg)
14 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 15: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/15.jpg)
15 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 16: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/16.jpg)
16 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 17: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/17.jpg)
17 ©2014 Check Point Software Technologies Ltd.
TARGET attack
![Page 18: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/18.jpg)
18 ©2014 Check Point Software Technologies Ltd.
TARGET attack
RAM-scraping kit: BlackPOS (VBScript – 207kB)
Created in March 2013
Kit author: Rinat Shabayev, 23 years old
Cost: 1800-2300$
![Page 19: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/19.jpg)
19 ©2014 Check Point Software Technologies Ltd.
TARGET attack – who’s next ?
![Page 20: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/20.jpg)
20 ©2014 Check Point Software Technologies Ltd.
Critical Infrastructure at Risk!
Critical and industrial systems
make our modern world
Like other IT systems, they are
prone to attacks
The consequences of such attacks are much greater:
- Power failures
- Water pollution or floods
- Disruption of transportation systems
- Malfunction of Production Lines
![Page 21: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/21.jpg)
21 ©2014 Check Point Software Technologies Ltd.
Important Attacks
Stuxnet, Duqu, Flame
Pacific Energy, Saudi Arabia Aramco
German Power Utility, 50Hertz
Queensland, Harrisburg and Willows Water System
![Page 22: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/22.jpg)
22 ©2014 Check Point Software Technologies Ltd.
3 steps of modern attacks
![Page 23: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/23.jpg)
23 ©2014 Check Point Software Technologies Ltd.
FIND THE WEAKEST LINK
GET ACCESS
EXTRACT DATA
3 steps of modern attacks
![Page 24: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/24.jpg)
24 ©2014 Check Point Software Technologies Ltd.
FIND THE WEAKEST LINK
Designing an attack
![Page 25: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/25.jpg)
25 ©2014 Check Point Software Technologies Ltd.
FIND THE WEAKEST LINK
Designing an attack
![Page 26: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/26.jpg)
26 ©2014 Check Point Software Technologies Ltd.
Top Vulnerable Applications
list of leading vulnerable applications in 2012
Adobe Reader
Adobe Flash Firefox
Java Microsoft Office
Internet Explorer
30 Critical
vulnerabilities
17 Critical
vulnerabilities
16 Critical
vulnerabilities
57 Critical
vulnerabilities
91 Critical
vulnerabilities
14 Critical
vulnerabilities
![Page 27: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/27.jpg)
27 ©2014 Check Point Software Technologies Ltd.
WOULD YOU OPEN
THIS ATTACHMENT?
“Over 90% of targeted emails use malicious file
attachments as the payload or infection source”
Wall Street Journal Nov, 2012
![Page 28: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/28.jpg)
28 ©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
![Page 29: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/29.jpg)
29 ©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
First Name Last Name Likes Gender Email Phone Number Topic of Interest Usernames
Social Profile Technical Profile
IP Address Browser Type Plug-ins deployed OS Type Patch History Anti-Virus Brand Applications User permissions
![Page 30: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/30.jpg)
30 ©2014 Check Point Software Technologies Ltd.
Choosing the right weapon Zero-Day Exploits
Patched Vulnerabilities
![Page 31: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/31.jpg)
31 ©2014 Check Point Software Technologies Ltd.
In reality, it’s impossible to patch everything
![Page 32: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/32.jpg)
32 ©2014 Check Point Software Technologies Ltd.
![Page 33: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/33.jpg)
33 ©2014 Check Point Software Technologies Ltd.
WHAT ABOUT
NEW ATTACKS? Block download of
malware infested files
Detect and prevent
bot damage
Stops exploits of
known vulnerabilities
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
![Page 34: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/34.jpg)
34 ©2014 Check Point Software Technologies Ltd.
ONLY DEALS
WITH THE
KNOWN
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
![Page 35: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/35.jpg)
35 ©2014 Check Point Software Technologies Ltd.
HOW TO DEAL
WITH THE
UNKNOWN ?
Multi-Layered Threat Prevention
IPS
Anti-Bot
Antivirus
![Page 36: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/36.jpg)
36 ©2014 Check Point Software Technologies Ltd.
Known Unknowns – Top Vulnerable Applications
list of leading vulnerable applications in 2012
Adobe Reader
Adobe Flash Firefox
Java Microsoft Office
Internet Explorer
30 Critical
vulnerabilities
17 Critical
vulnerabilities
16 Critical
vulnerabilities
57 Critical
vulnerabilities
91 Critical
vulnerabilities
14 Critical
vulnerabilities
We know that in the upcoming year
200–300 new currently unknown
vulnerabilities will be discovered in
popular business applications
![Page 37: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/37.jpg)
37 ©2014 Check Point Software Technologies Ltd.
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
Duqu Worm Causing Collateral Damage in a
Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
![Page 38: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/38.jpg)
38 ©2013 Check Point Software Technologies Ltd.
Threat Emulation
Discover and STOP new threats based-on threat behavior
[Confidential] For designated groups and individuals
INSPECT EMULATE
PREVENT SHARE
![Page 39: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/39.jpg)
39 ©2014 Check Point Software Technologies Ltd.
That’s why we need to segment networks
Initial infection on
laptop
Only pathway across network controlled
through security gateway
Infection can’t spread if there’s
no open path
![Page 40: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/40.jpg)
40 ©2014 Check Point Software Technologies Ltd.
Hierarchical Lines of Defense
“Establish hierarchical lines of defense that provide protections for data
and systems hosted within the corresponding segment boundaries”
Site (Host, Network)
Mobile
Cloud
![Page 41: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/41.jpg)
41 ©2014 Check Point Software Technologies Ltd.
Segment Grouping
Site
![Page 42: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/42.jpg)
42 ©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. Application patching
3. OS Patching
4. Restrict Admin privileges
5. User application configuration hardening
6. Automated dynamic analysis of email and web content (Sandboxing)
7. Operating system Generic exploit mitigation
8. Host based Intrusion Detection/Prevention
9. Disable Local Admin accounts
10.Network Segmentation
11.Multi-Factor Authentication
12.Software-Based Application firewall - Incoming
13.Software-Based Application firewall – Outgoing
14.Non-Persistent virtualised sandboxing
![Page 43: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/43.jpg)
43 ©2014 Check Point Software Technologies Ltd.
How do you manage the unknown in 2014?
Use of unknown malware exploded in 2013 Integrated malware sandboxing is a must-have 1
Malware exposure and infections increased
Anti-bot and antivirus must have global intelligence 2
High-risk applications expanded in the enterprise
Policy-driven application control must be integrated 3
Data loss events grew across industries and data types
Data loss prevention must expand across the network 4
![Page 44: Check point presentation june 2014](https://reader034.vdocuments.net/reader034/viewer/2022042813/548df114b479599d2d8b4658/html5/thumbnails/44.jpg)
44 ©2014 Check Point Software Technologies Ltd.
Thank You !