Threat Prevention Tools Exist, but Are STILL Insufficiently Used

INFINITY: THE CYBERSECURITY ARCHITECTURE OF THE FUTURE - IN A DIGITAL WORLD

Nathan Shuchami | VP of Emerging Products

[Internal Use] for Check Point employees age

WE LIVE LONGER LIFE EXPECTANCY

[Internal Use] for Check Point employees Source: ourworldindata.org WE HAVE BETTER LIVING STANDARDS

EXTREME POVERTY % of population living in poverty

[Internal Use] for Check Point employees Source: ourworldindata.org WE GET BETTER EDUCATION

LITERACY % of literate population

[Internal Use] for Check Point employees Source: ourworldindata.org

Source: ourworldindata.org And…did you know?

OZONE LAYER APPEARS TO BE HEALING!

[Internal Use] for Check Point employees Why? Why Now? EXPONENTIAL GROWTH OF TECHNOLOGIES

[Internal Use] for Check Point employees WHERE WE THINK WE ARE

[Internal Use] for Check Point employees WE ARE HERE

EXPONENTIAL

[Internal Use] for Check Point employees TECHNOLOGY TAKE 30 LINEAR PACES… 9 8 7 6 5 4 3 2 1 30 Meters

[Internal Use] for Check Point employees TAKE 30 EXPONENTIAL Steps… 26X Around the Earth!

1,073,741,824 Meters

[Internal Use] for Check Point employees THE FUNDAMENTAL OF EXPONENTIAL TECHNOLOGY Moore's law

1951 1971 2012 Intel 4004 Nvidia GPU 2 Transistors 2300 Transistors 7.1 B Transistors $1 $0.0000001

[Internal Use] for Check Point employees Source : dailymail.co.uk

Apple WatchApple 2016 2016

[Internal Use] for Check Pointemployees =

1985 Cray - 2 Supercomputer

By David.Monniaux, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=185007 THE CONNECTED WORLD 5 BILLION NEW MINDS % world population using the Internet

7 6 5 66% 4 3 2 23% 1 (Global population (Billions) population (Global 6% 0 2000 2010 2020

[Internal Use] for Check Point employees Source: PHD Ventures, Inc. Connected Total Population IMAGINE WHAT 5 BILLION NEW MINDS WILL CREATE, DISCOVER, CONSUME, INVENT.

[Internal Use] for Check Point employees AUTONOMOUS CARS

[Internal Use] for Check Point employees 3D PRINTED FOOD

[Internal Use] for Check Point employees REVOLUTIONIZING DELIVERY SERVICES

[Internal Use] for Check Point employees DISRUPTIVE BUSINESS MODELS

#1 Taxi company #1 Accommodation #1 Media provider #1 Fastest growing #1 Valuable owns no cars company owns no creates no content TV network lays retailer has no real estate no cables inventory

[Internal Use] for Check Point employees NEW POSSIBILITIES

[Internal Use] for Check Point employees USERS ARE CHANGING IT IS ABOUT FAST AND AGILE

Time to deliver new app: EVERY EVERY EVERY 9 48 6 MONTHS HOURS HOURS 2013 2015 2016

[Internal Use] for Check Point employees Source: 2016 State of DevOps Report, puppet.com THE INFRASTRUCTURE IS CHANGING NOW

[Internal Use] for Check Point employees Security is the biggest “ barrier to IoT adoption ITPRO”

Security concerns continue “ amid Cloud adoption InformationWeek”

Cybersecurity is biggest risk of “ Autonomous Cars Bloomberg”

[Internal Use] for Check Point employees PUBLIC CLOUD SERVERS HACKED Exposing 1.5 million Americans private health records

SEPT 2015

[Internal Use] for Check Point employees Source: theregister.co.uk HACKERS STRUCK POWER GRID in Ukraine leaving 230,000 residents in the dark.

DEC 2015

[Internal Use] for Check Point employees Source: wired.com WIKILEAKS CIA uses zero day exploits on Samsung TVs turning them into covert microphones MAR 2017

[Internal Use] for Check Point employees Source: wikileaks.org CONNECTED DOLL HACKED

FEB 2017

[Internal Use] for Check Point employees Source: euronews.com MAY 2017 WANNACRY RANSOMWARE ATTACK One of the biggest ransomware attacks ever; Tens of thousands of infected computers [Internal Use] forin Check nearly Point employees 100 countries. WHAT SHOULD WE EXPECT THIS YEAR?

ATTACKS WILL CONTINUE TO GROW. WE ARE ALL TARGETS.

ADVANCED THREATS CLOUDIFICATION MOBILITY

Our networks will The shift is Fundamental part still be targeted! accelerating of each business

ARE WE TAKING THE RIGHT APPROACH?

Denmark United States

Germany Criminals are using superpower technology This attack could have been avoided! Advanced threat prevention tools exist, but are STILL insufficiently used

[Internal Use] for Check Point employees THE TRADITIONAL APPROACH Virus Anti-Virus

Malicious Websites URL Filtering

Intrusion Intrusion Detection

Botnet Anti-Bot

High Risk Applications Application Control

[Internal Use] for Check Point employees Most security technologies today stay ONE STEP BEHIND

• Looking for yesterday’s signatures • Detection instead of prevention PATCHWORK OF POINT SOLUTIONS. COMPLEX SOLUTIONS WITH UNCERTAIN SECURITY COVERAGE.

[Internal Use] for Check Point employees NOW IMAGINE THE FUTURE OF CYBER SECURITY

[Internal Use] for Check Point employees EFFECTIVE SECURITY

[Internal Use] for Check Point employees 4.9 MONTHS is the average time to detect a data breach in an organization.

8 months 8 months 8 months

~1 year ~1 year ~1 year

Source: infocyte.com [Internal Use] for Check Point employees

Michaels Stores Home Depot PF Chang’s Sony

Trump Hotels PREVENTION IN WHICH THREATS ARE BEING BLOCKED BEFORE THEY DAMAGE YOUR NETWORKS AND SYSTEMS

[Internal Use] for Check Point employees SECURITY THAT PREVENTS BOTH THE

KNOWN UNKNOWN THREATS

[Internal Use] for Check Point employees ONE STEP AHEAD MEANS BLOCK THE ATTACK AT EVERY STAGE

Reconnaissance Delivery Exploitation Control

[Internal Use] for Check Point employees PREVENTING THE KILL CHAIN

RECONNAISSANCE DELIVERY EXPLOITATION CONTROL Block suspicious Block malicious Block exploitation Block command network activity download of vulnerabilities & control activity

[Internal Use] for Check Point employees SECURITY EVERYWHERE

[Internal Use] for Check Point employees ATTACKS CAN BEGIN FROM ANYWHERE

Stuxnet started with USB Aug 2010 Target started with air conditioning 91% of cyber attacks Fed 2014 start with a phishing e-mail Pawn storm, APT iOS Espionage App started from Mobile Jan 2017

[Internal Use] for Check Point employees [Internal Use] for Check Point employees ARCHITECTURE THAT PROVIDES SECURITY EVERYWHERE

Combining enforcement points, threat intelligence and management

MANAGEMENT

Indicators of Compromise (IOCs) THREAT PREVENTION

ENDPOINT NETWORK MOBILE VIRTUAL CLOUD SECURITY SECURITY SECURITY SYSTEMS SECURITY GATEWAY [Internal Use] for Check Point employees EFFICIENT SECURITY

[Internal Use] for Check Point employees BIGGER INVESTMENT DOES NOT MEAN BETTER SECURITY

$84B

$76B $72B 41%

34% 31%

2014 2015 2016

[Internal Use] for Check Point employees Security Consolidation

FROM TO - complex - simple - monolithic - modular

IPS

Threat Prevention

Zero Day

End Point

Mobile

Data security

[Restricted] ONLY for designated groups and individuals [Internal Use] for Check Point employees SIMPLE IPS VPN URLF App Control Anti Virus Anti Spam Firewall 20% DDos REDUCTION in Mobile Security Anti Bot SECURITY SPEND IPS Firewall Sandboxing consolidating on VPN DDos single architecture URLF Mobile Security App Control Anti Bot Anti Virus Sandboxing Anti Spam

[Internal Use] for Check Point employees BIG DATA GLOBAL KNOWLEDGE SCALABLE MACHINE LEARNING

IPS VPN URLF SHARED IOCs App Control NEW PROTECTIONS Anti Virus OFFLOAD Anti Spam Security inspection UPDATE IN NEAR REAL TIME Firewall to the cloud PERFORMANCE OFFLOAD DDos Mobile Security Anti Bot Sandboxing

[Internal Use] for Check Point employees SINGLE MANAGEMENT SINGLE MANAGEMENT

50% REDUCTION in HUMAN INVESTMENT with single management platform

[Internal Use] for Check Point employees THE SECURITY YOU DESERVE

Effective Efficient Everywhere

[Internal Use] for Check Point employees LET’S LOOK AT WHAT CUSTOMERS USE TODAY 100%

NOT 93% 99% 98% PROTECTED 50%

PROTECTED 0% ADVANCED THREAT MOBILE CLOUD PREVENTION SECURITY SECURITY

IT’S TOO COMPLICATED

I DIDN’T REALIZE IT WAS SUCH A PROBLEM

TOO MANY POINT PRODUCTS

NOT ENOUGH TRAINED PEOPLE

I DIDN’T THINK IT COULD HURT US

WE MUST INVEST IN THE FUTURE OF CYBER SECURITY!

PLAYERS CYBER CRIMINALS STATE SPONSORED CYBER AGENCIES

CRITICAL INFRASTRUCTURE, LARGE TARGET CONSUMERS AND ENTERPRISES Mass infection, the more the better ENTERPRISES, C-LEVEL MANAGERS Targeted attacks

MOTIVATION MAKE MONEY CYBER WARFARE, CYBER TERRORISM, CYBER SUBVERSION, ESPIONAGE

THREATS GENERIC ZERO-DAY

SOPHISTICATION LEVEL MEDIUM VERY HIGH, WEAPON SYSTEMS

INVESTMENT LOW NATIONAL LEVEL BUDGETS

ATTACK ON SAN FRANCISCO MTA, SPEAR PHISHING ATTACK ON UKRAINE EXAMPLES NOV 2016 POWER GRID, DEC 2015 ©2017 Check Point Software Technologies Ltd. 56 THE THREAT PROLIFERATION OF KNOWLEDGE LANDSCAPE e.g. The Shadow Brokers

PLAYERS CYBER CRIMINALS STATE SPONSORED CYBER AGENCIES

CRITICAL INFRASTRUCTURE, LARGE TARGET CONSUMERS AND ENTERPRISE Mass infection, the more the better ENTERPRISES, C-LEVEL MANAGERS Targeted attacks

MOTIVATION MAKE MONEY CYBER WARFARE, CYBER TERRORISM, CYBER SUBVERSION, ESPIONAGE THE OUTCOME: MORE THREATSTHREATS, MOREGENERIC SOPHISTICATIONZERO-DAY SOPHISTICATION LEVEL MEDIUM VERY HIGH, WEAPON SYSTEMS

INVESTMENT LOW NATIONAL LEVEL BUDGETS

ATTACK ON SAN FRANCISCO MTA, SPEAR PHISHING ATTACK ON UKRAINE EXAMPLES NOV 2017 POWER GRID, DEC 2015 ©2017 Check Point Software Technologies Ltd. 57 Only TRADITIONAL of malware attacks can be detected by SECURITY PRODUCTS 45% Antivirus* ARE NOT ENOUGH Attackers bypass signature based security products by using unknown threats Polymorphic engines, permutations etc…

Cyber agencies evasive techniques bypass 1st generation sandboxes Time triggers, extended sleep, sandbox exposure, fast flux etc…

EMAIL WEB MOBILE DEVICES

Malicious Malicious Malware Phishing Malicious Malicious Phishing attachment links apps Networks

Gain admin permissions to run a shellcode on victim’s endpoint (laptop, desktop, mobile) 1 in order to download or install malware or encrypt/damage the endpoint 2 Then by lateral movements to gain access to the crown jewel ! Phishing attacks do not require any download of malicious code

BREACHED TO GAIN ACCESS TO

Laptop Data center/servers SCADA server Mobile

ENTERPRISE REMOTE NETWORK + EMPLOYEES CLOUD MOBILE Virtual Data Employees connected 3rd party cloud Employees connected from home using business services using mobile devices Centers laptop, personal mail such as Microsoft especially BYOD Employees connected and web Office 365 to corporate network using mail and web

©2017 Check Point Software Technologies Ltd. 61 CONCLUSION 1 When connected to Protecting the enterprise from corporate network advanced threats requires security that covers Remote employees: ANY ATTACK SURFACE At home using your endpoint

Using cloud business services

Inside or outside corporate network using mobile device

Protecting the enterprise from EMAIL advanced threats requires security that covers ALL ATTACK VECTORS WEB

MOBILE DEVICES

Attachments, web based malware and phishing websites

1 2 3 DETECT & FORENSIC PREVENT CONTAIN ANALYSIS

It is critical to use the best Contain attacks as soon as Effectively respond and detection engine together possible. Once infected the remediate. Address the real with real prevention cost of the attack will just business impact capabilities keep on rising Make sure the infection doesn’t come back

PROTECTING ALL SURFACES network remote cloud mobile employees

FROM ANY ATTACK VECTOR email web mobile threats

WITH 3 LINES OF DEFENSE

NGTX SANDBLAST SANDBLAST SANDBLAST GATEWAYS AGENT CLOUD MOBILE

ONE SECURITY CONSOLIDATED FOCUS ON PLATFORM MANAGEMENT THREAT PREVENTION

The world’s largest IoC database 250,000,000 addresses analyzed for bot discovery Real-time inputs from traffic per year across 100K customer’s security 11,000,000 malware gateways world wide signatures

USERS DEVICES APPLICATIONS DATA GATEWAYS PRIVATE PUBLIC VIRTUAL GW CLOUD CLOUD POWERED BY:

ThreatCloud Intelligence POD CSOC 250 MILLION BOT ADDRESSES 11 MILLION MALWARE SIGNATURES Private 5.5 MILLION INFECTED WEBSITES Operation STIX & System Feeds Maintenance Analyst

Delegate reports SENSE & Controls to Site ANALYZE and / or Sector PREVENT Sentry Sentry Sentry Sentry Sentry

[Internal Use] for Check Point employees WELCOME TO THE FUTURE OF CYBERSECURITY!

CONSOLIDATED CLOUD MOBILE THREAT PREVENTION SYSTEM

THE FIRST CONSOLIDATED SECURITY ACROSS NETWORKS, CLOUD, AND MOBILE, PROVIDING THE HIGHEST LEVEL OF THREAT PREVENTION