Documente Academic
Documente Profesional
Documente Cultură
2
17
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 2
EXECUTIVE SUMMARY
Like any multinational company, ABC law firm handles a lot of confidential
information for their clients. They need to be able to share information
across their network without risking a security breach. In the past,
whenever the firm experienced a new type of attack the security team
added a new dedicated security product. This eventually led to a security
architecture that is a “patchwork” of nine different point solution vendors
without effective centralized management.
In this Use Case scenario we use the anatomy of a real cyber attack to
contrast the point solution approach with a consolidated cybersecurity
architecture. We outline the attack flow, the security gaps that allowed
the attack to be successful, and what is needed to fill those gaps. We
demonstrate how, by adopting a consolidated approach with the Check
Point Infinity Security Architecture, ABC firm was able to seal substantial
security gaps and gain pre-emptive protection against even advanced
fifth generation attacks, all while increasing operational efficiency and
reducing security costs.
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 3
THE PROBLEM
ABC LAW FIRM WAS A VICTIM OF A DATA BREACH
BACKGROUND: ABC law firm operates 10 offices across US and Europe with almost 1,000 employees.
It represents high level clients—from Fortune 500 companies to trade associations in
high-stakes regulatory and litigation matters..
THE ATTACK: The attack compromised sensitive information of more than hundred legal cases. A
hacker got into the company’s network using a compromised mobile device of one of
the employees, and had completed inside access for 60 days, during which time he was
able to make his way into the customer database application.
• 68% of breaches
infected hundreds of additional workstations; one of them was a
workstation of an IT admin. Using this IT admin’s compromised
workstation, the attacker managed to obtain privileged access to took months or
a virtual machine in the public cloud that the customer database longer to discover 3
was stored on.
1
2017 Verizon DBIR
2
2016 IDC research
3
2018 Verizon DBIR
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 4
THE CAUSE
A SECURITY INFRASTRUCTURE FULL OF HOLES
In the past, whenever the firm experienced a new type of attack the security team added a new dedicated security
product.This eventually led to a security architecture that is a point solution “patchwork” of nine different
vendors without centralized management. Furthermore, the company never invested in a comprehensive
mobile security solution as they believed their MDM solution was providing sufficient security. The table in
figure 2 describes the security coverage that the previous security infrastructure was providing against the
growing matrix of attack vectors and surfaces the company was experiencing.
Email Vendor 3
Vendor 4
Web
Vendor 5
File sharing
Vendor 6
Phishing Vendor 7
98% of the cyber security industry 58% took more than Only 23% say
experienced a significant 24 hours to start their security teams
cyber threat in the past 3 years remediation of threat are fully up-to-date
Source: Operational Efficiency Report Dimensional Research
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 5
THE NEED
A future-proof security infrastructure that can preemptively
protect against advanced multi-vector cyber-attacks
across networks, cloud, endpoints and mobile devices.
REGULATION COMPLIANCE
The security team must have full visibility into compliance status with regulations
such as GDPR, HIPAA, NIST.
OPERATIONAL EFFICIENCY
The new infrastructure must be easily managed by a relatively small security
team with limited resources.
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 6
THE SOLUTION
A CONSOLIDATED CYBER SECURIT Y ARCHITECTURE
ABC company has re-architected their security based on Check Point Infinity. Check Point Infinity is the industry’s
only consolidated cyber security architecture that protects the entire IT infrastructure againstWfifth generation
ELCOME TO THE FUTURE
advanced cyber-attacks across all networks, endpoints, cloud and mobile. Its main features include: OF CYBER SECURITY
THREAT
• Advanced threat prevention against MOBILE
INTELLIGENCE
CLOUD
•
Real-time threat intelligence
(ThreatCloud) – automatically shared
MULTIVECTOR CONTROLS,
ENDPOINT
across all networks, endpoint, cloud UNIFIED ARCHITECTURE
NETWORK
protecting” advantage.
• A centralized security management enabling the security team to manage security events in real-time
through a single pane of glass. It correlates all types of events from all enforcement points, including end-
points to identify suspicious activity, track trends and investigate/mitigate events.
SW + + + = $
Network Security Hardware Training 24x7 Price
Mobile Protection Incident Response Premium Per User
Endpoint Protection Professional Services Support Per Year
Cloud Protection
Threat Prevention
THE RESULT
TOTAL PROTECTION AGAINST ADVANCED FIFTH GENERATION ATTACKS
Check Point Infinity
consolidates many func-
tions and technologies
into a single system
that preemptively pro-
ATTACK SURFACE
tects against the most
sophisticated fifth gen- ATTACK VECTORS Network Endpoint Cloud Mobile
eration attacks, across
Email
all networks, cloud,
(public & private), end- Web
points and mobile devic-
File sharing
es. The table in figure 5
demonstrates the cur- Phishing
rent security coverage
Man in the middle
of ABC firm against the
entire matrix of growing Malicious apps
attack vectors and at-
tack surfaces. Figure 5: Company ABC’s Security Coverage vs. Solutions
Following this attack, ABC firm asked for a demonstration of Check Point Infinity. We were able to show how
Infinity could have stopped the attack in its early stages. Specifically, advanced threat prevention for mobile
devices would have detected the malicious file in advance and would have blocked the download, keeping the
“Trojan Horse” malware off the mobile device of the employee. This would have prevented from the hacker to
attack the other employee workstations, stopping the attack from moving laterally in the network. Even had
the hacker found a way to continue the attack, Infinity’s automated protections would have stopped it all at
once, after gaining Threat Cloud’s instant alerts on mentioned mobile attack, which included a File Hash and
C&C server address.
Breach
was
detected
D
KE
D
KE
D
KE
D
KE
D
KE
D TE
EN
OC OC OC OC OC RE
V
BL BL BL BL BL P
THE SAVINGS
50% IMPROVEMENT IN OPERATIONAL EFFICIENCY AND 20% REDUCTION
IN SECURIT Y COSTS
1. OPERATIONAL EFFICIENCY – 50% REDUCTION IN HUMAN INVESTMENT
Six dimensions of the Infinity architecture drive down operational overhead and therefore have direct impact
on security man hours:
• Fewer products to deploy and manage – Infinity consolidates many security functions into a single system,
which results in simpler architectures, fewer points of failure, and less risk associated with upgrades and
patches. It also simplifies procurement and training.
• Single management and unified policy – Eliminates costs of deploying and maintaining parallel management
infrastructures. Enables simple creation and deployment of a unified policy across the architecture.
• Threat response – Consolidated event viewer and cyber-attack dashboards reduce staff overhead for
monitoring and incident response. In addition, the Infinity “self-protection” advantage, powered by
ThreatCloud, takes the pressure off security teams when an incident occurs, allowing them to focus on
recovery and less on trying to contain the outbreak.
• Role delegation – Delegates policy management to relevant organizations, reducing unnecessary
communication and coordination.
• Compliance – Compliance validation and audits for multiple standards such as GDPR, HIPAA, NIST become
a simple and painless exercise. The security team uses a regulatory dashboard where compliance violations
are flagged immediately, and recommended remediation actions are provided.
• Simplified integrations – Infinity acts as a single integration point for infrastructure, reporting, and incident
response. This enables integrations that are simpler, and therefore easier and less expensive to build and
maintain. This also reduces friction with other departments, as it is much easier for the security team to
support the security integrations necessary to protect the business.
2. SIMPLE, PREDICTABLE
20%
Mobile Infinity
CONSUMPTION MODEL –
Cloud Vendor 9
20% REDUCTION IN
Vendor 8
SECURIT Y SPEND
Endpoint Vendor 7
Consolidating to a single archi-
tecture has reduced the security Vendor 6
total cost of ownership by 20%. Vendor 5
The chart on the right compares
Vendor 4
the annual security spends of
ABC law firm before and after Network Vendor 3
deploying Infinity Total Protection. Vendor 2
Vendor 1
SUMMARY
By implementing the Check Point Infinity Architecture as a consolidated security solution, Company ABC
achieved a stronger security level while increasing operational efficiency and also benefited from a 20%
reduction in annual security costs.
To learn more about Check Point Infinity and Infinity Total Protection please visit:
checkpoint.com/infinity
CONTACT US
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 |
Email: info@checkpoint.com
U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070
Tel: 800-429-439 | 650-628-2000 | Fax: 650-654-4233 |
checkpoint.com