SECURITY

BEYOND THE PERIMETER

Protecting devices, Securing data

Wahyu Pamungkas | SE Consultant

AGENDA

1 Outside your Perimeter

2 New Realities need New

Protections
- Smartphones &
Tablets
- Laptops
- Cloud Applications

3 Importance of Zero-Day
threat prevention
4 Consolidated Threat
Intelligence

©2018 Check Point Software Technologies Ltd. 2

OUTSIDE YOUR PERIMETER
Your IT architecture has evolved – Your security must evolve as well

Business Yesterday Business Today

BEYOND YOUR
PERIMETER …
Securing the perimeter was simple
and highly effective.

Attackers have shifted their

focus to easier targets.
BEYOND YOUR
PERIMETER IS AN
ATTACKER’S PARADISE

Less security outside the

perimeter
Mixture of “personal” and
“business” on the same device
Employees act more carefree
when not in the office
Hackers find it easier to exploit
these weaknesses
Common attack vectors used by attackers
Surfaces
Malicious Man in the
E-Mail File Share
Network Middle

Account
Web Phishing
Take Over
LAPTOPS

Malicious Man in the

E-Mail File Share
Network Middle

Malicious Account
SMARTPHONES & Web Phishing
Application Take Over
TABLETS

E-Mail File Share

Malicious Account
Phishing
CLOUD Application Take Over
APPLICATIONS

©2018 Check Point Software Technologies Ltd. 6

TARGETED MOBILE ATTACK
Step1: Set the trap
Victim connects to a “friendly” hotspot; Or..

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
TARGETED MOBILE ATTACK
Step2: Infect your device and/or tap your network
Victim is tricked to download a “legitimate” app
in order to take control over the phone

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
TARGETED MOBILE ATTACK
Step 3: Collect Data
Attacker gets full remote control over the device, steals passwords,
mail, identify the location and use the recorder and camera per need

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
TARGETED MOBILE ATTACK
Step 4: Create devastating damage
Attacker takes over your accounts, he has unlimited opportunities,
steal private and corporate data, access your cloud apps

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
MULTI-VECTOR ATTACK
Step 1: Phishing scam for Account Takeover
Phishing mail requesting to update your O365 credentials

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
MULTI-VECTOR ATTACK
Step 1: Phishing scam for Account Takeover
Clicking the link leads to a malicious phishing web site

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
MULTI-VECTOR ATTACK
Step 1: Phishing scam for Account Takeover
Victim is tricked to use his credential and account take over
succeeded

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
MULTI-VECTOR ATTACK
Step 2: Shifting to a whaling attack
Attacker uses the stolen account and send wire transfer request
for the CFO, using the Victim e-mail account

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
MULTI-VECTOR ATTACK
Step 2: Shifting to a whaling attack
Wire transfer completed

Phishing Man in the

Middle

File
Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Click to Enlarge
CONNECTING THE DOTS
Unlimited paths to take control of your assets

Phishing Man in the

Middle

File Share

Mail Account Take

Over

Malicious
Application

Malicious
Web Network
Traditional Protections are insufficient

Signatures and Reputation do not Polymorphic attacks

protect against zero-day attacks designed to avoid
Zero-day Viruses - Only 45% of and evade 1st Gen
malware attacks can be detected sandboxes
by AV* (source: theguardian.com)
Zero-day URLS – Recently
established Phishing URLs have no
reputation
Zero-day malicious mobile
applications

©2018 Check Point Software Technologies Ltd. 17

Traditional Protections are insufficient

Smartphones & Tablets Increased prevalence Attacks use credential

Operating System of Application malware theft to drive phishing
security – vast majority Google Play’s app and whaling attacks
are out of date vetting is insufficient; Employees quick to click
78% of devices are malware also found in and download
running on older O/S AppStore
81% of breaches involve
with known weak or stolen
vulnerabilities credentials

©2018 Check Point Software Technologies Ltd. 18

A Modern
Security Paradigm
is Needed
Advanced detection engines that continuously
learn and evolve
• (Dynamic Analysis, Evasion resistant, Machine learning, AI,
Big Data)
Take security decisions in real-time
• Blocks Zero-day Viruses
• Blocks malicious URLs with no reputation
• Blocks malicious apps with no reputation

©2018 Check Point Software Technologies Ltd. 19

 A Modern
Security Paradigm
is Needed
Consolidate threat intelligence from multiple
attack vectors
Prevent malicious attacks, not just detect them
Protect against careless end user behaviour

©2018 Check Point Software Technologies Ltd. 20

 Welcome to the future of Cyber Security
Introducing:

©2018 Check Point Software Technologies Ltd. 21

Security Beyond the Perimeter,
Protecting Devices, Security Data

Cloud Apps Laptops Smartphones &

Tablets

Integrated Threat Intelligence

INTRODUCING:

“SandBlast Mobile offers application scanning ..

combined with network and device anomaly
detection…for anti-phishing, safe browsing and
URL filtering.” (Gartner 2018)

©2018 Check Point Software Technologies Ltd. 23

The Mobile World has Changed
What has Changed?
65% of employee web
browsing is from mobile
devices
Employees access corporate
data from smartphones
Mobile Phishing is on the rise
Smartphones being used for
both personal and business
Corporate web browsing
policies need to be
applied to mobile devices
The Impact to Us
Increases our exposure to
malicious sites and downloads
Minimal security on devices leaves
mobile data highly exposed to theft
Much harder to detect phishing on
a mobile device
Corporate data further exposed
due to employee actions on
personal devices
Risk of regulatory fines and
reputational risk
Mobile Threats

Applications Network Device

Infected apps coming Rogue Wi-Fi exposes us Older O/S versions can
from Google Play & App to Man in the Middle be attacked with known
Store attacks exploits
Sideloaded apps likely to Phishing & Malicious Poor device
be malicious URLs can steal our configuration increases
0-day Application credentials and other exposure to attack
malware can take sensitive data Jailbroken / Rooted
control of device Phone calls and SMS are devices are left with
vulnerable to ZERO security
eavesdropping

©2018 Check Point Software Technologies Ltd. 25

 Total protection for Smartphones
and Tablets
Covers Corporate and Personal
devices
Cloud-based infrastructure and
administration
Easy and quick to implement
Full integration with MDM/EMM
Best Malware Protection in
industry

©2018 Check Point Software Technologies Ltd. 26

Protects against Zero Prevents Man In the Blocks Phishing links in
Day Malware and Middle Attacks over Wi- SMS, Social Media and
Infected Apps Fi Web Browsers

Restricts access to Prevents O/S Exploits Identifies and blocks

corporate email and and Device malicious Command &
other resources in case Misconfigurations Control communication
of device compromise channels

©2018 Check Point Software Technologies Ltd. 27

 How it Works
Cloud Analysis
App Reputation
Basic App Investigation
Advanced Static Analysis
Advanced Dynamic Analysis

On-Device Analysis
Machine Learning-based App Detection
Man-in-the-Middle Analysis
Jailbreaking / Rooting Detection
Malicious URL / Phishing* Real Time Intelligence
Download Prevention Policy, Monitoring &
Control
©2018 Check Point Software Technologies Ltd. 28
 Advanced Threat
Prevention for laptops in
INTRODUCING: a single agent

“ For customers looking for a

solid combination of new
technology and traditional
suite capabilities in a single
console, Check Point should

”
easily make the shortlist
(Forrester – Wave Report,
June 2018)
LAPTOP SECURITY
REQUIRES A HOLISTIC
SOLUTION
Employees are connecting
remotely from outside the
secured perimeter
They are being targeted while
working remotely
Malware has become polymorphic, it also
spreads via lateral movement, evading
traditional Anti-Virus engines
Such sophisticated malware can only be
prevented by advanced engines
Signature only agents are insufficient

WHAT ARE YOU DOING TO

CLOSE THIS GAP?
 SandBlast Agent
Adds Advanced Threat File Emulation and File Integrates multiple AI
Prevention to your Sanitization based behavioral
traditional AV Agents engines - On device
and in the Cloud

Prevents 0-day Phishing Detects and Protects your laptops

attacks and malicious quarantines infected from Ransomware
web downloads devices including full file
restoration

Automated Forensic
and Remediation (EDR)

©2018 Check Point Software Technologies Ltd. 32

New! SandBlast Agent in multiple flavors
SandBlast for Educations SandBlast Agent for MAC
on Chromebooks ̶ Advanced Threat Prevention
̶ Anti-Bullying with file emulation and Coming
extraction Soon!
̶ URL Filtering & Safe Search
̶ Browser Extension VDI
̶ Phishing & Password Reuse
Prevention ̶ Anti- Ransomware support
̶ Threat Extraction ̶ Phishing & Password Reuse
Prevention

©2018 Check Point Software Technologies Ltd. 33

360 degrees Security in a single agent
Augments your legacy laptop security with advanced Zero Day prevention

Threat Threat
Emulation Extraction

Forensics Anti-Bot

Full Attack
Chain URL
Remediation Filtering

Automated Anti
Incident Analysis Ransomware
Reports

Behavioral
Guard (AI) Zero-
Phishing
CADET Anti-
(AI) Exploit
(AI)

©2018 Check Point Software Technologies Ltd. 34

360 degrees Security in a single agent
Consolidating all security modules into one single agent

External
Document
Media
Encryption
encryption
Full Disk Document
Encryption Access
Control

Port
Protection

Anti- End Point

Malware FireWall

Application
Control
End Point
EndPoint
IPsec and
Compliance
SSL VPN

©2018 Check Point Software Technologies Ltd. 35

INTRODUCING: Protects SaaS
Applications
Protecting your employees
when connecting to your
cloud apps.
Using your Cloud Applications securely

Cloud applications are being used daily

(O365, G-Suite, SalesForce, Box)
These applications become an attack vector to
your corporate network
• Via Mail using malicious files and links
Cloud applications are vulnerable to Account
Takeover and data breaches

©2018 Check Point Software Technologies Ltd. 37

 The four security elements of CloudGuard SaaS
Agent and Agentless Stop Phishing e-mails

2 Identity Protection
for secure
authentication
3 for O365 and G-Suite

Allows secure connection

from any surface (web,
mobile and End Point)

Leading Zero day Full visibility and

1 Threat Prevention
using advanced
engines
4 control over your
cloud application
security events
Analyzes attacks as well
date leakage incidents and
shadow IT apps

Simple, intuitive and can be deployed in minutes!

©2018 Check Point Software Technologies Ltd. 38
 Azure
How It Works: AD

Authentication
Identity Protection

Advanced Threat APIs

Zero-day Data Leakage Reveal
Threats Prevention Shadow IT Prevention
Protection

Anti-
Phishing

Intuitive Cloud
Intelligence Management Risk Profile
Agent and
Agentless

©2018 Check Point Software Technologies Ltd. 39

 CLOUDGUARD SAAS
IDENTITY PROTECTION

IDENTITY PROTECTION
• ID-Guard technology identifies imposturous access
• Blocks unauthorized users and devices, on mobile and PCs

©2018 Check Point Software Technologies Ltd. 40

ACCOUNT TAKEOVER
WHAT IT LOOKS LIKE:
Hacker

Accesses App

Stolen
credentials

Identity Provider
ADFS, AzureAD, Okta

©2018 Check Point Software Technologies Ltd. 41

PREVENT ACCOUNT
TAKEOVER WITH
Identifies Device
CLOUDGUARD SAAS
Employee

IDENTITY PROTECTION
Accesses Identity
app Provider

Identifies Device
Hacker Illegitimate Login

Attempts
Identity
to access
Provider
with
Stolen ID

©2018 Check Point Software Technologies Ltd. 42

PREVENT ACCOUNT
TAKEOVER WITH
CLOUDGUARD SAAS
IDENTITY PROTECTION
Agentless Mode
Hacker

Attempts to
access with Identity
stolen ID Provider
Intelligence

©2018 Check Point Software Technologies Ltd. 43

 Consolidated Security Architecture protecting:

Cloud
Laptops SmartPhones Applications

Leveraging the best suite of detection engines

Focus on prevention and remediation
The richest ThreatCloud database of IOCs
Shared intelligence powered by ThreatCloud
Emulates more than 4
Translates threat million files per day
intelligence data from
100M gateways and end Stops 7,000 zero-day attacks
points around the world
into actionable security per Day
protections.
ThreatCloud passes 86
billion IOCs per day

Powered by AI engines

©2018 Check Point Software Technologies Ltd. 45

Beyond the Perimeter
Encourage your customers to read about our global success

©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 46
Summary

Security Beyond the Protecting Laptops, Prevent targeted attacks

perimeter guarding Smartphones and on Cloud application
devices, securing data Tablets and cloud based e-mails