Post on 22-Feb-2017
transcript
©2015 Check Point Software Technologies Ltd. 1 ©2015 Check Point Software Technologies Ltd.
Check Point vSEC
Bezpečnostní řešení pro moderní datová centra
Peter Kovalčík
SE Manager, Check Point Software Technologies
©2015 Check Point Software Technologies Ltd. 2 [Protected] Non-confidential content
Who we are:
Established 1993
Stateful Inspection invented
Leader in Enterprise Security
Leader in Threat Protection Security
NSS Recommended
Best Management in a field
©2015 Check Point Software Technologies Ltd. 3
Commited for Best Security for our Customers (protecting against known, unknown and emerging threats…)
Secure All Business Platforms (physical, virtual, cloud, mobile, endpoint, scada …)
Best Management for maintaining complex security
(unified management of security policy for all platforms and protections)
The vision of Check Point
©2015 Check Point Software Technologies Ltd. 4
Bezpečnosť včera, dnes a zajtra
[Highly Restricted] ONLY for designated individuals
©2015 Check Point Software Technologies Ltd. 5
Včera
Firewall / ACL
Signature based attacks
Anti-virus
UTM
Dnes
Unknown malware attacks
Behavior based detections
Event correlation
Reporting
Mobile security
Datacenter security
Zajtra
SDN
Hybrid clouds
Operation efficiency
SCADA security
©2015 Check Point Software Technologies Ltd. 7
• Perimeter Gateway doesn’t protect traffic inside the data center
• Lack of security between applications
• Threats attack low-priority service and then move to critical systems
Modern threats can spread laterally inside the data
center,
moving from one application to another
CHALLENGE #1:
LATERAL THREATS
©2015 Check Point Software Technologies Ltd. 8
• New applications provisioned rapidly
• Virtual-app movement
• Change IP address
• Unpatched dormant VMs that wakes up
Traditional static security fail to protect dynamic
datacenter
CHALLENGE #2:
DYNAMIC CHANGES
©2015 Check Point Software Technologies Ltd. 9
Complex to manage different security products
in a multi-clouds environment?
CHALLENGE #3:
COMPLEX ENVIRONMENT
©2015 Check Point Software Technologies Ltd. 10 [Restricted] ONLY for designated groups and individuals
Ransomware rises
©2015 Check Point Software Technologies Ltd. 11
Source: Symantec: The evolution of ransomware
Ransomware Begins
What encrypts:
- Personal and Data files
- Local files
- File-shares available to pc
- Share data if not paid
Typical resolutions:
- Recover data from backup
- Use removal tools
- Re-image machine
©2015 Check Point Software Technologies Ltd. 12
Source: Symantec: The evolution of ransomware
Ransomware Evolution
“Silent encryption”:
- After few months – backups got
encrypted
New way of spread - worm:
- Spread as work
- Ransomware + Conficter
RansomWeb
- Encrypt web application DB on
the fly
- “Silent encryption”
- Encrypts DB + backups
©2015 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals
Anti-virus is dead
• Antivirus cannot detect ~55% of malware
• New malware is delivered as a zero-day attack
©2015 Check Point Software Technologies Ltd. 16
Hey, I can spin-up VMs in minutes. Why does it take a week to get network/firewall changes
State of Virtualization vs. Networking
©2015 Check Point Software Technologies Ltd. 17
Securing SDDC - goals
Better SECURITY
Better FLEXIBILITY
Better PERFORMANCE
©2015 Check Point Software Technologies Ltd. 18
Securing SDDC - goals
Increased visibility and control
DEEP inspection, CLOSE to applications
Security is natural part of modern SDDC design
Improved security policy management
avoid overhead by knowing CONTEXT
FLEXIBLE for application deployments and changes
Performance and scalability
SCALABLE - growing with datacenter growth
no choke point design
©2015 Check Point Software Technologies Ltd. 19
Building blocks
• Automated security provisioning (new ESXi hosts deployed with security from beginning)
• Transparent security insertion – configurable redirection to deep inspection engine
• Cloud management systems integration into Security Management – consume objects and state of NSX/vCenter (using SDDC context)
• Tagging VMs with security incidents
• API and CLI for security automation and orchestration
©2015 Check Point Software Technologies Ltd. 20
End-to-End Next Generation Security
All Protections
Across All business Platforms
Best in class Management
Firewall Application Control
IPS DLP Web Security
Anti-bot Threat Emulation
Antivirus Threat Extraction
Next Generation Firewall Malware Protection Zero-day protection Data protection
Document Security
Security Appliances Virtual Appliances and SDN Endpoint and Mobile devices
Centrally Managed Monitoring and Reporting Incident Response
©2015 Check Point Software Technologies Ltd. 21 [Protected] Non-confidential content
Datacenter Security Sensor
APP FW
DB FW
APP FW
APP FW
Front-End
Segments
Application
Segments
Database
Segments DC firewall layer
North-South
DC Security
Activity Monitoring
Check Point DC activity
monitoring sensor:
Ongoing attacks inside
DC (east-west traffic)
Botnet activities
Malware activities
Suspicious behavior
monitoring
Application flow
monitoring
Real-time segmented
views
Event correlation
Reporting and Alerting
20% of
all DC traffic
80% of
all DC traffic
Non-intrusive incident detection & response
©2015 Check Point Software Technologies Ltd. 25
Automatically & instantly scale vSEC to secure VMs on new host members
CHECK POINT vSEC AUTO-DEPLOYMENT
©2015 Check Point Software Technologies Ltd. 26
SECURITY FOR EAST-WEST TRAFFIC NSX chains Check Point vSEC gateway between VMs
Traffic between VMs goes through VMware NSX and Check Point vSEC gateways
©2015 Check Point Software Technologies Ltd. 27
Use vSEC for Advanced Threat Prevention inside data center
PREVENT LATERAL THREATS
©2015 Check Point Software Technologies Ltd. 28
UNIFIED MANAGEMENT
Use Check Point unified management for consistent policy control and threat visibility across virtual and perimeter gateways
©2015 Check Point Software Technologies Ltd. 29
APPLICATION-AWARE POLICY
Check Point Access Policy
Rule From To Service Action
3 WEB_VM
(vCenter Object)
Database
(NSX SecGroup) SQL Allow
Use Fine-grained security policies tied to NSX Security Groups and Virtual Machine identities
Check Point dynamically fetches objects from NSX and vCenter
©2015 Check Point Software Technologies Ltd. 30
SHARED-CONTEXT POLICY
NSX Policy
From To Action
Infected VM (Tagged by Check Point)
Any Quarantine
Shared security context between vSEC and NSX Manager to automatically quarantine and trigger remediation by other services
Check Point tags infected Virtual Machines in NSX manager
©2015 Check Point Software Technologies Ltd. 31
Use Check Point SmartEvent to monitor and investigate threats across north-south and east-west traffic
THREAT VISIBILITY INSIDE THE DATACENTER
4800
12400
Infected Virtual Machines
VM Identity Severity Date
VM_Web_22 High 3:22:12 2/4/2015
VM_DB_12 High 5:22:12 2/4/2015
VM_AD_15 Medium 5:28:12 2/4/2015
VM_SAP_34 Medium 7:28:12 2/4/2015
©2015 Check Point Software Technologies Ltd. 33
Securing SDDC - values
Increased visibility and control DEEP inspection, CLOSE to applications
existing and proved tools known to customers – same CP tools customer knows and adopted for DC
Improved security policy management avoid overhead by knowing CONTEXT
FLEXIBLE for application deployments and changes
smoother cooperation within customer’s teams
Performance and scalability SCALABLE - growing with datacenter growth
no choke point design
East-West security is complementary to existing North-South solution