How UTM-1, DLP and Application Control Protect your IT environment

(1)

How UTM-1, DLP and

Application Control Protect

your IT environment

Louis Cheung

Security Consultant

CISSP, CISA

(2)

Agenda



Security Evolution



What’s new on UTM-1 Appliance



New Software blades



DLP



Application Control

(3)

3

Security Evolution

In the past

there were

few security

challenges…

… and few solutions

The Internet

grew… and so

did security.

(4)

15 different point products

(5)

5

The Security Maze

(6)

The Security Maze

(7)

7

The Security Maze

(8)

Performance

needs

NETWORK SECURITY

Today Challenge

Investment Cost

Operation Cost

Product lifecycle

Firewall

VPN

IPS

Web Filtering

Anti-malware

Email Protection

SSL VPN

DLP & more …

Security

needs

Number of users

Applications

Internet bandwidth

(9)

What’s New in UTM-1

R71

(10)

R71 – AV and URLF Performance boost

Anti Virus & Anti Malware



Introduce new industry-leading AV engine by Kaspersky



New Stream mode uses kernel stream



Performance is significantly higher



Improve stability and memory consumption

URL Filtering



Introduce enhanced URL Filtering engine



Move to a new kernel architecture



Performance is significantly higher eliminates the limitation of

concurrent connections



Improve stability and memory consumption.



Support wild characters (‘*’) in Allow/Block lists

(11)

Patented Acceleration Technology:

SecureXL



Accelerated path, optimized

security-processing tier. Accelerates packet and session



Hardware:

IP ADP (former Nokia)



Performance Pack (SecurePlatform, Crossbeam)



IPSO SecureXL software implementation

Acceleration

Thr

oug

hpu

t

CPS

Performance

(12)

R71 UTM-1 Boost

UTM-1 276

UTM-1 1076

Maximum

Performance

and Capacity

R70

R71

Boost

R70

R71

Boost

FW (1518

bytes), Mbps

600 1,500

X2.5

2,000

3,000

x1.5

IPS Throughput

- Default

Protections,

Mbps

380 1,

0

00 X2.6

900 2,

2

00 X2.7

Anti-Virus,

Mbps

30

120 X4

75

300 X4

Connection rate

(cps)

3,400

10,000

X2.9

8,800

25,000

X2.8

Max concurrent

HTTP

AV & URLF

2,500

50,000

X20

4,000

110,000

X27

(13)

Raising the Bar on UTM-1 Performance

Fire

w

a

ll

throu

ghpu

t

(Gbp

s

)

5

0

4

3

2

1 UTM-1 2076

UTM-1 1076

UTM-1 576

UTM-1 276

UTM-1 136

SMB to medium branch

Small office or branch

Up to 4x

Firewall

throughput improvement

with SW update only!!!

(14)

Security Enhancement:

DLP

(15)

Data Loss Prevention

What is DLP?

[email protected]

Corporate Strategy

Green World Strategy Plan 2010

E-mail sent to the wrong

recipient, intentionally or by

mistake.

Data breaches have happened to all of us

Company document uploaded

to an external website.

(16)

How Does Check Point DLP Work?

Simple Rule-based Policy Management

MultiSpect

™

Detection Engine

(17)

Item

No.

Name

Social

Security

Number

Job Title

Gross Pay

1 John Smith

987-65-4320

CEO

$200,000

2 Kevin Brian

987-65-4221

VP R&D

$150,000

3 Margret

White

769-65-7522

VP

Marketing

$153,000

4 Bob Johns

342-62-3323

CFO

$140,000

5 Mike Riddle

777-43-4324

COO

$180,000

Correlates data from multiple

sources using open language

New MultiSpect

™

Technology

MultiSpect Detection Engine

Detects more than 600 file formats

600+ File Formats

250+ Data Types

Over 250 pre-defined

content data types

Detect and recognize proprietary

forms and templates

(18)

DLP Has Not Yet Been Solved!

Technology

Challenge

Computers can not

reliably understand

human content and

context

IT Staff

Challenge

Burden of incident

handling

Exposure to

sensitive data

(19)

Check Point Makes DLP Work

[email protected]

Corporate Strategy

John,

Let’s review the corporate strategy in our

morning meeting.

Green World Strategy Plan 2010

‘John’ <[email protected]>

[email protected]

Confidential

data sent to the

wrong recipient!

Data Loss Prevention Alert

An email that you have just sent has been

quarantined.

Reason: attached document contains

confidential internal data

The message is being held until further action.

Send

,

Discard

, or

Review Issue

User prompted

to take action

User remediates

(20)

John,

Let’s review the corporate strategy in

our morning meeting.

Green World Strategy Plan 2010

[email protected]

Corporate Strategy

Data Loss Prevention Alert

An email that you have just sent has been

quarantined.

Reason: attached document contains

confidential internal data

The message is being held until further

action.

Send

,

Discard

, or

Review Issue

Introducing Check Point

Data Loss Prevention

Educate

Users on corporate

data policies

Enforce

Data loss

business processes

Prevent

Move from detection

to prevention

Check Point Combines Technology

(21)

Check Point Solves the DLP Challenge

Technology Challenge

Empowers users to

remediate

incidents in real time

IT Staff Challenge

Educates users on DLP policies

without involving IT staff

(22)

Ease-of-Deployment

Dedicated Appliance

Software Blade

Network-based

Inline Solution

On Existing Gateways or

Open Servers

Be Up and Running

Day-1!

(23)

Check Point DLP At-A-Glance

Move from Detection to Prevention

Scaling from hundred to thousands

of users

Supporting HTTP, SMTP and FTP protocols

Inline network-based Software Blade

running on any existing Check Point gateway

UserCheck notification using either thin agent or

a returning email to the user

Proactively block intentional and

unintentional data loss

(24)

The Problem with Internet Applications

Malware

Threats

Productivity

Loss

Bandwidth

Hogging

(25)

Introducing

Check Point Application Control

Software Blade

Detect and control application usage

Available on EVERY gateway

Available Soon

AppWiki—Industry’s largest library

with over 50,000 applications

(26)

Introducing Check Point AppWiki

Over

4,500

applications

Over

50,000

social-network widgets

Grouped in over

150

(including Web 2.0, IM, P2P, Voice & Video, File Share)

http://appwiki.checkpoint.com/appwiki/applications.htm

World’s largest

Application Classification Library

Unparalleled

(27)

► Measures the potential risk

Granular Application Categorization

► IM

► Web conferencing

► Gaming….

► Share files

► High bandwidth

► Use stealth techniques…

Security

Risk

Advanced

Properties

Application

Type

(28)

User and Machine Awareness

User identification with both agent-based and

seamless, agentless

Active Directory

integration

Machine-aware

Corporate Active Directory

Security Gateway

User- and group-aware

Includes User

Identification

(29)

Application Detection and

Usage Controls

Identify, allow, block

or

limit usage

of

applications at user or group level

Enable access for

support team

Application Detection

and Usage Controls

(30)

Practical Implementation

Traditional security policies are suitable for

clear-cut cases

Involve end-users using multiple policy actions

Accept /

Drop

Allow but inform the user about the risks

Inform

Learn usage patterns to create better policies

Ask

Use to preserve resources (bandwidth) or

control acceptable use

(31)

Certifications



ICSA



CC EAL4



VPNC

(32)

Awards

(33)

The vision, More, Better and Simpler

VPN

UTM

services

IPS

Application

control

DLP

SSL

VPN

Future

technology

Future

technology

Future

technology

(34)