ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be...

1©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 1

Winston Lalgee

Check Point Software

Security Engineering Manager – New York

wlalgee@checkpoint.com

WITH CHECK POINT INFINITYABSOLUTE ZERO TRUST SECURITY

2©2019 Check Point Software Technologies Ltd.

How is it achieved?What it is?What it’s not?

Understanding Zero Trust

• Not a product or service

• Not an IT only project

• Not about getting rid of firewalls

• Architectural perspective

• Never trust, always verify

• Simplifying security to increase adoption

• Designing with a business purpose in mind

• Leveraging the experience and expertise of partners, vendors and staff

• Not treating it as a one-off project

3©2019 Check Point Software Technologies Ltd.

THE ENVIRONMENT IS CHANGING ATTACK SURFACES ARE WIDENING

Safe

EVERYTHINGINSIDE THE PERIMETER

CAN BE TRUSTED

Now the perimeter iEVERYWHERE.Who can I trust?

BUSINESSES YESTERDAY BUSINESSES TODAY

Everything INSIDE THE PERIMETER

Can be trusted

The perimeter is EVERYWHEREWho can I trust?

4©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 4

WORKLOADS

DEVICES PEOPLE

NETWORKSDATA

ZERO TRUST SECURITY: THE 7 PRINCIPLESAFFECT EVERY ASPECT OF YOUR IT INFRASTRUCTURE

AUTOMATION & ORCHESTRATION

VISIBILITY & ANALYTICS

Based on the Extended Zero Trust Security Model by Forrester

5©2019 Check Point Software Technologies Ltd.

ZERO TRUST IMPLEMTATION USE CASE

6©2019 Check Point Software Technologies Ltd.

Analytics & Visibility

Automation & Orchestration

Zero-Trust Users, Data & Devices

Zero-Trust Workloads & Data

Zero-Trust Workloads & Data

Zero-Trust NetworkZero-Trust

Users, Data & Devices

Zero-Trust

Network

Zero-Trust

Devices & Data

7©2019 Check Point Software Technologies Ltd.

Applications

Zones

IT

ZERO TRUST FOR NETWORKSPREVENT MALICIOUS LATERAL MOVEMENT WITH GRANULAR NETWORK SEGMENTATION

CHECK POINT APPLICATION CONTROL

IoT/ OT

LAN

Cloud

CHECK POINT SECURITY GATEWAYS

Limit usage of ~8000 applications, and features within them

Enforce Granular Access Policyacross all environments

Allow access only to specific users

CHECK POINT IDENTITY AWARENESS

8©2019 Check Point Software Technologies Ltd.

Containers

Functions

ZERO TRUST WORKLOADSPROTECT YOUR WORKLOADS WITH EXTENDED VISIBILITY AND ADAPTABLE POLICY

CHECK POINT CLOUDGUARD

VM Single policy to securely connect the clouds

Identifies and remediates misconfigurations and security gaps

Quickly responds to changes with adaptive policy

Threat Emulation

Anti-virus

IPS

THREAT PREVENTION

9©2020 Check Point Software Technologies Ltd.

• CloudGuard Dome 9 – Clarity Asset View

• Nodes are assets• Lines are connections• Arranged in swimlanes

ZERO TRUST WORKLOADS

10©2019 Check Point Software Technologies Ltd.

ZERO TRUST PEOPLEUSE CONTEXT-AWARE AUTHORIZATION TO PROTECT AGAINST IDENTITY-THIEVES

SINGLE SIGN ON (SSO)Integrate with multiple Directories

1

2

CHECK POINT IDENTITY AWARNESS

3

4ANOMALY DETECTION• Unfamiliar device• Unusual geo-location• Unusual time, …

x

CONTEXT INSPECTION• Connection type• Time of connection• Geo-location• Device

MULTI FACTOR AUTHENTICATION (MFA)

ISE

11©2019 Check Point Software Technologies Ltd.

ZERO TRUST DEVICESPROTECT ALL DEVICES FROM THREATS, AND ISOLATE THEM IF COMPROMISED

• Zero-day malware

• Phishing

• Anti-bot

• And more…

YOUR DATAAnti-botThreat

ExtractionThreat

Emulation

Anti-virus IPS

NETWORK-BASED THREAT PREVENTION

DEVICE SECURITY POSTURE INSPECTION

• Malware infected?

• Rooted/jailbroken?

• Anti Bot/Virus installed?

• Full Data Encryption Installed?

ADVANCED ENDPOINT THREAT PREVENTION

Smart Building Devices

CHECK POINT IoT SECURITY

Smart Office DevicesIndustrial Control Systems

Medical Devices

12©2019 Check Point Software Technologies Ltd.

ZERO TRUST DATACLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER IT IS

DATA LOSS PREVENTION

DATA IN USE

CLOUDGUARD SAAS

DATA AT REST

CAPSULE DOCS

FULL DISK ENCRYPTION

REMOVABLE MEDIA ENCRYPTION

CAPSULE WORKSTATION

110101010101010101010110101010100101010111

DATA IN TRANSIT

DATA LOSS PREVENTION

DATA ENCRYPTION (VPN IPSEC/SSL)

COMPLIANCE

CONTENT AWARENESS

13©2019 Check Point Software Technologies Ltd.

VISIBILITY & ANALYTICSQUICKLY DETECT AND MITIGATE THREATS WITH A SINGLE VIEW INTO SECURITY RISKS

Centralized Security Management

Identify suspicious activity and track trends

Investigate events with real time forensics

Real-time visibility into billions of log records

Follow compliance to corporate policy and Data Protection regulations

14©2019 Check Point Software Technologies Ltd.

Public & Private Cloud

AUTOMATION & ORCHESTRATIONAUTOMATE ALL SECURITY TASKS TO IMPROVE INCIDENT RESPONSE AND AGILITY

Security procedure automation

Update of objects and policy rules

Reduce Security Admin Workload

Admin role delegation

Incident Response (IR) and Ticket Enrichment

Changes of access policy rules

Automate Incident Detection & Remediation

Quarantining devices/users

15©2019 Check Point Software Technologies Ltd.

CHECK POINT INFINITY A CONSOLIDATED ZERO TRUST SECURITY ARCHITECURE

16©2019 Check Point Software Technologies Ltd.

• TRUST NO ONE

• Check Point Infinity – a Consolidated Zero Trust Architecture

• The Industry’s First Zero Trust Security Workshop

Summary

[Internal Use] for Check Point employees

STAY

SAFE

AND

TRUST

NO ONE or Anything

Winston Lalgee

Check Point Software

Security Engineering Manager – New York

wlalgee@checkpoint.com