16
1 ©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 1 Winston Lalgee Check Point Software Security Engineering Manager – New York [email protected] WITH CHECK POINT INFINITY ABSOLUTE ZERO TRUST SECURITY

ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

1©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 1

Winston Lalgee

Check Point Software

Security Engineering Manager – New York

[email protected]

WITH CHECK POINT INFINITYABSOLUTE ZERO TRUST SECURITY

Page 2: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

2©2019 Check Point Software Technologies Ltd.

How is it achieved?What it is?What it’s not?

Understanding Zero Trust

• Not a product or service

• Not an IT only project

• Not about getting rid of firewalls

• Architectural perspective

• Never trust, always verify

• Simplifying security to increase adoption

• Designing with a business purpose in mind

• Leveraging the experience and expertise of partners, vendors and staff

• Not treating it as a one-off project

Page 3: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

3©2019 Check Point Software Technologies Ltd.

THE ENVIRONMENT IS CHANGING ATTACK SURFACES ARE WIDENING

Safe

EVERYTHINGINSIDE THE PERIMETER

CAN BE TRUSTED

Now the perimeter iEVERYWHERE.Who can I trust?

BUSINESSES YESTERDAY BUSINESSES TODAY

Everything INSIDE THE PERIMETER

Can be trusted

The perimeter is EVERYWHEREWho can I trust?

Page 4: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

4©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 4

WORKLOADS

DEVICES PEOPLE

NETWORKSDATA

ZERO TRUST SECURITY: THE 7 PRINCIPLESAFFECT EVERY ASPECT OF YOUR IT INFRASTRUCTURE

AUTOMATION & ORCHESTRATION

VISIBILITY & ANALYTICS

Based on the Extended Zero Trust Security Model by Forrester

Page 5: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

5©2019 Check Point Software Technologies Ltd.

ZERO TRUST IMPLEMTATION USE CASE

Page 6: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

6©2019 Check Point Software Technologies Ltd.

Analytics & Visibility

Automation & Orchestration

Zero-Trust Users, Data & Devices

Zero-Trust Workloads & Data

Zero-Trust Workloads & Data

Zero-Trust NetworkZero-Trust

Users, Data & Devices

Zero-Trust

Network

Zero-Trust

Devices & Data

Page 7: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

7©2019 Check Point Software Technologies Ltd.

Applications

Zones

IT

ZERO TRUST FOR NETWORKSPREVENT MALICIOUS LATERAL MOVEMENT WITH GRANULAR NETWORK SEGMENTATION

CHECK POINT APPLICATION CONTROL

IoT/ OT

LAN

Cloud

CHECK POINT SECURITY GATEWAYS

Limit usage of ~8000 applications, and features within them

Enforce Granular Access Policyacross all environments

Allow access only to specific users

CHECK POINT IDENTITY AWARENESS

Page 8: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

8©2019 Check Point Software Technologies Ltd.

Containers

Functions

ZERO TRUST WORKLOADSPROTECT YOUR WORKLOADS WITH EXTENDED VISIBILITY AND ADAPTABLE POLICY

CHECK POINT CLOUDGUARD

VM Single policy to securely connect the clouds

Identifies and remediates misconfigurations and security gaps

Quickly responds to changes with adaptive policy

Threat Emulation

Anti-virus

IPS

THREAT PREVENTION

Page 9: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

9©2020 Check Point Software Technologies Ltd.

• CloudGuard Dome 9 – Clarity Asset View

• Nodes are assets• Lines are connections• Arranged in swimlanes

ZERO TRUST WORKLOADS

Page 10: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

10©2019 Check Point Software Technologies Ltd.

ZERO TRUST PEOPLEUSE CONTEXT-AWARE AUTHORIZATION TO PROTECT AGAINST IDENTITY-THIEVES

SINGLE SIGN ON (SSO)Integrate with multiple Directories

1

2

CHECK POINT IDENTITY AWARNESS

3

4ANOMALY DETECTION• Unfamiliar device• Unusual geo-location• Unusual time, …

x

CONTEXT INSPECTION• Connection type• Time of connection• Geo-location• Device

MULTI FACTOR AUTHENTICATION (MFA)

ISE

Page 11: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

11©2019 Check Point Software Technologies Ltd.

ZERO TRUST DEVICESPROTECT ALL DEVICES FROM THREATS, AND ISOLATE THEM IF COMPROMISED

• Zero-day malware

• Phishing

• Anti-bot

• And more…

YOUR DATAAnti-botThreat

ExtractionThreat

Emulation

Anti-virus IPS

NETWORK-BASED THREAT PREVENTION

DEVICE SECURITY POSTURE INSPECTION

• Malware infected?

• Rooted/jailbroken?

• Anti Bot/Virus installed?

• Full Data Encryption Installed?

ADVANCED ENDPOINT THREAT PREVENTION

Smart Building Devices

CHECK POINT IoT SECURITY

Smart Office DevicesIndustrial Control Systems

Medical Devices

Page 12: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

12©2019 Check Point Software Technologies Ltd.

ZERO TRUST DATACLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER IT IS

DATA LOSS PREVENTION

DATA IN USE

CLOUDGUARD SAAS

DATA AT REST

CAPSULE DOCS

FULL DISK ENCRYPTION

REMOVABLE MEDIA ENCRYPTION

CAPSULE WORKSTATION

110101010101010101010110101010100101010111

DATA IN TRANSIT

DATA LOSS PREVENTION

DATA ENCRYPTION (VPN IPSEC/SSL)

COMPLIANCE

CONTENT AWARENESS

Page 13: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

13©2019 Check Point Software Technologies Ltd.

VISIBILITY & ANALYTICSQUICKLY DETECT AND MITIGATE THREATS WITH A SINGLE VIEW INTO SECURITY RISKS

Centralized Security Management

Identify suspicious activity and track trends

Investigate events with real time forensics

Real-time visibility into billions of log records

Follow compliance to corporate policy and Data Protection regulations

Page 14: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

14©2019 Check Point Software Technologies Ltd.

Public & Private Cloud

AUTOMATION & ORCHESTRATIONAUTOMATE ALL SECURITY TASKS TO IMPROVE INCIDENT RESPONSE AND AGILITY

Security procedure automation

Update of objects and policy rules

Reduce Security Admin Workload

Admin role delegation

Incident Response (IR) and Ticket Enrichment

Changes of access policy rules

Automate Incident Detection & Remediation

Quarantining devices/users

Page 15: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

15©2019 Check Point Software Technologies Ltd.

CHECK POINT INFINITY A CONSOLIDATED ZERO TRUST SECURITY ARCHITECURE

Page 16: ABSOLUTE ZERO TRUST SECURITY WITH CHECK POINT INFINITY · Everything INSIDE THE PERIMETER Can be trusted The perimeter is EVERYWHERE ... CLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER

16©2019 Check Point Software Technologies Ltd.

• TRUST NO ONE

• Check Point Infinity – a Consolidated Zero Trust Architecture

• The Industry’s First Zero Trust Security Workshop

Summary

[Internal Use] for Check Point employees

STAY

SAFE

AND

TRUST

NO ONE or Anything

Winston Lalgee

Check Point Software

Security Engineering Manager – New York

[email protected]