Threat Prevention

7/30/2019 Threat Prevention

1/14

2012 Check Point Software Technologies Ltd. | [Protected] All rights reserved

Want to Prevent Attacks?Think Multi-layered ThreatPrevention

[Protected] For public distribution


2/14

Threat Landscape - 2012 & 2013


Exposed, Stolen Credentials and Personal Info

Utah Dept. of Health, 228,000 Social Security numbers exposed

Facebook, 45,000 user credentials found on botnet C&C server

Global Payments, 1.5M card numbers stolen

University of Nebraska, 654,000 student, employee, parent and alumni personalinformation files exposed

Yahoo, 450,000 Contributor Network user credentials stolen

LinkedIn, 5.8M user passwords stolen

eHarmony, 1.5M passwords stolen

News!: Faceboo k, Mi icroso ft , and App le attacked, February 2013


3/14

32013 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. |

Threat Landscape - 2012 & 2013


News!: Faceboo k, Mi icroso ft , and App le attacked, February 2013


4/14


Could This Type of Attack Affect You?


This type of attack:

Launches from attachment that exploits

vulnerability in a PDF or office file

Installs a custom built malware

Communicates with a C&C server

Sends files to attacker


5/14


Stop zero-day malware

in files

Block download of

malware infested files

Detect and prevent

bot damage

Stops exploits ofknown vulnerabilities


Check Point Multi-Layered Threat Prevention

IPS

Anti-Bot

Antivirus

Threat Emulation


6/14


Stops exploits of

known vulnerabilities



IPS

Protect Against: Attacks on vulnerabilities

Evasion Attacks

Buffer Overflow Attacks

Sniffers


7/1472013 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. |

Block download ofmalware infested files



Antivirus

Prevent

Access toMalicious Sites

Stop IncomingMalware Attacks

Over 1 MillionMalicious Sites

Protect with 300xMore Signatureswith ThreatCloud



Detect and preventbot damage



Anti-Bot

Criminals

CommunicationCriminals Hideout Criminals Behavior

Detect Command

and Control

IP/URL/DNS

Detect unique

communication

patterns

Detect attack

signs and types

(spam, click fraud)



Prevent Bot Damage

Infected Machine

Detected

Block Bot

Communication

Anti-Bot

Software Blade


Only stop traffic between

infected hosts and remote operator



Block download of

malware infested files

Detect and prevent

bot damage

Stops exploits of

known vulnerabilities



What about new types of Attacks?

IPS

Anti-Bot

Antivirus


11/14112013 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. |[Protected] For public distribution

INSPECT EMULATE

PREVENTSHARE

Stop new attacks with

Check Point Threat Emulation



Back to our Attack Example


Attack actions are stopped

Exploits vulnerability

Downloads more malware

Communicates with a C&C server

Sends files to attacker

Check Point

Anti-Bot

Software Blade

Check Point

Antivirus

Software Blade

Check Point

IPS

Software Blade

Check Threat Emulation Software Blade

New Threats ?

Documents

Threat Prevention