1©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 1
Winston Lalgee
Check Point Software
Security Engineering Manager – New York
WITH CHECK POINT INFINITYABSOLUTE ZERO TRUST SECURITY
2©2019 Check Point Software Technologies Ltd.
How is it achieved?What it is?What it’s not?
Understanding Zero Trust
• Not a product or service
• Not an IT only project
• Not about getting rid of firewalls
• Architectural perspective
• Never trust, always verify
• Simplifying security to increase adoption
• Designing with a business purpose in mind
• Leveraging the experience and expertise of partners, vendors and staff
• Not treating it as a one-off project
3©2019 Check Point Software Technologies Ltd.
THE ENVIRONMENT IS CHANGING ATTACK SURFACES ARE WIDENING
Safe
EVERYTHINGINSIDE THE PERIMETER
CAN BE TRUSTED
Now the perimeter iEVERYWHERE.Who can I trust?
BUSINESSES YESTERDAY BUSINESSES TODAY
Everything INSIDE THE PERIMETER
Can be trusted
The perimeter is EVERYWHEREWho can I trust?
4©2019 Check Point Software Technologies Ltd. ©2019 Check Point Software Technologies Ltd. 4
WORKLOADS
DEVICES PEOPLE
NETWORKSDATA
ZERO TRUST SECURITY: THE 7 PRINCIPLESAFFECT EVERY ASPECT OF YOUR IT INFRASTRUCTURE
AUTOMATION & ORCHESTRATION
VISIBILITY & ANALYTICS
Based on the Extended Zero Trust Security Model by Forrester
5©2019 Check Point Software Technologies Ltd.
ZERO TRUST IMPLEMTATION USE CASE
6©2019 Check Point Software Technologies Ltd.
Analytics & Visibility
Automation & Orchestration
Zero-Trust Users, Data & Devices
Zero-Trust Workloads & Data
Zero-Trust Workloads & Data
Zero-Trust NetworkZero-Trust
Users, Data & Devices
Zero-Trust
Network
Zero-Trust
Devices & Data
7©2019 Check Point Software Technologies Ltd.
Applications
Zones
IT
ZERO TRUST FOR NETWORKSPREVENT MALICIOUS LATERAL MOVEMENT WITH GRANULAR NETWORK SEGMENTATION
CHECK POINT APPLICATION CONTROL
IoT/ OT
LAN
Cloud
CHECK POINT SECURITY GATEWAYS
Limit usage of ~8000 applications, and features within them
Enforce Granular Access Policyacross all environments
Allow access only to specific users
CHECK POINT IDENTITY AWARENESS
8©2019 Check Point Software Technologies Ltd.
Containers
Functions
ZERO TRUST WORKLOADSPROTECT YOUR WORKLOADS WITH EXTENDED VISIBILITY AND ADAPTABLE POLICY
CHECK POINT CLOUDGUARD
VM Single policy to securely connect the clouds
Identifies and remediates misconfigurations and security gaps
Quickly responds to changes with adaptive policy
Threat Emulation
Anti-virus
IPS
THREAT PREVENTION
9©2020 Check Point Software Technologies Ltd.
• CloudGuard Dome 9 – Clarity Asset View
• Nodes are assets• Lines are connections• Arranged in swimlanes
ZERO TRUST WORKLOADS
10©2019 Check Point Software Technologies Ltd.
ZERO TRUST PEOPLEUSE CONTEXT-AWARE AUTHORIZATION TO PROTECT AGAINST IDENTITY-THIEVES
SINGLE SIGN ON (SSO)Integrate with multiple Directories
1
2
CHECK POINT IDENTITY AWARNESS
3
4ANOMALY DETECTION• Unfamiliar device• Unusual geo-location• Unusual time, …
x
CONTEXT INSPECTION• Connection type• Time of connection• Geo-location• Device
MULTI FACTOR AUTHENTICATION (MFA)
ISE
11©2019 Check Point Software Technologies Ltd.
ZERO TRUST DEVICESPROTECT ALL DEVICES FROM THREATS, AND ISOLATE THEM IF COMPROMISED
• Zero-day malware
• Phishing
• Anti-bot
• And more…
YOUR DATAAnti-botThreat
ExtractionThreat
Emulation
Anti-virus IPS
NETWORK-BASED THREAT PREVENTION
DEVICE SECURITY POSTURE INSPECTION
• Malware infected?
• Rooted/jailbroken?
• Anti Bot/Virus installed?
• Full Data Encryption Installed?
ADVANCED ENDPOINT THREAT PREVENTION
Smart Building Devices
CHECK POINT IoT SECURITY
Smart Office DevicesIndustrial Control Systems
Medical Devices
12©2019 Check Point Software Technologies Ltd.
ZERO TRUST DATACLASSIFY, PROTECT AND ENCRYPT YOUR DATA, WHEREVER IT IS
DATA LOSS PREVENTION
DATA IN USE
CLOUDGUARD SAAS
DATA AT REST
CAPSULE DOCS
FULL DISK ENCRYPTION
REMOVABLE MEDIA ENCRYPTION
CAPSULE WORKSTATION
110101010101010101010110101010100101010111
DATA IN TRANSIT
DATA LOSS PREVENTION
DATA ENCRYPTION (VPN IPSEC/SSL)
COMPLIANCE
CONTENT AWARENESS
13©2019 Check Point Software Technologies Ltd.
VISIBILITY & ANALYTICSQUICKLY DETECT AND MITIGATE THREATS WITH A SINGLE VIEW INTO SECURITY RISKS
Centralized Security Management
Identify suspicious activity and track trends
Investigate events with real time forensics
Real-time visibility into billions of log records
Follow compliance to corporate policy and Data Protection regulations
14©2019 Check Point Software Technologies Ltd.
Public & Private Cloud
AUTOMATION & ORCHESTRATIONAUTOMATE ALL SECURITY TASKS TO IMPROVE INCIDENT RESPONSE AND AGILITY
Security procedure automation
Update of objects and policy rules
Reduce Security Admin Workload
Admin role delegation
Incident Response (IR) and Ticket Enrichment
Changes of access policy rules
Automate Incident Detection & Remediation
Quarantining devices/users
15©2019 Check Point Software Technologies Ltd.
CHECK POINT INFINITY A CONSOLIDATED ZERO TRUST SECURITY ARCHITECURE
16©2019 Check Point Software Technologies Ltd.
• TRUST NO ONE
• Check Point Infinity – a Consolidated Zero Trust Architecture
• The Industry’s First Zero Trust Security Workshop
Summary
[Internal Use] for Check Point employees
STAY
SAFE
AND
TRUST
NO ONE or Anything
Winston Lalgee
Check Point Software
Security Engineering Manager – New York