Check Point下一代防火墻解決方案

1、Check Point下一代防火墻解決方案云端綜合安全網(wǎng)關(guān)技術(shù)2013.3 韓國大規(guī)模APT攻擊事件2013年3月20日，韓國KBS等三家電視臺和六家金融機構(gòu)的計算機網(wǎng)絡(luò)因黑客攻擊而全面癱瘓。Target：電視網(wǎng)絡(luò)YTN、MBC、KBS新韓銀行Shinhan Bank農(nóng)協(xié)銀行Nonghyup Bank濟州銀行 JEJU Bank系統(tǒng)無法啟動Check Point 迅速安全應(yīng)急響應(yīng)Check Point 威脅安全云第一時間發(fā)布針對此次APT攻擊的DarkSeoul惡意代碼防護，并鏈?zhǔn)讲蹲椒雷o到3種變種攻擊代碼！Check Point Threat Wikihttp:/threatwiki/pub

2、lic.htm1 Gartner “Defining the Next Generation Firewall”, Oct 20092 NSS “Next Generation Firewall Product Test Results” 2011“High quality, integrated IPS enforce network security policy at the application layer independent of port and protocol tie blocking to user identity”“granular control based up

3、on applications, not just ports identify users and groups and apply security policy based on identityapply full-strength IPS functionality.”Next Generation Firewall技術(shù)積淀2013: 下一代防火墻群測中獲得“Recommend” 最高評分2013: IPS測試中接近99.0% 整體保護能力和“Recommend” 最高評分2012: IPS測試中獲得“Recommend” 最高評分2011: 首次通過NGFW測試并獲得“Recomm

4、end”評分2011: 獲得IPS評測的“Recommend”評分2011: 獲得較好的測試結(jié)果，唯一通過所有測試點的防火墻廠家為何傳統(tǒng)的防火墻已經(jīng)不夠了？ 以 Operation Shady Rat 暗鼠行動為例More than 70 victims in 14 countries State-driven industrial espionage Started in 2006 more than 5 years!First detected in 2011包括22個政府組織、6家能源企業(yè)、13家電子或媒體企業(yè)、13家國防承包商；其中，美國占了49個，居次的加拿大占了4個，而臺灣和韓國各

5、占3個Shady RAT行動背后的操控著可能是一個國家Shady RAT: 多層次( Multi-Layer) 攻擊手段Install PoisonIvy, a remote access Trojan, via MS Excel vulnerability技術(shù)Create trusted email with attachment社交Contact a remote site hardcoded into the Trojan技術(shù)Established remote shell with the computer技術(shù)Retrieve a file from the remote server

6、Upload a file to the remote serverRetrieve a file from a remote URL, and execute Execute command from the remote serverSends the results of the command executed遠程指令員工上網(wǎng)行為帶來的挑戰(zhàn)惡意軟件威脅生產(chǎn)力降低帶寬占用移動辦公及數(shù)據(jù)的安全挑戰(zhàn)業(yè)務(wù)的變化:BYOD, 移動設(shè)備and 數(shù)據(jù)共享與外部的數(shù)據(jù)共享云端數(shù)據(jù)文件存儲個人和企業(yè)的移動辦公3D SECURITY:GAIN CONTROL執(zhí)行Enforcement政策Policies人

7、PeopleUser AccessInternet Applications UsageSensitive DataSecure Mobility, BYODNetwork Threat Prevention下一代防火墻精確控制所有安全層次Granular VisibilityIdentity AwarenessDLPMobile AccessSmartEventIPSAnti-VirusAnti-BotApplication ControlURLFThreat EmulationCompliance網(wǎng)絡(luò)安全與”人”的結(jié)合 IA 案例CorporateNetworkInternetHR Ser

8、verFinance Server Internal FirewallPerimeter FirewallAD /DirectoryWeb Server Pool DMZManaged AssetsGuestContractorCorporateLaptopPDA / SmartPhonesIP: User: John Morgan / Finance_GroupMachine: John_XPIP: 9Guest Name: Anna SmithIP: 00User: Frank Gore / Marketing_GroupApplication: FaceBook數(shù)據(jù)中心訪客公共區(qū)AD 查

9、詢(Agentless)瀏覽器認證Captive PortalTransparent Kerberos端點 Identity Agent (SSO) 終端服務(wù)器 Identity Agent VPN接入 (IPSec Office Mode)WebsitesApplicationsFacebook ChatGranularity beyond URLsNot URL-based下一代 Web Control 方案URL FilteringApplication Control統(tǒng)一的網(wǎng)頁過濾及應(yīng)用程序控制策略識別 - allow, block, inform or limit usage of

10、applications & sites at user or group levelApplication Detection and Usage ControlsCheck Point AppWiki 應(yīng)用云Over 4,800 applications Over 310,000 social-network widgetsGrouped in over 150 categories (including Web 2.0, Business, Anonymizer, IM, P2P, Voice & Video, File Share)/appwikisdb/public.htm來自全球最

11、早專注于應(yīng)用程序控制的FaceTimeCheck Point 擁有全球最大的應(yīng)用程序識別云Unparalleled Application ControlCheck Point 網(wǎng)頁過濾SecurityGateway99.2% 緩存查詢利用率云端網(wǎng)址庫64+ 分類 2億+URLs用戶自定網(wǎng)址、類別從云端、緩存中自動移除誤判信息CacheAutomatic andmanual updates360 全角度監(jiān)控 Web Security 事件R76報表R76Multi-Layered Protection Against all Incoming Cyber Threats下一代 Threat P

12、revention 方案云的安全增值服務(wù)Block download ofmalware infested filesDetect and preventbot damageStops exploits ofknown vulnerabilities多層次威脅防御方案IPSAnti-BotAntivirus結(jié)合最高的保護功能和最佳的性能 2140025-20-15-10-5-Gbps 4800 1260061721Vendor ECheck Point: 86.6% out of the box提供領(lǐng)先業(yè)界的整合型 IPS業(yè)界最大的惡意程序防御情報云ThreatCloudOver 250 Mi

13、llion Addresses Analyzed for Bot DiscoveryOver 9 Million Malware SignaturesOver 900,000 Malware-Infested Sites50,000 new threat identifiers per day! Over 2,000 Botnet Families!Over 2 Million OutbreaksPreventBot damageStop traffic toremote operatorsDiscoverBot infectionsMulti-tier discovery Anti-Bot

14、防僵尸網(wǎng)絡(luò)刀片Extensiveforensics toolsInvestigateBot infectionsDISCOVER and STOP Bot Attacks提供僵尸感染報告MalwareActionsMalwareTypeBackdoor.WIN32.IRCBotgBackdoor.WIN32.IRCBotg onExtensive Forensics ToolsInfected Usersand Devices提供完整的 Anti-Malware 防惡意軟件See the BIG Malware Picture Shady RAT 暗鼠: PREVENTED! Install

15、PoisonIvy, a remote access Trojan, via MS Excel vulnerability技術(shù)Create trusted email with attachment社交Contact a remote site hardcoded into the Trojan技術(shù)Established remote shell with the computer技術(shù)Anti-Bot Software BladeSecurityAwareness Antivirus Software BladeIPS Software BladeApplication ControlSoft

16、ware BladeNew vulnerabilitiesCountless new variantsAn average of 70,000 to 100,000 new malware samples are created and distributed each day Zero-Day 攻擊怎么防御？鄭重介紹Check Point Threat Emulation威脅仿真技術(shù)PREVENTION OF ZERO-DAY ATTACKS !Available in Q2/2013檢測威脅仿真阻止情報分析阻截未知攻擊Check Point 威脅仿真技術(shù)Exe files, PDF and

17、 Office documentsJoseph_Nyee.pdfA STANDARD CV?Joseph H. Nyee Resume ReportFile System ActivitySystem RegistrySystem ProcessesNetwork ConnectionsAbnormal file activityRemote Connection to Command & Control SitesTampered system registry“Naive” processes created Threat Emulation Workthreats任何人都可以提交文件檢測

18、THREAT EMULATION 現(xiàn)在就行 !Stop zero-day malware in filesIPSAnti-BotAntivirusThreat EmulationMARKET LEADING AND MOST COMPREHENSIVE THREAT PREVENTION SOLUTION增強型的多層次防御方案阻止拒絕服務(wù)攻擊安全界最全面的威脅防御方案秒級別的網(wǎng)絡(luò)層應(yīng)用層防護能力Penalty Box i.e. early dropOptimized drops by SecureXLRate Limiting R76最全面的威脅防禦方案提供安全管理服務(wù) 24x7 securi

19、ty monitoring assisted by our experts安全事件應(yīng)急響應(yīng)服務(wù) Fight major network attacks with the “A-team” of security expertsSSL (VPN SWB)SSL (MOB SWB)IPSec or SSL(VPN SWB or MOB SWB) Security Appliance安全移動辦公 - 遠程接入訪問方案Non-CorporateEndpoint Check PointMobileMedia EncryptionFull Disk EncryptionCheck Point GOSecu

20、re Remote Access from any deviceAccess to email and internal applicationsRemote Access SolutionSecure access from smartphonesand tabletsSecure access from other devicesMobile Access Software BladeCheck Point MobileCheck Point Mobile VPNSSL VPN PortalSecure Web Portal AppVPN AppSecure Web PortalMobil

21、e Access Software Blade on a Check Point GatewayCheck Point MobileSecure Business Web App Portal (Single sign-on)Secure ActiveSyncTwo factor auth. for user-device pairingVPN tunnel for local appsAutomatic connectEncrypted communicationCheck Point Mobile VPNSSO & DynamicID (SMS)Endpoint Security on D

22、emand Compliance CheckSecure Workspace Web appsWeb mail & native appsOn-demand SSL VPN client for native apps Shared filesCitrix servicesSecure Workspace Laptop BYOD加固企業(yè)應(yīng)用 智能手機/Pad BYOD Mail辦公Protect access to the application by a pin codePin CodeSecure access to Web portal, Email and Calendar items

23、Secure AccessNative and easy to use mail client MailSandboxAll attached documents are opened in the secure sandbox R76Traditional FirewallIdentity AwarenessVPNIPSMobile AccessApplication ControlURL FilteringDLPAnti-BotAntivirusThreat Emulation360 Visibility, Correlation, Compliance 下一代防火墻擁有的功能圖下一代虛擬

24、防火墻All Software Blades on Every Virtual SystemSimplify and Consolidate Boosting Performance Check PointVSLSNext Generation Virtual System: Run any Software Blades on any GatewayOne-Click Virtual System Creation Dedicated Policy Per Virtual SystemEase of Operation VirtualEdition-保護VMware虛擬系統(tǒng)安全Unified

25、 Management for Physical and Virtual Best Virtual Security Gateway Securing the Virtual Machines Check Point 保護企業(yè)私有云Check Point Security GatewayVirtual EditionVE 應(yīng)用場景加固VMWare虛擬環(huán)境安全to apply granular Firewall and IPS etc. policy on traffic between virtual machines.Hypervisor Hypervisor Connector VE安全一

26、體化with FW, IPS, VPN and any other software blade to secure your office networks and assets VEHypervisor企業(yè)安全綜合網(wǎng)關(guān) Consolidate your Security Gateways deployment into a virtualized environment. VEHypervisor VE VE每個安全產(chǎn)品是否讓您難以管理應(yīng)對事件誤報容易逐個被繞過管理負雜成本高產(chǎn)品昂貴安全整合 =更嚴格的控制更強的可視化安全更容易管理更優(yōu)的成本更優(yōu)化的安全解決方案富文本管理界面64位系統(tǒng)IP

27、v6 安全快速網(wǎng)關(guān)復(fù)制自動升級角色管理多播協(xié)議 動態(tài)路由 VRRP & SecureXLSingle image虛擬化安全Powerful New Features下一代安全操作系統(tǒng)全方位 支持IPv6 Inspect IPv6 traffic with SoftwareBlades SecurityEase of IPv6management and operationsEasily Protect Your IPv6 Networkswith Check Point Leading SecurityFlexible IPv6 Deployment ScenariosR76IPv6帶來的技術(shù)

28、大變革Dynamic routingGaia OSMgmt. logging, alertingHigh AvailabilitySoftware BladesAccelerationAuthenticateObjectsIPv6 ready solution !Unlike other solutions just update existing objects addressIPv4 addressIPv6 addressVirtual SystemsR76Open ServersVMWare統(tǒng)一的操作系統(tǒng)平臺2200 4000120002100061000 Power-1UTM-1 Sm

29、art-1IP Series Check Point 下一代防火墻強兼容性All DeploymentsAll ProtectionsSoftware BladesIAS, VMWareOpen server 2012 AppliancesAll Platforms2012 系列產(chǎn)品Ultra High-EndDatacenter GradeEnterprise GradeSmall Office DesktopNew Models for the Entire Range12000 Appliances(3 Models)4000 Appliances(4 Models)2200 Appli

30、ance61000 System & 21000 Appliance(4 Models) 2012 產(chǎn)品 SecurityPower 220042004400114SPU4600480012200124001260021400223SPU374SPU623SPU738SPU1046SPU1861SPU2900* SPU* With Security Acceleration Module210004000200012000610006100014,600 SPU216003300* SPU軟件刀片如何協(xié)同工作?根據(jù)型號需求選擇刀片容器(# cores or # users)1選擇你需要的保護2

31、簡單、靈活、安全的融合3三種構(gòu)建方案的選擇菜單激活1預(yù)定義刀片系統(tǒng)2Check Point Appliances 硬件型號3Dedicated AppliancesSmart-1 Management Appliances2012 Appliances開放式底層架構(gòu)SecureXL Accelerated (Fast) path, optimized security-processing tier. Accelerates packet and sessionHardware: IP ADP, 21000 SAMPerformance Pack (SecurePlatform, GAiA)I

32、PSO SecureXL software implementationCoreXL Multi-core scalability tieroptimal core utilizationMedium path: IPS, Web Control and Anti-Malware ClusterXL Multi-node scalability and availability tier:ClusterXL LS for Software Gateway and ApplianceClusterXL VSLS for VSX/VSNokia IP clusteringAcceleration

33、加速Scalability and RedundancyMulti-Core 多核Appliance 戰(zhàn)斗值評測THE OLD WAY:Firewall ThroughputBased on large UDP packetsOnly firewall security“Allow all” policy (one rule) THE NEW WAY:SecurityPowerBased on real-world traffic mixAdvanced security functionsReal security policy (many rules)SecurityPower The N

34、ew Way To Measure the Real Power of Security AppliancesNGFW Appliance 選型工具Helps You Select the Right Appliance to Meet Your SecurityPower RequirementsRoom for Growth彈性選擇的專用型號- Threat PreventPre- and post-infection protection 4800, 12200, 12400and 12600 appliancesFight against advanced threats and ma

35、lware attacks with first integrated threat-prevention solution AVAILABLENOW ! Powered by ThreatCloudAntivirusCheck Point Secure Web GatewayStandalone appliance with Web Control, Anti-Virus, Analysis and ReportingCheck Point Takes Best Approachto Secure Web Access!WWW彈性選擇的專用型號-Security Web Gateway中央集

36、中管理ONE PLACE Control All Security FunctionsNetwork Security Management Single Unified Console for All Security FunctionsSmartDashboard 設(shè)定SmartView Tracker 日誌1.0Filtering one log file at a timeA better way is availableSmartLog 海量日志2.02. Sub Second Search1. Free Google style search3. Top Statistics4.

37、Results cross log file and log serverAmir Block last weekSmartLog 新功能8. Cross CMA (Domain) search5. Auto Refresh6. Automatic column chooser7. New Timeline ViewR76SmartView Monitor 實時監(jiān)控Monitor Security Gateways status, traffic, counters, VPN Tunnels, Remote users and moreSmartEvent 事件管理、報表Monitor (Id

38、entify, Correlate, Stop) & Report ONLY what is important!See through the mass and focus on critical eventsEasily monitor top eventsSmartWorkflow 變更管理Changes Highlighted in SmartDashboard Make and visualize changes in SmartDashboardPolicy changes are made directly in the console and highlighted for better tracking NewObjectChangeHighlightedEasy review of changes with side by side difference reportSmartWorkflow 審計Policy BEFORE cha