2015 security report
TRANSCRIPT
©2015 Check Point Software Technologies Ltd. 1
©2015 Check Point Software Technologies Ltd. 2[Restricted] ONLY for designated groups and individuals
2015 Security Report Sources:
16,000+ Organizations
Over 300,000 Monitoring Hours1,300 Security Checkup Reports
1 Million Smartphones
3,000 Security Gateways 122 Countries and Various Industries
©2015 Check Point Software Technologies Ltd. 3
c
MALWARE IS EVOLVING
EVOLVINGAND SO ARE THE TYPES OF THREATS
©2015 Check Point Software Technologies Ltd. 4
2014A YEAR OF…
UNPRECEDENTED BREACHES
EXPLODING RATES OF NEW MALWARE
DDoS ATTACKS DOUBLING IN VOLUME
©2015 Check Point Software Technologies Ltd. 5
Let’s start with a true storyA German steel mill – thousands of employees
©2015 Check Point Software Technologies Ltd. 6[Restricted] ONLY for designated groups and individuals
The story startswith a spear-phishing attack on the steel mill’s business network.
©2015 Check Point Software Technologies Ltd. 7[Restricted] ONLY for designated groups and individuals
Phase 1: Infiltration
Attackers sent a targetedemail that appeared to come from a trusted source, trickingemployees to open a malicious attachment.
©2015 Check Point Software Technologies Ltd. 8[Restricted] ONLY for designated groups and individuals
The malware exploited a vulnerability on the employee computers.
©2015 Check Point Software Technologies Ltd. 9[Restricted] ONLY for designated groups and individuals
Phase 2: Lateral Movement
This established a beachhead for horizontal movement.
©2015 Check Point Software Technologies Ltd. 10[Restricted] ONLY for designated groups and individuals
Phase 3: Compromised Control Systems
Failures accumulated in individualcontrol components and entiresystems.
©2015 Check Point Software Technologies Ltd. 11[Restricted] ONLY for designated groups and individuals
Phase 4: Unable to Shut DownBlast Furnace
Factory incurs massive damage.
©2015 Check Point Software Technologies Ltd. 12
2014KEY FINDINGS
UNKNOWN MALWARE
KNOWN MALWARE
MOBILITY
HIGH-RISK APPLICATIONS
DATA LOSS
©2015 Check Point Software Technologies Ltd. 13[Restricted] ONLY for designated groups and individuals
2014
2013
2012
2011
2010
2009
142M
83M
34M
18.5M
18M
12M
142MNew Malware in 2014 and a
71% increase versus 2013
2015 Security Report Statistics
©2015 Check Point Software Technologies Ltd. 14[Restricted] ONLY for designated groups and individuals
Malware Downloads
63%of organizations
34Unknown malware is downloaded
sec
6Known malware is downloaded
min
©2015 Check Point Software Technologies Ltd. 15[Restricted] ONLY for designated groups and individuals
Unknown Known
©2015 Check Point Software Technologies Ltd. 16[Restricted] ONLY for designated groups and individuals
41% of organizations downloaded at least one unknown malware
34 secunknown malware is downloaded
Unknown Malware
©2015 Check Point Software Technologies Ltd. 17[Restricted] ONLY for designated groups and individuals
Bots
1Command and Control
min
Infected organizations
201373%
201483%
Known Malware
©2015 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals
DDoS
Known Malware
2014 2013
TOP ATTACK VECTORS
30 DDoS attackmin
©2015 Check Point Software Technologies Ltd. 19[Restricted] ONLY for designated groups and individuals
Known Malware: Top IPS Events
Percent of Total
60%
40%
CLIENT
SERVER
NO ONE TO BLAME BUT OURSELVES
©2015 Check Point Software Technologies Ltd. 20[Restricted] ONLY for designated groups and individuals
Known Malware: EndpointVulnerabilities and Misconfigurations
©2015 Check Point Software Technologies Ltd. 21[Restricted] ONLY for designated groups and individuals
Mobile Threat Research
60%
40%
ANDROID
iOS
SURVEY: 500K+ Android and 400K iOS devices in 100+ countries
42% Suffered mobile security incidentscosting more than $250,000
©2015 Check Point Software Technologies Ltd. 22[Restricted] ONLY for designated groups and individuals
Mobile Threat Research
20+ Malware Variants
18 MRAT Families Found
©2015 Check Point Software Technologies Ltd. 23[Restricted] ONLY for designated groups and individuals
201375%
201477%
P2P File Sharing Applications
©2015 Check Point Software Technologies Ltd. 24[Restricted] ONLY for designated groups and individuals
305x per day,
Once every5 mins
High-Risk
Applications Used
201356%
201462%
Anonymizer Proxy Applications
©2015 Check Point Software Technologies Ltd. 25[Restricted] ONLY for designated groups and individuals
Data Loss
36sensitive data sent
min
201388%
201481%
©2015 Check Point Software Technologies Ltd. 26[Restricted] ONLY for designated groups and individuals
sent credit card data30%
sent sensitive personal information
25%
Data Sent Outside Organization byEmployees
% of Organizations
©2015 Check Point Software Technologies Ltd.
WHAT DO WE DO ABOUT IT?
©2015 Check Point Software Technologies Ltd. 28
Check Point Closes the Gaps
CATCHES KNOWN OR OLD MALWAREOf known malware, 71 in 1000 are not caught
IPS, ANTI-VIRUS& ANTI-BOT
DETECTS NEW OR UNKNOWN MALWAREWith both OS- and CPU-level prevention
OS- AND CPU-LEVELZERO-DAY PROTECTION
COMPLETE THREAT REMOVALReconstructs and delivers malware-free documents
THREAT EXTRACTION
©2015 Check Point Software Technologies Ltd. 29
• Reduces the size of the challenge
• Limits the scope of a breach
Segmentation
©2015 Check Point Software Technologies Ltd. 30
Weaponized PDF Threat Emulation (CPU and OS level) / Threat Extraction
Command and Control Anti-Bot
Malware Infestation IPS and Anti-Malware
Multi-Layered Threat Prevention
©2015 Check Point Software Technologies Ltd. 31
Integrated, Real-Time Event Management
Unified Policies Across All Protections
Change Automation and Orchestration
Management and Visibility
©2015 Check Point Software Technologies Ltd. 32
ADVANCED THREATS WILL CONTINUE
THE CYBER WAR IS RAGING ON
CHECK POINTSECURITYWILL PROTECT YOU
©2015 Check Point Software Technologies Ltd. 33
TOGETHER
WESECURETHEFUTURE
©2015 Check Point Software Technologies Ltd. 34
WE SECURETHE FUTURE
Download the
2015 Security Report at:www.checkpoint.com/securityreport