disclaimer: these slides are originally presented in csa ......next generation firewall application...
TRANSCRIPT
Disclaimer: These slides are originally presented in CSA APAC Congress 2018, Manila, Philippines.
Do not distribute or recreate copies. For more information please email: [email protected]
2©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.
Adaptive Security for the Modern Network
CLOUDGUARD IAAS
Emmanuel Muncal | CP SE PHL
+63.917.863.2519
Disclaimer: These slides are originally presented in CSA APAC Congress 2018, Manila, Philippines.
Do not distribute or recreate copies. For more information please email: [email protected]
3©2018 Check Point Software Technologies Ltd.
THE MODERN NETWORK
The cloud enables businesses to deploy new applications and services more quickly and efficiently
IaaS
PaaS
SaaS
4©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
CLOUD IS TAKING OVER THE WORLD
CLOUD DIVERSITY67% OF ENTERPRISES ARE IN HYBRID CLOUD.
MULTI CLOUD IS BECOMING THE NORM
RightScale
SECURITY40% OF ENTERPRISES RATE CLOUD
SECURITY AS A SIGNIFICANT CHALLENGE
RightScale
5©2017 Check Point Software Technologies Ltd.
Developers:
• Freedom
• Agility
INNOVATION IS THE KEY TO SUCCESS
IT Operators :
• Control
• Efficiency
DevOps
DevOps and App Owners hates Legacy Security!
IT IS TOO SLOW!
6©2017 Check Point Software Technologies Ltd.
• Hard to deploy
• Firewall tickets are bottleneck
• Dynamic vs Static
LEGACY SECURITY KILLS INNOVATION
7©2017 Check Point Software Technologies Ltd.
CLOUD = SHARED RESPONSIBILITY
[Restricted] for designated teams
Customer responsible for
security IN the
cloud
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data
Encryption & Data
Integrity Authentication
Server-side Encryption
(File System / Data)
Network Traffic
Protection (Encryption,
Integrity, Identity)
Cloud vendor responsible for
security OF the
cloud
Cloud Global
Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking
8©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
NO Threat Prevention in real time (L4-L7 protections)
NO Threat Extraction and Zero-day Sandboxing
NO Application Control & URL Filtering
NO Identity based authentication access to applications
NO Unified Management for all Clouds & Traditional Data Center
WHERE CLOUD NATIVE SECURITY FALLS SHORT
9©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams [Restricted] for designated teams
Lateral threat movements
Data breach due to misconfiguration
Abuse of cloud services
API hacking
Malicious insiders
THIS MIGHT EXPOSE YOU TO…
10©2017 Check Point Software Technologies Ltd.
CURRENT STATE OF CLOUD SECURITYNOT EVERY CLOUD HAS A SILVER LINING
11©2018 Check Point Software Technologies Ltd.
12©2017 Check Point Software Technologies Ltd.
Security must be as agile as your cloud
YOU NEED CLOUD SECURITY THAT ENABLES INNOVATION AND PROTECTS YOU FROM MODERN ATTACKS
…..and it must be effective!
13©2018 Check Point Software Technologies Ltd.
INTRODUCING
CHECK POINT CLOUDGUARD
PROTECTING ANY CLOUD, ANY SERVICE, ANYWHERE
14©2017 Check Point Software Technologies Ltd.
COMPREHENSIVE SECURITY ARCHITECTURE
Private Cloud & SDN Public IAAS
15©2017 Check Point Software Technologies Ltd.
CLOUDGUARDSECURITY AT THE SPEED OF DEVOPS
Advanced Threat Prevention
Adaptive Cloud Security Operation
Automated Cloud Security
Blueprint
16©2017 Check Point Software Technologies Ltd.
CLOUDGUARD – ADVANCED PROTECTION
Access Rules
Next Generation Firewall
Application and Data Security
Advanced Threat Prevention
Forensic Analysis
CloudVendor
17©2017 Check Point Software Technologies Ltd.
CLOUDGUARD – MICRO SEGMENTATION
CISCO ACI
Micro segment the Cloud with advanced protection between applications with tight Integration to SDN
App App
App App
18©2017 Check Point Software Technologies Ltd.
NorthboundHub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…
VPN
CLOUD SECURITY BLUEPRINT
19©2017 Check Point Software Technologies Ltd.
MULTI-CLOUD SECURITY BLUEPRINT
20©2017 Check Point Software Technologies Ltd.
APPLICATION-AWARE POLICY TIED TO CLOUD MANAGEMENT AND SDN
21©2017 Check Point Software Technologies Ltd.
CLOUDGUARD ADAPTIVE SECURITY
Check Point Access Policy
Rule From To Application Action
3
Web_SecurityGroup
AWS Object
DB_VM
vCenter Object
MSSQL Allow
4
CRM_SecurityGroup
Azure Object
SAP_SecurityGroup
NSX Object
CRM Allow
Drag & Drop dynamic policy with cloud objects
5
AWS_VPC
AWS Object
Azure_VNET
Azure Object
ADFS Allow
22©2017 Check Point Software Technologies Ltd.
ADAPTIVE SECURITY THAT ENABLES INNOVATION
Easy to secure and connect multi-cloud
applications
Applications are protected with the
best security
DevOps and IT Security speak the
same language
Policy is updated when application is
deleted
Application owner never waits
Reduce security tickets by 60%
23©2017 Check Point Software Technologies Ltd.
UNIFIED MANAGEMENT ACROSS ALL CHECK POINT'S SECURITY OFFERINGS
POWERED BY:
USERS DEVICES APPLICATIONS DATA GATEWAYS PRIVATECLOUD
PUBLICCLOUD
VIRTUAL GW
24©2017 Check Point Software Technologies Ltd.
A SINGLE VIEW INTO SECURITY RISK
POWERED BY:
25©2017 Check Point Software Technologies Ltd.
500,000,000+malicious activities detected daily
250,000,000addresses analyzed for bot discovery per year
11,000,000malwaresignatures
The world’s largest IoC database
Real-time inputs from traffic across 100K customer’s security gateways world wide
THE CHECK POINT ADVANTAGE
26©2018 Check Point Software Technologies Ltd.
Check Point CloudGuard IaaS:
Different cloud platforms
Provides truly adaptive security
Works like a native cloud service
• Single Management
SUMMARY
27©2018 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.
THANK YOU
Emmanuel Muncal | CP SE PHL
+63.917.863.2519
Disclaimer: These slides are originally presented in CSA APAC Congress 2018, Manila, Philippines.
Do not distribute or recreate copies. For more information please email: [email protected]