Implementing Checkpoint for Productivity

Bill Kohler, CIO, Americas International SOS
211
359
68

Bill Kohler, CIO, Americas International SOS

The Next Generation Threat Prevention space:

Today’s malicious code is very sophisticated, often using evasion techniques and other obfuscation methods to avoid detection by traditional signature-based anti-malware solutions. While signature-based threat prevention is as still quite good at detecting and preventing 99 percent of the threats out there, and that’s critically important to an organizations overall information security posture, it is insufficient at preventing zero-day and other unknown threats to the organization and those unknown threats can have serious implications. That’s where some of the newer technologies fill the gap. Sandboxing and threat extraction are two of the latest in anti-malware threat prevention technologies that focus specifically on preventing zero-day attacks. For the uninitiated, sandboxing is a technology that executes files in a virtual machine environment, looking for strange behaviors and then deciding on whether to allow the file or block it based on those behaviors. Typically, these are the files that users receive via email or download from the web. All of this is performed, either on premise on via cloud technologies, in line in the normal flow of network traffic, before the end user ever receives the file. That PDF you downloaded might have active content, and that might be completely legitimate, but let’s say for example that it attempts to modify the startup programs of the computer. That’s probably something that a legitimate PDF file would not attempt to do. In this case, the sandbox technology would flag that strange activity in the virtual environment and block the file in-line, before it ever reaches the end-users’ workstation before it has a chance to execute on a real workstation on the network and cause any damage. Checkpoint is on its second generation of sandbox technology, called Sandblast and represents a marked improvement. One of the problems with sandboxing technologies is that malware creators know it exists, and actively work to evade it. They can accomplish this through different techniques such as simply instructing their malware to wait until the sandbox times out and allows the file to pass. In that way, the sandbox would never see the bad behavior of the malware. Sandblast employs methods to detect these evasion techniques and flags that behavior itself as suspicious. Another part of Sandblast is threat extraction.  Again, this technology is in-line, examining downloaded files and other content, but rather than looking for bad behavior, it actively removes any exploitable content, embedded JavaScript or office macros for example that could be used to execute malicious code, this way your user can receive that critical document and begin working on it, not waiting for the security technology to finish its job which could add costly delays. The un-altered file remains available. In case the threat extraction harmed the file in any way, the user can simply request an unaltered copy, if it doesn’t contain malware of course.

  ​One of the things we’ve done with our  clients is micro-segmentation of our network using Checkpoint security gateways    

Advice on implementing Checkpoint Security Management:

First and foremost, develop a good vulnerability management and patching program. Something like high 90s percent of attacks are performed using exploits of known vulnerabilities that have existed for upwards of ten years or more. That’s a substantial amount of attacks that could easily be prevented by keeping software patches up-to-date. It’s probably the best bang for your buck available in terms of risk mitigation. Assuming you’ve already taken care of known vulnerabilities and patching, understand that in today’s security landscape it’s all about the data. What is the data you’re trying to protect, where does it live, and what are the associated business risks that come along with being custodians of that data? With the numerous data protection laws, there can be very significant penalties associated with breaches and reputational risk is real. Our customers, many of them Fortune 100, don’t want to do businesses with companies that are lax on security. You can see it with the number of security and compliance related questions coming in their RFPs. About 35 percent of incoming RFP questions are related to security – that’s substantial given our core business is about providing assistance services to companies and the people that work for them. Once you know the data, that’s where things get interesting and Checkpoint can help. One of the things we’ve done with our  clients  is micro-segmentation of our network using Checkpoint security gateways. We know our different types of data, where the data lives and who needs to access it and thus we’ve built a security architecture around that, with Checkpoint being the core of the network and a central security inspection point. In this way Checkpoint next generation threat prevention technologies are applied every step of the way as information flows from system to system within our private cloud; from the internet user to the web layer, application layer to database, from database to backend reporting system, etc. Though we have very good and trustworthy people working for us, the threat of insider attack is a possibility we must consider and micro-segmentation gives us the tools to protect data at both the perimeter and internally. Once micro-segmentation is complete, that will provide very effective security eyes and ears within your network. But once having this information available, it’s only useful and protecting the organization if someone is monitoring and reacting to the constant stream of information that will be generated. Develop a good security operations program to make sense of that information and an incident response plan to go with it. With cost pressures of today it can be challenging to build that capability internally and so there are plenty of companies out there to help, such as Checkpoints Threat cloud service. Make sure that everyone knows what to do in the event of a breach. You don’t want people guessing if one occurs. Everyone should already have a good idea of what they should be doing.

Read Also

Safer Deposits: Beating the Cyber-threats Targeting Banks

Gadi Naveh, Threat Prevention Evangelist, Check Point Software Technologies, Ltd

How to Curb Security Threats

Jason Worley, CIO, Adeptus [NYSE:ADPT]

Top 3 Lessons for the Modern CIO

Ryan Fay, Global CIO, ACI Specialty Benefits