Time
4 hours 44 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
Hello and welcome to check point jump start training.
00:04
This training is intended for someone who's just purchased the checkpoint
00:11
firewall product and
00:12
needs to get it deployed. Needs to get it up and running,
00:15
so this will not be a deep dive
00:18
into checkpoint technologies.
00:20
Instead, it will cover what's needed to get up and running
00:25
quickly with your checkpoint firewall
00:28
deployment.
00:30
It's useful as a prerequisite if you have checkpoint devices already in your racks, powered on and ready to configure and deploy.
00:42
It's also useful if you have some networking experience. Familiarity with the I P and TCP protocols
00:50
with
00:51
how sub nets work and routing.
00:55
It would also be useful if you have some Lennox or UNIX experience, but that's not necessary.
01:02
This first module will be an introduction to the checkpoint solution,
01:07
so we're going to discuss the history of attacks and the protections that have evolved against those attacks
01:15
and then the current threat landscape and protections that are required Today.
01:23
Check Point
01:23
provides those protections in its infinity architecture, which includes Brett Cloud,
01:30
which centralizes
01:33
Rhett and Security information,
01:37
and Sandblast, which provides for
01:41
security threat prevention and other features.
01:46
So historically
01:49
attacks
01:51
began with computer viruses, and this was back in the mid late eighties. In 1986 for instance, the brain virus first widely documented computer virus
02:01
was discovered,
02:04
and it's spread
02:06
through infected floppy drives
02:07
to infect the boot sector of your computer.
02:13
And then, ah, floppy inserted into an infected computer would have this virus written to it.
02:21
And that's how these early viruses spread
02:24
mostly manually.
02:27
And
02:28
when these viruses became a serious threat, an industry arose to counter that threat. Antivirus industry.
02:38
Then, in the mid nineties,
02:40
it became more common and easier to get connected to the Internet.
02:46
Businesses, institutions and individuals would have Internet access,
02:52
and as a result,
02:53
we saw that
02:54
servers and desktops another hosts that were accessible from the Internet,
03:01
subject to attacks coming in over the Internet.
03:06
And this was facilitated by the fact that you didn't have to be physically present to attack an Internet accessible host.
03:13
You could be across the city, across the country or across the world,
03:17
and you could do it with relative impunity. There's very little risk that you would be caught and prosecuted.
03:24
The protection that evolved to counter this threat
03:30
was the firewall
03:30
firewalls allowed an administrator
03:34
to determine what sort of Internet traffic
03:38
is
03:38
appropriate and allowed into my network,
03:43
and everything else will drop
03:46
in. The next generation of attacks started appearing that
03:52
targeted vulnerabilities exploiting vulnerabilities and applications, and this included
03:57
Web applications but also
03:59
office suite applications, email applications, document viewer applications,
04:05
soap.
04:08
The protection that evolved against this generation three attack was Intrusion prevention, which would normally typically use signatures of known threats
04:20
to recognize that this is a known threat, and I'm not going to allow it in.
04:27
Then,
04:28
starting in the 2000 tens
04:30
fourth generation of threats arose, which
04:34
we saw
04:35
malware that would change itself every time it spread through re compilation or re encryption or other techniques.
04:46
This was a counter measure designed to defeat intrusion prevention and anti virus,
04:51
which at the time were mostly signature based.
04:56
Let's not provide a fixed signature for detection.
05:00
The
05:02
protection, which evolved against polymorphic content, was behavioral analysis, where
05:09
when we get a suspicious or unknown execute herbal sample,
05:15
let's execute it in a protected, virtualized emulated environment
05:21
and see what it does.
05:23
Does it behave like a normal, safe application would
05:29
or does it do something out of the ordinary suspicious, such as attempt to write
05:34
sensitive registry keys or or sensitive files in the file system.
05:43
Today,
05:44
the current Generation five attacks that we see are very large skill targeting
05:50
businesses or entire industries, even entire countries.
05:57
And these attacks are coming from multiple places. Multiple vectors
06:01
over the Internet, certainly. But
06:04
we have firewalls now, so let's try other vectors to get our attacks into your network.
06:12
Using your cloud deployed resource is as Mawr and Mawr institutions and businesses are moving some of their processing and and and production into the cloud that exposes Thean er workings of their data centers to the Internet.
06:30
Also, mobile devices,
06:33
as everyone now has a smartphone
06:39
targeting the applications and even the operating systems of these smart phones has been productive.
06:45
And these attacks the Mauer that the tools, the threats,
06:50
our high quality, sophisticated
06:55
and this is because in many cases they're being funded and supported
07:00
by city state ever sorry by nation states
07:03
by governments
07:06
as well as perhaps by competitors.
07:11
So as a result, the number of vulnerabilities that have been publicly disclosed
07:15
a skyrocketed almost tripling from 2016 to 2018.
07:21
In mobile applications,
07:25
vulnerabilities are becoming
07:27
routinely discovered
07:30
and exploited
07:32
and again, as resource is and production are moved out to the cloud,
07:39
we aren't good at securing these cloud Resource is, and so that provides yet another vector for attack
07:48
checkpoints. Response to this is it's Infinity architecture.
07:55
The Infinity architecture is a consolidated security platform
08:00
that provides full threat prevention,
08:03
not detection
08:05
across the organization.
08:09
So, for instance, at the network level
08:11
firewalls, they're still inappropriate solution. But the checkpoint solution
08:16
provides
08:18
much more functionality than a simple firewall that does access control. In addition,
08:24
checkpoint firewalls can provide intrusion prevention,
08:28
and I bought
08:31
Fred extraction and Threat emulation,
08:35
data loss prevention and more.
08:37
And the Checkpoint firewall product line ranges from a very small device, which is suitable for your home office
08:46
or small branch office
08:48
up to
08:50
carrier grade appliances that can handle a staggering amount of traffic. And all of these devices
08:58
implement and provide the full range of protections
09:05
for end point devices. Checkpoints sandblast technology
09:11
can do seep you level emulation of unknown samples
09:16
and prevent zero day attacks,
09:20
also with endpoint devices such as desktops and laptops ransomware is becoming an increasing problem.
09:28
Checkpoint can detect and prevent Ransomware
09:33
based on, among other things, behavioral analysis is this application encrypting files in a suspicious manner
09:43
and provide for remediation through the use of micro backups that we can easily roll back if there were undesired changes.
09:52
Also, forensics
09:54
to
09:54
analyze what has happened and
09:58
how did it happen?
10:01
We're centralized reporting and remediation. In addition, on the End Point
10:05
Access Control Fire wall, which is centrally managed,
10:09
hard drive and removable drive encryption documents, security data loss prevention, U R L filtering
10:18
compliance requirements and detection all of these
10:24
in one product for mobile devices
10:26
checkpoints mobile endpoint security
10:31
can scan APS to make sure that their trusted and not known malware
10:37
and provide for lost device
10:41
protection devices reported lost or stolen
10:45
data on it can be remotely wiped. Also, you contract the location of the device.
10:50
In addition, remote access V, P M. Documents, security
10:54
and
10:56
protected
10:56
enclave or or envelope around sensitive business data, which only said which only trusted applications can access.
11:07
This is all managed
11:09
in one place. Security administrator has one gooey toe open to manage all of this
11:16
as well as to monitor to respond to ongoing security threats.
11:24
Checkpoints
11:26
Threat Cloud
11:31
gives you centralized intelligence of security events and threats
11:39
with over 86 billion
11:41
new pieces of information entering the threat cloud every day, which is then disseminated to over 100,000 checkpoint customers
11:52
automatically.
11:52
So, for instance, if a
11:56
but net is discovered with these host acting as command and control servers,
12:01
that information
12:05
is transmitted to Threat Cloud
12:07
and then all checkpoint customers
12:11
are protected. Any attempt to communicate to these known command and control server I P addresses can be blocked automatically without the administrator having to install new policy.
12:24
Also, Threat Cloud
12:26
can do threat emulation.
12:28
A checkpoint customer who receives some unknown sample over the Internet
12:35
could forward that sample
12:37
The Threat Cloud, which runs that sample in an emulated environment
12:41
and checks its behavior. Does it act like a normal application, or is it doing something out of the ordinary?
12:50
We can check point or Sorry, we can check some
12:54
this application,
12:56
and then when other checkpoint customers get the same unknown sample, they check some that sample and asked Threat cloud.
13:03
Have you seen this? Check some and threat cloud can respond. Yes, I have. It's OK or yes, I have. It's bad
13:13
and this stops over 7000.
13:16
Brand new zero day Not previously seen
13:22
Brents samples every day.
13:28
Sandblast is ah family of advanced threat prevention technologies that include at
13:35
the CPU level threat emulation
13:37
to detect malware before the mall wears, exploit code can run.
13:43
In addition,
13:46
bread extraction can remove
13:48
questionable or dangerous content from pdf files. Other document formats, email messages, Web pages and more.
14:00
Check 0.0 fishing
14:01
prevents sending sensitive information such as credentials or payment card information to fraudulent senders or fraudulent websites.
14:13
And point forensics provides
14:16
recording an analysis of endpoint events with centralized reporting,
14:22
centralized monitoring
14:24
and centralized remediation.
14:28
Zero ransomware
14:30
monitors for suspicious activities such as encrypting files
14:35
and can provide remediation through the use of short term micro backups that we can use to roll back any changes that have been made by your ransomware.
14:48
So
14:50
we've talked a little bit about
14:52
the historical and current threat landscape and protections that have resulted,
14:58
including the current today threat landscape and the current protections against
15:05
this.
15:05
That landscape
15:07
checkpoint implements these protections in its infinity architecture, which includes threat cloud centralized security, intelligence
15:16
and sandblast
15:18
that can prevent an remove threats
15:22
from endpoint devices,
15:26
network devices and so on.
15:28
Thank you for attending this training.

Up Next

Check Point Jump Start

In this course brought to you by industry leader Check Point, they will cover cybersecurity threats and elements of Check Point's Security Management architecture. This course will prepare you for their exam, #156-411, at Pearson Vue.

Instructed By

Instructor Profile Image
CheckPoint
Instructor