4 hours 44 minutes
Hello and welcome to check point jump start training.
This training is intended for someone who's just purchased the checkpoint
firewall product and
needs to get it deployed. Needs to get it up and running,
so this will not be a deep dive
into checkpoint technologies.
Instead, it will cover what's needed to get up and running
quickly with your checkpoint firewall
It's useful as a prerequisite if you have checkpoint devices already in your racks, powered on and ready to configure and deploy.
It's also useful if you have some networking experience. Familiarity with the I P and TCP protocols
how sub nets work and routing.
It would also be useful if you have some Lennox or UNIX experience, but that's not necessary.
This first module will be an introduction to the checkpoint solution,
so we're going to discuss the history of attacks and the protections that have evolved against those attacks
and then the current threat landscape and protections that are required Today.
provides those protections in its infinity architecture, which includes Brett Cloud,
Rhett and Security information,
and Sandblast, which provides for
security threat prevention and other features.
began with computer viruses, and this was back in the mid late eighties. In 1986 for instance, the brain virus first widely documented computer virus
and it's spread
through infected floppy drives
to infect the boot sector of your computer.
And then, ah, floppy inserted into an infected computer would have this virus written to it.
And that's how these early viruses spread
when these viruses became a serious threat, an industry arose to counter that threat. Antivirus industry.
Then, in the mid nineties,
it became more common and easier to get connected to the Internet.
Businesses, institutions and individuals would have Internet access,
and as a result,
we saw that
servers and desktops another hosts that were accessible from the Internet,
subject to attacks coming in over the Internet.
And this was facilitated by the fact that you didn't have to be physically present to attack an Internet accessible host.
You could be across the city, across the country or across the world,
and you could do it with relative impunity. There's very little risk that you would be caught and prosecuted.
The protection that evolved to counter this threat
was the firewall
firewalls allowed an administrator
to determine what sort of Internet traffic
appropriate and allowed into my network,
and everything else will drop
in. The next generation of attacks started appearing that
targeted vulnerabilities exploiting vulnerabilities and applications, and this included
Web applications but also
office suite applications, email applications, document viewer applications,
The protection that evolved against this generation three attack was Intrusion prevention, which would normally typically use signatures of known threats
to recognize that this is a known threat, and I'm not going to allow it in.
starting in the 2000 tens
fourth generation of threats arose, which
malware that would change itself every time it spread through re compilation or re encryption or other techniques.
This was a counter measure designed to defeat intrusion prevention and anti virus,
which at the time were mostly signature based.
Let's not provide a fixed signature for detection.
protection, which evolved against polymorphic content, was behavioral analysis, where
when we get a suspicious or unknown execute herbal sample,
let's execute it in a protected, virtualized emulated environment
and see what it does.
Does it behave like a normal, safe application would
or does it do something out of the ordinary suspicious, such as attempt to write
sensitive registry keys or or sensitive files in the file system.
the current Generation five attacks that we see are very large skill targeting
businesses or entire industries, even entire countries.
And these attacks are coming from multiple places. Multiple vectors
over the Internet, certainly. But
we have firewalls now, so let's try other vectors to get our attacks into your network.
Using your cloud deployed resource is as Mawr and Mawr institutions and businesses are moving some of their processing and and and production into the cloud that exposes Thean er workings of their data centers to the Internet.
Also, mobile devices,
as everyone now has a smartphone
targeting the applications and even the operating systems of these smart phones has been productive.
And these attacks the Mauer that the tools, the threats,
our high quality, sophisticated
and this is because in many cases they're being funded and supported
by city state ever sorry by nation states
as well as perhaps by competitors.
So as a result, the number of vulnerabilities that have been publicly disclosed
a skyrocketed almost tripling from 2016 to 2018.
In mobile applications,
vulnerabilities are becoming
and again, as resource is and production are moved out to the cloud,
we aren't good at securing these cloud Resource is, and so that provides yet another vector for attack
checkpoints. Response to this is it's Infinity architecture.
The Infinity architecture is a consolidated security platform
that provides full threat prevention,
across the organization.
So, for instance, at the network level
firewalls, they're still inappropriate solution. But the checkpoint solution
much more functionality than a simple firewall that does access control. In addition,
checkpoint firewalls can provide intrusion prevention,
and I bought
Fred extraction and Threat emulation,
data loss prevention and more.
And the Checkpoint firewall product line ranges from a very small device, which is suitable for your home office
or small branch office
carrier grade appliances that can handle a staggering amount of traffic. And all of these devices
implement and provide the full range of protections
for end point devices. Checkpoints sandblast technology
can do seep you level emulation of unknown samples
and prevent zero day attacks,
also with endpoint devices such as desktops and laptops ransomware is becoming an increasing problem.
Checkpoint can detect and prevent Ransomware
based on, among other things, behavioral analysis is this application encrypting files in a suspicious manner
and provide for remediation through the use of micro backups that we can easily roll back if there were undesired changes.
analyze what has happened and
how did it happen?
We're centralized reporting and remediation. In addition, on the End Point
Access Control Fire wall, which is centrally managed,
hard drive and removable drive encryption documents, security data loss prevention, U R L filtering
compliance requirements and detection all of these
in one product for mobile devices
checkpoints mobile endpoint security
can scan APS to make sure that their trusted and not known malware
and provide for lost device
protection devices reported lost or stolen
data on it can be remotely wiped. Also, you contract the location of the device.
In addition, remote access V, P M. Documents, security
enclave or or envelope around sensitive business data, which only said which only trusted applications can access.
This is all managed
in one place. Security administrator has one gooey toe open to manage all of this
as well as to monitor to respond to ongoing security threats.
gives you centralized intelligence of security events and threats
with over 86 billion
new pieces of information entering the threat cloud every day, which is then disseminated to over 100,000 checkpoint customers
So, for instance, if a
but net is discovered with these host acting as command and control servers,
is transmitted to Threat Cloud
and then all checkpoint customers
are protected. Any attempt to communicate to these known command and control server I P addresses can be blocked automatically without the administrator having to install new policy.
Also, Threat Cloud
can do threat emulation.
A checkpoint customer who receives some unknown sample over the Internet
could forward that sample
The Threat Cloud, which runs that sample in an emulated environment
and checks its behavior. Does it act like a normal application, or is it doing something out of the ordinary?
We can check point or Sorry, we can check some
and then when other checkpoint customers get the same unknown sample, they check some that sample and asked Threat cloud.
Have you seen this? Check some and threat cloud can respond. Yes, I have. It's OK or yes, I have. It's bad
and this stops over 7000.
Brand new zero day Not previously seen
Brents samples every day.
Sandblast is ah family of advanced threat prevention technologies that include at
the CPU level threat emulation
to detect malware before the mall wears, exploit code can run.
bread extraction can remove
questionable or dangerous content from pdf files. Other document formats, email messages, Web pages and more.
Check 0.0 fishing
prevents sending sensitive information such as credentials or payment card information to fraudulent senders or fraudulent websites.
And point forensics provides
recording an analysis of endpoint events with centralized reporting,
and centralized remediation.
monitors for suspicious activities such as encrypting files
and can provide remediation through the use of short term micro backups that we can use to roll back any changes that have been made by your ransomware.
we've talked a little bit about
the historical and current threat landscape and protections that have resulted,
including the current today threat landscape and the current protections against
checkpoint implements these protections in its infinity architecture, which includes threat cloud centralized security, intelligence
that can prevent an remove threats
from endpoint devices,
network devices and so on.
Thank you for attending this training.