SlideShare une entreprise Scribd logo
1  sur  28
Télécharger pour lire hors ligne
©2016 Check Point Software Technologies Ltd. 1©2016 Check Point Software Technologies Ltd. [Confidential] For designated groups and individuals​
Adding more protection layers
at the endpoint
(aneb na co AV a FW nestačí)
Martin Koldovský | Threat Prevention
Security Engineer, Eastern Europe
SANDBLAST AGENT
Začínáme ve 13:35
©2016 Check Point Software Technologies Ltd. 2
Check Point BLOG
[Confidential] For designated groups and individuals​
• http://blog.checkpoint.com/tag/sandblast-agent-
forensics/
©2016 Check Point Software Technologies Ltd. 3[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
THREAT EXTRACTION
& EMULATION
FOR ENDPOINTS
• Deliver sanitized content
• Emulation of original files
• Protects web downloads
and file copy
Prevent
Zero-Day
Attacks
Identify &
Contain
Infections
Effective
Response &
Remediation
©2016 Check Point Software Technologies Ltd. 4
Prevent Endpoint Threats
[Confidential] For designated groups and individuals​
Attack Vectors that need to be covered
Outside of
the office
M2M inside
the
perimeter
Removable
Media
©2016 Check Point Software Technologies Ltd. 5
Prevent Endpoint Threats
[Confidential] For designated groups and individuals​
• Offer the same unknown malware
protection regardless of location
including downloads over HTTPS
• Protect from files arriving
encrypted or password protected
in archives or on removable media
• Protect from traffic arriving East-
West inside the network
©2016 Check Point Software Technologies Ltd. 6[Confidential] For designated groups and individuals​
SANDBLAST
CLOUD
(Public or Private)
Browser
Extension
Web downloads
Threat Extraction &
Threat Emulation
File-System
Monitor
Any file copied or created
Threat Emulation
Zero-day Protection – How it Works
©2016 Check Point Software Technologies Ltd. 7[Confidential] For designated groups and individuals​
Instant Protection for Web Downloads
Deliver safe content quickly
Convert to PDF or
a sanitized version in original format
©2016 Check Point Software Technologies Ltd. 8[Confidential] For designated groups and individuals​
Self-Catered, No Helpdesk
Overhead
Access to the Original File
After Threat Emulation is Completed
©2016 Check Point Software Technologies Ltd. 9[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
THREAT EXTRACTION
& EMULATION
FOR ENDPOINTS
• Deliver sanitized content
• Emulation of original files
• Protects web downloads
and file copy
Prevent
Zero-Day
Attacks
Identify &
Contain
Infections
Effective
Response &
Remediation

©2016 Check Point Software Technologies Ltd. 10[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
ANTI-BOT
& QUARANTINE FOR
ENDPOINTS
• Detect & Block C&C
communications
• Pinpoint infections
• Quarantine infected host
Prevent
Zero-Day
Attacks
Identify &
Contain
Infections
Effective
Response &
Remediation
©2016 Check Point Software Technologies Ltd. 11
Identify and Contain Threats
[Confidential] For designated groups and individuals​
Attack Vectors that need to be covered
Identify infection
outside of the
office
Block data
exfiltration outside
of the office
Quarantine and
remediate infected
machines
©2016 Check Point Software Technologies Ltd. 12
Identify and Contain Threats
[Confidential] For designated groups and individuals​
• Offer the same C&C detection
regardless of location with added
process / user information.
• Prevent data from being sent to
C&C and stop initial conversations
with known C&C servers
• Allow remediation of malicious
events and containment of
problem devices
©2016 Check Point Software Technologies Ltd. 13[Confidential] For designated groups and individuals​
 Lockdown and isolate infected machines
 Prevent malware damage
• Block Command and Control
Communications
• Prevent Data Exfiltration
Sandblast Agent: Anti-Bot
Anti-Bot on the Endpoint
 Identify compromised hosts
• Inside & Outside the network
• Pinpoint when inside the
network
 Detect the C&C Channel – and we know the host is infected
 Block the C&C Channel – and we contain the malware
Communications
Blocked
C&C communications
ANTI-BOT
©2016 Check Point Software Technologies Ltd. 14[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
ANTI-BOT
& QUARANTINE FOR
ENDPOINTS
• Detect & Block C&C
communications
• Pinpoint infections
• Quarantine infected host
Prevent
Zero-Day
Attacks
Identify &
Contain
Infections
Effective
Response &
Remediation


©2016 Check Point Software Technologies Ltd. 15
Identify &
Contain
Infections
[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
AUTOMATIC FORENSIC
ANALYSIS & ATTACK
REMEDIATION
• Incident Analysis
• Make network detections
actionable
• Understand AV detections
• Clean & remediate the full
attack
Prevent
Zero-Day
Attacks
Effective
Response &
Remediation
 
©2016 Check Point Software Technologies Ltd. 16[Confidential] For designated groups and individuals​
There is no incident response
Without incident understanding
Questions:
• Is it real?
• How did it enter?
• Was data stolen?
• How do we clean
it?
©2016 Check Point Software Technologies Ltd. 17
Making Todays Detections Actionable
[Confidential] For designated groups and individuals​
SandBlast Agent Forensics
Bot event
detected
C&C
communication
blocked
Infected host
C&C server
Understanding The Attack
©2016 Check Point Software Technologies Ltd. 18[Confidential] For designated groups and individuals​
Investigation Trigger
Identify the process that
accessed the C&C server
Identify Attack Origin
Chrome exploited while
browsing
Dropped
Malware
Dropper
downloads and
installs malware
Exploit Code
Dropper process
launched by Chrome
Activate Malware
Scheduled task
launches after boot
Attack traced even
across system
boots
©2016 Check Point Software Technologies Ltd. 19[Confidential] For designated groups and individuals​
Understanding an incident
Instant answers
to important questions
Malicious and
suspicious
activities
Drill-down detail
Severity
Q1: Is it a real infection?
©2016 Check Point Software Technologies Ltd. 20
Understanding an Incident
[Confidential] For designated groups and individuals​
Summary
Detail
Q2: How Did the Malware Get In?
©2016 Check Point Software Technologies Ltd. 21
Understanding an Incident
[Confidential] For designated groups and individuals​
Breached
data files
Q3: What is the Damage? Was data stolen?
©2016 Check Point Software Technologies Ltd. 22
From Understanding to Action
[Confidential] For designated groups and individuals​
Generate a
remediation
script
Q4: How to remediate? How do we clean it?
©2016 Check Point Software Technologies Ltd. 23[Confidential] For designated groups and individuals​​
Interactive Forensics Report
• Single view of entire attack
• Tracks all attack elements
• Spans multiple reboots
• Drill-down on any element
Comprehensive View of Attack Flow
©2016 Check Point Software Technologies Ltd. 24[Confidential] For designated groups and individuals​
Local Security
Event (TE, AB, AM)
Automated
Incident
Analysis
Ongoing Forensic
Data Collection
trigger
analysis
Digested
Incident Report
• Malicious Behaviour
• Attack Vector
• Data Breach
• Graphic Attack Model
• Quarantine and
Remediation
Network
Detection
3rd party AV
detection
IOC provided
manually
SmartEvent
How Forensics Analysis Works
©2016 Check Point Software Technologies Ltd. 25
Identify &
Contain
Infections
[Confidential] For designated groups and individuals​
SANDBLAST AGENT
Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s
AUTOMATIC FORENSIC
ANALYSIS & ATTACK
REMEDIATION
• Incident Analysis
• Make network detections
actionable
• Understand AV detections
• Clean & remediate the full
attack
Prevent
Zero-Day
Attacks
Effective
Response &
Remediation
 

©2016 Check Point Software Technologies Ltd. 26
SandBlast Agent – Closing the Loop
[Confidential] For designated groups and individuals​
PROTECTION
AND
CONTAINMENT
FORENSICS
AND
RESPONSE
M A K I N G D E T E C T I O N S A C T I O N A B L E
I M P R O V E S E C U R I T Y P O S T U R E
Automated Incident
Analysis
Policy Changes
IOC Updates
Remediation
©2016 Check Point Software Technologies Ltd.
Q&A
[Confidential] For designated groups and individuals​
©2016 Check Point Software Technologies Ltd.
HTTP://BLOG.CHECK
POINT.COM/TAG/SAN
DBLAST-AGENT-
FORENSICS/
[Confidential] For designated groups and individuals​

Contenu connexe

Tendances

Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůMarketingArrowECS_CZ
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYBlack Duck by Synopsys
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
RADAR - Le nouveau scanner de vulnérabilité par F-Secure
RADAR - Le nouveau scanner de vulnérabilité par F-SecureRADAR - Le nouveau scanner de vulnérabilité par F-Secure
RADAR - Le nouveau scanner de vulnérabilité par F-SecureNRC
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey מוטי שגיא
 

Tendances (20)

Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
 
Securing Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSECSecuring Your Cloud With Check Point's vSEC
Securing Your Cloud With Check Point's vSEC
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Check Point Threat emulation 2013
Check Point Threat emulation 2013Check Point Threat emulation 2013
Check Point Threat emulation 2013
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITY
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
RADAR - Le nouveau scanner de vulnérabilité par F-Secure
RADAR - Le nouveau scanner de vulnérabilité par F-SecureRADAR - Le nouveau scanner de vulnérabilité par F-Secure
RADAR - Le nouveau scanner de vulnérabilité par F-Secure
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
 

En vedette

Is Your Technology Vendor Misleading You?
Is Your Technology Vendor Misleading You?Is Your Technology Vendor Misleading You?
Is Your Technology Vendor Misleading You?Dameon Welch-Abernathy
 
BLAST (Basic local alignment search Tool)
BLAST (Basic local alignment search Tool)BLAST (Basic local alignment search Tool)
BLAST (Basic local alignment search Tool)Ariful Islam Sagar
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointMarcoTechnologies
 
Cisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak   navigating with a world of many cloudsCisco pat adamiak   navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many cloudsKhazret Sapenov
 
G2 server - Cloud není vhodný pro každého
G2 server - Cloud není vhodný pro každéhoG2 server - Cloud není vhodný pro každého
G2 server - Cloud není vhodný pro každéhoMarketingArrowECS_CZ
 
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...MarketingArrowECS_CZ
 
Delivering Services in a World of Many Clouds
Delivering Services in a World of Many CloudsDelivering Services in a World of Many Clouds
Delivering Services in a World of Many CloudsCisco Service Provider
 
PCE, OpenFlow, & the Centralized Control Plane
PCE, OpenFlow, & the Centralized Control PlanePCE, OpenFlow, & the Centralized Control Plane
PCE, OpenFlow, & the Centralized Control PlaneMetaswitch NTD
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSailaja Tennati
 
From virtual to high end HW routing for the adult
From virtual to high end HW routing for the adultFrom virtual to high end HW routing for the adult
From virtual to high end HW routing for the adultMarketingArrowECS_CZ
 
Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Sean Andersen
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraMarketingArrowECS_CZ
 
Open management interfaces for NFV
Open management interfaces for NFVOpen management interfaces for NFV
Open management interfaces for NFVAnees Shaikh
 
Ключевые тенденции отрасли в последнее время
Ключевые тенденции отрасли в последнее времяКлючевые тенденции отрасли в последнее время
Ключевые тенденции отрасли в последнее времяSkillFactory
 

En vedette (15)

Is Your Technology Vendor Misleading You?
Is Your Technology Vendor Misleading You?Is Your Technology Vendor Misleading You?
Is Your Technology Vendor Misleading You?
 
BLAST (Basic local alignment search Tool)
BLAST (Basic local alignment search Tool)BLAST (Basic local alignment search Tool)
BLAST (Basic local alignment search Tool)
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
Cisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak   navigating with a world of many cloudsCisco pat adamiak   navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many clouds
 
G2 server - Cloud není vhodný pro každého
G2 server - Cloud není vhodný pro každéhoG2 server - Cloud není vhodný pro každého
G2 server - Cloud není vhodný pro každého
 
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
 
Delivering Services in a World of Many Clouds
Delivering Services in a World of Many CloudsDelivering Services in a World of Many Clouds
Delivering Services in a World of Many Clouds
 
Veeam - Dostupnost Always-On
Veeam - Dostupnost Always-On Veeam - Dostupnost Always-On
Veeam - Dostupnost Always-On
 
PCE, OpenFlow, & the Centralized Control Plane
PCE, OpenFlow, & the Centralized Control PlanePCE, OpenFlow, & the Centralized Control Plane
PCE, OpenFlow, & the Centralized Control Plane
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical Overview
 
From virtual to high end HW routing for the adult
From virtual to high end HW routing for the adultFrom virtual to high end HW routing for the adult
From virtual to high end HW routing for the adult
 
Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1Mplswc2006 white paper-v1.1
Mplswc2006 white paper-v1.1
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
 
Open management interfaces for NFV
Open management interfaces for NFVOpen management interfaces for NFV
Open management interfaces for NFV
 
Ключевые тенденции отрасли в последнее время
Ключевые тенденции отрасли в последнее времяКлючевые тенденции отрасли в последнее время
Ключевые тенденции отрасли в последнее время
 

Similaire à SandBlast Agent

Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...eGov Magazine
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddcCSA Argentina
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival:  Are You Ready?Cyber Attack Survival:  Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Denim Group
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Webinar - Nuage Networks Integration with Check Point vSEC Gateway
Webinar - Nuage Networks Integration with Check Point vSEC GatewayWebinar - Nuage Networks Integration with Check Point vSEC Gateway
Webinar - Nuage Networks Integration with Check Point vSEC GatewayHussein Khazaal
 
Completing your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check PointCompleting your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check Pointaliciasyc
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiMarketingArrowECS_CZ
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Detección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointDetección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointNextel S.A.
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscapeMotiv
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemMarketingArrowECS_CZ
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 

Similaire à SandBlast Agent (20)

Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddc
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival:  Are You Ready?Cyber Attack Survival:  Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Webinar - Nuage Networks Integration with Check Point vSEC Gateway
Webinar - Nuage Networks Integration with Check Point vSEC GatewayWebinar - Nuage Networks Integration with Check Point vSEC Gateway
Webinar - Nuage Networks Integration with Check Point vSEC Gateway
 
Completing your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check PointCompleting your Next Generation Threat Prevention - Check Point
Completing your Next Generation Threat Prevention - Check Point
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Detección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointDetección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check Point
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscape
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
CleanDNS_enUS
CleanDNS_enUSCleanDNS_enUS
CleanDNS_enUS
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 

Plus de MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfMarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaMarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceMarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeMarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle softwareMarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částMarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyMarketingArrowECS_CZ
 

Plus de MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Dernier

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 

Dernier (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 

SandBlast Agent

  • 1. ©2016 Check Point Software Technologies Ltd. 1©2016 Check Point Software Technologies Ltd. [Confidential] For designated groups and individuals​ Adding more protection layers at the endpoint (aneb na co AV a FW nestačí) Martin Koldovský | Threat Prevention Security Engineer, Eastern Europe SANDBLAST AGENT Začínáme ve 13:35
  • 2. ©2016 Check Point Software Technologies Ltd. 2 Check Point BLOG [Confidential] For designated groups and individuals​ • http://blog.checkpoint.com/tag/sandblast-agent- forensics/
  • 3. ©2016 Check Point Software Technologies Ltd. 3[Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s THREAT EXTRACTION & EMULATION FOR ENDPOINTS • Deliver sanitized content • Emulation of original files • Protects web downloads and file copy Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation
  • 4. ©2016 Check Point Software Technologies Ltd. 4 Prevent Endpoint Threats [Confidential] For designated groups and individuals​ Attack Vectors that need to be covered Outside of the office M2M inside the perimeter Removable Media
  • 5. ©2016 Check Point Software Technologies Ltd. 5 Prevent Endpoint Threats [Confidential] For designated groups and individuals​ • Offer the same unknown malware protection regardless of location including downloads over HTTPS • Protect from files arriving encrypted or password protected in archives or on removable media • Protect from traffic arriving East- West inside the network
  • 6. ©2016 Check Point Software Technologies Ltd. 6[Confidential] For designated groups and individuals​ SANDBLAST CLOUD (Public or Private) Browser Extension Web downloads Threat Extraction & Threat Emulation File-System Monitor Any file copied or created Threat Emulation Zero-day Protection – How it Works
  • 7. ©2016 Check Point Software Technologies Ltd. 7[Confidential] For designated groups and individuals​ Instant Protection for Web Downloads Deliver safe content quickly Convert to PDF or a sanitized version in original format
  • 8. ©2016 Check Point Software Technologies Ltd. 8[Confidential] For designated groups and individuals​ Self-Catered, No Helpdesk Overhead Access to the Original File After Threat Emulation is Completed
  • 9. ©2016 Check Point Software Technologies Ltd. 9[Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s THREAT EXTRACTION & EMULATION FOR ENDPOINTS • Deliver sanitized content • Emulation of original files • Protects web downloads and file copy Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation 
  • 10. ©2016 Check Point Software Technologies Ltd. 10[Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s ANTI-BOT & QUARANTINE FOR ENDPOINTS • Detect & Block C&C communications • Pinpoint infections • Quarantine infected host Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation
  • 11. ©2016 Check Point Software Technologies Ltd. 11 Identify and Contain Threats [Confidential] For designated groups and individuals​ Attack Vectors that need to be covered Identify infection outside of the office Block data exfiltration outside of the office Quarantine and remediate infected machines
  • 12. ©2016 Check Point Software Technologies Ltd. 12 Identify and Contain Threats [Confidential] For designated groups and individuals​ • Offer the same C&C detection regardless of location with added process / user information. • Prevent data from being sent to C&C and stop initial conversations with known C&C servers • Allow remediation of malicious events and containment of problem devices
  • 13. ©2016 Check Point Software Technologies Ltd. 13[Confidential] For designated groups and individuals​  Lockdown and isolate infected machines  Prevent malware damage • Block Command and Control Communications • Prevent Data Exfiltration Sandblast Agent: Anti-Bot Anti-Bot on the Endpoint  Identify compromised hosts • Inside & Outside the network • Pinpoint when inside the network  Detect the C&C Channel – and we know the host is infected  Block the C&C Channel – and we contain the malware Communications Blocked C&C communications ANTI-BOT
  • 14. ©2016 Check Point Software Technologies Ltd. 14[Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s ANTI-BOT & QUARANTINE FOR ENDPOINTS • Detect & Block C&C communications • Pinpoint infections • Quarantine infected host Prevent Zero-Day Attacks Identify & Contain Infections Effective Response & Remediation  
  • 15. ©2016 Check Point Software Technologies Ltd. 15 Identify & Contain Infections [Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s AUTOMATIC FORENSIC ANALYSIS & ATTACK REMEDIATION • Incident Analysis • Make network detections actionable • Understand AV detections • Clean & remediate the full attack Prevent Zero-Day Attacks Effective Response & Remediation  
  • 16. ©2016 Check Point Software Technologies Ltd. 16[Confidential] For designated groups and individuals​ There is no incident response Without incident understanding Questions: • Is it real? • How did it enter? • Was data stolen? • How do we clean it?
  • 17. ©2016 Check Point Software Technologies Ltd. 17 Making Todays Detections Actionable [Confidential] For designated groups and individuals​ SandBlast Agent Forensics Bot event detected C&C communication blocked Infected host C&C server Understanding The Attack
  • 18. ©2016 Check Point Software Technologies Ltd. 18[Confidential] For designated groups and individuals​ Investigation Trigger Identify the process that accessed the C&C server Identify Attack Origin Chrome exploited while browsing Dropped Malware Dropper downloads and installs malware Exploit Code Dropper process launched by Chrome Activate Malware Scheduled task launches after boot Attack traced even across system boots
  • 19. ©2016 Check Point Software Technologies Ltd. 19[Confidential] For designated groups and individuals​ Understanding an incident Instant answers to important questions Malicious and suspicious activities Drill-down detail Severity Q1: Is it a real infection?
  • 20. ©2016 Check Point Software Technologies Ltd. 20 Understanding an Incident [Confidential] For designated groups and individuals​ Summary Detail Q2: How Did the Malware Get In?
  • 21. ©2016 Check Point Software Technologies Ltd. 21 Understanding an Incident [Confidential] For designated groups and individuals​ Breached data files Q3: What is the Damage? Was data stolen?
  • 22. ©2016 Check Point Software Technologies Ltd. 22 From Understanding to Action [Confidential] For designated groups and individuals​ Generate a remediation script Q4: How to remediate? How do we clean it?
  • 23. ©2016 Check Point Software Technologies Ltd. 23[Confidential] For designated groups and individuals​​ Interactive Forensics Report • Single view of entire attack • Tracks all attack elements • Spans multiple reboots • Drill-down on any element Comprehensive View of Attack Flow
  • 24. ©2016 Check Point Software Technologies Ltd. 24[Confidential] For designated groups and individuals​ Local Security Event (TE, AB, AM) Automated Incident Analysis Ongoing Forensic Data Collection trigger analysis Digested Incident Report • Malicious Behaviour • Attack Vector • Data Breach • Graphic Attack Model • Quarantine and Remediation Network Detection 3rd party AV detection IOC provided manually SmartEvent How Forensics Analysis Works
  • 25. ©2016 Check Point Software Technologies Ltd. 25 Identify & Contain Infections [Confidential] For designated groups and individuals​ SANDBLAST AGENT Z e r o - D a y P r o t e c t i o n f o r E n d p o i n t s AUTOMATIC FORENSIC ANALYSIS & ATTACK REMEDIATION • Incident Analysis • Make network detections actionable • Understand AV detections • Clean & remediate the full attack Prevent Zero-Day Attacks Effective Response & Remediation   
  • 26. ©2016 Check Point Software Technologies Ltd. 26 SandBlast Agent – Closing the Loop [Confidential] For designated groups and individuals​ PROTECTION AND CONTAINMENT FORENSICS AND RESPONSE M A K I N G D E T E C T I O N S A C T I O N A B L E I M P R O V E S E C U R I T Y P O S T U R E Automated Incident Analysis Policy Changes IOC Updates Remediation
  • 27. ©2016 Check Point Software Technologies Ltd. Q&A [Confidential] For designated groups and individuals​
  • 28. ©2016 Check Point Software Technologies Ltd. HTTP://BLOG.CHECK POINT.COM/TAG/SAN DBLAST-AGENT- FORENSICS/ [Confidential] For designated groups and individuals​