Anda di halaman 1dari 10

C Y BER SECURI T Y USE C A SE

CONSOLIDATED SECURITY ARCHITECTURE


VS. POINT SOLUTIONS

2
17
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 2

EXECUTIVE SUMMARY
Like any multinational company, ABC law firm handles a lot of confidential
information for their clients. They need to be able to share information
across their network without risking a security breach. In the past,
whenever the firm experienced a new type of attack the security team
added a new dedicated security product. This eventually led to a security
architecture that is a “patchwork” of nine different point solution vendors
without effective centralized management.

In this Use Case scenario we use the anatomy of a real cyber attack to
contrast the point solution approach with a consolidated cybersecurity
architecture. We outline the attack flow, the security gaps that allowed
the attack to be successful, and what is needed to fill those gaps. We
demonstrate how, by adopting a consolidated approach with the Check
Point Infinity Security Architecture, ABC firm was able to seal substantial
security gaps and gain pre-emptive protection against even advanced
fifth generation attacks, all while increasing operational efficiency and
reducing security costs.
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 3

THE PROBLEM
ABC LAW FIRM WAS A VICTIM OF A DATA BREACH
BACKGROUND: ABC law firm operates 10 offices across US and Europe with almost 1,000 employees.
It represents high level clients—from Fortune 500 companies to trade associations in
high-stakes regulatory and litigation matters..

THE ATTACK: The attack compromised sensitive information of more than hundred legal cases. A
hacker got into the company’s network using a compromised mobile device of one of
the employees, and had completed inside access for 60 days, during which time he was
able to make his way into the customer database application.

IMPACT: More than $1.5M USD and reputational damage.

The Attack Flow


Breach
was
detected

Day 1 Day 2 Day 3 Day 60


Figure 1: Law Firm ABC’s Attack Scenario

DAY 1: The hacker launched a phishing campaign targeting many of the


company employees. One employee, who opened the malicious DID YOU KNOW?
email from his mobile device, clicked on the phishing URL;
immediately a “Trojan Horse” type of malware was downloaded
• 81% of breaches
and installed on his device.
involve stolen or
DAY 2: With full control over the mobile device of the employee, the hacker weak credentials1
sent an email with an attachment containing zero-day malware to be
• 70% of breaches
the entire mailing list of the employee. Since the email was sent from
a corporate mailbox, the malicious attachment was successfully
opened by dozens of employees, and infected their workstations. involve compromised
devices 2
DAY 3: The malware continued to spread throughout the network and

• 68% of breaches
infected hundreds of additional workstations; one of them was a
workstation of an IT admin. Using this IT admin’s compromised
workstation, the attacker managed to obtain privileged access to took months or
a virtual machine in the public cloud that the customer database longer to discover 3
was stored on.

DAY 60: Data breach was detected.

1
2017 Verizon DBIR
2
2016 IDC research
3
2018 Verizon DBIR
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 4

THE CAUSE
A SECURITY INFRASTRUCTURE FULL OF HOLES
In the past, whenever the firm experienced a new type of attack the security team added a new dedicated security
product.This eventually led to a security architecture that is a point solution “patchwork” of nine different
vendors without centralized management. Furthermore, the company never invested in a comprehensive
mobile security solution as they believed their MDM solution was providing sufficient security. The table in
figure 2 describes the security coverage that the previous security infrastructure was providing against the
growing matrix of attack vectors and surfaces the company was experiencing.

ATTACK SURFACE Vendor 1


ATTACK VECTORS Network Endpoint Cloud Mobile Vendor 2

Email Vendor 3
Vendor 4
Web
Vendor 5
File sharing
Vendor 6
Phishing Vendor 7

Man in the middle Vendor 8

Malicious apps Vendor 9

Figure 2: Law Firm ABC’s Previous Security Coverage vs. Solutions


This multi-vendor security environment was incapable of preemptively protecting against the targeted and
advanced attack due to the following reasons:
• The MDM installed on the mobile device of the employee provided minimal security; it did not provided threat
prevention.
• The security protections were focused on detection rather than prevention and were lacking advanced zero-
day malware detection capabilities.
• These separate products did not share threat intelligence and therefore did not “warn” each other on the
specific malware.
• Configuring policy on multiple consoles led to unintentional policy conflicts and therefore to security gaps.
• Security team couldn’t immediately see the full attack picture – as they needed to monitor security events
from multiple consoles.

SECURIT Y OPERATIONAL CHALLENGES

98% 58% 23%

98% of the cyber security industry 58% took more than Only 23% say
experienced a significant 24 hours to start their security teams
cyber threat in the past 3 years remediation of threat are fully up-to-date
Source: Operational Efficiency Report Dimensional Research
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 5

THE NEED
A future-proof security infrastructure that can preemptively
protect against advanced multi-vector cyber-attacks
across networks, cloud, endpoints and mobile devices.

The new infrastructure must also support the following requirements:

DYNAMIC, ROAMING WORKING SPACE


Employees must be able to work securely from branch offices, customer sites,
and their homes or from their mobile devices.

SIMPLE AND PREDICTABLE COSTS


Management must have the ability to predict annual security costs in order to
plan a budget accordingly.

REGULATION COMPLIANCE
The security team must have full visibility into compliance status with regulations
such as GDPR, HIPAA, NIST.

OPERATIONAL EFFICIENCY
The new infrastructure must be easily managed by a relatively small security
team with limited resources.
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 6

THE SOLUTION
A CONSOLIDATED CYBER SECURIT Y ARCHITECTURE
ABC company has re-architected their security based on Check Point Infinity. Check Point Infinity is the industry’s
only consolidated cyber security architecture that protects the entire IT infrastructure againstWfifth generation
ELCOME TO THE FUTURE
advanced cyber-attacks across all networks, endpoints, cloud and mobile. Its main features include: OF CYBER SECURITY

THREAT
• Advanced threat prevention against MOBILE
INTELLIGENCE
CLOUD

known and unknown cyber threats


with the Check Point SandBlast suite,
providing Zero-day Protection.


Real-time threat intelligence
(ThreatCloud) – automatically shared
MULTIVECTOR CONTROLS,
ENDPOINT
across all networks, endpoint, cloud UNIFIED ARCHITECTURE
NETWORK

and mobile to deliver consistent security Perimeter and Data Centers

across all Check Point components


and seals security gaps. ThreatCloud’s Consolidated
Security

ability to push threat prevention to Management

enforcement points based on threat MANAGEMENT


intelligence creates the Infinity “self-
Figure 3: Check Point Infinity – A Consolidated Security Architecture
©1994-2019 Check Point Software Technologies Ltd. All rights reserved.

protecting” advantage.

• A centralized security management enabling the security team to manage security events in real-time
through a single pane of glass. It correlates all types of events from all enforcement points, including end-
points to identify suspicious activity, track trends and investigate/mitigate events.

SIMPLE AND PREDICTABLE BUSINESS MODEL: INFINITY TOTAL PROTECTION


A simple all-inclusive, per-user, per-year consumption model that includes network security, hardware and
software, with fully integrated endpoint, cloud and mobile protections as well as zero-day threat prevention,
together with unified management and 24×7 premium support.

SW + + + = $
Network Security Hardware Training 24x7 Price
Mobile Protection Incident Response Premium Per User
Endpoint Protection Professional Services Support Per Year
Cloud Protection
Threat Prevention

Figure 4: Check Point Infinity Total Protection Business Model


CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 7

THE RESULT
TOTAL PROTECTION AGAINST ADVANCED FIFTH GENERATION ATTACKS
Check Point Infinity
consolidates many func-
tions and technologies
into a single system
that preemptively pro-
ATTACK SURFACE
tects against the most
sophisticated fifth gen- ATTACK VECTORS Network Endpoint Cloud Mobile
eration attacks, across
Email
all networks, cloud,
(public & private), end- Web
points and mobile devic-
File sharing
es. The table in figure 5
demonstrates the cur- Phishing
rent security coverage
Man in the middle
of ABC firm against the
entire matrix of growing Malicious apps
attack vectors and at-
tack surfaces. Figure 5: Company ABC’s Security Coverage vs. Solutions

Following this attack, ABC firm asked for a demonstration of Check Point Infinity. We were able to show how
Infinity could have stopped the attack in its early stages. Specifically, advanced threat prevention for mobile
devices would have detected the malicious file in advance and would have blocked the download, keeping the
“Trojan Horse” malware off the mobile device of the employee. This would have prevented from the hacker to
attack the other employee workstations, stopping the attack from moving laterally in the network. Even had
the hacker found a way to continue the attack, Infinity’s automated protections would have stopped it all at
once, after gaining Threat Cloud’s instant alerts on mentioned mobile attack, which included a File Hash and
C&C server address.

Breach
was
detected
D
KE
D
KE
D
KE
D
KE
D
KE
D TE
EN
OC OC OC OC OC RE
V
BL BL BL BL BL P

Day 1 Day 2 Day 3 Day 60


Figure 6: Company ABC’s Simulated Attack Scenario with Check Point Infinity
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 8

THE SAVINGS
50% IMPROVEMENT IN OPERATIONAL EFFICIENCY AND 20% REDUCTION
IN SECURIT Y COSTS
1. OPERATIONAL EFFICIENCY – 50% REDUCTION IN HUMAN INVESTMENT
Six dimensions of the Infinity architecture drive down operational overhead and therefore have direct impact
on security man hours:
• Fewer products to deploy and manage – Infinity consolidates many security functions into a single system,
which results in simpler architectures, fewer points of failure, and less risk associated with upgrades and
patches. It also simplifies procurement and training.
• Single management and unified policy – Eliminates costs of deploying and maintaining parallel management
infrastructures. Enables simple creation and deployment of a unified policy across the architecture.
• Threat response – Consolidated event viewer and cyber-attack dashboards reduce staff overhead for
monitoring and incident response. In addition, the Infinity “self-protection” advantage, powered by
ThreatCloud, takes the pressure off security teams when an incident occurs, allowing them to focus on
recovery and less on trying to contain the outbreak.
• Role delegation – Delegates policy management to relevant organizations, reducing unnecessary
communication and coordination.
• Compliance – Compliance validation and audits for multiple standards such as GDPR, HIPAA, NIST become
a simple and painless exercise. The security team uses a regulatory dashboard where compliance violations
are flagged immediately, and recommended remediation actions are provided.
• Simplified integrations – Infinity acts as a single integration point for infrastructure, reporting, and incident
response. This enables integrations that are simpler, and therefore easier and less expensive to build and
maintain. This also reduces friction with other departments, as it is much easier for the security team to
support the security integrations necessary to protect the business.

2. SIMPLE, PREDICTABLE
20%
Mobile Infinity
CONSUMPTION MODEL –
Cloud Vendor 9
20% REDUCTION IN
Vendor 8
SECURIT Y SPEND
Endpoint Vendor 7
Consolidating to a single archi-
tecture has reduced the security Vendor 6
total cost of ownership by 20%. Vendor 5
The chart on the right compares
Vendor 4
the annual security spends of
ABC law firm before and after Network Vendor 3
deploying Infinity Total Protection. Vendor 2
Vendor 1

Multi-vendor Check Point Infinity


Figure 7: Infinity Lowered the Firm’s Direct Security Spend by 20%
CO N S O L IDAT E D S E C U R IT Y A RC HIT E CT U RE V S . PO IN T S OLUT ION S | 9

SUMMARY
By implementing the Check Point Infinity Architecture as a consolidated security solution, Company ABC
achieved a stronger security level while increasing operational efficiency and also benefited from a 20%
reduction in annual security costs.

Infinity Architecture Multi-Vendor


Number of Security Vendors 1 9
Security Coverage Complete Partial
Solution Cost 20% less Y
IT Security Man Hours 50% less X
Security Level Strong Weak

To learn more about Check Point Infinity and Infinity Total Protection please visit:
checkpoint.com/infinity
CONTACT US

Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 |
Email: info@checkpoint.com

U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070
Tel: 800-429-439 | 650-628-2000 | Fax: 650-654-4233 |

checkpoint.com

©2019 Check Point Software Technologies Ltd. All rights reserved

Anda mungkin juga menyukai