Hello, and welcome to Check Point Jump Start training. This training is intended for someone who's just purchased the Check Point firewall product and needs to it deployed, needs to get it up and running. So this will not be a deep dive into Check Point technologies. Instead, it will cover what's needed to get up and running quickly with your Check Point firewall deployment. It's useful as a prerequisite if you have Check Point devices already in your racks powered on and ready to configure and deploy. It's also useful if you have some networking experience, familiarity with the IP and TCP protocols, with how subnets work and routing. It would also be useful if you have some Linux or Unix experience, but that's not necessary. This first module will be an introduction to the Check Point solution. So we're going to discuss the history of attacks and the protections that have evolved against those attacks, and then the current threat landscape and protections that are required today. Check Point provides those protections in its infinity architecture, which includes ThreatCloud, which centralizes threat and security information, and Sandblast, which provides for security, threat prevention, and other features. So historically, attacks began with computer viruses, and this was back in the mid to late '80s. In1986, for instance, the brain virus, the first widely documented computer virus was discovered. It spread through infected floppy drives, through infected boot sector of your computer, and then a floppy inserted into an infected computer would have this virus written to it. That's how these early viruses spread, mostly manually. When these viruses became a serious threat, an industry arose to counter that threat, anti-virus industry. Then in the mid 1990s, it became more common and easier to get connected to the Internet. Businesses, institutions, and individuals would have Internet access, and as a result, we saw that servers and desktops and other hosts that were accessible from the Internet were subject to attacks coming in over the Internet. This was facilitated by the fact that you didn't have to be physically present to attack an Internet accessible host. You could be across the city, across the country, or across the world, and you could do it with relative impunity, there's very little risk that you would be caught and prosecuted. So the protection that evolved to counter this threat was the firewall. Firewalls allowed an administrator to determine what sort of Internet traffic is appropriate and allowed in to my network and everything else will drop. Then the next generation of attacks started appearing that targeted vulnerabilities, exploiting vulnerabilities in applications. This included web applications, but also office suite applications, email applications, document viewer applications. So a protection that evolved against this generation III attack was intrusion prevention, which would normally typically use signatures of known threats to recognize that this is a known threat and I'm not going to allow it in. Then starting in the 2010's, the fourth generation of threats arose, which we saw malware that would change itself every time it spread through recompilation or re-encryption or other techniques. This was a countermeasure designed to defeat intrusion prevention, an antivirus, which at the time, were mostly signature-based. Let's not provide a fixed signature for detection. The protection which evolved against polymorphic content was behavioral analysis, where when we get a suspicious or unknown executable sample, let's execute it in a protected virtualized, emulated environment and see what it does. Does it behave like a normal safe application would, or does it do something out of the ordinary, suspicious such as attempt to write sensitive registry keys or sensitive files in the file system? Today, the current generation V attacks that we see are very large-scale, targeting businesses or entire industries, even entire countries. These attacks are coming from multiple places, multiple vectors over the Internet, certainly, but we have firewalls now. So let's try other vectors to get our attacks into your network using your Cloud deployed resources. As more and more institutions and businesses are moving some of their processing and production into the Cloud, that exposes the inner workings of their data centers to the Internet. Also mobile devices, as everyone now has a smartphone, targeting the applications and even the operating systems of the smartphones has been productive. These attacks, the malware, the tools, the threats are high-quality sophisticated. This is because in many cases, they're being funded and supported by city-state oversight, by nation states, by governments, as well as perhaps by competitors. So as a result, the number of vulnerabilities that have been publicly disclosed has skyrocketed, almost tripling from 2016 to 2018. In mobile applications, vulnerabilities are becoming routinely discovered and exploited. Again, as resources and production are moved out to the cloud, we aren't good at securing these cloud resources. So that provides yet another vector for attack. Check Point's response to this it's Infinity architecture. The Infinity architecture is a consolidated security platform that provides full threat prevention, not detection across the organization. So for instance, at the network level, firewalls, there's still an appropriate solution. But the Check Point solution provides much more functionality than a simple firewall that does access control. In addition, Check Point firewalls can provide intrusion prevention, anti-bot, threat extraction, and threat emulation, data loss prevention, and more. The Check Point firewall product line ranges from a very small device which is suitable for your home office or small branch office up to carrier grade appliances that can handle a staggering amount of traffic. All of these devices implement and provide the full range of protections. For endpoint devices Check Point's Sandblast technology can do CPU level emulation of unknown samples and prevent zero-day attacks. Also with endpoint devices such as desktops and laptops, ransomware is becoming an increasing problem. Check Point can detect and prevent ransomware based on, among other things, behavioral analysis. Is this application encrypting files in a suspicious manner, and provide for remediation through the use of micro backups that we can easily roll back if there were undesired changes. Also, forensics to analyze what has happened and how did it happen, or centralized reporting and remediation. In addition on the endpoint, access control, firewall which is centrally managed, hard drive and removable drive, encryption, document security, data loss prevention, URL filtering, compliance, requirements, and detection. All of these in one product. For mobile devices, Check Point's mobile endpoint security can scan apps to make sure that they're trusted and not known malware and provide for lost device protection, if devices reported lost or stolen, data on it can be remotely wiped. Also, you can track the location of the device. In addition, remote access VPN, document security, and a protected enclave or envelope around sensitive business data which only trusted applications can access. This is all managed in one place. Security administrator has one gooey to open to manage all of this as well as to monitor, to respond to ongoing security threats. Check Point's ThreatCloud gives you centralized intelligence of security events and threats with over 86 billion new pieces of information entering the ThreatCloud everyday, which is then disseminated to over 100,000 Check Point customers automatically. So for instance, if a botnet is discovered with these host acting as command and control servers, that information is transmitted to ThreatCloud and then all Check Point customers are protected. Any attempt to communicate to these known command and control server IP addresses can be blocked automatically without the administrator having to install new policy. Also, ThreatCloud can do threat emulation, a Check Point customer who receives some unknown sample over the internet can forward that sample to ThreatCloud which runs that sample in an emulated environment and checks its behavior. Does it act like a normal application or is it doing something out of the ordinary? We can checksum this application and then when other Check Point customers get the same unknown sample, they checksum that sample and ask ThreatCloud, "Have you seen this checksum?" ThreatCloud can respond, "Yes, I have. It's okay," or "Yes, I have. It's bad." This stops over 7000 brand new zero-day, not previously seen threats samples everyday. SandBlast is a family of advanced threat prevention technologies that include at the CPU level threat emulation to detect malware before the malware's exploit code can run. In addition, thread extraction can remove questionable or dangerous content from PDF files, other document formats, e-mail messages, web pages, and more. Check Point's zero phishing prevents sending sensitive information such as credentials or payment card information, a fraudulent senders or a fraudulent websites. Endpoint forensics provides reporting an analysis of endpoint events with centralized reporting, centralized monitoring, and centralized remediation. Zero ransomware monitors for suspicious activity such as encrypting files and can provide remediation through the use of short-term micro backups that we can use to roll back any changes that have been made by your ransomware. We've talked a little bit about the historical and current threat landscape, and protections that have resulted, including the current, today, threat landscape and the current protections against this threat landscape. Check Point implements these protections in its Infinity architecture, which includes ThreatCloud, centralized security intelligence, and SandBlast that can prevent and remove threats from endpoint devices, network devices, and so on. Thank you for attending this training.
