г. Челябинск 22 сентября 2016 #CODEIB Сергей Чекрыгин Check Point На один шаг ВПЕРЕДИ EMAIL [email protected]
PowerPoint Presentation
. 22 2016#CODEIB
Check Point [email protected]
URL
IPS,
-
-
This approach is important and needed as many of the attacks are still using known methods and malware
2
& VPN
AD
URL
DLP
4000
3 /c , $600
6 /c IPS
110 /C
1500023000
4100061000
1100
2200
?
,
5
IntelliStore
CERTs
CHECK POINT
, ,
9
, :
Current solution to fight zero day and unknown malware is sandboxingSandbox is a powerful solution it is looking for malicious activities when the running malware10
: SP
13
Vulnerability- Trigger an attack through an unpatched or zero-day vulnerabilityExploit- Bypass the chip and OS security controls using exploitation methodsShellcode- Activate an embedded payload to retrieve the malwareMalware- Run malicious code14
Vulnerability- Trigger an attack through an unpatched or zero-day vulnerabilityExploit- Bypass the chip and OS security controls using exploitation methodsShellcode- Activate an embedded payload to retrieve the malwareMalware- Run malicious code15
Shellcode
Vulnerability- Trigger an attack through an unpatched or zero-day vulnerabilityExploit- Bypass the chip and OS security controls using exploitation methodsShellcode- Activate an embedded payload to retrieve the malwareMalware- Run malicious code16
Shellcode
Vulnerability- Trigger an attack through an unpatched or zero-day vulnerabilityExploit- Bypass the chip and OS security controls using exploitation methodsShellcode- Activate an embedded payload to retrieve the malwareMalware- Run malicious code17
Shellcode
Vulnerability- Trigger an attack through an unpatched or zero-day vulnerabilityExploit- Bypass the chip and OS security controls using exploitation methodsShellcode- Activate an embedded payload to retrieve the malwareMalware- Run malicious code18
ABCDEF213456
19
20
?
THREAT EXTRACTION
Threat Extraction
23
[Restricted] ONLY for designated groups and individuals
24
M2M
SANDBLAST
[Restricted] ONLY for designated groups and individualsThreat Extraction &
We see 3 key things 26
SANDBLAST
With todays sophisticated watering hole, spear phishing, and drive by exploits, malicious content downloaded from the web is of particular concern. For this content, we provide a unique proactive approach to securing content, Threat Extraction.28
,
29
SANDBLAST -
We see 3 key things 30
Sandblast : -
-
31
SANDBLAST [Restricted] ONLY for designated groups and individuals
We see 3 key things 32
[Restricted] ONLY for designated groups and individuals
: ? ? ? ?
SandBlast Agent Forensics
Chrome
Chrome
?
, :
36
1: ?
37
2: ?
38
3: ? ?
39
4: ? ?
40
SANDBLAST [Restricted] ONLY for designated groups and individuals
We see 3 key things 42
SANDBLAST
SandBlast
Security Checkup , . , , -, , , IPS , ,
CHECK POINT [email protected]