LIVE CYBER THREAT MAP

JONY Image

Jony Fischbein

CISO for Check Point Software

THREAT PREVENTION – PREVENT ATTACKS BEFORE THEY HAPPEN

One of the biggest challenges facing security practitioners is Gen V attacks – the combination of a wide breadth of threats, large scale attacks and a broad attack surface. True comprehensive protection requires an architected approach that prevents attacks before they happen. Ultimately, the goal is to defeat all attacks across all possible vectors. A security architecture that enables and facilitates a unified and cohesive protection infrastructure is going to provide more comprehensive and faster protection than an infrastructure composed of pieces that don’t work together. This is the heart of what Check Point Infinity delivers – a security architecture to prevent attacks before they occur.

WHEN YOUR PERIMETER IS EVERYWHERE AND ATTACKS KEEP ADVANCING, YOUR BUSINESS NEEDS ACCURATE PREVENTION BASED ON REAL TIME THREAT INTELLIGENCE

In the current climate of mega supply chain attacks and the constant fight against new evolved malware, threat intelligence and rapid response capabilities are vital. Comprehensive intelligence to proactively eliminate threats, managed security services to monitor your network, and incident response capabilities to quickly respond to and resolve attacks, are all crucial to keeping your business up and running in 2022. Malware is constantly evolving, making threat intelligence an essential tool for almost every company to consider. When an organization has financial, personal, intellectual, or national assets to maintain and secure, a more comprehensive approach to security is the only actual way to protect against today’s attackers - and one of the most effective proactive security solutions available today is threat intelligence. Threat intelligence must cover all attack surfaces including cloud, mobile, network, endpoint, and IoT, because these vectors are commonplace in an enterprise. Threat intelligence isn’t just data - its practice, and it should fuel the move toward a prevention-first approach, blocking attacks before they penetrate, gaining the best catch rate of known and unknown threats, and achieving a near zero false positive rate, interrupting users as little as possible.

BACK TO TOP

THREATCLOUD: THE BRAIN BEHIND CHECK POINT’S PRODUCTS

Play
Pause
Mute
Unmute

SECURE EVERYTHING, AS EVERYTHING IS A POTENTIAL TARGET

To achieve effective coverage, organizations should seek a single solution that can cover all attack surfaces and vectors. In a multi hybrid environment, where the perimeter is now everywhere, security should be able to protect it all.

Email, web browsing, servers and storage are only the beginning. Mobile apps, cloud and external storage are all essential, so is the compliance of connected mobile and endpoint devices, and your growing IoT device estate. Workloads, containers, and serverless applications on multi- and hybrid-cloud environments should also be a part of the checklist at all times. With the rapid shift to cloud and hybrid working, it’s become even more important to have a robust breach prevention strategy.

BACK TO TOP

LEVERAGING A COMPLETE UNIFIED ARCHITECTURE

Comprehensive visibility across your entire network estate, gained through consolidation, is now essential when it comes to guarding against increasingly sophisticated attacks

Many companies attempt to build their security using a patchwork of single-purpose products from multiple vendors, but often fail and are left with security gaps caused by disjointed technologies. This approach also produces a huge overhead because it relies on working with multiple systems and vendors instead of one integrated solution. In order to achieve complete inclusive security, companies should therefore adopt a unified multi-layer approach that protects all IT elements, including networks, endpoints, cloud, mobile and IoT, all sharing the same prevention architecture and being fed the same threat intelligence data in real time.

BACK TO TOP

MAINTAIN SECURITY HYGIENE

Patching
All too often, attacks are able to penetrate defenses by leveraging known vulnerabilities for which a patch exists but has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
Read More Hide
Segmentation
Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to contain infections from propagating across the entire network.
Educate Employees to Recognize Potential Threats
User education has always been a key element in avoiding malware infections. The basics of knowing where files came from, why the employee is receiving them, and whether or not they can trust the sender continue to be useful tools your employees should use before opening files and emails. The most common infection methods used in ransomware campaigns are still spam and phishing emails. Quite often, user awareness can prevent an attack before it occurs. Take the time to educate your users, and ensure that if they see something unusual, they report it to your security teams immediately.
Read More Hide
Review
Security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
Audit
Routine audits and penetration testing should be conducted across all systems
Principle of Least Privilege
User and software privileges should be kept to a minimum – is there really a need for all users to have local admin rights on their devices?
Implementing the most advanced security technologies
There is no single silver-bullet technology that can protect from all threats and all threat vectors. However, there are many great technologies and ideas available – machine learning, sandboxing, anomaly detection, content disarmament, and numerous more. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Strong solutions integrate a wide range of technologies and innovations in order to effectively combat modern attacks in IT environments. In addition to traditional, signature-based protections like antivirus and IPS, organizations need to incorporate additional layers to prevent against new, unknown malware that has no known signature. Two key components to consider are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Each element provides distinct protection that, when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.
Read More Hide
BACK TO TOP

BIOLOGICAL PANDEMIC VS. CYBER PANDEMIC

BIOLOGICAL PANDEMIC

INFECTION RATE

Virus infection rate (Ro) (source: WHO)
The average number of people that one person with a virus infects:
Flu: 1.3, SARS: 2-4, Corona: 2.5 Ebola: 1.6-2, Zika: 2-6.6, Measles: 11-18

INFECTION PREVENTION

Best treatment: Vaccination
Dealing with Infection Best Practices:
1. Quarantine, Shelter-in-Place
2. Isolation
3. Contact Tracing

SAFETY BEST PRACTICES

Common treatment (until vaccination)
1. Mask
2. Hygiene
3. Social Distancing

CYBER PANDEMIC

INFECTION RATE

Malware infection rate (Ro) The average number of hosts that one host with a malware infects:
Cyber attack: >27 (source: WEF, NSTU)
Slammer: Doubled in size every 8.5 seconds
Code Red: 2,000 new hosts per minute

INFECTION PREVENTION

Best treatment: Real Time Prevention
Best Practices: Continuous process of:
1) Quarantine: Sandboxing, Micro-Segmentation
2) Isolation: Zero Trust, Segregation
3) Tracing: Threat Intelligence, AI, SOC, Posture Managemen

SAFETY BEST PRACTICES

1) Awareness: Think before you click…
2) Cyber Hygiene: Patches, Compliance…
3) Asset Distancing: Network Segmentation, Multi-Factor Authentication…
PREVIOUS CHAPTER
NEXT CHAPTER
BACK TO TOP