Vasily Dyagilev— IT business development specialist, head of Check Point Software since 2013
- How do Check Point Infinity products protect against targeted attacks, and what is the principle of their actions to protect corporate networks?
- The company has long been engaged indeveloping systems to prevent targeted attacks. Most products in their DNA have such a thing as working with new, unknown threats, and not just a signature analysis of what is already known. Solutions both analyze anomalies in incoming and outgoing traffic within the organization, and deal with the prevention of the very source of threats. For example, we have technologies under the general name SandBlast, which protect against phishing attacks. When a user downloads a file, SandBlast does not delay the document for checking in the sandbox, but allows the user to immediately receive a 100% secure copy. The system also analyzes the links and deactivates those that may be potentially dangerous.
Photo: Anton Karliner / Haytek
Another problem we solve is leakcorporate data. Very often, people register under one login and password in several systems, including using a corporate email account, for example, in social networks. By not using a corporate login and password to register or enter into a registration form on online resources, we protect the user from accidentally opening the data to attackers who may send phishing emails.
Essentially, Check Point Infinity - modelsecurity by subscription, in which a person instantly gets access to all our technologies and can use them depending on what tasks he performs in his network.
Clouds, Virtualization, and Hybrid Protection
- As for cloud data protection - how do your products work in this segment?
- We have a number of products that are designed forprotection during migration in the cloud. Let's be honest - at the moment there are no 100% of cloud companies, or companies that store everything only in the perimeter. All one way or another use cloud services for various tasks. Check Point's position here is absolutely simple - to provide the customer with the possibility of seamless integration of cloud technologies with the same level of protection. In fact, by raising a service in the cloud, you can apply the same security policies as in the local network, and thereby ensure the same level of security both in cloud applications and in the repositories, as well as within the enterprise.
Photo: Anton Karliner / Haytek
If we are talking about IaaS, then this is protectionvirtualization - virtual machines, storage, cloud configuration. In turn, SaaS provides specialized protection tools, such as sandboxes for checking content for new threats, anti-phishing and multi-factor authentication. For example, to provide Microsoft 365 users with email security in its cloud version. Additionally, through the acquisition of Dome9, we now have a solution to secure multi-cloud deployments across Amazon AWS, Microsoft Azure and Google Cloud.
Dome9 technology allows auditingcloud instances and see how current security is ensured and apply the same security policies as for the local network. The direction is actively developing in Russia, we see a growing need from the business side, since the issue of scaling is quite acute.
The company has already begun to work out suchproposals for users of Russian cloud solutions, and we are in active dialogue on the introduction of such services for the largest Russian cloud providers.
- Is the protection against biometric attacks being developed, and how to deal with the invisible mask method?
— Biometrics is starting to enter quite tightly intoour life. In fact, this is just a certain way of authenticating a user within an information system. When you enter your login and password, the system understands that there is a certain user in front of it, and using the identifier that is assigned to you, it further lets you through, gives you certain access rights within this system, and so on.
So, biometrics is just the first step towards data.We replace entering your login and password with your face, fingerprints, voice - right down to the DNA of your body. The input of this data is checked against the identifier stored inside the information system, a kind of digital hash. Then everything is the same as what happens when you enter your login and password.
Sidebar
We do not work directly with biometrics, becausewe protect not the access, but the information system itself, the data that are in it. The question of how a user is defined within the network is another field.
However, the digital agent substitution caseuser authorization is becoming increasingly relevant, I think that in the near future more attention will be paid to this. On the one hand, biometric identification is very convenient: you do not need to remember multiple passwords, the combination of data is unique. On the other hand, it is not as reliable as it may seem at first glance. To unlock a smartphone with a Face ID, an attacker simply has to show the face of the owner. Moreover, there were criminal cases. In some countries, biometrics has been banned to identify a user with an ATM. Then fingerprints were used - and after several cases of chopping off fingers to steal money, they began to refuse this method of identification.
In addition, attackers can affectrecognition systems so that the system does not recognize the image correctly. One of the advanced methods is the invisible mask method, where an attacker uses infrared LEDs to trick the camera. IR radiation, invisible to the eye, affects video systems and causes an erroneous classification in the recognition system. In other words, there is a manipulation with the recognition system, and not with a person’s appearance.
Of course, the biometrics market is developing, and issues of legal use of certain systems will be resolved. For us, the issue of data protection remains paramount.
Football, Pokemon and fake applications
- What new applications for multi-level protection of mobile devices will appear this year?
- Along with clouds, mobile solutions -a priority. The number of mobile threats for both the Android platform and the iOS platform is growing at about the same pace as for classic PCs. We must understand that we are not carrying a phone in our pockets, but a full-fledged computer. And the information that is stored in it, sometimes much more interesting to attackers than on the PC. A smartphone can store a digital face, information about health, location, bank card data, contacts - and all this information can be very valuable for scammers. In addition, last year, crypto-miner attacks spread to mobile phones, and sometimes carried physical damage with them due to the heavy load on the operating system — for example, a battery exploded.
Threats are developed and directed to three mainthings: theft of personal and corporate data, the use of processor and memory resources and the creation of botnets. It is against these threats that Check Point solutions work.
The first - the Capsule family - protects data insmartphone inside a so-called container, which is used to store all corporate information. Thus, the solution separates the user and corporate parts on a personal device so that confidential information does not get into the most vulnerable parts, for example, social networks.
The second is the SandBlast family, which, in fact,transfers to mobile devices the same logic that is used to protect personal computers. It ensures that the user does not install suspicious software, scans and identifies compromised Wi-Fi networks, and blocks access to suspicious applications and devices until the threat is eliminated.
A striking example: if you downloaded a flashlight application that contained malware, the solution blocks online banking so that the attacker cannot get to your finances.
- How dangerous is malware when installing mobile applications, including through special shops? How can I set protection?
- Users are frivolous tomobile devices and installing apps. Giving this or that program access to internal processes - contacts, microphone, up to administrator rights, users do not think about the consequences.
For example, who frequently visits exhibitions, knows aboutapplications with the schedule and navigation of the exhibition. Such an application often requests access to contacts, a location, a microphone, so that you can communicate with other participants, share photos, set a geotag. To download the application, you need to scan the QR code - and no one thinks that someone can paste another one on this QR code, which will download the fake application that requests the same rights and steals data from your phone.
Photo: Anton Karliner / Haytek
The same happens with unpreparedusers who, at the peak of the popularity of a game (as it was with Pokemon Go) or events (FIFA World Cup) download fake apps masquerading as games, schedules and broadcasts. Such applications steal passwords, record conversations, steal SMS from a bank - and much more.
The risk here is much higher than for userscorporate PCs. Typically, existing security policies in companies do not allow downloading third-party programs and maintain strict controls. It's more difficult with mobile devices. Despite the fact that we use corporate email or documents on them, companies are afraid to restrict employees from using personal gadgets.
In terms of malicious applications, the platformAndroid is more vulnerable because it is very popular and allows you to download applications from informal stores. However, on iOS, you can also install third-party applications, for example, from corporate portals, where there may be a risk of substitution. In addition, there is a large body of people who are involved in the rutting of smartphones on the iOS platform, and they are equally at risk as Android users.
From a companies point of view, you need to useMDM systems that differentiate between corporate and personal information. And if we talk about ordinary users, then security solutions from large manufacturers are suitable, which protect both from viruses and from the installation of unwanted content.
How to save the Internet from vacuum cleaners, coffee makers and crypto miners
- How serious are the so-called hidden crypto miners today? How to protect yourself from crypto tools?
- Last year, crypto miners entered monthlyin the top 3 most active threats. One of the most popular hidden mining platforms, Coinhive, was closed on March 8, but even during these eight days, the cryptominer attacked 23% of organizations around the world. I think this vector of attacks will evolve, the technology of hackers is already quite debugged. To extract a cryptocurrency you need a huge amount of computing resources. Where to get them? Only create a botnet, the total capacity of which will exceed all possible farms for the production of cryptocurrency. So, you download, at first glance, an innocuous application that after some time begins to download malicious modules for crypto-mining. All you can notice is that the smartphone is constantly under increased load, it is quickly discharged.
Botnets- networks of connected devices are created forin order to use the power of the connected device for massive attacks on third-party resources. A striking example is the Mirai botnet, which carried out DDoS attacks from vulnerable web cameras and routers. It was also used by a hacker who disconnected an entire country - Liberia - from the Internet. Given the proper power, hackers can leave a country without electricity and communications, so the risks are very high.
The second way hackers have mastered in the pastyear, and, most likely, it will continue to evolve - the direct break-in cryptobirge. Since a huge number of cryptobirds are created without a proper level of security, since speed and convenience are in the foreground, for hackers, this is a short path to money. And the greater the growth of cryptocurrency, the higher the interest of hackers to this topic.
- What are botnets, and how not to be attacked?
— In the world of PCs, network structures with botnetsWe have learned to fight well, since, in essence, this is the same malware. The situation on mobile devices is less controllable, and with other IoT devices the situation is even worse. As we have already said, mobile device users are at risk due to the fact that they neglect security rules and install unreliable applications. Internet of Things devices are not perceived by many as sources of threat at all. Connected devices, be it smart TVs, smart vacuum cleaners or coffee makers, are initially created without regard to security requirements. For example, there is a manufacturer of Wi-Fi or Bluetooth chips that embeds them in a billion devices around the world: watches, cameras, drones, elevators and trains. Their software is very vulnerable, and if a hacker finds a way to seize control of the chip, he will be able to seize control of the entire system of devices. Either there is no provision for updating the software of such devices, or no one is doing this.
Photo: Anton Karliner / Haytek
In a recent attack on Asus, hackers gotaccess to official update servers and tried to infect a huge number of Asus devices to create a botnet and gather information for a more serious attack. I would call it a breakdown of the pen, since the hackers wanted to understand how many devices they could control. Botnet - one of the main threats today. A botnet of 50 thousand devices once arranged a blackout in the Baltic States, a botnet of 200 thousand devices almost brought down the worldwide network. Now imagine a botnet the size of several million devices. The consequences of such an attack power can not be predicted.
Among security specialists andThere is an active debate among device manufacturers about how Internet of Things devices can and should be protected. One approach is to protect each individual device, introducing so-called nanoagents that are developed by large suppliers. Another approach is global protection at the level of cloud solutions. However, now there is no panacea for this threat.