continuous diagnostics and mitigation (cdm)
Continuous Diagnostics and Mitigation (CDM) White Paper
CONTINUOUS DIAGNOSTICS AND MITIGATION (CDM) The Continuous Diagnostics and Mitigation (CDM) program, launched by the Department of Homeland Security, is a dynamic approach to strengthening the cybersecurity of networks and systems while enabling network administrators to know the state of their respective networks at any given time and mitigate flaws at near real-time speed. It is designed to deal with the challenge of changes in-between audits, allowing administrators to understand what is occurring on a continuous basis. Deploying a CDM strategy will not only meet required mandates and reduce risk to the agency, but it will also reduce costs, from both damages caused by incidents and from the man-hours spent researching and mitigating incidents. Additionally, for Federal cyber investments, the CDM program fulfills Federal Information Security Management Act (FISMA) mandates. The upcoming Phase 2 of CDM focuses on Network Access Control and Boundary Protection security. Federal Agencies are already planning to leverage several Check Point solutions to meet their Phase 2 requirements. Furthermore, many agencies are finding that they have already deployed Check Point solutions that can be used to enhance their excellent continuous monitoring programs without additional investment.
CDM PHASE II SOLUTIONS (FUNCTIONAL AREA 5, 6 & 7)
Next Generation Firewall Check Point’s Next Generation Firewall enables network administrators to securely control access to users, devices, servers, applications, and data. With detailed visibility into the users, groups, applications, machines and connection types, Check Point enables network administrators to provide superior protection across the entire security gateway. User and machine awareness balances security with business needs by enabling granular policy definitions per user and group. Check Point’s Next Generation Firewall, along with the technologies listed below, can be deployed on physical or virtual appliances including VMware, Hyper-V, KVM, Citrix XenServer, Amazon Web Services and Microsoft Azure. Advanced Threat Prevention Check Point’s suite of Threat Prevention technologies provides organizations unique and comprehensive protection by combining industry-leading IPS, high performance anti-virus, advanced pre/post-infection bot-net detection, threat intelligence feeds and zero-second protection from unknown malware. These capabilities can be deployed in conjunction with Check Point’s access control technologies, or deployed separately as a threat prevention sensor. For threat prevention controls to be effective, they need to be fed by extensive and reliable threat intelligence. Check Point’s Threat intelligence is obtained using external and internal sources of threat data. These sources should ideally include public security intelligence, such as Computer Emergency Readiness Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), various security analysts, security product vendors and other organizations within the security community. In addition to such external sources, threat intelligence is generated within the enterprise through malware research, sandboxing techniques and data analysis of security events collected from enforcement points. ©2014 Check Point Software Technologies Ltd. All rights reserved
|
1
Continuous Diagnostics and Mitigation (CDM) White Paper
Network & Boundary Access Control Access control enables business processes by defining the interactions between users and data within the corporate network. They apply the minimum level required to support the business and enforces the security principle of “Least Privilege.” These protective controls depend on repositories that describe enterprise-specific business rules, assets, users, roles and applications and define security policies for the set of authorized interactions between these same assets, users and applications. The analysis and control of traffic are done in an adaptive way based on context. For example, in the case of Internet traffic, access control components may consult with a cloud database for the latest applications and protocols, while in the case of internal traffic, it may use the definition of a propriety application or protocol used by the organization. In addition, access control components are aware of network changes and definitions implemented in other IT systems. Examples may be: user repositories changes, automatically applying security to a new Virtual Machine, or allowing access to a new host defined in a Domain Name Server (DNS).
Figure 1: Check Point’s Industry-Leading Centralized Management
CDM GOALS
Check Point solutions address ALL core requirements of Functional areas 5, 6 & 7 better than any other boundary protection solution on the market. Consider just some of the CDM goals below: Goal—Provide tools to securely define physical/virtual/encryption boundaries and effectively manage, monitor and regulate network access across them. Check Point is the Global Market Leader in security/boundary protection gateways and the only security vendor to be listed as a Gartner Leader for Enterprise Firewalls for 16 years in a row. Our software based products address all Functional Area 5 boundary security requirements (physical/virtual/encryption) and are hardware agnostic. Goal—Identify and Prevent attackers (or users without proper credentials/ access rights/privileges) from traversing network boundaries (physical/encrypted/virtual). Check Point solutions provide unmatched visibility into network events thanks to our integrated event analysis tools. Transparent integration with Active Directory/LDAP/ Radius authentication systems make sure that access is only granted to users with adequate privilege. All boundary security tools report to one unified log database, allowing for event correlation, comprehensive reporting and complete visibility surrounding breach/penetration attempts.
©2014 Check Point Software Technologies Ltd. All rights reserved
|
2
Continuous Diagnostics and Mitigation (CDM) White Paper
Goal—Identify and Prevent attackers (or users without proper credentials/ access rights/ privileges) from gaining deeper access if they have somehow managed to penetrate/ breach one of the boundaries. Leading Third Party Analysts have verified that Check Point solutions excel against evasion techniques defining clear boundaries and effectively protecting access to all secured zones. Our management solutions continuously probe/evaluate all deployed systems for zoning/boundary misconfigurations, unauthorized penetration attempts and/or violations of agency regulations. Goal—Fully integrate with penetration and vulnerability assessment tools in order to continuously monitor, uncover and automatically block/remediate newly discovered attack vectors. Check Point is constantly extending the API functionality of its Enterprise Management System, widely recognized as “the gold standard” of the industry, in order to allow automatic integration with 3rd party products that provide penetration testing and rule based analysis in order to automatically discover and remediate vulnerabilities based on newly discovered attack vectors. Goal—Report in real-time to Agency Dashboards all policy violations, findings, and remediation recommendations. Our Management system already provides real-time visibility into policy/configuration violations, penetration attempts, compliance with agency regulations, customized reporting and provides remediation recommendations. The Management API will allow real-time information exchange of all this data with outside dashboards in order to fully realize the Functional Area 5 CDM vision.
CONTINUOUS VISIBILITY
Organizations today demand continuous evidence that the Network Security environment is configured correctly and in line with best practice recommendations. Yet the reality is that this is a time consuming, complex and costly endeavor. The lack of available resources in security teams typically doesn’t allow focusing on anything that isn’t a core network security activity. As such, compliance reporting is often perceived as an unnecessary burden on an already overworked team. Check Point’s Continuous Diagnostics and Mitigation solution provides Agencies with real-time monitoring against security best practices and regulatory requirements to ensure the configuration of the Check Point environment is fully in line with expert recommendations. In addition, administrators are able to add their own best practice requirements to solution to further meet their specific needs. Check Point’s Continuous Diagnostics and Mitigation solution also provides security and network administrators with detailed security status analysis against the recommended baseline and provides actionable guidance on how to remedy security weaknesses.
©2014 Check Point Software Technologies Ltd. All rights reserved
|
3
Continuous Diagnostics and Mitigation (CDM) White Paper
Figure 2: Check Point Real-time Compliance Monitoring and Reporting
Check Point’s Continuous Diagnostics and Mitigation solution is extremely easy to use and maintain in any Check Point deployment. Its automated alerting capability in case of a configuration violation provides administrators with a second set of eyes across the agency’s entire Check Point deployment. Check Point’s Continuous Diagnostics and Mitigation solution is the ideal way to compliment the CDM needs of any Federal Agency.
SUMMARY
Rely on Check Point’s decades of security experience to help you gain situational awareness of your environment and meet your CDM requirements. Using Check Point’s technologies you can view, report, alert on, and mitigate security risks and from a single pane of glass. Proactively protect your environment, knowing the risks as they happen, rather than waiting for a scan or audit to uncover them. With dynamic networks and applications, and a zero-trust threat landscape, let Check Point help secure your mission and provide you with continuous visibility into your infrastructure.
CONTACT CHECK POINT
December 3, 2014
Worldwide Headquarters 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected] U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2014 Check Point Software Technologies Ltd. All rights reserved
|
4
CONTINUOUS DIAGNOSTICS AND MITIGATION (CDM) The Continuous Diagnostics and Mitigation (CDM) program, launched by the Department of Homeland Security, is a dynamic approach to strengthening the cybersecurity of networks and systems while enabling network administrators to know the state of their respective networks at any given time and mitigate flaws at near real-time speed. It is designed to deal with the challenge of changes in-between audits, allowing administrators to understand what is occurring on a continuous basis. Deploying a CDM strategy will not only meet required mandates and reduce risk to the agency, but it will also reduce costs, from both damages caused by incidents and from the man-hours spent researching and mitigating incidents. Additionally, for Federal cyber investments, the CDM program fulfills Federal Information Security Management Act (FISMA) mandates. The upcoming Phase 2 of CDM focuses on Network Access Control and Boundary Protection security. Federal Agencies are already planning to leverage several Check Point solutions to meet their Phase 2 requirements. Furthermore, many agencies are finding that they have already deployed Check Point solutions that can be used to enhance their excellent continuous monitoring programs without additional investment.
CDM PHASE II SOLUTIONS (FUNCTIONAL AREA 5, 6 & 7)
Next Generation Firewall Check Point’s Next Generation Firewall enables network administrators to securely control access to users, devices, servers, applications, and data. With detailed visibility into the users, groups, applications, machines and connection types, Check Point enables network administrators to provide superior protection across the entire security gateway. User and machine awareness balances security with business needs by enabling granular policy definitions per user and group. Check Point’s Next Generation Firewall, along with the technologies listed below, can be deployed on physical or virtual appliances including VMware, Hyper-V, KVM, Citrix XenServer, Amazon Web Services and Microsoft Azure. Advanced Threat Prevention Check Point’s suite of Threat Prevention technologies provides organizations unique and comprehensive protection by combining industry-leading IPS, high performance anti-virus, advanced pre/post-infection bot-net detection, threat intelligence feeds and zero-second protection from unknown malware. These capabilities can be deployed in conjunction with Check Point’s access control technologies, or deployed separately as a threat prevention sensor. For threat prevention controls to be effective, they need to be fed by extensive and reliable threat intelligence. Check Point’s Threat intelligence is obtained using external and internal sources of threat data. These sources should ideally include public security intelligence, such as Computer Emergency Readiness Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), various security analysts, security product vendors and other organizations within the security community. In addition to such external sources, threat intelligence is generated within the enterprise through malware research, sandboxing techniques and data analysis of security events collected from enforcement points. ©2014 Check Point Software Technologies Ltd. All rights reserved
|
1
Continuous Diagnostics and Mitigation (CDM) White Paper
Network & Boundary Access Control Access control enables business processes by defining the interactions between users and data within the corporate network. They apply the minimum level required to support the business and enforces the security principle of “Least Privilege.” These protective controls depend on repositories that describe enterprise-specific business rules, assets, users, roles and applications and define security policies for the set of authorized interactions between these same assets, users and applications. The analysis and control of traffic are done in an adaptive way based on context. For example, in the case of Internet traffic, access control components may consult with a cloud database for the latest applications and protocols, while in the case of internal traffic, it may use the definition of a propriety application or protocol used by the organization. In addition, access control components are aware of network changes and definitions implemented in other IT systems. Examples may be: user repositories changes, automatically applying security to a new Virtual Machine, or allowing access to a new host defined in a Domain Name Server (DNS).
Figure 1: Check Point’s Industry-Leading Centralized Management
CDM GOALS
Check Point solutions address ALL core requirements of Functional areas 5, 6 & 7 better than any other boundary protection solution on the market. Consider just some of the CDM goals below: Goal—Provide tools to securely define physical/virtual/encryption boundaries and effectively manage, monitor and regulate network access across them. Check Point is the Global Market Leader in security/boundary protection gateways and the only security vendor to be listed as a Gartner Leader for Enterprise Firewalls for 16 years in a row. Our software based products address all Functional Area 5 boundary security requirements (physical/virtual/encryption) and are hardware agnostic. Goal—Identify and Prevent attackers (or users without proper credentials/ access rights/privileges) from traversing network boundaries (physical/encrypted/virtual). Check Point solutions provide unmatched visibility into network events thanks to our integrated event analysis tools. Transparent integration with Active Directory/LDAP/ Radius authentication systems make sure that access is only granted to users with adequate privilege. All boundary security tools report to one unified log database, allowing for event correlation, comprehensive reporting and complete visibility surrounding breach/penetration attempts.
©2014 Check Point Software Technologies Ltd. All rights reserved
|
2
Continuous Diagnostics and Mitigation (CDM) White Paper
Goal—Identify and Prevent attackers (or users without proper credentials/ access rights/ privileges) from gaining deeper access if they have somehow managed to penetrate/ breach one of the boundaries. Leading Third Party Analysts have verified that Check Point solutions excel against evasion techniques defining clear boundaries and effectively protecting access to all secured zones. Our management solutions continuously probe/evaluate all deployed systems for zoning/boundary misconfigurations, unauthorized penetration attempts and/or violations of agency regulations. Goal—Fully integrate with penetration and vulnerability assessment tools in order to continuously monitor, uncover and automatically block/remediate newly discovered attack vectors. Check Point is constantly extending the API functionality of its Enterprise Management System, widely recognized as “the gold standard” of the industry, in order to allow automatic integration with 3rd party products that provide penetration testing and rule based analysis in order to automatically discover and remediate vulnerabilities based on newly discovered attack vectors. Goal—Report in real-time to Agency Dashboards all policy violations, findings, and remediation recommendations. Our Management system already provides real-time visibility into policy/configuration violations, penetration attempts, compliance with agency regulations, customized reporting and provides remediation recommendations. The Management API will allow real-time information exchange of all this data with outside dashboards in order to fully realize the Functional Area 5 CDM vision.
CONTINUOUS VISIBILITY
Organizations today demand continuous evidence that the Network Security environment is configured correctly and in line with best practice recommendations. Yet the reality is that this is a time consuming, complex and costly endeavor. The lack of available resources in security teams typically doesn’t allow focusing on anything that isn’t a core network security activity. As such, compliance reporting is often perceived as an unnecessary burden on an already overworked team. Check Point’s Continuous Diagnostics and Mitigation solution provides Agencies with real-time monitoring against security best practices and regulatory requirements to ensure the configuration of the Check Point environment is fully in line with expert recommendations. In addition, administrators are able to add their own best practice requirements to solution to further meet their specific needs. Check Point’s Continuous Diagnostics and Mitigation solution also provides security and network administrators with detailed security status analysis against the recommended baseline and provides actionable guidance on how to remedy security weaknesses.
©2014 Check Point Software Technologies Ltd. All rights reserved
|
3
Continuous Diagnostics and Mitigation (CDM) White Paper
Figure 2: Check Point Real-time Compliance Monitoring and Reporting
Check Point’s Continuous Diagnostics and Mitigation solution is extremely easy to use and maintain in any Check Point deployment. Its automated alerting capability in case of a configuration violation provides administrators with a second set of eyes across the agency’s entire Check Point deployment. Check Point’s Continuous Diagnostics and Mitigation solution is the ideal way to compliment the CDM needs of any Federal Agency.
SUMMARY
Rely on Check Point’s decades of security experience to help you gain situational awareness of your environment and meet your CDM requirements. Using Check Point’s technologies you can view, report, alert on, and mitigate security risks and from a single pane of glass. Proactively protect your environment, knowing the risks as they happen, rather than waiting for a scan or audit to uncover them. With dynamic networks and applications, and a zero-trust threat landscape, let Check Point help secure your mission and provide you with continuous visibility into your infrastructure.
CONTACT CHECK POINT
December 3, 2014
Worldwide Headquarters 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected] U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2014 Check Point Software Technologies Ltd. All rights reserved
|
4
