Introduction

Today’s modern IT infrastructure has enabled us to work freely outside our offices and network perimeter. Past investments focused on network security while attackers shifted to target endpoints. Endpoints are our main work devices to access corporate email, applications, and data. They are also the most vulnerable devices across organizational assets. You should be asking yourself, how safe are your endpoints and users when research suggests that 70 percent of successful breaches start on the endpoint?

Imagine a consolidated endpoint security platform, covering all of your endpoint needs, including advanced threat prevention, automated response and remediation, and real-time threat visibility and analysis. In addition to that, how would you feel when your endpoint security solution automatically prevents and responds to critical events saving you time and money?

To solve your challenges, and to meet future business goals, your organization must have a consolidated endpoint security strategy.

Your users are the most vulnerable assets in your IT environment and are also the most exposed.

  • Harmony Endpoint is a complete endpoint security solution integrated into the Check Point Infinity architecture.

    It is based on the three pillars of effective endpoint security:

    Prevention focused protection; Efficiency by automation; and faster recovery from attacks

  • Harmony Endpoint provides multiple layers of endpoint security best practice protection.

    By reducing the attack surface and preventing attacks before execution and damage you get the best ROI.

    Behavioral and runtime protection followed by fast and automatic containment keep you protected even against unknown zero-day attacks.

    And finally with an automated response, triage, analysis, and report you to reduce the cost of operation.

  • Harmony Endpoint focuses on the Simplicity of deployment and operation from the cloud management platform with an investment in multiple innovative threat prevention technologies, including machine learning and AI, automated detection, and remediation. Check Point ThreatCloud offers automated shared intelligence across all assets and with Harmony Endpoint insightful forensic capabilities it ensures the continuous collection of data to automatically perform triage, report and response while providing complete and centralized threat visibility and Threat Hunting capabilities.

This story and demonstration are based on real events

The demonstration story starts from an attacker targeting an organization.

This organization is about to transition to a public traded company.

  1. The attacker plans to infiltrate the organization before their IPO takes place and make a lot of money.

  2. The attacker plans to steal sensitive data, create backdoors and cripple their servers with a ransomware attack to profit from the ransom and from selling sensitive data.

  3. The attacker learns about the IPO and key people in the organization like Bruce, the CFO from the news and social media.

  4. The attacker decides to target Bruce to infiltrate the organization and steal IPO relevant data.

  5. The attack will start from a network scan to identify open systems and trying to exploit them.

  6. The attack will continue with a sophisticated social engineering attack and credential theft, phishing and dumping attacks.

  7. The next stage is to use the credentials to spread the backdoor, still sensitive data and send a full scale ransomware attack.

  8. Finally, the attacker plans to book a vacation long vacation and enjoy the money.

Spoiler Alert: The organization is protected by Check Point SandBlast Agent and the attacker never leaves for vacation.

The Goal of this Demo is to simulate, in real time, the advanced capabilities of Check Point Harmony Endpoint Solution, Cloud management, WebUI console and EDR.

The Demo will cover the following Scenarios: