background top icon
background center wave icon
background filled rhombus icon
background two lines icon
background stroke rhombus icon
header logo icon

Download "Check Point Harmony: новое семейство решений для защиты устройств сотрудников"

input logo icon
Cover of audio
Please wait. We're preparing links for easy ad-free video watching and downloading.
console placeholder icon
Previous video: Gmod: Ragdoll Combat, The New Thanos, I'm Master Chief! (Garry's Mod Sandbox - Comedy Gaming)Next video: Harmony Connect: Remote Access and SASE
Table of contents
|

Table of contents

0:00
Введение
5:46
Кейс 1 Защита облачной/локальной эл. почты как сервис Harmony Email & Office
15:59
Кейс 2 Простой удаленный доступ в браузере (без клиента) Harmony Connect Remote Access
25:33
Кейс 3 Безопасный удаленный доступ с VPN и Compliance Harmony Endpoint
28:26
Кейс 4 Комплексная защита устройств пользователей Harmony Endpoint
1:06:49
Harmony Mobile
1:16:13
Кейс 5 Безопасный доступ в интернет из дома и филиалов Harmony Connect Internet Access
1:27:21
Лицензирование
Similar videos from our catalog
|

Similar videos from our catalog

Harmony Connect: Remote Access and SASE
1:08:05

Harmony Connect: Remote Access and SASE

Channel: Check Point CheckMates in Russian
Gmod: Ragdoll Combat, The New Thanos, I'm Master Chief! (Garry's Mod Sandbox - Comedy Gaming)
11:10

Gmod: Ragdoll Combat, The New Thanos, I'm Master Chief! (Garry's Mod Sandbox - Comedy Gaming)

Channel: FranDaMan1
YLands - Знакомство с игрой, Приручение лошади, Обзор
31:44

YLands - Знакомство с игрой, Приручение лошади, Обзор

Channel: Ariona Gamer
Don't Starve Прохождение: #2 - Радость из-за навоза!
41:51

Don't Starve Прохождение: #2 - Радость из-за навоза!

Channel: KerneX
Terraria #19 - Разрушение демонического алтаря
1:57

Terraria #19 - Разрушение демонического алтаря

Channel: Game Dope
ВЫЖИВАНИЕ Галлимимуса - THE ISLE - Сервер MEZOZOI
28:18

ВЫЖИВАНИЕ Галлимимуса - THE ISLE - Сервер MEZOZOI

Channel: Ariona Gamer
Don't Starve Прохождение: #1 - Начало выживания!
41:13

Don't Starve Прохождение: #1 - Начало выживания!

Channel: KerneX
ट्रेन # 2 के साथ प्रयोग / टियरडाउन
16:23

ट्रेन # 2 के साथ प्रयोग / टियरडाउन

Channel: DestTD
Как включить Песочницу в Windows 10, настроить и пользоваться?
20:45

Как включить Песочницу в Windows 10, настроить и пользоваться?

Channel: Компьютерные курсы Евгения Юртаева
#05 ЭЛИТНЫЙ БОМЖЕТАУН Kapital: Sparks of Revolution прохождение на русском
38:40

#05 ЭЛИТНЫЙ БОМЖЕТАУН Kapital: Sparks of Revolution прохождение на русском

Channel: Never More
Video tags
|

Video tags

check point
checkpoint
чекпойнт
информационная безопасность
межсетевой экран
файрвол
песочница
sandbox
sandblast
sandblast agent
r80
infinity
r80.30
r80.40
r81
iot
internet of things
вебинар check point
вебинар checkpoint
checkpoint вебинар
check point вебинар
harmony
harmony endpoint
harmony mobile
Harmony Email & Office
harmony connect
check point harmony
удаленная работа
безопасная удаленка
remote access
check point remote access
Subtitles
|

Subtitles

subtitles menu arrow
  • ruRussian
Download
00:00:10
good afternoon my name is Alexey
00:00:12
Beloglazov company emergency point I answer
00:00:14
for protection against cyber attacks today we
00:00:19
let's talk about the solutions we call
00:00:22
harmony harmony is a new family like
00:00:26
already known new solutions that
00:00:28
in chapat we offer for protection
00:00:31
employees of modern realities and work
00:00:34
remotely, in fact, not only
00:00:37
for office workers this is also very
00:00:39
useful of course we are all used to
00:00:44
in more than a year
00:00:45
connect to various applications and
00:00:48
corporate services are not very good
00:00:51
different devices like
00:00:52
from home and from the office from desktop
00:00:55
operating systems from mobile
00:00:57
operating systems and attackers
00:00:59
this is actively used
00:01:01
they carry out various attacks
00:01:04
just the number of ransomware and
00:01:07
in principle, ransomware is essentially
00:01:09
has increased over the past year
00:01:12
trends and such that according to our
00:01:15
reports and what
00:01:16
published news and in order to
00:01:19
basically you see
00:01:20
since the second half of last year
00:01:23
ransomware no longer just encrypts
00:01:25
preliminary data about them is stolen and
00:01:27
thus a second lever appears
00:01:30
pressure on the organization of communication with this all
00:01:33
more organization has to do
00:01:35
pay the ransom the amount itself is average
00:01:38
payments have increased significantly and with this
00:01:41
we need to fight besides we naturally
00:01:43
connect to various services
00:01:46
we use our rosary somewhere
00:01:49
second factor somewhere there is no second factor
00:01:50
and the attackers are trying in every possible way to
00:01:53
steal accounts in order to
00:01:55
intercept this access, including from
00:01:57
using spear phishing or mass
00:02:00
phishing emails
00:02:01
we see that among those brands under
00:02:05
who is trying to disguise himself
00:02:06
attackers are very common
00:02:09
microsoft is it with 365 games pro
00:02:12
we mail some other services well
00:02:15
we must remember that
00:02:17
and if he managed to steal from a powerful node
00:02:20
an account, for example, a social network or some other
00:02:23
streaming service like nad fix
00:02:25
then again according to the role in this account
00:02:28
very often can coincide with
00:02:30
corporate therefore still need
00:02:32
protect our users from phishing
00:02:34
even if it doesn’t seem to concern
00:02:37
corporate services and
00:02:40
the number of cyber attacks themselves but
00:02:42
is growing in our region in Russia in
00:02:46
CIS we see that the number of attacks on
00:02:49
the organization is on average significantly larger
00:02:52
than the world average reaches about
00:02:54
thousands of attacks per organization per week
00:02:58
it's quite natural that
00:03:00
most of them are successful
00:03:02
prevented by our decisions about what
00:03:04
we will continue to talk among
00:03:07
various families became more active
00:03:10
work of banking Trojans in recent years
00:03:12
a few months still big
00:03:15
bot activity and number
00:03:17
ransomware, as I already said, has increased
00:03:20
here on the graph you see about five
00:03:22
percent before that we saw about
00:03:25
one two percent, that is, growth
00:03:27
decent enough and one is enough
00:03:30
such penetration to cause trouble
00:03:32
in the organization how do you know the families
00:03:37
Trojan layout by joint efforts in that
00:03:40
interpol number
00:03:41
managed to neutralize his replacement
00:03:44
did the malware come and how did they Frade?
00:03:46
still in use three years
00:03:49
other families appeared and
00:03:52
accordingly, you need to fight them
00:03:55
must be prevented
00:03:56
it turns out that in today's
00:03:59
In reality, the range of threats is quite large and
00:04:03
the attack area is very large because
00:04:06
these are different devices
00:04:08
communications between these devices
00:04:10
services of the organization and all this for
00:04:12
outside the traditional perimeter and
00:04:15
there are a lot of problems that need to be solved
00:04:18
information officer decide
00:04:19
security to solve these problems
00:04:22
a huge number of different
00:04:24
solutions
00:04:25
We in the company strive for all this
00:04:28
unify history somehow simplify
00:04:32
bring it under a single denominator and we
00:04:35
We offer a family of solutions harm and
00:04:37
some just allows you to solve
00:04:40
main cases
00:04:42
like those we face today
00:04:43
when organizing a truly safe
00:04:46
people actually work remotely
00:04:50
not only remotely but from the office too
00:04:52
This concerns email security
00:04:55
protection of the devices themselves
00:04:58
employees and remote access and
00:05:00
Internet access today I have my own
00:05:03
presentation is not built around
00:05:05
specific solutions and around use cases and
00:05:08
accordingly we are specific
00:05:10
let's talk and space is the first one like this
00:05:13
of course to protect email
00:05:16
because about seventy
00:05:18
eighty percent of cyber attacks are
00:05:21
start with getting to users
00:05:23
phishing or malicious emails
00:05:26
then the user opens something
00:05:28
something doesn't always click
00:05:31
training helps because
00:05:33
the attackers are really very
00:05:36
prepares these letters efficiently and
00:05:38
again, traditional defense is also not
00:05:41
always manages to filter and three
00:05:44
video to respond to such attacks
00:05:46
therefore there is a need for an overlay
00:05:49
specialized protection
00:05:50
which is the service harmony million office
00:05:54
in case this office 365 it has
00:05:59
native integration, that is, essentially
00:06:01
the letter first reaches the office 306 5
00:06:04
passes inspection by antispam antivirus
00:06:08
then it is redirected to our service
00:06:11
inspect there and return back
00:06:14
and if everything is fine with her except this and
00:06:17
the same email protection service
00:06:20
from the cloud
00:06:22
naturally we have something similar
00:06:24
solution based on local gateways
00:06:26
checkpoint which becomes in the mode
00:06:29
mail transfer agent local sandbox
00:06:31
this is all outside the scope of today's webinar
00:06:34
but nevertheless the technology seems like this
00:06:37
here's protection
00:06:38
email from the cloud she also
00:06:41
possible in case of local
00:06:43
microsoft excel email service
00:06:46
And so on or in the case of, for example, a hybrid
00:06:48
implementation of office 365 or jess you when
00:06:52
Some mail servers are located
00:06:55
the local part is present in the cloud with
00:06:57
There are very different implementation schemes, but
00:07:00
however, we manage to embed our
00:07:03
service in order to fully
00:07:05
filter incoming emails as a result
00:07:09
we analyze the contents of these letters
00:07:12
we sort each letter into pieces
00:07:14
various indicators and build a model
00:07:18
machine learning natural what if
00:07:20
We know that there is some kind of link
00:07:22
some file is already malicious that's all
00:07:25
immediately goes into quarantine
00:07:27
but in a controversial situation it is naturally very
00:07:31
it is important to understand what kind of communication this is
00:07:32
between whom and whom
00:07:34
what phrases are found what graphics
00:07:37
appears in the body of the letter and thanks
00:07:41
this is how we manage to get high-quality
00:07:43
our pilots show the exact verdict
00:07:46
that the solution is found by many
00:07:49
phishing emails that arrive
00:07:51
for example through built-in office protection
00:07:53
365 besides this of course we check
00:07:56
nesting and the same applies here
00:08:00
the most successful technologies
00:08:02
implemented on our gateways
00:08:03
local security has probably been around for years
00:08:06
5 how could there be more
00:08:09
this is working with a sandbox and here we have
00:08:12
we have the opportunity initially
00:08:15
provide to the user very quickly
00:08:18
proactively cleared attachment that is, it
00:08:21
receives a letter containing all attachments
00:08:23
turned into secure documents and
00:08:27
parallel
00:08:28
These files are sent for analysis to
00:08:31
sandboxes that will lead to a full-fledged
00:08:33
dynamic analysis and find out
00:08:35
original files are malicious
00:08:37
or not if the user still needs
00:08:40
original for example because we deleted
00:08:43
we execute some macro from the body from
00:08:46
body of the document and in this case
00:08:49
user can request
00:08:50
this original via the link in the same
00:08:53
the letter itself from the mechanism we have debugged
00:08:55
many happy customers over the years
00:08:58
who have it all implemented like this
00:09:01
way and this allows us to ensure
00:09:03
the opportunity to work with people without losing
00:09:08
productivity despite the fact that
00:09:10
sandbox is in gap mode
00:09:12
prevention itself solution
00:09:16
the checkpoint sandbox is called oblast
00:09:19
it has been tested repeatedly by us
00:09:22
absolute trace until I'm with us
00:09:25
labs existed last year
00:09:27
unfortunately
00:09:28
finished her work as an IT organization
00:09:31
we hope that as it incarnates there will be
00:09:34
the following similar tests
00:09:36
but nevertheless we showed the best
00:09:38
threat prevention level and
00:09:40
indeed this is the solution for which
00:09:42
you can rely on exactly the same
00:09:44
sandboxes are also used in email pocket
00:09:46
in office among advanced cases you can
00:09:50
mark next if attachment
00:09:53
for example password protected and password
00:09:57
somehow indicated or sent via
00:10:00
with or somehow else to the user what is ours
00:10:03
they are not able to find a solution in this
00:10:06
case there is a mechanism when the user
00:10:09
receives the original letter but
00:10:11
attachments removed
00:10:13
and in the body of the letter there is a line that
00:10:15
prompts the user to enter a password
00:10:17
for investments the result is that
00:10:21
user visits this portal for
00:10:23
each of the attachments if there are several of them
00:10:26
enters your password and then our service
00:10:30
checks it can really open
00:10:32
Now inspect this attachment
00:10:35
all contents of this archive and beyond
00:10:37
respectively
00:10:39
give some verdict if these
00:10:42
the attachments are malicious, they are sent to
00:10:44
quarantine another story with links in
00:10:48
the body of the letter naturally contains links
00:10:52
checked by reputation and
00:10:54
in the case of many file services we do this
00:10:57
let's follow these links from
00:10:59
Why do they need malicious files and check them?
00:11:02
they are further in the sandbox accordingly
00:11:03
We are blocking this letter but there is a mechanism
00:11:06
rewriting links in this case
00:11:09
the user initially receives a letter
00:11:12
in which the link is not original
00:11:14
which leads to our service and when
00:11:17
a person clicks on this link then this
00:11:20
the page or the file that
00:11:22
it can also be downloaded from this link
00:11:24
this is checked by our sandbox
00:11:28
helps prevent infection already in
00:11:32
moment of click especially since they happen
00:11:35
attacks when similar content is available
00:11:39
according to the link in the letter it is to the attackers
00:11:42
is replaced, relatively speaking, at that moment
00:11:45
when the letter was sent for example
00:11:47
at night service protection he tried to pass
00:11:51
and download and there was safe content in
00:11:55
that moment when a person clicks in the morning
00:11:57
following the link this content becomes
00:11:59
Accordingly, such a service is dangerous
00:12:02
allows us to really solve this
00:12:04
problem and fully provide protection
00:12:07
from the end user's point of view
00:12:09
it all looks something like this
00:12:13
there are letters that were protected with
00:12:17
using our solution here
00:12:19
there was some kind of malicious file
00:12:21
blocked which passed through
00:12:23
built-in protection in office 365 except
00:12:27
this functionality is in the new service
00:12:30
really new compared to
00:12:31
with our local gateways we also
00:12:34
we send these to users
00:12:36
digests in which the user sees
00:12:39
which letters were quarantined?
00:12:42
has the ability if necessary
00:12:45
for example, request to release some
00:12:49
a specific letter if it seems to him that
00:12:52
it was a false positive and so on
00:12:55
administrators in the management interface
00:12:58
works with similar ones accordingly
00:13:01
with queries he sees statistics on threats
00:13:04
for some time, for example, he
00:13:08
configures the cat's security policy
00:13:11
is capable of protecting against spam not from
00:13:14
phishing and against any malicious
00:13:17
positions of malicious links and further
00:13:19
works with quarantine here
00:13:22
opportunity to view just the request
00:13:24
on the part of users in this case
00:13:27
we see that it was a malicious letter
00:13:29
there was an attachment you can see
00:13:32
report from the sandbox and in this case it is
00:13:36
quite a well-known malware by the way
00:13:38
despite the fact that he is quite
00:13:40
famous he still flew through
00:13:42
built-in protection from 365 and you can
00:13:45
see some other details on
00:13:47
this incident and further administrator
00:13:50
decides no, he refuses
00:13:52
users will not release this
00:13:55
quarantine malware by the quarantine itself
00:13:58
you can also work here, you can also work here
00:14:00
separately see events related
00:14:02
for example with the situation when we
00:14:07
The user is prompted to enter a password
00:14:09
You can view the information separately
00:14:11
associated, for example, with honey plants
00:14:13
investments and so on, that is, like this
00:14:16
a fairly simple service reminds that
00:14:19
it integrates either natively
00:14:22
using office 365 methods or via mx
00:14:26
records the case when it's something else
00:14:30
mail system including local
00:14:33
and thus we are the first
00:14:35
we are the entry point for the flow of letters
00:14:37
We check completely, including
00:14:40
We perform all basic antispam checks
00:14:42
those who are not familiar with that portal on
00:14:45
which I am now, let me remind you that
00:14:48
checkpoint cloud services managed
00:14:51
through the so-called infinite portal on
00:14:54
which I am now present here we are
00:14:57
we see there are different families
00:14:59
solutions as you know all the hardware
00:15:02
checkpoint gateway is now called
00:15:04
quantum everything about cloud
00:15:07
infrastructures and platforms and I saved it
00:15:10
cloud harth and today we are talking
00:15:13
about harmony
00:15:14
if you're lost in these new ones
00:15:16
titles we had at the beginning of this year
00:15:18
rebranding here there is a wonderful one
00:15:20
a checkbox that allows you to see how
00:15:23
these solutions were called before
00:15:25
for example harmony million office before
00:15:27
it was called cloud harth right now but that version
00:15:31
services which I am showing now
00:15:33
its next version which is now
00:15:35
available to which we are smoothly migrating
00:15:38
during this year it is available here at
00:15:41
this section check point labs harmony
00:15:44
million office 20 colleagues if you have any problems
00:15:48
questions write them in the cuando and I sections
00:15:51
I will actually answer here first of all
00:15:55
the case is email protection
00:15:58
however, it is natural to this very
00:16:01
email is not just people
00:16:04
connect from a variety of locations
00:16:06
devices and therefore the following from the case
00:16:09
us is connected to the remote connection itself
00:16:14
remote connection can be
00:16:15
implemented in different ways, for example in
00:16:18
throughout the past year our
00:16:21
customers actively deployed repairs
00:16:23
access let's drink to our gateways and with our
00:16:27
NTP tapes
00:16:28
but besides this there are, for example, situations
00:16:30
when you or external contractors
00:16:33
or part of internal employees including
00:16:35
number of devops you need to allow access without
00:16:40
client to specific resources or
00:16:43
your data center or even in public
00:16:46
in the clouds, for example, someone is sawing you
00:16:49
some kind of application
00:16:50
deployed some project somewhere in
00:16:53
openwork or in google cloud and you need
00:16:56
provide remote access there or
00:16:59
you have desktop infrastructure
00:17:01
and you provide access to it
00:17:03
your data center has a lot of different
00:17:05
situations
00:17:08
the solution is without client access
00:17:11
quite a simple solution because
00:17:13
it does not require any installation
00:17:15
client on the user side you
00:17:18
just publish certain
00:17:20
applications in the browser
00:17:22
Naturally, the same thing can be done
00:17:24
using local checkpoint gateways
00:17:27
the solution is called mobile access play
00:17:30
today I’m talking about a new service
00:17:33
which allows you to do this through
00:17:34
clouds in a simpler way and not walls
00:17:38
not bear all the labor costs and
00:17:41
capital costs for deployment
00:17:43
this service is completely at home like this
00:17:47
everything works in the end it turns out that it is
00:17:50
some cloud service through which
00:17:53
access is granted let's call it
00:17:56
conditionally
00:17:57
an access broker is a service
00:18:00
harmony connect
00:18:01
this harmony connect has special
00:18:04
connectors
00:18:05
which are installed locally in your
00:18:09
data center or installed in your
00:18:11
virtual data centers, including in
00:18:14
public cloud connectors can be
00:18:16
buy them as much as you want
00:18:19
the main task is to be close to
00:18:21
those resources and with those applications
00:18:23
which you plan to publish these
00:18:26
connectors are supplied as
00:18:28
docker container a
00:18:30
you can actually deploy it anywhere
00:18:32
anyway, it eats very little resources further
00:18:36
this is the very connector knocking on our door
00:18:39
clouds, that is, these are outgoing connections
00:18:42
you don't need to publish anything via
00:18:43
destination over on some of your perries
00:18:46
meter gateways and beyond users
00:18:49
they go to certain portals where
00:18:52
he published specific applications
00:18:56
Each user has their own applications
00:18:58
that's why it's called jeera traces
00:19:00
network access
00:19:01
we don't trust users in general and
00:19:06
in general we do not allow them in completely
00:19:08
we publish some IP subnet
00:19:11
specific authorized users
00:19:13
specific policy applications
00:19:17
in case some user
00:19:19
leaves the company or you change his mind
00:19:21
publish a specific application to this
00:19:23
cancel publication block account
00:19:26
or something else and accordingly
00:19:28
access is lost or entirely in the portal
00:19:31
or fortunately those applications that
00:19:33
no longer relevant for this
00:19:34
user integration itself occurs
00:19:37
including through integration to connect
00:19:40
these provider models these provider models
00:19:42
could be either a cloud dente provider
00:19:44
or for example microsoft and dfs which
00:19:47
your infrastructure will be expanded further
00:19:51
By policy you determine who gets what
00:19:55
what kind of access does this look like?
00:19:57
everything is as follows let's move on
00:20:00
just in armani applications
00:20:02
connect and I’ll show you how it all looks
00:20:05
harmony connect itself consists of
00:20:08
several components
00:20:10
several services have a service
00:20:13
corporate applications that is
00:20:15
remote access to applications is that
00:20:17
what am I telling you now
00:20:19
space also has this specific one
00:20:21
and space filtering of Internet traffic to
00:20:24
I'll be back to him a little later today
00:20:27
accordingly here we have
00:20:30
certain users certain
00:20:33
sites are configured, you can configure them
00:20:36
certain date centers in which we have
00:20:39
there are corresponding applications
00:20:41
and then according to politics you control
00:20:45
who gets access where
00:20:47
for example here I have there to the remote
00:20:50
desktop to a specific group
00:20:52
Dima users are allowed access and
00:20:55
then these users are obtained through
00:20:58
certain links
00:20:59
access to internal resources here you
00:21:02
you see gray api addresses
00:21:04
yes from the point of view of the infrastructure itself
00:21:07
it turns out it all looks like this
00:21:09
way that you have these very
00:21:11
connector containers which
00:21:14
provides access well and in this
00:21:16
case, I still have a test one here
00:21:17
website spins through which
00:21:21
more precisely, I will try to organize this
00:21:23
the most access and then the final one
00:21:26
user
00:21:28
he receives a link to
00:21:31
he begins to walk through a similar portal
00:21:34
this application and open them at the same time
00:21:37
it turns out that this one was originally
00:21:41
internal portal
00:21:42
this is just my test portal
00:21:44
The deployment of help for docker is not very good
00:21:48
basically what application
00:21:49
use for Dima and the same
00:21:52
the portal, as you can see, is spinning here in
00:21:54
localhost the user gets to it
00:21:57
access via external link after
00:21:59
full authorization with this way
00:22:02
we control who goes where
00:22:04
tea has access through this one without
00:22:06
client portal
00:22:08
naturally it works on any
00:22:09
operating system from the point of view
00:22:12
you can publish the applications themselves
00:22:17
to the portal and USSR dp and databases
00:22:21
there are quite a lot of different types here
00:22:24
applies to other application types
00:22:26
for example 1s
00:22:27
or something else like that is possible
00:22:29
publish by wrapping in
00:22:31
tunnel in this case when trying
00:22:33
kidnappings to users of this application
00:22:36
published will go up ssh tunnel
00:22:38
which will extend his access to
00:22:41
the published application is approximately
00:22:44
what does it look like and what will you end up with?
00:22:46
you get the opportunity accordingly
00:22:50
monitor who and where where you are
00:22:53
connected including you have
00:22:57
information about visiting various
00:23:00
resources and information, for example you
00:23:04
you can watch the video recording of the session
00:23:08
remote desktop that is, like
00:23:11
people connected to a specific worker
00:23:13
table and that they did the same thing on it
00:23:15
You can do it for example for ssh, that is
00:23:19
see what teams he drove
00:23:22
command line administrators
00:23:24
some of your server or
00:23:26
network device
00:23:28
This is what this service looks like
00:23:31
quite simple, I repeat once again
00:23:34
in essence, the whole integration consists of
00:23:37
why are you throwing these very
00:23:39
provide connectors
00:23:43
authentication through integration
00:23:44
bend with the provider and sign
00:23:47
policies who should connect where?
00:23:50
where not and the result is that
00:23:53
you throw and thus access
00:23:56
users with full control
00:23:59
him and so we have a question if
00:24:03
adaptive access mechanisms for children
00:24:07
zero red forex with here the question is what
00:24:11
is an adaptive mechanism because
00:24:14
what in this case it turns out you
00:24:16
politics
00:24:18
answer please indicate which policy
00:24:22
user groups which applications
00:24:24
available and if, for example, a person
00:24:28
moved from this user group
00:24:30
to another user group and that's it
00:24:34
actually he has this access
00:24:36
disappears automatically
00:24:38
published application automatically
00:24:40
disappears and the second question is how long
00:24:42
DPS records are stored honestly
00:24:46
seems to have no restrictions
00:24:49
Well, let me clarify, if anything happens, I’ll contact you
00:24:54
I will inform you about the specific storage time
00:24:57
a little bit later
00:24:58
as far as I know and the limitation on
00:25:00
this topic is not here like us
00:25:03
we understand that this is without a client
00:25:07
she carries the connection diagram
00:25:09
a significant advantage is that you don’t need
00:25:12
install no agents on
00:25:14
terminal stations but it also carries within itself
00:25:17
and the minus associated with the fact that it’s the same
00:25:21
recording remote sessions and for example input
00:25:25
keyboard data and everything else on
00:25:27
you can be controlled by ryan who
00:25:30
sits on this very machine
00:25:32
so we smoothly move on to the next one
00:25:35
drives the forest which actually concerns
00:25:40
compliance checks and upon connection
00:25:44
in Rome so happy drunk and in this
00:25:47
case without a client it’s no longer the same
00:25:49
accordingly you install the client
00:25:52
to end workstations
00:25:54
as part of this client who used to
00:25:57
called samples to gain now
00:25:59
called harmony and point
00:26:00
present and axis repair or drunk
00:26:03
which will be terminated on your
00:26:05
security gateways, physical or
00:26:08
your virtual data centers here
00:26:13
There are also cyber defense engines about
00:26:15
which we will talk about here too
00:26:18
present
00:26:19
compliance who can check
00:26:21
compliance of this machine with the requirements
00:26:23
organizations
00:26:24
does it work there for example?
00:26:26
any specific antivirus
00:26:28
is it updated for domain machines
00:26:31
you can check according to the sauce
00:26:33
have all windows updates arrived and
00:26:35
other than that, not some other additional ones
00:26:38
options
00:26:39
if the stations do not match
00:26:41
requirements of corporate policy in
00:26:44
agent
00:26:45
this one here and point firewall it
00:26:48
starts applying a separate list
00:26:50
rules of the restricted category and
00:26:52
accordingly, here is the rule in this list
00:26:55
it can be written that it is possible
00:26:57
connect to agent management server
00:26:59
you can connect in the sandbox you can
00:27:01
connect to the board server
00:27:03
antiviruses can connect to the court
00:27:05
but you can't connect to the system
00:27:07
electronic document management for workers
00:27:10
tables and somewhere else because
00:27:11
unsafe results in
00:27:14
organize both partial or complete
00:27:17
isolation of this machine until
00:27:21
actually it will not be given in
00:27:23
order of course we all understand that
00:27:26
compliance in itself is not a guarantee
00:27:30
yes because even the second factor is
00:27:34
not a guarantee
00:27:35
because the presence of antivirus is available
00:27:38
installed updates
00:27:40
the presence of a second factor and absolutely not
00:27:42
guarantee that this machine does not
00:27:44
there is some zero-day malware running
00:27:46
which is not detected by standard
00:27:50
means that this second factor in
00:27:53
in the form of an SMS in the form of some application
00:27:56
on mobile phone
00:27:58
that is not intercepted by attackers on this
00:28:00
topic we had a lot of investigations into
00:28:03
including in this case there in my opinion
00:28:06
Iranian cyber group was engaged
00:28:08
cyber espionage in general
00:28:12
intercept text messages and factor q on
00:28:15
mobile phone is standard
00:28:17
function of any banking Trojan I tell you
00:28:19
already today I talked about what
00:28:21
the quantity is quite significant
00:28:23
increases and it turns out that we are coming
00:28:27
to the next one with the case, namely to the protection
00:28:31
end devices of users
00:28:33
no matter whether it's homemade or
00:28:35
corporate computers in the office or
00:28:38
Houses
00:28:39
and let's talk about it accordingly
00:28:43
At the same time, the question arose about harmony connection
00:28:46
is it an agent or not an agent am I in one of
00:28:51
I’ll tell you about previous use cases
00:28:53
harmony connect repair access is without
00:28:57
client access i.e. publications
00:28:59
carried out through the service and
00:29:01
the user gets access to
00:29:03
applications in the browser also have
00:29:06
harmonica thread with an agent who
00:29:08
provides application filtering and
00:29:11
sites
00:29:12
we will talk about this today in the last
00:29:14
from Casey in other words the answer to the question and
00:29:18
yes no yes depending on what purpose it is
00:29:21
there is a part of the pocket connect can go
00:29:23
without agent part of harmony connect can
00:29:25
go with a dependency agent
00:29:28
specific you space a life I will return from
00:29:31
case associated with the protection of the endpoints themselves
00:29:34
devices again we understand that
00:29:36
we need full-fledged cyber protection and for
00:29:41
the last year is probably even more
00:29:44
was one of the main cases when we
00:29:47
really provided cyber protection
00:29:50
not only on corporate devices
00:29:52
corporate laptops office machines but
00:29:55
and and and issued for example mobile
00:29:58
devices
00:29:59
but this also applies to personal devices
00:30:01
users naturally that in this
00:30:04
in case the policy simply won't
00:30:07
so tough and she will be targeted
00:30:09
more on cyber protection than on control
00:30:12
what the user does on this
00:30:14
device tasks that are posed in this
00:30:19
case it is natural to reduce the area
00:30:22
attacks especially if they are corporate
00:30:24
computers here you will be able to
00:30:26
what can you say no to?
00:30:28
control connected external
00:30:31
flash drive devices for some 3g modems
00:30:34
you can encrypt your hard drive
00:30:37
for example if you are corporate
00:30:39
the computer was stolen or lost so that
00:30:42
data from it has not leaked anywhere and
00:30:44
of course that's all there is to it
00:30:46
compliance update
00:30:49
and regular antivirus protection
00:30:52
and then comes a whole range of tasks
00:30:54
protection against zero-day threats
00:30:57
prevention but
00:30:58
new again phishing new phishing
00:31:02
sites and new malware specifically
00:31:05
prevention in such a way that
00:31:07
the attack has not started in principle and is not necessary
00:31:09
there was nothing to investigate the damage was equal
00:31:11
zero
00:31:12
Naturally, in reality there is a part
00:31:16
and so which will still begin, that is
00:31:18
an attacker will be able to penetrate
00:31:20
machine and in the archives with a password for me through
00:31:23
mail, for example, and via instant messengers via
00:31:27
flash drives and so on or, in principle, you
00:31:29
repaired access I'm drunk on the car
00:31:32
to your home computer
00:31:34
she has been infected for a long time before, accordingly
00:31:37
here you need to provide protection in the mode
00:31:39
real time, that is, on the very
00:31:41
machine to analyze everything that happens
00:31:43
and in time to detect the attack and begin
00:31:47
the whole range of activities related to
00:31:49
isolation and treatment of this machine with
00:31:52
investigation into this incident
00:31:54
this is what we provide to our
00:31:57
decision
00:31:58
the solutions themselves for desktop operating rooms
00:32:00
Harma systems no point previously known
00:32:04
as sandblast agent for mobile
00:32:06
operating systems harmony mobile earlier
00:32:09
known as san blas mobile these
00:32:11
I've been solving myself well for many years now
00:32:13
they have been recommended in many places
00:32:15
successfully implemented and continues
00:32:18
provide tucks simply today
00:32:20
in reality they become even more
00:32:22
relevant solution in itself
00:32:26
is either a replacement
00:32:29
or it can coexist with
00:32:31
we have traditional antivirus
00:32:33
customers who are forced to use
00:32:35
only certified antiviruses and
00:32:38
in this case you just install
00:32:41
our solution as go are in a
00:32:45
generation antivirus but it does not conflict
00:32:48
with a traditional antivirus that lives
00:32:50
on your typewriter situations when
00:32:52
to the customer
00:32:54
the regulator's requirements are irrelevant
00:32:57
has the ability to unify
00:32:59
and in this case indeed
00:33:00
existing antiviruses
00:33:02
we can completely replace because
00:33:04
we also have a corresponding engine
00:33:08
the protection technologies themselves are
00:33:12
provide such echeloned
00:33:15
approach the thing is that each
00:33:17
protection technology has its advantages
00:33:19
and it has its limitations
00:33:21
that is, for example, Monty explored it
00:33:24
blocks exploiter
00:33:25
but if the attacker does not use
00:33:27
exploit use something else for example
00:33:29
higher script is anti-exploit nothing
00:33:32
will help so it turns out that we have
00:33:35
there are a number of technologies that protect us
00:33:38
at different stages of the attack we have
00:33:42
technology is aimed exclusively at
00:33:44
prevention so that in principle a
00:33:47
it never started and anti explored
00:33:49
this is a plugin in the browser that I will show
00:33:52
which protects against phishing and downloading
00:33:54
malicious files
00:33:55
here we can, in principle, include
00:33:58
preventing delivery of malware
00:34:00
emails and phishing emails at the level
00:34:02
postal service what I told you
00:34:05
a little earlier the antivirus may
00:34:07
block something else on approach
00:34:10
Then there are situations when at the end
00:34:14
station someone landed there
00:34:17
potentially malicious file here it is
00:34:19
lies on the disks it hasn't been opened yet
00:34:22
here again an antivirus can save the day
00:34:24
there is a set of static technology
00:34:27
static analysis inspections which
00:34:30
checks files based on content structure
00:34:33
and also checks their reputation groin and show
00:34:37
and check your reputation using the so-called
00:34:39
phase hisham that is, phase hashed something
00:34:44
is more general than just a hash, that is
00:34:47
it does not work on a specific file
00:34:50
coincidences occur with the whole family
00:34:52
files and thanks to these technologies like
00:34:55
with the help of machine learning and with
00:34:57
using the hash phase we succeed
00:35:00
block polymorphic malware
00:35:03
files including up to 60 percent new
00:35:09
executable files they are palm
00:35:11
accordingly we successfully blocked
00:35:13
and the advantage of these technologies is that they
00:35:15
work in some microseconds like this
00:35:18
way the user simply does not have time
00:35:20
even open the file, but what if
00:35:25
these are all previous technologies somehow
00:35:27
In this way the attackers managed to bypass
00:35:29
again the file itself that fell on
00:35:32
hard drive it can go to
00:35:34
sandbox which can be local
00:35:37
Is it cloud based and if the user did not have time
00:35:40
open the file before sandboxing
00:35:42
gave a verdict just for example he downloaded
00:35:45
but didn’t rush to open it right away, that is
00:35:48
chance again that it’s a sandbox
00:35:49
block the threat before
00:35:52
the attack will begin or otherwise
00:35:54
what about sandboxes what about other engines that
00:35:58
protect the nose, permissible by behavior on
00:36:01
the end station is protected from reverse
00:36:05
server connection channels
00:36:06
they can continue to attack the attacker
00:36:09
discover that the station is already partially
00:36:11
compromised, the attack is already underway and
00:36:14
begin the process of blocking this attack
00:36:17
investigation and treatment that is
00:36:20
such shiloni ravana I am protection she
00:36:22
allows us to really not
00:36:25
worry that some one is magical
00:36:28
technology to the attacker
00:36:29
will be able to get around and the further the more
00:36:32
We are starting to use such technologies
00:36:35
but at the same time, of course, we do not forget that
00:36:38
the station should work normally but not
00:36:40
there must be some problem with
00:36:41
performance in terms of
00:36:44
protection in prevention mode like me
00:36:48
already said a huge amount today
00:36:51
people receive phishing links
00:36:53
phishing emails phishing links themselves
00:36:56
can arrive via messenger via
00:36:59
personal mail QR code and so on therefore
00:37:02
it doesn’t really matter how
00:37:04
the user receives this link is important
00:37:07
protect him while visiting this
00:37:09
site and it works like this:
00:37:12
naturally it costs me on my typewriter
00:37:16
to our protection agent harmony and point
00:37:21
as you can see it works for me on mac
00:37:25
on the Big Sur operating system we also
00:37:28
we plan for this year
00:37:30
provide support for new chips
00:37:32
apple m1 accounts for significantly
00:37:35
rewrite the code so that everything is there
00:37:37
worked well
00:37:38
accordingly I have this one
00:37:40
the most protection agent in which I have
00:37:42
all engines are presented but except this
00:37:46
right in my browser here
00:37:48
there is a plugin that
00:37:51
protects me when visiting various
00:37:53
sites and at the moment when I click
00:37:57
let's say in an input field on some site
00:38:00
yes at this moment I actually have
00:38:04
the contents of this page are checked
00:38:07
just url
00:38:08
because diorella might just be
00:38:10
still unknown, otherwise I simply wouldn’t
00:38:12
was able to visit this resource and then you
00:38:15
you see information that this site
00:38:17
recognized as phishing to you according to the fields
00:38:19
inputs are blocked
00:38:21
there are a huge number of such sites
00:38:24
accordingly they live for several hours
00:38:27
the attacker almost lashes out
00:38:29
generates a huge amount of fishing
00:38:32
these are the ones that are posted on hacked
00:38:35
sites and not only on fake sites and
00:38:37
accordingly here it is necessary
00:38:40
really rely on machine
00:38:42
training that works
00:38:43
directly inside the browser
00:38:45
this is the technology that
00:38:48
really allows us
00:38:50
prevent attempts from outside
00:38:53
attackers steal our accounts
00:38:56
steal some of our personal data
00:38:58
given credit cards and so on and this
00:39:01
technology works equally well
00:39:04
almost with the same Koreans that on
00:39:07
desktop browser and in this case we
00:39:10
support chrome internet explorer 11
00:39:14
microsoft edge firefox and also in this
00:39:18
quarterly support for mac os safari
00:39:21
will also be ensured and accordingly
00:39:25
the same thing can be applied inside
00:39:28
mobile browser
00:39:29
if we look at what else next
00:39:33
I can do this plugin
00:39:36
intercept file
00:39:38
also when the user tries something
00:39:40
download these files accordingly
00:39:43
are intercepted with this very plugin
00:39:46
they go to the sandbox
00:39:48
in parallel, you can provide purified
00:39:51
copy of this file here we see that
00:39:53
prefix clint debt was added
00:39:56
ov's file turned into pdf
00:39:58
this whole thing can be customized as you wish
00:40:00
you want it, that is, it is not necessary
00:40:02
use these policies by default
00:40:04
can be done for different users
00:40:06
differently for example for specialists and and
00:40:09
charm of the HR department, they don’t care what
00:40:12
look at the form of a resume, let it be for them
00:40:14
conversion to pdf for some
00:40:17
accounting departments, for example, if they receive flights
00:40:22
some Shakespearean plaques
00:40:24
here you can leave the original format
00:40:26
and accordingly just kick him out
00:40:30
all active content so that
00:40:33
macros did not work, no active links
00:40:35
there were no other built-in objects
00:40:38
was the result of this emasculated file
00:40:41
is it really safe further if
00:40:43
the user needs to download the original and
00:40:46
here is this plugin and in case you
00:40:50
Russian-language operating system
00:40:52
also convert you are translated into native
00:40:55
the language is sufficiently supported here too
00:40:57
a large number of languages
00:40:59
accordingly, further the user can
00:41:01
download the original by requesting it here
00:41:04
through this plugin and further after
00:41:07
How to finish a sandbox
00:41:10
will finish emulating this file in its
00:41:12
environment and will issue
00:41:15
negative verdict that that file
00:41:17
then it will be safe for you as a user
00:41:19
provided automatically if still
00:41:22
this file is malicious then the user
00:41:24
will see a message stating that there is no access
00:41:27
no we won't give it
00:41:29
it's not safe let me answer a couple
00:41:33
questions yes to a question on the client's topic and
00:41:40
on the topic
00:41:41
geographically dispersed
00:41:44
infrastructures need to be connected
00:41:46
users to a single entry point and so on
00:41:48
further, yes, let me discuss this topic a little later
00:41:51
I will also highlight one of the last and
00:41:56
narrow from the entrance of our webinar concerns
00:41:58
including its non-fiction
00:42:00
Internet access and unification
00:42:03
remote access accordingly I to
00:42:05
I'll come back to this issue, let's go for now
00:42:07
let's leave the questions to slippy ou ind point
00:42:12
in fact the local server has
00:42:16
control harmony and plenty there is appy
00:42:19
appy for management in the cloud he is now
00:42:24
is under development in
00:42:25
We'll be releasing it soon too
00:42:28
what is it needed for now?
00:42:30
for example, in order for some
00:42:32
import indicator for example for
00:42:34
so that your playbooks through the suar
00:42:37
system launch an investigation
00:42:40
incident at the moment these tasks
00:42:43
can be done via interface
00:42:45
management but in the future of course we
00:42:49
we strive to ensure that there is still
00:42:51
and drunk, well, I have the remaining questions for him
00:42:55
I'll be back a little later, here we see that
00:42:57
this file was discovered after all
00:43:00
sandbox as malicious is
00:43:03
opportunity to view the corresponding
00:43:04
report from the sandbox here are the matrices
00:43:07
metro is presented here
00:43:08
appropriate techniques and tactics
00:43:10
which use malware, including
00:43:13
for example here is a sandbox bypass technique
00:43:16
trying to figure out exactly where he is
00:43:18
virtual environment do nothing but
00:43:20
he doesn't succeed, we are successful like that
00:43:23
we beat off techniques and many other things
00:43:27
which
00:43:28
checks are performed by this malicious
00:43:31
environment ours are virtual too
00:43:33
are analyzed and lead to
00:43:35
positive verdict like this
00:43:37
this is how it all looks from the point of view
00:43:40
browser protection
00:43:43
it is clear that the attacks do not begin
00:43:46
only through the browser and therefore the following
00:43:49
the topic is one's own protection from some
00:43:54
other types of attacks we have happening on
00:43:58
the terminal station itself analysis and
00:44:01
static and dynamic
00:44:03
what that what
00:44:05
all the activities that are here
00:44:06
happens there are about 800
00:44:09
behavioral rules of analysis
00:44:12
they are as written for specific
00:44:13
families or techniques and tactics mythro so
00:44:16
and for some more general situations in
00:44:19
including, for example, an attempt to steal for
00:44:22
cached accounts in the system
00:44:24
using different scripts here
00:44:26
you see a piece of wood discovered
00:44:29
attacks detected by our our agent
00:44:32
who built this tree for
00:44:34
investigation into this incident and here in
00:44:36
in general there are some missing
00:44:38
malicious files even that can
00:44:40
it would be sent to the sandbox because
00:44:42
used here exclusively
00:44:43
instructions for the operating system itself
00:44:46
besides this, of course, there are attackers
00:44:48
use exploiter and here I have
00:44:51
Let me also give you an example of such an attack
00:44:54
I'll try to demonstrate this attack
00:44:57
explay there Ms. Blue who uses
00:45:01
vulnerability in the RTP service of such services
00:45:05
quite a lot of natural things in his words
00:45:07
we focus on services that can
00:45:10
attend custom
00:45:13
workstations but as such
00:45:15
exceptions also added protection for
00:45:18
dns and rtp and here instead of a blue screen
00:45:22
death and execution of malicious code on
00:45:26
with this machine we see what we have
00:45:28
the anti-exploit engine has worked
00:45:32
our event point is turned off here
00:45:34
traditional protection was left here
00:45:36
only protection from threats is left
00:45:38
zero day and accordingly we can
00:45:40
view information about the investigation
00:45:43
of this incident, here is the report from
00:45:46
we are automatically built by our agent and to
00:45:49
questions there
00:45:50
automated and dior a little more
00:45:52
I'll be back later but you're looking at this here
00:45:55
the attack was stopped on approach
00:45:57
that is, 0 damage from this is blocked
00:46:02
attacks and the tree of this incident she is very
00:46:05
I didn't have time to do anything when I was little
00:46:06
the attacker thus in general
00:46:09
investigate here nothing everything is fine
00:46:11
you can continue to work completely
00:46:15
All that's left is to see who tried
00:46:17
attack us
00:46:18
and maybe somehow cover up some
00:46:22
external holes for such attacks
00:46:24
happened less yes that is exactly
00:46:27
attack prevention mechanism
00:46:29
Naturally, it’s not always possible
00:46:32
exactly to prevent but according to tests
00:46:35
with us labs
00:46:37
this is the last test advanced and
00:46:39
protection which was carried out in the past
00:46:42
year just before the company us
00:46:44
with labs safely why and he
00:46:47
shows that among all solutions
00:46:50
there were about 18 protected points
00:46:53
we have the best blocking level
00:46:56
not all genders are threatened
00:46:59
did not hesitate to publish the results
00:47:02
of your stubble so if you are here
00:47:03
if you don't see someone you can
00:47:06
ask the relevant vendor for one
00:47:08
he probably has a report, he just doesn’t
00:47:10
in public access nevertheless with us
00:47:12
best result but ninety nine s
00:47:15
extra percent is not yet one hundred percent to
00:47:18
so in reality we still need
00:47:22
we still need to add straw
00:47:25
about actively lobbying for all events
00:47:29
occurring at the terminal station for
00:47:30
in order to further investigate these
00:47:32
incidents, that is, we need a full-fledged
00:47:35
and dear
00:47:36
on point detection in response or ex
00:47:38
dear, if you connect some more
00:47:40
additional attack vectors
00:47:42
Accordingly, she writes down the solution
00:47:44
everything that happens on the car is
00:47:46
also concerns the launch of various processes with
00:47:48
settings and file operations network
00:47:51
activity working with the registry various
00:47:54
system calls what does
00:47:56
windows log user and
00:47:58
Naturally there is integration with Am See
00:48:01
anti small script interface which
00:48:03
allows us to go into more detail
00:48:06
analyze what is happening through
00:48:07
powershell
00:48:08
but besides this we are adding more and more
00:48:10
and more different sensors system in
00:48:14
including, for example, taking screenshots
00:48:16
body yong use of reference files
00:48:19
some periodic windows tasks and
00:48:22
so on to make it better and more
00:48:26
fully analyze current events
00:48:29
on the final machine
00:48:31
and discover some more complex ones
00:48:33
attacks accordingly further when any
00:48:36
from our engines or
00:48:38
third-party antivirus or specialist
00:48:41
juice department which, for example, using
00:48:45
red hunting found something in that one
00:48:47
the moment when we have an incident
00:48:50
it's time for
00:48:53
investigation of the incident and most
00:48:56
these incidents will be investigated
00:48:59
manually average response time in juice
00:49:02
usually calculated in hours simply because
00:49:05
that there are many incidents, how many people there are few hands
00:49:08
little every incident is required
00:49:10
detailed analysis and manual
00:49:11
response so we have this whole
00:49:13
we strive to correct history we strive
00:49:16
namely to automate the response and
00:49:20
one of the simplest ways to do this
00:49:23
demonstrate this is actually a defense
00:49:27
from the same ransomware
00:49:28
ransomware under because basically
00:49:32
if you react manually, then this is already
00:49:34
a little late by the time you
00:49:37
open the management console and dior
00:49:39
start wandering around different branches and
00:49:41
send some files from quarantine
00:49:43
will kill some processes
00:49:46
too much damage done
00:49:48
Naturally, from the ransomware themselves
00:49:51
We have been defending ourselves for many years now
00:49:54
even probably since 2016 and if not yet
00:49:58
We used to have unter technology
00:50:00
the ensemble will make up our intent and we
00:50:04
it has been significantly improved since then
00:50:06
finalized naturally it all started
00:50:08
just from the analysis of some massive
00:50:10
file operations
00:50:11
Next we added the honey pot of files
00:50:14
which were scattered throughout the system
00:50:16
random file names random
00:50:19
folders and accordingly this allows
00:50:22
very quickly literally after three
00:50:24
Maybe
00:50:25
encrypted files discover that
00:50:28
there is an attack naturally
00:50:30
intruders are now starting to look
00:50:32
presence of honey pot of yes and try
00:50:34
to bypass them here it turns out that we
00:50:37
you need to connect learning machines already
00:50:39
some more complex algorithms
00:50:42
and of course as an additional
00:50:45
technology we also check the change
00:50:48
file types and not just an extension
00:50:51
because in many situations
00:50:53
attackers encrypt files on
00:50:55
the extension leaves the original ones just you
00:50:57
you open it and the file is not behind the boxes
00:50:59
opens accordingly we now
00:51:02
recalculate these file types
00:51:04
we use magics
00:51:06
and this is also one of the technologies, and besides
00:51:09
This is what many malware are trying to change
00:51:11
master boot record they are trying
00:51:13
will boot to the operating system and
00:51:15
Encrypt the entire hard drive block by block
00:51:17
accordingly, this is an operation on the same
00:51:19
is interrupted in addition to this advanced
00:51:21
activities that we can do here
00:51:23
watch and I suggest you see how
00:51:27
this is what it looks like in real time
00:51:30
actually here we have a car for the cat
00:51:36
where do I run the management server
00:51:40
malware here I have a machine
00:51:44
which gained access to the infrastructure
00:51:47
and in the end it was possible here accordingly
00:51:51
drop a malicious file here
00:51:53
Naturally, this malicious file can be
00:51:55
it would be very easy to block and with
00:51:58
using not only the sandbox but also
00:52:00
static analysis
00:52:02
so that in principle this attack would work
00:52:04
we had to massively exclude
00:52:07
write but nevertheless here it is its own
00:52:11
serves the purpose and our task here is to show
00:52:14
how will this attack be repelled?
00:52:17
already at the stage when it is launched, that is
00:52:20
we are talking about kill chain here
00:52:23
the next stage when the attacker
00:52:26
is already trying to harm the locals
00:52:29
let's see how this attack will be here
00:52:31
to start what time do I think it is
00:52:33
takes up and in the meantime let me try
00:52:36
answer a number of questions that are here
00:52:38
remain until the question is still sail
00:52:43
certain access to this I will return
00:52:45
let's see the rest of the questions yeah
00:52:51
There are still questions regarding protection other than this
00:52:55
Bye not yet very often they ask me
00:52:57
how do we restore those
00:53:00
files that the ransomware has already
00:53:03
encrypted there are different approaches
00:53:06
someone does it with the help of shadow
00:53:09
copies but the approach is not very good because
00:53:12
actually shadow copies of what you are
00:53:14
first next to the first thing malicious
00:53:16
today they delete someone sends a file and
00:53:20
into some clouds
00:53:21
for example microsoft and now sends
00:53:24
file and one drive yes and that's fine
00:53:26
not all categories of customers
00:53:29
someone is using some network shares
00:53:31
we make proactive backups
00:53:33
which are stored directly on the machine itself
00:53:36
they are stored on each disk partition in
00:53:40
hidden folder and access to this folder
00:53:42
we also actually protect with the help
00:53:44
our decision, now we see that it’s big
00:53:48
Some of the files were recovered
00:53:51
here is our agent
00:53:54
he not only discovered the attack but also
00:53:56
responded and then it automatically
00:54:00
this incident was investigated and it is not the same
00:54:06
let's open the previous report now
00:54:09
correct investigated this incident and
00:54:12
accordingly, most of the questions
00:54:14
who ask themselves
00:54:16
specialists juice incident response to them
00:54:19
already the answers are shown in this report first
00:54:22
we see who this attack was launched under
00:54:25
this user in this case is
00:54:27
administrator we see that this happened remotely by
00:54:30
RTP further you can basically look at
00:54:33
what station did you connect to this one?
00:54:35
the machine is already stopped and
00:54:40
value respectively run and
00:54:43
and do something urgently to put out the fire already
00:54:46
not required and cured and she is 100
00:54:48
percent here you can see the corresponding
00:54:50
information and further damage can be assessed
00:54:54
and naturally the important question is whether
00:54:57
it's easy to false positive
00:54:59
answer by looking at this picture we
00:55:01
we see some techniques
00:55:03
what types of behavior have you demonstrated?
00:55:06
this attack is a ransomware he tried
00:55:09
bypass the security measures he contacted
00:55:11
to external management servers in general this
00:55:13
Ryan and so on he pay attention
00:55:16
did not have time to reach the distribution phase
00:55:18
like a worm on neighboring machines that already
00:55:21
Fine
00:55:22
and here again here is information about
00:55:25
some events that happened
00:55:28
there is overall this picture tells us about
00:55:30
that it really wasn't false
00:55:33
triggering
00:55:34
Well, by the way, here’s the address from which
00:55:36
connected to this machine in order to
00:55:39
to launch this attack
00:55:41
further we see that the treatment
00:55:44
was truly completed
00:55:46
in this case we have a process tree
00:55:49
not very big and therefore we ourselves
00:55:51
processes that need to be mined
00:55:53
not so much
00:55:54
that is, the tree itself looks like this
00:55:57
just two processes most
00:55:59
operations performed by this main
00:56:01
This process also includes working with the registry
00:56:04
here you can see the details
00:56:07
keys changed and so on and
00:56:10
naturally bulk file operations
00:56:12
other things but they happen very often
00:56:17
situations when it's really a tree
00:56:19
attacks can be significant and in this
00:56:22
In case, hope that the specialist will give you juice
00:56:25
will completely build this entire tree and
00:56:27
I use both tear and completely
00:56:30
analyze all events well
00:56:31
at least naively here is the complete one
00:56:34
the list of all processes looks like this
00:56:37
that is, this is so colossal
00:56:39
tree of course no one
00:56:42
assumes that your specialists will
00:56:45
spend hours walking around
00:56:47
analyze each of these processes
00:56:49
what does this particular process do and
00:56:51
everything else the same picture can be
00:56:54
look in terms of, for example, matrix
00:56:56
mythro here you can see what
00:56:59
techniques and tactics used
00:57:01
for example, an attacker tried
00:57:03
delay the launch and by the way please note
00:57:06
attention here shows the technique and
00:57:09
Mithra tactics which
00:57:11
we discovered during the development of this
00:57:15
incident during this attack very soon
00:57:20
as we expect
00:57:22
Coming out any day this week
00:57:24
also maitri vallee de tire test
00:57:26
results of checking our harmony and
00:57:30
play and how well it shows
00:57:32
different techniques and tactics but we are apart
00:57:35
Among other things, we also show this
00:57:37
techniques that are not in the matrix
00:57:39
metro original
00:57:40
but we think it’s important, for example here
00:57:44
delay in execution which is somehow
00:57:47
It’s a miracle it didn’t hit, it doesn’t fit under any
00:57:49
one of the standard techniques
00:57:51
accordingly we also think so
00:57:53
important that's why we are some
00:57:55
additional techniques and tactics that
00:57:58
We are also important for the investigation
00:58:00
add to this matrix in order to
00:58:02
could have understood better how it all happened
00:58:04
happened and naturally all this tree
00:58:07
can also be viewed as a development with
00:58:12
point of view by time until like what
00:58:15
was happening at this moment
00:58:17
our agent reacted, we managed to
00:58:20
correlate events before the attack and
00:58:22
from correlates all subsequent phases
00:58:25
there is a convenient legend here which
00:58:27
shows the relationships between different
00:58:29
processes what each icon means
00:58:31
very often these relationships are indirect
00:58:34
there is not just a child parent
00:58:36
process and for example code injection from
00:58:39
process in process or start delayed
00:58:41
via the author via windows task and so on
00:58:44
further yes such things will come back to mine
00:58:47
previous report actually here we are
00:58:51
again we see the mythro matrix
00:58:54
appropriate techniques and tactics in
00:58:56
in particular here, for example, it’s just malware
00:58:58
tried to delete windows shadow copies
00:59:01
so that it cannot be restored
00:59:03
files it did not help him and deleting it
00:59:07
we also naturally interrupted and besides
00:59:10
this can be seen from the point of view
00:59:13
network activity here we see that
00:59:15
this particular malware was controlled by
00:59:17
Mace control center is already here
00:59:20
reputation in the Russian Federation
00:59:24
there are some other communications on them
00:59:27
you can also watch here
00:59:29
situations when, for example, malware tries
00:59:31
spread within the company and you
00:59:34
you see the corresponding gray IP addresses
00:59:36
and the corresponding ports and then you
00:59:41
you can track
00:59:43
horizontal movements are already inside
00:59:45
company and besides this we can also
00:59:48
see all information
00:59:51
indicators of compromise that were
00:59:53
collected during this attack, she can also
00:59:56
be useful for investigating this
00:59:58
incident as an example
01:00:02
demonstrations of why
01:00:05
active response automatically
01:00:08
the reaction is good, I’ll give you a couple
01:00:10
examples
01:00:11
malware here is a recent ransomware
01:00:16
which is called ragnar if you
01:00:20
our solution is enabled in detect mode
01:00:22
that is, clean and dear, look what
01:00:24
happens but without automatic
01:00:26
response followed by manual
01:00:28
react yes we get what we have
01:00:31
really big damage
01:00:33
the attack is actually progressing somehow
01:00:35
further if we include our solution in
01:00:38
prevention mode in this case in
01:00:41
basically managed to block any
01:00:44
he is not even alone in the actions of the attackers
01:00:46
I didn’t have time to encrypt the file simply because
01:00:49
that we caught him using one of the techniques
01:00:52
when he tried for example again
01:00:55
actively remove shadow simply save
01:00:58
stopped this attack entirely before the phase
01:01:00
encryption just didn’t work out and such
01:01:03
there are actually a lot of examples
01:01:05
this is Loki pets another such example
01:01:09
here we found him at that moment
01:01:11
when he tried to steal usa
01:01:13
we see cached accounts here
01:01:16
significant damage has been caused
01:01:18
many files
01:01:19
21 thousand files total 33 thousand s
01:01:23
unnecessary corporate data
01:01:25
encrypted if we are all
01:01:28
we prevent the greatest number of these
01:01:30
here are attempts to encrypt significantly
01:01:33
is reduced and as a result naturally
01:01:35
we succeed
01:01:37
restore these files to original
01:01:39
condition if we look there is big
01:01:44
some of these files it may be
01:01:46
restored at least that time
01:01:49
which we launched ourselves
01:01:51
let's look at 58 files out of 63
01:01:55
restored to original condition
01:01:58
files that are not recovered are
01:02:01
temporary categories, that is, this folder
01:02:03
appdata and often just ours they are under
01:02:07
and our agent generates them anyway
01:02:09
automatically there is no one meaning them
01:02:11
restore but all personal data and
01:02:14
corporate data of your employees
01:02:16
everything returned to its original state
01:02:19
Here are the main advantages of this
01:02:22
solutions if you really trust
01:02:24
automated response solution
01:02:27
and thanks to this approach we get
01:02:29
really high marks solution as
01:02:32
and dear she ranks second among
01:02:36
leaders after one of the clouds
01:02:38
competitors who are not in our region
01:02:40
especially presented and show the best
01:02:44
security for its price among everything
01:02:47
just thanks to automation
01:02:51
let's see if there are any questions
01:02:53
about this theme
01:02:56
question when restoring file format
01:02:59
does it really matter
01:03:02
the thing is that it is initially configured
01:03:04
policy in which you indicate that you
01:03:08
want protection
01:03:09
protect such and such file types, that is
01:03:12
for example all audio documents
01:03:13
some media formats and files and
01:03:16
simpler, yes, that is, you just indicate
01:03:18
file types and their maximum size
01:03:22
our agent is actively leading further
01:03:25
creates these backup copies they
01:03:28
naturally old copies are overwritten
01:03:29
new and at some point they will start
01:03:33
they are used if really
01:03:35
an attack occurred you do not need to indicate
01:03:37
no folders, no need to specify the locations of these
01:03:40
files, it doesn’t matter, it’s quite simple
01:03:42
determine file types and maximum
01:03:45
size and it can be
01:03:46
some types of files that we are from
01:03:48
boxes are not for
01:03:49
for example file 1C Accounting Lik or
01:03:52
some volumes not autocad
01:03:55
some sapper that exists
01:03:58
only in your organization
01:04:00
it's still the same, you can protect the second one
01:04:03
very important point I forgot to mention
01:04:05
this is that the forensic database itself and it
01:04:08
distributed and it is stored on each
01:04:10
own cars, that is, it turns out that even
01:04:14
if the machine is cut off from the Internet it
01:04:17
she is cut off from the control server
01:04:19
can still investigate on his own
01:04:22
incidents cure the station and because
01:04:24
these actual events they fly away into
01:04:28
some kind of external storage, or rather they
01:04:32
fly to the control server which
01:04:35
can be local or in the cloud and
01:04:37
after that you can with these already
01:04:39
incidents to work as an officer
01:04:42
security
01:04:43
but the main idea here is how
01:04:46
once again abs forgive me I'm expanding the tap
01:04:51
back yes actually the main idea
01:04:57
is that the agent
01:04:59
independent that's why we call it
01:05:01
autonomous and dear because he doesn't
01:05:04
need to send some data to
01:05:06
at some point
01:05:07
clouds or some management server
01:05:10
before the investigation begins
01:05:12
incident and then after
01:05:14
the incident has already been repelled here by the servants
01:05:17
you can work here already, you can work from
01:05:20
hunting environment databases which for example
01:05:24
will show the events that happened
01:05:26
here you can search by giant
01:05:28
number of types of indicators you can
01:05:32
fall into some specific
01:05:34
events and can also be used
01:05:39
pre-configured filters which for example
01:05:42
track either indicators from recent
01:05:45
since for example we have him in this
01:05:47
case or sunburst or some
01:05:51
techniques and tactics that are used
01:05:53
attackers including possible
01:05:55
start from the very beginning
01:05:57
the mythro matrix itself from
01:06:00
10 and techniques and tactics they are described for
01:06:03
specific time and you can further choose
01:06:06
let's say these are their requests
01:06:10
use to watch
01:06:12
relevant events and fail
01:06:14
they have all this functionality there
01:06:17
management but in order for all this
01:06:19
it worked naturally the agent himself he should
01:06:22
to be intelligent in order not to
01:06:25
only manually wander through these events
01:06:27
and do something there with your hands
01:06:29
send to quarantine shooting gallery mine
01:06:31
some processes so that everything
01:06:34
this happened in real time
01:06:36
time here we just use
01:06:39
automation and it relies precisely on
01:06:41
the work of the agent himself and so we talked
01:06:45
about protection in point of hope for
01:06:47
I answered the basic questions, let's
01:06:50
Let's move on to the next next tasks
01:06:52
I mentioned it several times today
01:06:54
mobile devices are important here
01:06:56
understand that these devices are exactly the same
01:07:00
vulnerable, and according to the side dish, both we and
01:07:04
we do confirm this in
01:07:07
our various studies we
01:07:09
We constantly discover new malware and
01:07:12
google play we constantly publish
01:07:14
information on new vulnerabilities, including
01:07:16
on WhatsApp for example or on Tik Tak we
01:07:19
we show that both are indeed
01:07:21
operating system android and ios
01:07:23
we have the same sound but a little different
01:07:25
attacks for android are more typical
01:07:28
malicious apps for ios more
01:07:30
characteristic vulnerability and fishing though
01:07:33
for android fishing exactly the same
01:07:35
relevant until
01:07:36
but nevertheless we stand in solidarity with discard
01:07:38
nir that mobile control
01:07:41
devices during the day
01:07:44
this is not the same as cyber defense
01:07:47
cyber defense it focuses around
01:07:50
reputation and behavior analysis of specific
01:07:53
mobile applications around verification
01:07:55
configuration but not in terms of
01:07:57
compliance from the point of view of cyber protection and
01:08:00
around network traffic inspection, including
01:08:03
This includes protection against phishing from
01:08:05
bots from malicious sites from another
01:08:10
hand indien
01:08:11
he focuses on
01:08:13
management of access control devices
01:08:17
various data on this device to
01:08:19
various corporate services in essence
01:08:23
such a compatible mobile dlp and
01:08:26
It's natural to choose between these
01:08:29
solutions do not need to be used and
01:08:31
both
01:08:32
and practice shows that it is quite
01:08:34
you can successfully use
01:08:36
only on corporate devices but also
01:08:38
user's available devices and
01:08:41
here we have naturally
01:08:45
confirmation if we look at
01:08:48
mythro matrix for mobile systems
01:08:51
mdm closes very little equipment here
01:08:54
tactician and accordingly all the same
01:08:57
full protection is required
01:08:59
full protection looks like this
01:09:03
protection agent harmony mobile
01:09:06
or used to call blast mobile itself
01:09:08
which is installed on every
01:09:10
mobile devices and it checks
01:09:12
status various settings what
01:09:15
which applications are installed?
01:09:18
there are no official sources if
01:09:21
this new application is not official
01:09:23
sources there we pull them up for
01:09:25
inspections in our cloud and naturally he
01:09:30
also checks network activity
01:09:33
I will talk about this today one of
01:09:36
main use cases and from
01:09:38
cases in remote access situations
01:09:41
if you are on a mobile device
01:09:44
access to corporate
01:09:46
attachment at least to email in
01:09:49
in this case we have scripts
01:09:51
container capsule workspace used
01:09:53
for this, in principle it could be anyone
01:09:55
from em d em off that are present on
01:09:57
market at the moment when we infect
01:10:00
this device is here here is a test virus
01:10:02
we supplied which was discovered by our
01:10:05
solution if the user does not delete it
01:10:08
then the mode automatically turns on
01:10:11
conditional access
01:10:13
that is, the user is limited
01:10:15
access to corporate data
01:10:16
automatically or by means of our
01:10:19
capsules or by means of politics here
01:10:22
these same MDM solutions, including us
01:10:25
we can block network access
01:10:27
on the mobile device itself
01:10:28
filter traffic outgoing from it
01:10:31
occurs due to inspection of this
01:10:34
traffic directly on the device itself we
01:10:36
we turn off the traffic of all applications
01:10:38
including mobile browser through our
01:10:41
applications on the same device
01:10:43
so it turns out that we
01:10:45
maintain privacy you like
01:10:48
administrator can't track who
01:10:50
visit sites with strawberries or something
01:10:52
other unwanted website for you
01:10:54
as long as these sites explicitly
01:10:57
you won't block
01:10:59
if you block them everything you can with
01:11:01
monitor all threats accordingly
01:11:03
which was prevented from the point
01:11:06
What does it all look like from management's perspective?
01:11:09
let me be here
01:11:11
jumped oh here I jumped here
01:11:16
different pace naturally infinite portal
01:11:19
supports thresh and mansi for everyone
01:11:22
customers or partners who
01:11:24
provide mass sleep services
01:11:26
have several different talents and
01:11:28
accordingly here we can look
01:11:30
how directly configured
01:11:32
the harmony mobile policy is being implemented with
01:11:35
from the point of view of politics itself we are here
01:11:39
we apply certain things we check
01:11:42
specific state settings
01:11:44
operating system and if it
01:11:47
condition does not meet requirements
01:11:50
we remove the high risk factor to increase
01:11:54
risk for this device in terms of
01:11:57
applications any malicious application
01:11:59
automatically leads to high risk
01:12:02
a number of other applications by category
01:12:04
this risk can be changed from the point of view
01:12:08
network protection is possible
01:12:10
it is possible to decrypt SSR
01:12:12
block fishing and everything else in
01:12:15
including zero-day fishing
01:12:19
ability to apply and lie filtering
01:12:21
and add to white black lists
01:12:24
some categories of sites and applications
01:12:28
block malicious downloads
01:12:31
some suspicious files and
01:12:33
profiles and it is also possible
01:12:35
protect dns that is, we double-check
01:12:39
all requests Dr.
01:12:40
s and accordingly we block again
01:12:43
access to some control server
01:12:46
there are intruders again
01:12:48
the ability to check for example what
01:12:50
the user connected to some kind of wi
01:12:52
wi points that pretend to be your wi
01:12:55
fi point was actually not such
01:12:57
is accordingly we can too
01:13:00
see this activity as a result
01:13:03
conditional access policy is applied
01:13:05
and you as an information officer
01:13:07
security you begin to see like this
01:13:10
here are the logs in which you can see various
01:13:13
actions that were performed in
01:13:16
particularly from the point of view
01:13:18
let's say applications we can see
01:13:22
when the application was installed when
01:13:24
deleted including whether it was deleted
01:13:26
really harmful or
01:13:27
unwanted applications yes from the point
01:13:30
view of network activity we can
01:13:32
see for example https websites
01:13:36
dedicated but precisely blocked and
01:13:38
or permitted
01:13:40
and according to the policy with confirmation from
01:13:43
user everything else is what
01:13:46
visited by users is not displayed
01:13:49
in the logs, that is, so you don't
01:13:51
you can monitor your users and
01:13:53
thanks to such privacy your
01:13:57
users don't mind that you
01:13:58
keep their devices safe
01:14:02
further you can analyze the behavior
01:14:05
various applications that they themselves
01:14:09
imagine let's see a few
01:14:11
really malicious applications like
01:14:13
it looks like it's here
01:14:15
district for which again
01:14:18
risk factor is shown are shown
01:14:21
description and again for different profiles
01:14:24
which apply to different groups
01:14:26
devices is possible somewhere
01:14:29
force something to be allowed somewhere
01:14:30
forcibly prohibit that is, it is possible
01:14:33
it really works here
01:14:35
categories and for specific
01:14:36
applications and here there are tactical techniques
01:14:39
mythro which demonstrate this
01:14:42
specific mobile application during
01:14:44
his analysis here we can look at them
01:14:47
this technique is specifically for mobile games
01:14:50
they differ significantly in technology
01:14:52
tactics typical for tabletop
01:14:54
operating systems and besides that you
01:14:58
you can also upload your own
01:15:00
applications that you have developed for
01:15:03
analysis in this service and for this
01:15:07
there is also this and there is a possibility with your hands
01:15:10
download that is you can build this
01:15:12
service your d all cops
01:15:14
for mobile development in order to
01:15:17
make sure that what you developed is not
01:15:20
contains, for example, vulnerable or
01:15:21
some malicious components and
01:15:23
libraries before you develop it
01:15:26
to your users' device
01:15:28
so it turns out that we
01:15:31
scripts together with the container or with
01:15:34
somehow em dm am using harmony
01:15:37
mobile we close the really big one
01:15:39
some of mythro's techniques and tactics for
01:15:43
for the attack to be unsuccessful is enough
01:15:45
block her somewhere, anywhere until
01:15:48
accordingly we really
01:15:49
full protection and solution provided
01:15:52
she shows herself well she's pretty
01:15:55
These sell well here in
01:15:58
Europe abroad and in terms of
01:16:01
technical
01:16:02
we do block most of it
01:16:04
threats almost one hundred percent compared to
01:16:07
closest competitors this is one of
01:16:10
independent one of the independent tests and
01:16:14
finally the last case for today
01:16:18
concerns Internet access control
01:16:21
users let me wake up one of mine here
01:16:25
virtual machines with which I will
01:16:28
show this very access so
01:16:32
look we discussed in one of
01:16:35
previous cases remote access to
01:16:39
resources in your data center, that is
01:16:41
here it can be organized without
01:16:44
client image via either local
01:16:48
checkpoint gateway or service pocket
01:16:50
connect and it can be organized
01:16:52
client method when installed
01:16:54
harmony and point which includes
01:16:57
just like that with the saint and he terminate on
01:17:00
some gateways of your data centers this
01:17:03
story remote access history
01:17:06
which we will look at now concerns
01:17:08
namely Internet access control, that is
01:17:11
if your employees run away
01:17:14
houses and all sorts of remote locations and they
01:17:19
took corporate laptops with us
01:17:21
for example corporate mobiles
01:17:23
devices and what you want for them
01:17:25
provide exactly the same inspection
01:17:27
Internet traffic on the perimeter as if
01:17:29
If only they were sitting in your office
01:17:32
saying two two alternatives two ways
01:17:35
first traditional
01:17:37
this is to turn off all the traffic of these
01:17:40
users through your gateway farm
01:17:43
security in the data center, yes, that is, not
01:17:46
use gossip on Lenka everything
01:17:48
go to the data center and there
01:17:50
apply the same policy
01:17:52
There are pros and cons to this solution
01:17:55
among the minuses is that this farm is for you
01:17:59
must be supported it must be
01:18:01
quite productive cash
01:18:03
drunk support and trophy
01:18:04
take notes and this is not always
01:18:06
economically feasible as
01:18:09
alternatives you can do this
01:18:13
inspection not at your gateways but somehow
01:18:15
otherwise here's how else there are two here
01:18:18
way
01:18:21
method number 1 is to filter the web
01:18:25
traffic directly
01:18:27
device, that is, what I already have today
01:18:30
showed in terms of mobile devices we
01:18:32
here we see what we are doing now ural
01:18:34
filtering directly in the mobile browser yes
01:18:37
and if we visit some
01:18:40
safe sites
01:18:41
then this is also blocked at the level
01:18:44
desktop operating system this
01:18:46
the inspection is carried out by our own
01:18:50
browser plugin that is available for
01:18:52
browsers shown here if it is not
01:18:56
browser then you can use for example
01:18:58
application control block part
01:19:01
some applications but this is quite
01:19:03
such a labor-intensive task, then here it is rather
01:19:06
it's about filtering
01:19:08
traffic in the browser
01:19:10
if you want to do filtering like this
01:19:13
you are used to that is the gateway to you in a way
01:19:17
yes, that is, use a full
01:19:19
applications control and and roll
01:19:22
filtering at the same level
01:19:24
politicians are like at a feast of meter firewalls
01:19:26
This is where a new concept comes to the rescue
01:19:29
suck the sequel access service edge which
01:19:33
in general it looks very simple you
01:19:36
turn off your users' traffic
01:19:38
not to the gateway farm in your data center
01:19:42
and somewhere in the cloud there is a deployed farm
01:19:45
accordingly we have a checkpoint
01:19:48
many locations through which traffic
01:19:51
those users will be routed
01:19:53
there are two ways to inspect
01:19:55
connections in your pocket connection is the second
01:19:59
part is obtained from this harmony service
01:20:01
connect internet access
01:20:03
here is the opportunity to provide the site
01:20:05
communication site as shown in this
01:20:07
picture
01:20:08
that is, for example, you have a lot of mini
01:20:11
offices where they are not very expensive
01:20:13
some kind of smart boxes
01:20:15
router and some simple firewall checks
01:20:17
or
01:20:18
from the sofa device for example in the IMF case
01:20:21
cloud or something similar and you don’t have it either
01:20:26
opportunities everywhere at all these points
01:20:29
expand full on Ginny solved
01:20:31
firewall for example and checkpoint to use
01:20:33
full-fledged policy locally in this
01:20:36
case you from each such point
01:20:38
install
01:20:39
and [ __ ] tunnel 2 and [ __ ] tunnel up to 2
01:20:44
essentially virtual checkpoint gateways
01:20:47
deployed in some
01:20:49
data center
01:20:50
these date centers can be chosen
01:20:53
locations where you will turn
01:20:55
this traffic is still there
01:20:57
exactly the same policy applies
01:20:59
which you would tune on your perries
01:21:01
meter gateways at the user level
01:21:03
ural application user groups
01:21:05
filtering etc. blocking threats
01:21:08
and plays anti bot antivirus and sandbox
01:21:12
alternative option when it comes to
01:21:15
about a home computer it looks like this i.e.
01:21:18
here I have a computer on which I have
01:21:21
there is already one more agent, that is, I have
01:21:25
stands here
01:21:26
harmony and point here it is
01:21:29
and harmony in point I have here
01:21:32
is engaged in cyber protection of this device
01:21:34
it filters web traffic almost nothing
01:21:37
filters and I actually have
01:21:40
a separate agent called
01:21:43
harmony connect I already have it
01:21:46
are stopping my users' traffic from
01:21:50
this particular machine through some
01:21:52
cloud gateway yes and if we are here
01:21:56
Let's see where he takes me
01:22:00
wraps in this case then I was wrong
01:22:10
a little site to them they are very similar to
01:22:13
we see that in this case it is
01:22:15
Great Britain
01:22:16
one of the advantages of this out of the gate
01:22:19
naturally is the fact that
01:22:21
some resources are blocked in
01:22:24
in our country they are beginning to be available
01:22:27
Almost
01:22:29
here something went wrong for me though
01:22:33
the idea should be so possible something I
01:22:37
didn't tighten it up
01:22:38
and besides, naturally I have to
01:22:43
there should be malware blocking
01:22:50
and blocking some unwanted
01:22:52
resources let's see how much it is
01:22:55
will work
01:23:08
on blocked let's try again
01:23:11
since no, with this everything needs a little
01:23:22
tighten up the policy but in general in principle
01:23:24
this technology allows you also
01:23:27
and protect yourself from a situation when some
01:23:29
resources they are not available on the table
01:23:33
connections, for example, with the fact that they were activated
01:23:36
some kind of blockage with the principle you
01:23:39
block unwanted resources and
01:23:41
block
01:23:43
access is allowed to some categories
01:23:46
sites exactly the same way you would do it
01:23:51
at the security gateway level and
01:23:54
accordingly in this case you
01:23:57
a policy is applied that looks like
01:23:59
just like it looks on your gateway
01:24:02
security let's go back to now
01:24:04
I'll show you my tennant and this case
01:24:13
back in the pocket connect here we are
01:24:16
we are already talking about these two
01:24:18
component is a site site and work with
01:24:22
client case website client website
01:24:25
no need to put it because you have a bunch
01:24:27
it turns out your device is on some
01:24:31
object to contact and [ __ ] there with here
01:24:34
with this cloud service in case
01:24:36
these are remote home computers
01:24:38
some or corporate laptops
01:24:40
there already communication occurs through
01:24:43
this special agent harmonica is not
01:24:46
and as a result you apply this very
01:24:48
politics how it looks on yours
01:24:52
I'll send you out of the perimeter for safety, that is
01:24:54
block a specific application or
01:24:55
site categories can also be
01:24:58
control downloading and not sending
01:25:00
like some type of content that is
01:25:03
this mini del pi is here too
01:25:04
be present and of course all this
01:25:07
the story is being realized, including
01:25:09
inspection of the USSR can apply the full
01:25:13
inspection in this case our agent he
01:25:16
will spill certificates into trusted ones
01:25:18
protected machine and you can
01:25:21
fully filter everything
01:25:23
resources and intercept all malicious
01:25:26
files and block them as usual but also
01:25:29
then you actually get access to
01:25:32
lagam and
01:25:35
different calculations in this system here
01:25:39
I have no logs yet my this agent is he
01:25:43
connected to another awning accordingly
01:25:45
you can watch it too, so let's do it
01:25:48
Let's see what questions there are on this topic
01:25:51
let me return to the question on the topic
01:25:57
actually distributed access
01:25:59
it turns out we have the following space
01:26:02
news is when you are without a client
01:26:05
how you give access to corporate
01:26:07
applications in your data center
01:26:09
physical or virtual or public
01:26:12
in the clouds this thing is there when we
01:26:15
published on the Internet portal here
01:26:17
such a portal these applications
01:26:19
second story you redirect
01:26:21
traffic of your office menus via cloud
01:26:24
gateway to inspect how
01:26:26
on the local gateway but don't buy it
01:26:29
you buy this business as a service, that is
01:26:31
internet access filtering as a service and
01:26:34
there really are 2 and [ __ ] tunnels up
01:26:37
two gateways for fault tolerance in
01:26:40
one of the data centers and third
01:26:42
history this installation of agents on
01:26:44
final machines that will perform
01:26:47
more precisely they will do this very filtration
01:26:50
divert traffic to the same
01:26:53
farm for what happened there
01:26:56
filtration here is basically the sketch and which I
01:26:59
I really wanted to show them today
01:27:02
a lot and this is an incomplete list
01:27:03
As you can see, the harmony solution is more precisely a whole
01:27:07
the harmony family of solutions closes
01:27:09
a large number of situations and if you have
01:27:12
Are there any specific dice of yours?
01:27:14
case and we are happy to be with you
01:27:16
let's talk and select the architecture
01:27:18
which one is right for you besides this
01:27:22
Naturally, we must remember that all these
01:27:24
solutions can be purchased as
01:27:26
separately by subscription by quantity
01:27:29
protected devices or by number
01:27:31
protected users or have a common
01:27:34
armani total subscriptions
01:27:35
which is beneficial if you need both
01:27:38
at least 3 of the solutions that I
01:27:41
showed it today and I would like the last one
01:27:45
to dot the i's a little
01:27:47
tell us what happened to us
01:27:51
rebranding sandblast agents harmony and
01:27:53
point and some new ones have appeared
01:27:55
subscription there are a lot of questions
01:27:57
around how it's all now
01:28:00
licensed in short it turns out
01:28:03
we have an agent that includes
01:28:05
traditional protection and and dear but not
01:28:09
includes sandbox
01:28:10
it's called harmony in point basic this
01:28:13
the simplest license included
01:28:15
cloud management and cloud more precisely and
01:28:20
there is no sandbox here in this case
01:28:22
there are 2
01:28:25
the second mechanism is harmony and point
01:28:29
advance it already includes sandbox
01:28:32
and this is the most typical subscription that
01:28:35
we have been selling for many years
01:28:38
years ago it was called impudence than here
01:28:40
vans is now harmony in point advance
01:28:42
it includes a full-fledged cyber
01:28:44
protection cloud management cloud
01:28:47
the sandbox is naturally local
01:28:50
management and local sandbox is
01:28:52
just options that can be purchased and
01:28:55
we will also help you with siding
01:28:59
There's a new option just a little bit
01:29:03
revised with hard encryption
01:29:05
disk
01:29:06
but without a plugin in the browser and finally there is
01:29:10
What about a regular custom client of harmony?
01:29:14
in plain complete which earlier
01:29:16
was called the authorities kent complete which
01:29:18
includes all technologies at the level
01:29:21
points, that is, there are all sorts of different ones
01:29:24
bangla
01:29:25
again, the solution allows you to combine
01:29:28
one management server or local
01:29:30
that the cloud can combine different options
01:29:34
subscriptions that is, you can for example
01:29:36
some stations where you just need
01:29:39
protect yourself from phishing ransomware and
01:29:41
some kind of exit window there is a sandbox
01:29:44
it's expensive for them to buy you buy
01:29:46
basic option for other machines in the office
01:29:50
you buy two important machines in the office and
01:29:53
for example working people
01:29:56
remotely you buy a complete package because
01:29:58
it also includes hard encryption
01:30:00
disk that is a guarantee against theft
01:30:02
data if dice if this laptop
01:30:04
for example lost or stolen, even you
01:30:07
combine different options
01:30:09
subscriptions and you get quality
01:30:12
solution that solves your problems by
01:30:14
quite reasonable price and let me remind you that there is
01:30:18
harmony total option which includes
01:30:20
additionally as rasasi including protection
01:30:23
mail and including mobile protection
01:30:26
devices for the same user well
01:30:29
That's it for all my colleagues today
01:30:32
thank you very much for your time
01:30:35
I really galloped today
01:30:37
across Europe for a fairly large
01:30:39
number of solutions
01:30:41
edius of cases that we have
01:30:44
in our family harmony naturally comes from
01:30:47
these cases may raise more questions and
01:30:50
some specific technologies
01:30:53
the attacker's asset may be greater
01:30:55
I will be glad to see you separately with each
01:30:58
chat and delve into some of the
01:31:00
these directions thank you for your attention
01:31:03
We will send you a video recording of the presentation
01:31:06
and we will also send examples of harmony reports
01:31:09
and point so you can watch them
01:31:11
wander through them with your own eyes and
01:31:13
study thank you good bye
01:31:16
day

Description:

2020 год трансформировал многие бизнес-процессы. Сотрудники привыкли работать откуда угодно, с любых устройств (корпоративных и личных) и получать доступ к корпоративным приложениям в ЦОД и облаке. Злоумышленники продолжают пользоваться ситуацией. Растет количество фишинга, кражи учеток и данных, распространение вредоносов, включая шпионское и вымогательское ПО. Опросы в 2021 году показывают, что большинство организаций продолжат совмещать работу в офисе и дома даже после пандемии Covid-19. «Удаленка» с нами всерьез и надолго, а значит, нужно обеспечивать комплексную киберзащиту в изменившихся условиях, нужно отходить от «времянок» в сторону полноценных решений и сервисов. В ходе вебинара мы рассмотрим следующие практические кейсы и соответствующие решения семейства Harmony: • Защищенный доступ в Интернет для филиалов и удаленных пользователей как сервис – Harmony Connect (Internet Access) • Удаленный доступ к корпоративным приложениям для сотрудников и партнеров как сервис – Harmony Connect (Remote Access) • Комплексная защита корпоративных и личных рабочих станций – Harmony Endpoint • Комплексная защита корпоративных и личных мобильных устройств • Harmony Mobile • Защита эл. почты (включая локальную и Office 365) из облака – Harmony Email & Office Спикер - Алексей Белоглазов 00:00 Введение 05:46 Кейс 1 Защита облачной/локальной эл. почты как сервис Harmony Email & Office 15:59 Кейс 2 Простой удаленный доступ в браузере (без клиента) Harmony Connect Remote Access 25:33 Кейс 3 Безопасный удаленный доступ с VPN и Compliance Harmony Endpoint 28:26 Кейс 4 Комплексная защита устройств пользователей Harmony Endpoint 1:06:49 Harmony Mobile 1:16:13 Кейс 5 Безопасный доступ в интернет из дома и филиалов Harmony Connect Internet Access 1:27:21 Лицензирование

Preparing download options

popular icon
Popular
hd icon
HD video
audio icon
Only sound
total icon
All
* — If the video is playing in a new tab, go to it, then right-click on the video and select "Save video as..."
** — Link intended for online playback in specialized players

Questions about downloading video

mobile menu iconHow can I download "Check Point Harmony: новое семейство решений для защиты устройств сотрудников" video?mobile menu icon

  • http://unidownloader.com/ website is the best way to download a video or a separate audio track if you want to do without installing programs and extensions.

  • The UDL Helper extension is a convenient button that is seamlessly integrated into YouTube, Instagram and OK.ru sites for fast content download.

  • UDL Client program (for Windows) is the most powerful solution that supports more than 900 websites, social networks and video hosting sites, as well as any video quality that is available in the source.

  • UDL Lite is a really convenient way to access a website from your mobile device. With its help, you can easily download videos directly to your smartphone.

mobile menu iconWhich format of "Check Point Harmony: новое семейство решений для защиты устройств сотрудников" video should I choose?mobile menu icon

  • The best quality formats are FullHD (1080p), 2K (1440p), 4K (2160p) and 8K (4320p). The higher the resolution of your screen, the higher the video quality should be. However, there are other factors to consider: download speed, amount of free space, and device performance during playback.

mobile menu iconWhy does my computer freeze when loading a "Check Point Harmony: новое семейство решений для защиты устройств сотрудников" video?mobile menu icon

  • The browser/computer should not freeze completely! If this happens, please report it with a link to the video. Sometimes videos cannot be downloaded directly in a suitable format, so we have added the ability to convert the file to the desired format. In some cases, this process may actively use computer resources.

mobile menu iconHow can I download "Check Point Harmony: новое семейство решений для защиты устройств сотрудников" video to my phone?mobile menu icon

  • You can download a video to your smartphone using the website or the PWA application UDL Lite. It is also possible to send a download link via QR code using the UDL Helper extension.

mobile menu iconHow can I download an audio track (music) to MP3 "Check Point Harmony: новое семейство решений для защиты устройств сотрудников"?mobile menu icon

  • The most convenient way is to use the UDL Client program, which supports converting video to MP3 format. In some cases, MP3 can also be downloaded through the UDL Helper extension.

mobile menu iconHow can I save a frame from a video "Check Point Harmony: новое семейство решений для защиты устройств сотрудников"?mobile menu icon

  • This feature is available in the UDL Helper extension. Make sure that "Show the video snapshot button" is checked in the settings. A camera icon should appear in the lower right corner of the player to the left of the "Settings" icon. When you click on it, the current frame from the video will be saved to your computer in JPEG format.

mobile menu iconWhat's the price of all this stuff?mobile menu icon

  • It costs nothing. Our services are absolutely free for all users. There are no PRO subscriptions, no restrictions on the number or maximum length of downloaded videos.