Transcription
Forcepoint IsraelTech WeekNitzan CohenRegional Director, IsraelSep. 2020 2020 ForcepointForcepoint Proprietary
Something We Believe In“Built to Last” When partnership with someoneWhile interacting with a customerWhile managing a ChannelWhen closing a dealWhile Building a team 2020 ForcepointAdd Classification Label: Forcepoint Private Forcepoint Proprietary Public2
Customer SuccessLeveraging Forcepoint offerings to ensure accelerated Customer Value, System availability &Operation efficiencyForcepoint Private Forcepoint Proprietary InternalPerformanceCustomerValueSystem availability &Operation efficiencyValue Commitment
Tech week became a Tradition4Forcepoint Private Forcepoint Proprietary Internal
ForcePoint Israel Market ShareFY20 2020 Forcepoint
Announcement DLP Tech- 10.9 09:00-13:00 Forcepoint Virtual Summit September 15 Training: DLP 13-16.9, Web Security 29.9-1.10 Forcepoint System Engineer Certification 10Bis voucher 70 NIS, please send email to: orly@gilevents.co.il Kahoot: 1st place: 800 NIS Alcohol Package, 2nd, 3rd places- 200NIS Vouchers Q&A- Please send us through Chat
Todays Agenda Opening09:00-09:20 Web Security- Erez09:20-10:50 Break10:50-11:05 Email Security- Peter11:05-12:35 Q&A, Kahoot-12:35-13:00
What's new? F1E Isolation (Full/Targeted) Boldon James Cloud App DLP, Cloud Web DLP DUP (Dynamic User Protection) Edge/CSG MSP Forcepoint Advantage 2020 Forcepoint
2020 Tech Week - WebErez EpsteinSr. Sales Engineer 2020 ForcepointPublic
Agenda OnPrem & Hybrid vs Cloud RBI Policy Hardening Tips & Tricks System Health Check& Maintenance EOL & Roadmap Troubleshooting Zero Trust NetworkAccess (ZTNA) CACM (CASB)Public Cloud Security Gateway 2020 Forcepoint12
OnPrem & HybridVs CloudPublic 2020 Forcepoint13
TopologyHybridCloudPublic 2020 Forcepoint14
2020 Forcepoint15
Global Coverage Across 128 Countries 2019 Forcepoint 16
Feature ParityOn Prem & Hybrid Web Main Feature ComparisonOn PremHybridManagement InterfaceReportingLocalUser Authentication & SyncPolicy ManagementCloud PortalLocal via Apollo*No Real Time MonitorLocal via ApolloKerberosLocal via FSMLocal Appliance DeploymentCloud ApolloIdentification via EP*SSO via IDP also AvailableCloud Portal – One PolicyLogic instead of MultiplePoliciesSupportedReal Time AnalysisCloudNot ApplicableSupportedDLP ModuleIntegrated on ProxyETA 2021*DLP Endpoint as meanterm solutionSSL MiTmSupportedAMDSupportedShadow ITSupportedExplicit & Transparent RedirectionSupportedSIEMSupportedPublicETA Q4-2020*DLP Endpoint as meanterm solution 2020 Forcepoint17
Policy HardeningPublic 2020 Forcepoint18
Best Practices – Security categoriesExtended Protection Dynamic DNS Elevated Exposure Emerging Exploits Newly Registered Website ?! Suspicious ContentMiscellaneous Uncategorized (Will be discussed soon)PublicInformation Technology(Please don’t block me ) Hacking Proxy Avoidance Unauthorized MP Web and Email Spam Security (Fully Blocked!!) 2020 Forcepoint19
Uncategorized Why? What is the Risk? How? WebcatcherWebCatcher collects uncategorized and security-related URLs to send toSecurity Labs for analysis, This is done to improve URL categorization andsecurity effectivenessAnd .Stay tuned for next slides .Public 2020 Forcepoint20
Allowing URLs Re-categorize Exceptions (But not forSecurity)Public 2020 Forcepoint21
Aggressive Analysis Elevated Risk Profile: Recommended by Security Labs The Rest: Enable Aggressive ! (Scanning Scanning Options )Public 2020 Forcepoint22
File Download Blocking Executables bat exe pif Threats vbs wmf Custom scf cmd and more And .Stay tuned for next slides .Public 2020 Forcepoint23
Cloud App Enforcement and ReportingApplicationPublicRisk Level 2020 Forcepoint24
Cloud App Enforcement and Reporting Block by Risk Level Permitted and Blocked List Part of existing Policy StructurePublic 2020 Forcepoint25
AMDWebFirewallCASBEmailAdvanced Malware DetectionTypicalSandboxingSTOPShere[APPLICATION LAYER[OS LAYERCreates an isolated environmentrestricted by the underlying hardware Blind to deep malware activity Easily evaded]Full System Emulation (FUSE)Virtualization – Typical Sandbox ]VS Exact replication of multiple hardwareenvironments from mobile devices to PCs Complete visibility of malicious behaviors Full Exposure to counter advancedevasion techniquesForcepoint Private 2019 Forcepoint 26
AMD The Deep Content Inspection DifferenceWebSignature-less inspectionand analysisDormant code analysisidentifies code blocks even ifthey do not executeFirewallCASBEmailAdvanced Malware Detection[APPLICATION LAYERDynamic code analysiselicits malicious behaviors[[OS LAYER][CPU LAYER]Identification of maliciousscripts and macrosTrue Kernel visibility withminimal OS versiondependencies]MEMORY LAYER]Inspection of malwarememory includingencrypted stringsForcepoint Private 2019 Forcepoint 27
System Health Check& MaintenancePublic 2020 Forcepoint28
Proactive ActionsUpgrade, Upgrade and UpgradeMonitoring Services SNMP Health Check URL System Alerts FSM (A.K.A Triton)H/A and Fault Tolerance Clustering VIPDashboards Alert Malicious Events ProxyPublic 2020 Forcepoint29
Proactive ActionsHybrid Sync StatusDB DownloadLog HealthWCG AlertPublic 2020 Forcepoint30
Proactive ActionsWCG Diagnostics ToolPublic 2020 Forcepoint31
Proactive ActionsAV ExceptionsBackups DB File System Snapshots Application BackupPublic 2020 Forcepoint32
TroubleshootingPublic 2020 Forcepoint33
Realtime Monitor Real Time Use for Debugging Only Filter by ActionPublic 2020 Forcepoint34
Block Page DebugPublic 2020 Forcepoint35
More Troubleshooting Browser Debug (F12) Toolbox Authentication Bypass Testdatabaseforcepoint.comPublic 2020 Forcepoint36
More Troubleshooting Scanning Exceptions SSL Bypass (Source, Destination) From FSM Last resort from ProxyPublic 2020 Forcepoint37
Endpoint Disable via CLI Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\) Submit the command:wdeutil.exe -stop [ wspxy wsts wsrf wsdlp all ] Enter the Antitampering password and you should be good to go! Enable Via Cli Goto the EP installation directory(typically C:\Program Files\Websense\Websense Endpoint\) Submit the command:wdeutil.exe -start [ wspxy wsts wsrf wsdlp all ] Gather debugs for Support via UIPublic 2020 Forcepoint38
CACM(Cloud Application Control Module)Public 2020 Forcepoint39
Web Security & Cloud App Control ModuleI need to protect my organization from web borne threatsNativefunctionalityI need to know whatcloud apps arebeing self-adoptedin my organization.I need to know whois using potentiallyrisky cloud app.I need to understandwhich cloud appsare risky, and why.I need to blockusers from usingrisky cloud apps.*on-premises only.Cloud AppControl I need to controlhow sanctionedcloud apps arebeing usedI need to controlsanctioned cloudapps acrossmanaged devices.I need full AD andSIEM integration.I want anomalydetection and userbehavioral analytics. Forcepoint Web Security & Cloud App Control Module 2019 Forcepoint 40
Cloud App Control ModuleWeb Security proxy is connected to the CASB service withproxy chaining.Sanctioned applications traffic is forwarded automatically fromthe Web Security proxy to the CASB service Proxy-based activity visibility, with Real-time mitigation options. CASB Anomaly detection UBA & RisksCNN.comOffice365 2019 Forcepoint 41
Inline Control of Sanctioned Cloud AppsPublic 2020 Forcepoint42
Inline Control of Any ActivityPublic 2020 Forcepoint43
RBIPublic 2020 Forcepoint44
Gartner SWG MQ 2019ForcepointPartnered WithEricom for RemoteBrowser IsolationPublic 2020 Forcepoint45
Forcepoint & EricomA Winning Combination 2020 Forcepoint
How Browser Isolation WorksMalware embedded inactive web-content1Ericom RBI executescontent in anisolated container2Safe renderinginformation sent toendpointStandard browsingexperience34 2020 Forcepoint
Isolation: Forcepoint Web Security Ericom Shield End-user connects toForcepoint WebSecurity to accessthe web Black-listed URLsare blocked, whitelisted are allowedthrough Uncategorized andpolicy-defined URL’sare sent to EricomShield for addedmalware protectionSafe Sites: AllowForcepointWeb SecurityRiskySites:IsolateUnsafe Sites: BlockEnable safe access to uncategorized or risky websites 2020 Forcepoint
Isolation: Forcepoint Web Security Ericom Shield1Forcepoint Web Security allowsaccess to known good sites; blocksknown bad sites.2Policies in Forcepoint Web Securityforward risky traffic to Ericom ShieldRBI.3Risky sites rendered in a remotevirtual container, ensuring anymalware on the site cannot infectendpoints.4Site sent to user as a safe, fullyinteractive visual stream. Users getfull web access, and IT mitigates websecurity risk.1324Enable safe access to uncategorized or risky websites 2020 Forcepoint
Forcepoint Integrations – Confirm ActionWSG (On Prem) – Web Redirection basedConfigure the policy to Isolate a certain category withAction set to Confirm.PublicOnce the user browses to one of the categoriesthat are set to confirm action,it will be given the option to isolate all this traffic onthe RBI solution by clicking on the link. 2020 Forcepoint50
Forcepoint and Ericom Feature MatrixFunctionalityForcepointWeb FilteringYesDeep Content InspectionYesData Loss Prevention DLPYesFile Sandboxing and AnalysisYesFile Preview with textYesAdditional SecurityForcepoint EricomFull Content Isolation (RBI)YesAnti-phishing with Read-only ModeYesFile Content Disarm and Reconstruction(CDR)YesFile Preview with reader (safely in isolationcontainer)YesPublic 2020 Forcepoint51
Tips & TricksPublic 2020 Forcepoint52
WebsenseAdmin Used to restart services in the right order, gracefully Go to the installation directory(typically C:\Program Files (x86)\Websense\Web Security) Submit the command:websenseadmin.exe stop (or Start / Restart)Public 2020 Forcepoint53
Consolidate Realtime Monitor Logs Can be sent to Main Policy Server Ask your integrator to edit config.xml (carefully) Stop Websense Services (/opt/Websense/WebsenseAdmin stop) Go to /opt/Websense/bin vi config.xml Look for UsageMonitorIP (In order to search in the VI type ‘/’ – without the ‘ and tryp UsageMonitorIP)and change it to your TRITON IP (for example data name "UsageMonitorIp" 1.1.1.1 /data ) Start Websense Services (/opt/Websense/WebsenseAdmin stop) You need to do it on Every Proxy.Public 2020 Forcepoint54
Block Whats app Upload & DownloadWhatsApp is using specific domain for any Upload/DownloadWe can just block it with Forcepoint WebThis will block any kind of file upload / downloadThe URL list might need to be updated , if Whats App Design changesUrl List: http://mmg.whatsapp.net https://mmg.whatsapp.net 2019 Forcepoint 56
DTP – Read only access to site Read Only Gmail Access Made possible easily by carefully inspecting all outboundtrafficPublic 2020 Forcepoint57
Roaming User PolicyPublic 2020 Forcepoint58
Cloud Status PortalNow live on status.forcepoint.comReleased in June 2020 Current status of our cloudproducts Consolidate CSG, DEP, CASBand future cloud products Show the history of status Modern, organizedpresentation competitivewith best-in-class cloudprovidersPublic 2020 Forcepoint59
Forcepoint Web 8.5.4 – New FeaturesSIEM Integration improvementsCustomers with larger traffic will noticean improvement in SIEM with reducedlag time with data been made availableto SIEM.TLS 1.0 off by defaultWhile still supported TLS v1.0 is nowdisabled by default for new customers.Audit Logs available to SIEM byDefaultFSM portal related audit logs are nowmade available by default to SIEM.Previouslythiswasmanuallyconfigured by customers.Integrate with Multiple SIEM toolsMultiple SIEM integrations are nowsupported to a maximum of 10.ESXI 6.7 now SupportedVMware ESXI 6.7 is now supported.Add Classification Label: Forcepoint Private Forcepoint Proprietary Public“Unknown” file types can be blockedUnknown file types can now be blockedwhere previously they could not.Quality and StabilityNotable improvements with Reporting.Customers with large data sets willnotice a significant reduction in reportloading times. 2020 Forcepoint60
Roadmap & ProductLife Cycle (EOL)Public 2020 Forcepoint61
Web Life LifeCyclePrivate 2020 Forcepoint62
RoadmapPrivate 2020 Forcepoint63
CSGPublic 2020 Forcepoint64
Cloud SecurityGateway – securitymade simple1 1 1SKU forproduct SKU forsupport SKU forservices 2020 Forcepoint
Cloud Security Gateway – Web CASB DLPCloudappsCASBInternetAMDRBIDPSWeb LogsAPICalls/ ResponsesEventsDLP PolicyBlock/ AllowFileForcepoint Security Managerat Customer Site or IaaS Deploy and Manage DLP PoliciesIncident management & ReportingForensic InvestigationXML import CSG web categoriesDLP InstanceDLP classifiers Web ProxyCSG Admin PortalPost http File size, name, typeKeywords, phrasesREGEXPFile Meta-DataFingerprinting* No OCR support in DPS todayCSGConfigure integration DPSManage web policiesDPS/ DLP Liteenforcement at policy levelManage block pagesTransaction log/ reportingUserEndpoint PAC Tunnels 2020 Forcepoint66
Zero Trust NetworkAccess (Edge)Public 2020 Forcepoint67
Zero Trust Private Access – Internal Apps without VPNsConnectivity for internal appsInternal Appsin Private Enclave Inside private data centers (physical or cloud)Same user experience everywhereRemote Workers No special UI, open apps in browser as usual No VPN client neededNo special firewall ports to administerDEPZT Private AccessPart of DEP’s unified security policiesBranch Offices Risk-adaptive access controls coming in 2021Centralized visibility into app usageInternal Appsin Data CenterForcepoint Proprietary 2020 Forcepoint68
Converged security for applications and data everywhereDYNAMIC EDGE PROTECTIONCloud Security Gateway (CSG)Web Securityas a serviceThreatProtectionDataProtectionCASBas a servicePublic Web &SaaS AppsPrivate Access (PA)Unified AgentFirewallas a NAas a service*Risk-Adaptive Protection** coming H1’21 2020 Forcepoint
Thank You!first.last@forcepoint.comEpstein ErezSr. Sales Engineereepstein@forcepoint.com 2020 Forcepoint 2020 Forcepoint
Forcepoint Private Forcepoint Proprietary Internal Customer Value Performance System availability & Value Commitment Operation efficiency