Speaker’s Corner: Featuring Maya Levine, Technical Marketing Engineer, Check Point Software Technologies, Ltd.

Tell us more about Check Point Software Technologies, and its core offering…

Check Point Software Technologies Ltd is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from the most advanced cyber-attacks, with an industry-leading catch rate of malware, ransomware, and other types of attacks. Check Point offers multilevel security solutions to defend enterprises’ cloud, network, and mobile device-held information. In addition to protecting more than 100,000 businesses and millions of users worldwide, Check Point’s research team collects and analyzes global cyber-attack data. Their publications and intelligence sharing fuel the discovery of new cyber threats and the development of the international threat intelligence community.   

To what extent is phishing a problem today? And Ransomware?

The network security industry has many challenges to face currently. Phishing continues to be a problem. It is one of the most common types of cyberattacks, mainly because it is often an effective technique for gaining access to an organization’s network and systems. 

Ransomware has also been a growing threat in recent years. A number of high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide, and ransomware costs businesses around $20 billion in 2020, an increase of 75% over the previous year. The ransomware industry has also experienced numerous innovations in recent years. Ransomware as a Service (RaaS) operators develops and sell ransomware, expanding their reach and providing less sophisticated threat actors with access to high-quality malware.

In addition, the popularity of corporate mobile devices and bring your own device (BYOD) policies have been steadily growing in recent years. Employees working from home or from anywhere are more likely to use mobile devices than those working from the office. With the increased use of mobile devices for business purposes, comes new cybersecurity risks.

Cybercriminals are increasingly targeting these devices in their attacks, and many businesses lack the same level of security on their mobile devices as they have on traditional computers. 46% of companies report that they have had at least one employee install a malicious mobile application. As these mobile devices are increasingly used to store corporate data and access business applications, mobile malware poses a growing threat to corporate cybersecurity.

One of the most important things organizations can do to mitigate risk is educating their employees on all the risks and proper cyber security practices. Develop a culture of learning from mistakes and finding out where the security gaps are – by regularly conducting both penetration testing and phishing campaigns. 

Organizations also need to shift their security approaches. Many have security architectures composed of many point security products designed to protect against earlier generations of cyber threats. These solutions are difficult to manage and lack the security unification and threat intelligence needed to protect against large-scale automated attacks.

Has the COVID-19 pandemic led to a demand for network & cloud security solutions? what are the trends within the sector?

In 2020, the COVID-19 pandemic forced organizations to pivot suddenly to a mostly or wholly remote workforce. Within a matter of weeks, companies with no existing telework programs needed to adapt and update the infrastructure required to allow their employees to work from home. The rush to stand up remote work programs left security gaps that are actively exploited by cybercriminals. In 2021, companies will continue to face new security threats made possible by widespread telework, including:

• Exploitation of Remote Access Solutions: Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
• Vulnerable and Compromised Endpoints: With remote work, employees are working from computers outside the corporate perimeter and the cyber defenses deployed there. These devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.

Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions. However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many organizations are still working to understand these differences, leaving their cloud deployments at risk. 

For 75% of enterprises, the security of their public cloud infrastructure is a significant concern. Learning how to secure systems hosted on shared servers in vendor-specific environments is challenging, especially when most companies are using services provided by multiple different vendors. In 2021, the failure to implement effective cloud security will remain a major problem, and, according to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.

What is your biggest objective as a speaker?

There are two main objectives for me as a speaker: educate and engage. I want to share information that is both interesting and useful to my audience. That is the education component. However, I think you could have the world’s most fascinating presentation, but if you are not making an effort to entertain and engage with your audience, that information might be lost on them. It is the combination of the two that can create lasting impressions.

Could you share with us the points of discussion (the input that you provided) during the panel(s) at the Black Hat USA conference?

My focus was to break down a typical cloud-native attack in order to emphasize how to protect against it. These protection tools include, but are not limited to: 

Web Application Firewalls —This is very basic and signature-based, but can protect against common applications exploits like an LFI

Posture Management Systems — Use a system that lets you write your own governance rules and makes sure they are enforced at scale. For example, making sure WAF is enabled for any API GW deployed.

Workload Protection – Full-time runtime protection that analyzes function behavior, establishes a baseline of function activity and locks it down by applying a minimal privilege runtime profile. It is very difficult to utilize functions in any attack without having it deviate from its normal behavior.

Detect permission changes — In this attack, the hacker modified the EBS snapshot parameters by exposing it to their own account. Things like “ModifySnapshotAttribute” is something your SIEM system or security analytics tools should look out for.

Utilize Security Analytic Systems to Detect Anomalies — For example, a session token being used by an entity that is disconnected from your environment is a clear sign of token abuse.

In your opinion, do digital events give you a similar level of feedback/result vis-à-vis the live versions? What would you say were the biggest pros and cons of both formats? Which do you prefer?   

After nearly 18 months of the pandemic, many people are suffering from screen fatigue. It was a huge adjustment moving events from live venues to a digital format. Live events allow you to interact with and gauge your audience in a much more effective way. Although I definitely prefer the live events, I think the biggest pro of the digital events is their increased accessibility. It is much easier to join an online event for a few hours than to fly to a different city for it. 

To review the Blackhat USA, click here.

About Maya: Dedicated and analytical security engineer, Maya is currently a Technical Marketing Engineer at Check Point Software focusing on cloud technologies. Maya has deep technical knowledge in multiple domains (security, software engineering, cloud) matched with an earnest and concise communication style that connects to both technical and business audiences.