With cyber attacks becoming more sophisticated, most of the targeted attacks began to take advantage of software vulnerabilities in downloaded files and mail attachments.
These attacks include new exploits as well as unpublished versions of existing exploits. Therefore, there are no standard solutions that can recognize these attacks. Solutions are needed beyond the signatures of known attacks to catch new and undiscovered attacks.
Check Point Sandblast Zero-Day protection provides a security solution that covers even the most dangerous attacks with its advanced malware detection system, while ensuring that the safe content is delivered to your users. The two key features of this solution are Thret Emulation and Threat Extrcation taking this attack defense to the next level.
As part of the Check Point SandBlast solution, the Threat Emulation architecture can capture malicious software while it is in exploitation phase without applying escape techniques to bypass SandBlast. The captured files are quarantined quickly and examined in the sandbox environment created before entering your network. This creative solution combines “CPU-Level Inspection” and “OS-Level Sandbozing” technologies, providing a comprehensive security service from the most dangerous attacks to Zero-Day exploits.
In addition, the SandBlast Threat Extraction feature allows users to access a safe version of the damaged content. Potential attacks are prevented by removing contents that can be processed in a re-created file. Until these suspicious files are fully investigated by SandBlast Zero-Day Protection, their original state cannot be accessed.
We offer the diverse SandBlast product family to your service. These solutions are ideal for our customers who cannot use the cloud-based SandBlast Treat Emulation service due to legislation and security concerns.
Simulation of attacks can be done in two ways:
- Private Cloud: Check Point Security gateways send the files they receive to the SandBlast device for simulation.
- Inline: SandBlast application is deployed inline or on the span port, traffic is ensured by opening Threat Emulation, Threat Extraction, Anti-Virus and Anti-Bot blades.
Comprehensive Attack Protection
SandBlast Devices protect you against known and unknown attacks using Antivirus, Anti-Bot, threat Emulation (sandboxing) and Threat extraction technologies.
SandBlast Zero-Day Protection
SandBlast Threat Emulation Technology prevents the harmful files from entering your network using the fastest and most sensitive sandbox engine.
Capture Known Attacks
Antivirus Software Blade prevents users from being affected by blocking known malware on the gateway by using the real-time virus signature database. Anti-Bot Software Blade detects bot-infected machines and prevents bot control & management traffic and prevents damage.
Current sandbox applications detect malware at the OS level, when exploitation occurs and hacker code is running. Therefore, how successful they are is somewhat doubtful.
SandBlast Threat Emulation, with its unique CPU-Level inspection engine, examines the flow of directives at the CPU level and catches the attacks that try to bypass OS security controls and stop them before they have the opportunity to work.
When it comes to attack protection, there is no bargain between speed, precision and coverage. Unlike other solutions, Check Point Zero Day protection does not affect workflow even when working in prevent mode.
Check Point Threat Extraction separates the exploitable content, including active and embedded content, and ensures the continuity of the workflow by providing delivery to the users of the safe version.
Threat Extraction can be configured in two ways: Quickly transmit the reconstructed document to the user or wait for the response from SandBlast Threat Emulation.
Files sent over SSL and TLS are identified as secure attack vectors and have the ability to bypass many standard industry applications.
Check Point Threat Prevention looks inside this traffic protected by SSL and TLS tunnel, discovers hidden attacks by extracting and running files.
A detailed report is issued for all simulated files. A report is created that is easy to understand and contains all the information about the attack that the files are trying to make.
A signature is created for each new attack discovered by Threat Emulation, and Check Point is sent to ThreatCloud, where it is sent to other Check Point devices. Threat Emulation turns newly discovered attacks into known signatures, allowing them to prevent them from spreading before they spread. This continuous collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date “Attack Network”.