Check Point Software http://www.checkpoint.com We secure the future Fri, 01 May 2015 16:00:47 +0000 en-US hourly 1 http://wordpress.org/?v=4.2.1 Threat management platforms are next step in mobile device security evolution /threat-management-platforms-next-step-mobile-device-security-evolution/ /threat-management-platforms-next-step-mobile-device-security-evolution/#comments Tue, 07 Apr 2015 22:44:31 +0000 /?p=45806 The post Threat management platforms are next step in mobile device security evolution appeared first on Check Point Software.

]]>
The post Threat management platforms are next step in mobile device security evolution appeared first on Check Point Software.

]]>
/threat-management-platforms-next-step-mobile-device-security-evolution/feed/ 0
NETWORK COMPUTING AWARDS 2015 /network-computing-awards-2015/ /network-computing-awards-2015/#comments Thu, 02 Apr 2015 17:54:10 +0000 /?p=44319 Network Computing Award for Security Product of the year for Smart 1

The post NETWORK COMPUTING AWARDS 2015 appeared first on Check Point Software.

]]>
Network Computing Award for Security Product of the year for Smart 1

The post NETWORK COMPUTING AWARDS 2015 appeared first on Check Point Software.

]]>
/network-computing-awards-2015/feed/ 0
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation /lebanon-believed-behind-newly-uncovered-cyber-espionage-operation/ /lebanon-believed-behind-newly-uncovered-cyber-espionage-operation/#comments Tue, 31 Mar 2015 22:54:13 +0000 /?p=45817 The post Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation appeared first on Check Point Software.

]]>
The post Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation appeared first on Check Point Software.

]]>
/lebanon-believed-behind-newly-uncovered-cyber-espionage-operation/feed/ 0
Volatile Cedar APT Group First Operating Out of Lebanon /volatile-cedar-apt-group-first-operating-lebanon/ /volatile-cedar-apt-group-first-operating-lebanon/#comments Tue, 31 Mar 2015 22:51:56 +0000 /?p=45815 The post Volatile Cedar APT Group First Operating Out of Lebanon appeared first on Check Point Software.

]]>
The post Volatile Cedar APT Group First Operating Out of Lebanon appeared first on Check Point Software.

]]>
/volatile-cedar-apt-group-first-operating-lebanon/feed/ 0
Check Point Blade Cleans Attachments /check-point-blade-cleans-attachments/ /check-point-blade-cleans-attachments/#comments Wed, 11 Mar 2015 22:50:18 +0000 /?p=45813 The post Check Point Blade Cleans Attachments appeared first on Check Point Software.

]]>
The post Check Point Blade Cleans Attachments appeared first on Check Point Software.

]]>
/check-point-blade-cleans-attachments/feed/ 0
Check Point Moves to Thwart Spearphishing Attacks /check-point-moves-thwart-spearphishing-attacks/ /check-point-moves-thwart-spearphishing-attacks/#comments Wed, 11 Mar 2015 22:48:36 +0000 /?p=45810 The post Check Point Moves to Thwart Spearphishing Attacks appeared first on Check Point Software.

]]>
The post Check Point Moves to Thwart Spearphishing Attacks appeared first on Check Point Software.

]]>
/check-point-moves-thwart-spearphishing-attacks/feed/ 0
The February Sales Admin Newsletter /february-sales-admin-newsletter/ /february-sales-admin-newsletter/#comments Tue, 24 Feb 2015 01:02:21 +0000 /?p=42431 New Team Name Coming Soon As you can see by the title of this month’s Newsletter, we in Sales Operations Support will be changing our name to Sales Admin Support. Once the transition is complete, we will provide you with the details. Your Quote Number Does Make a Difference After analyzing the orders submitted with […]

The post The February Sales Admin Newsletter appeared first on Check Point Software.

]]>
New Team Name Coming Soon

As you can see by the title of this month’s Newsletter, we in Sales Operations Support will be changing our name to Sales Admin Support. Once the transition is complete, we will provide you with the details.

Your Quote Number Does Make a Difference

After analyzing the orders submitted with Check Point sales quotes versus those without, we found the following results:

• Orders were completed faster
• Volume of pending orders were reduced
• Manual processing errors were reduced

Please remember to include the quote number in all of your purchase orders because…your quote number does makes a difference.

To generate a Sales quote click here (https://usercenter.checkpoint.com/usercenter/portal/media-type/html/role/usercenterUser/page/default.psml/js_pane/PricingToolsId,ProductsCatalogId)

End of Support for Safe@ 500 Series

Please note that the official end of support for the Safe@ 500 series is May 1, 2015 but Check Point will continue to provide support until December 1, 2015. Therefore, if purchasing support for a Safe@ 500 series appliance, please calculate the support price to co terminate with the December 1, 2015 date.

Offer Numbers Required

Please include the offer number with all support renewals that are generated from our renewal quoting tool. If using the Excel option, please be sure to include the offer number provided in the Excel spreadsheet. The offer numbers are provided prior to the export of the Excel version.

Export Regulations Reminder

We would like to ask you and your sales team to review and familiarize yourselves with our export regulations. These can be located in PartnerMAP by clicking here (https://usercenter.checkpoint.com/usercenter/portal/js_pane/PartnerMapId,PartnerHomeId?pageUrl=partners/resources/ordering/des_procedures.html). Please be sure to also review the Export Regulations PDF located toward the top of this same page.

The post The February Sales Admin Newsletter appeared first on Check Point Software.

]]>
/february-sales-admin-newsletter/feed/ 0
Amnon Bar-Lev, 2015 CRN Channel Chief /amnon-bar-lev-2015-crn-channel-chief/ /amnon-bar-lev-2015-crn-channel-chief/#comments Mon, 23 Feb 2015 20:47:49 +0000 /?p=43638 The post Amnon Bar-Lev, 2015 CRN Channel Chief appeared first on Check Point Software.

]]>
The post Amnon Bar-Lev, 2015 CRN Channel Chief appeared first on Check Point Software.

]]>
/amnon-bar-lev-2015-crn-channel-chief/feed/ 0
Check Point Acquires Hyperwise to Bolster IT Security at CPU Level /check-point-acquires-hyperwise-bolster-security-cpu-level/ /check-point-acquires-hyperwise-bolster-security-cpu-level/#comments Fri, 20 Feb 2015 22:06:12 +0000 /?p=43983 The post Check Point Acquires Hyperwise to Bolster IT Security at CPU Level appeared first on Check Point Software.

]]>
The post Check Point Acquires Hyperwise to Bolster IT Security at CPU Level appeared first on Check Point Software.

]]>
/check-point-acquires-hyperwise-bolster-security-cpu-level/feed/ 0
Angler Exploit Kit – Blocking attacks even before 0day /angler-exploit-kit-blocking-attacks-even-0day/ /angler-exploit-kit-blocking-attacks-even-0day/#comments Fri, 20 Feb 2015 21:06:54 +0000 /?p=42273 The Story Blocking attempts to use exploit kits (EK) against our customers is one of Check Point’s main targets in IPS. Thus, our Intelligence Teams follow closely the trends in this world. On late December, we noticed hype around a specific EK, namely, Angler EK, and decided to give high priority to writing an IPS […]

The post Angler Exploit Kit – Blocking attacks even before 0day appeared first on Check Point Software.

]]>
The Story

Blocking attempts to use exploit kits (EK) against our customers is one of Check Point’s main targets in IPS. Thus, our Intelligence Teams follow closely the trends in this world. On late December, we noticed hype around a specific EK, namely, Angler EK, and decided to give high priority to writing an IPS protection against it. The protection was included in the IPS package released for customers on January 13th. We will later elaborate on the technicalities of the protection.

Just two days after releasing this protection, we witnessed real attack attempts on some of our Managed Security Service customers, detected by their IPS blade. Attacked customers included a major bank and a hospital in the US.

On February 21st, a 0day Flash Player vulnerability exploited by Angler EK was published. That same day, we received samples of this 0day attack from an external source, and realized that the attack vector we were signing for was still relevant.

Meaning, Check Point IPS customers had been protected from this yet unpatched vulnerability, even before it was published! At our last check, IPS identified attack attempts on about 30% of the Managed Service customers, in US, Europe and Australia.

The Signature

Where’s the problem?

EKs will usually change their landing page on a timely basis, to avoid IPS detection. The URL changes with no specific pattern, and therefore can’t be signed for, e.g.:

hxxp://andcoming-rfzap.tampasnorecenter.com/x6d2dnmoy3.php
hxxp://netilliteratepranked.fllaserdentist.com/wkgetd0tz0.php
hxxp://sotaharjoituksessa.tagenar.info/2dp78n17ia.php
hxxp://hymirploceinaalgebraisten.mpcaudio.com/vatoq2iddw.php
hxxp://sdfncop348yhsd.dkk40s-3ujdjf3lodp.in/584w31z5gg

Additionally, Angler EK’s landing page is highly obfuscated, and no generic detection could be implemented for it, with reasonable performance and confidence.

Here’s an example:

So what did we do?

During further analysis of publicly available traffic, a hard-coded string in the infecting server’s response was repeatedly found in all samples.

So finally, what the signature looks for is the “last modified” header value, which consist of a future date – July 2039 or 2040. Indeed, this protection brought up only true positive events.

Following detection in IPS, we leveraged the URLs from IPS logs, and inserted them to the AV engine. Now we protect against at least some of the attacks in this blade as well.

This is what attacks look like in Managed Security Service logs:

An Anecdote on Cyber and Literature

Malicious landing pages usually commence with real text, posing as a real webpage. To keep the text changing, they use long texts taken from the internet. If you look closely at the packet capture, you can find Mrs. Jennings, Mrs. Palmer and Mr. Willoughby from Jane Austen’s novel, “Sense and Sensibility”. Different pieces taken from this story are used in the different Angler EK landing pages.

The post Angler Exploit Kit – Blocking attacks even before 0day appeared first on Check Point Software.

]]>
/angler-exploit-kit-blocking-attacks-even-0day/feed/ 0