Anti-Bot Software Blade
A Bot is malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data, spreading spam, distributing malware and participate in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks also known as Advanced Persistent Threats (APTs).
New Software Blade stops bot attacks and prevents bot damage
- Prevent damage by blocking bot communication between infected hosts and a remote operator
- Protect with high performance of up to 40 Gbps
Innovative Discovery of Bot-Infected Machines
- Analyze network traffic through the gateway with a unique Multi-tier ThreatSpect™ engine to detect infected hosts
- Combine information on remote operator hideouts, unique botnet communication patterns and attack behavior to identify thousands of different botnet families and many millions of outbreak types
- Receive up-to-the-minute bot updates from Check Point’s ThreatCloud™ repository
Most Comprehensive Threat Prevention Solution
- Integrate in a single gateway all critical threat prevention technologies – IPS, AV, Anti-SPAM, URL Filtering and Anti-Bot
- Investigate infections with extensive forensics tools and easily assess damages
- Quickly analyze risk through malware-threat reports and dashboards showing infection summaries and trends.
Complete Anti-Bot Solution
Complete Anti-Bot Solution - integrated into Check Point Software Blade architecture
Complete Anti-Bot Solution - integrated into Check Point Software Blade architecture
- Discover, stop and assess bot damages on a single gateway
- Unified and centralized management using Check Point SmartEvent
- Available on every gateway
Multi-Tier ThreatSpect™ Bot Detection Engine
Multi-Tier ThreatSpect™ Bot Detection Engine - the Anti-Bot Software Blade discovers infections by correlating multiple detection methods
Multi-Tier ThreatSpect™ Bot Detection Engine - the Anti-Bot Software Blade discovers infections by correlating multiple detection methods
- Reputation – evaluating IPs, URLs, and DNS addresses to determine whether outbound traffic is destined for known botnet Command and Control (C&C) sites.
- Patterns - detecting unique botnet family communication patterns (over multiple protocols such as HTTP, DNS and SMTP)
- Bot damages & actions by detecting attack types, such as Spam (leveraging outbound mail analysis) and Click fraud, as well as anomalies (irregular ports, protocols)
Inline Bot Prevention
Inline bot prevention – block bot communications from infected hosts
Inline bot prevention – block bot communications from infected hosts
- Support Inline and out-of-band deployment topologies
- Block bot specific communication to C&C sites to neutralize bot damages and ensure work continuity
ThreatCloud™ Bot Information Updates
Bot Information updates – providing automatic updates, using the ThreatCloud™ infrastructure, to the Anti-Bot Software Blade of the latest IP/URL/DNS reputation data and botnet communication patterns
- Eliminates administrator's need to constantly update policies or threat data bases
Forensics Analysis
Forensics - Providing administrators and security teams with the information they need to analyze security events, investigate infections and assess damages
Forensics - Providing administrators and security teams with the information they need to analyze security events, investigate infections and assess damages
- Detailed infection information per malware type and/or infected users and machines
- Threat Wiki – extensive infection information (malware type, description and any available details such as executables run, used protocols etc.)
- Key bot actions – identify suspicious activities such as participating in DDoS attacks, self-distribution attempts, and participating in click fraud
- Packet capture – view data sent using complete per-session packet capture with SSL inspection
Malware Reports and Dashboards
Malware reports and dashboards - infection summaries and trends to provide better visibility to organizational malware threats and risks
Malware reports and dashboards - infection summaries and trends to provide better visibility to organizational malware threats and risks
- View infected hosts statistics, malware types and activities, trends/changes vs. previous week/month, amount of data sent or received and more
Summary of infected hosts
Set Granular Policies
Granular policy setting – detect and prevent suspicious actions per any user/machine
Granular policy setting – detect and prevent suspicious actions per any user/machine
Hierarchical rule based engine providing administrators with complete flexibility
- Separate policy installation – minimize organizational risks by only updating specific Anti-Bot Blade policy (e.g. no need to also update Firewall policy)
Software Blade Specifications
| Supported Appliance Families | |
|---|---|
|
|
| Supported Operating Systems | |
|
- Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21400 Appliance
- 61000 Security System
- SecurityPower
- Power-1
- UTM-1
- Series 80
- UTM-1 Edge
- IP Appliances
- VSX-1
- DLP-1
- IPS-1
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus & Anti-Malware
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Security Management
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite
