Prevent new and unknown attacks
Threat Emulation Cloud-Based Service
ThreatCloud Enhances Real-time Security
Integrated into Check Point's Software Blade Architecture
Our Check Point Threat Emulation solution gives us immediate visibility and insight into threats. If an attack takes place, I can trace it down, determine its origin, and view the traffic of all the network elements it tried to reach before it was discovered. The discovery work is easy because we have access to all the logging information we need. We don’t have to guess.
Director, Infrastructure Services
Check Point Threat Emulation works by intercepting and filtering inbound files, running them in a virtual environment, and flagging those files that engage in suspicious or malicious behavior commonly associated with malware, such as modifying the registry, network connections, new file creation, and more. Once these new threats are discovered, the file signature is sent to Check Point ThreatCloud to turn the new malware into a known and documented threat that can be prevented.
Check Point ThreatCloud Emulation provides multiple simultaneous environments for file simulation: Windows XP, 7, Office and Adobe environments.
A detailed report is generated per any file emulation. The report is simple to understand and includes detailed information about any malicious attempts originated by running this file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.
Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point Threat Emulation looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.
Threat Emulation brings industry leading MS Office and Adobe file protections to threat emulation. MS Office and Adobe files comprise the most frequently distributed business critical documents, yet they are often overlooked as easily exploitable attack vectors. Threat Emulation delivers zero-false positives while providing increased security, allowing business to proceed uninterrupted.
While less prevalent than common business documents, EXEs and ZIPs still pose a threat. Check Point Threat Emulation catches, detects, and prevents infections from EXEs and ZIP files that uses may download or receive in emails.
Zero-day and newly discovered threats are sent to ThreatCloud, which can then protect other Check Point connected gateways via our zero-day threat sandboxing solution. Each newly discovered threat signature is distributed to other Check Point connected gateways to block before the threat has a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.
Unified security management simplifies the monumental task of managing growing threats, devices and users. Newly identified threats caught by Threat Emulation are displayed in Malware Reports and dashboards with infection summaries and trends to provide better visibility to organizational malware threats and risks.
|Supported files for Inspection||
Adobe PDF, MS Office, Executables, archives
|Supported Emulation Environments||
Windows XP, 7
|Security Gateway Specifications
To detect and send files to ThreatCloud Emulation Service
Check Point Appliances: 2000, 4000, 12000, 13000, and 21000 using R77 or higher
SecurePlatform or GAiA
The Check Point Threat Emulation Service can also be used with a local emulation device. A range of appliance options are available, with overall performance supporting organizations above 3,000 users.