Prevent new and unknown attacks
Threat Emulation Cloud-Based Service
ThreatCloud Enhances Real-time Security
Integrated into Check Point's Software Blade Architecture
Check Point’s Threat Emulation blade is a highly focused, extremely actionable threat prevention tool that reliably detects and blocks undiscovered attacks on our network. Not only has Threat Emulation been a tremendous benefit in further fortifying our multi-layered security solution but also in streamlining our IT staff’s limited time and attention on critical new and unknown malware issues.
Manager, Firewall and DMZ Services
Leading Multinational Pharmaceutical Firm
Check Point Threat Emulation works by intercepting and filtering inbound files, running them in a virtual environment, and flagging those files that engage in suspicious or malicious behavior commonly associated with malware, such as modifying the registry, network connections, new file creation, and more. Once these new threats are discovered, the file signature is sent to Check Point ThreatCloud to turn the new malware into a known and documented threat that can be prevented.
Check Point ThreatCloud Emulation provides multiple simultaneous environments for file simulation: Windows XP, 7, 8, Office 2003, 2007, 2010 and Adobe 9 environments.
A detailed report is generated per any file emulation. The report is simple to understand and includes detailed information about any malicious attempts originated by running this file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.
Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point Threat Emulation looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.
Threat Emulation brings industry leading MS Office and Adobe file protections to threat emulation. MS Office and Adobe files comprise the most frequently distributed business critical documents, yet they are often overlooked as easily exploitable attack vectors. Threat Emulation delivers zero-false positives while providing increased security, allowing business to proceed uninterrupted.
While less prevalent than common business documents, EXEs and ZIPs still pose a threat. Check Point Threat Emulation catches, detects, and prevents infections from EXEs and ZIP files that uses may download or receive in emails.
Newly discovered threats are sent to ThreatCloud, which can then protect other Check Point connected gateways. Each newly discovered threat signature is distributed to other Check Point connected gateways to block before the threat has a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.
Unified security management simplifies the monumental task of managing growing threats, devices and users. Newly identified threats caught by Threat Emulation are displayed in Malware Reports and dashboards with infection summaries and trends to provide better visibility to organizational malware threats and risks.
|ThreatCloud Emulation Service|
Quota for File Inspections
|Recommended # of users|
|Supported files for Inspection||
Adobe PDF, MS Office, EXE, ZIP
|Supported Emulation Environments||
Windows XP, 7, 8
|Security Gateway Specifications
To detect and send files to ThreatCloud Emulation Service
Check Point Appliances: 2000, 4000, 12000, 13000, and 21000 using R77 or higher
SecurePlatform or GAiA
The Check Point Threat Emulation Service can also be used with a local emulation device. Two appliance options are available, with overall performance supporting organizations up to 3,000 users and above 3,000 users.
|Recommended # of File Inspections/Month|
|Recommended # of users|
Up to 3,000
3,000 users and above