BenefitsPrevent new and unknown attacks
- Discover and prevent new threats and zero-day attacks found using emulation in a virtual sandbox
- Stop malicious email attachments and file downloads
- Protect against threats in MS Office, Adobe PDF files, EXEs, and ZIPs
- Prevent attacks that affect multiple Windows OS environments
- Uncover threats hidden in SSL and TLS encrypted communications
- Cloud based service – works with your existing infrastructure. No need to install new equipment
- Reduce operational overhead with a low monthly price for the entire organization, based on incoming files volume
- A unique agent for exchange server monitors email attachments, even without Check Point infrastructure at the organization
- Zero false-positives means you can secure the network without stopping the flow of business
- Turns zero-day attacks into known and preventable attacks. Zero-day attacks become just another known threat for all other ThreatCloud subscribed Check Point gateways once the zero-day attack signature is uploaded to ThreatCloud
- Enhances industry's first collaborative network to fight cybercrime by adding threat signatures found via Threat Emulation
- Boost protection beyond the 250 million addresses analyzed for bot discovery, over 12 million malware signatures and over 1 million malware-infested sites
- Saves time and reduces costs by leveraging existing security infrastructure
- Detect and send files to Threat Emulation from any Check Point security gateway with R77
- Maximize protection through unified management, monitoring and reporting
- View and manage the "big malware picture" with integrated threat reports and dashboards that show new threats found via Threat Emulation, alongside Bot and Virus attack information
- The Check Point Threat Emulation Service can also be used with a local emulation device. Two appliances are available, varying the number of parallel virtual sandboxes they run and overall performance
ThreatCloud Emulation Service is a cost-effective subscription where customers pay only for the amount of incoming files to the organization. No changes are required at the organization – files can be sent for emulation from an Existing Security Gateways or from an Agent for Exchange server. A global quota for the organization allows centralized management and visibility of both threat and service usage information.
Check Point Threat Emulation works by intercepting and filtering inbound files, running them in a virtual environment, and flagging those files that engage in suspicious or malicious behavior commonly associated with malware, such as modifying the registry, network connections, new file creation, and more. Once these new threats are discovered, the file signature is sent to Check Point ThreatCloud to turn the new malware into a known and documented threat that can be prevented.
Check Point ThreatCloud Emulation provides multiple simultaneous environments for file simulation: Windows XP, 7, 8, Office 2003, 2007, 2010 and Adobe 9 environments.
A detailed report is generated per any file emulation. The report is simple to understand and includes detailed information about any malicious attempts originated by running this file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.
Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point ThreatCloud Emulation looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.
Threat Emulation brings industry leading MS Office and Adobe file protections to threat emulation. MS Office and Adobe files comprise the most frequently distributed business critical documents, yet they are often overlooked as easily exploitable attack vectors. Threat Emulation delivers zero-false positives while providing increased security, allowing business to proceed uninterrupted.
While less prevalent than common business documents, EXEs and ZIPs still pose a threat. Check Point Threat Emulation catches, detects, and prevents infections from EXEs and ZIP files that uses may download or receive in emails.
Newly discovered threats are sent to ThreatCloud, which can then protect other Check Point connected gateways. Each newly discovered threat signature is distributed to other Check Point connected gateways to block before the threat has a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.
Unified security management simplifies the monumental task of managing growing threats, devices and users. Newly identified threats caught by Threat Emulation are displayed in Malware Reports and dashboards with infection summaries and trends to provide better visibility to organizational malware threats and risks.
Check Point ThreatCloud Emulation is implemented in a way that works with existing networks Files can be sent to the ThreatCloud Emulation service or to a Private Cloud Emulation Appliance. Any R77 Security Gateway or an agent for exchange server can monitor incoming files and send suspicious ones to emulation.
ThreatCloud Emulation Service
Quota for File Inspections
|Recommended # of users|
|Supported files for Inspection||
Adobe PDF, MS Office, EXE, ZIP
|Supported Emulation Environments||
Windows XP, 7, 8
Security Gateway Specifications
To detect and send files to ThreatCloud Emulation Service
Check Point Appliances: 2000, 4000, 12000, 13000, and 21000 using R77 or higher
SecurePlatform or GAiA
The Check Point Threat Emulation Service can also be used with a local emulation device. Two appliance options are available, with overall performance supporting organizations up to 3,000 users and above 3,000 users.
|Recommended # of File Inspections/Month|
|Recommended # of users|
Up to 3,000
3,000 users and above