Check Point ThreatCloud Emulation Service prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the network.

Benefits

Prevent new and unknown attacks
  • Discover and prevent new threats and zero-day attacks found using emulation in a virtual sandbox
  • Stop malicious email attachments and file downloads
  • Protect against threats in MS Office, Adobe PDF files, EXEs, and ZIPs
  • Prevent attacks that affect multiple Windows OS environments
  • Uncover threats hidden in SSL and TLS encrypted communications
New ThreatCloud Emulation Service
  • Cloud based service – works with your existing infrastructure. No need to install new equipment
  • Reduce operational overhead with a low monthly price for the entire organization, based on incoming files volume
  • A unique agent for exchange server monitors email attachments, even without Check Point infrastructure at the organization
  • Zero false-positives means you can secure the network without stopping the flow of business
ThreatCloud Enhances Real-time Security
  • Turns zero-day attacks into known and preventable attacks. Zero-day attacks become just another known threat for all other ThreatCloud subscribed Check Point gateways once the zero-day attack signature is uploaded to ThreatCloud
  • Enhances industry's first collaborative network to fight cybercrime by adding threat signatures found via Threat Emulation
  • Boost protection beyond the 250 million addresses analyzed for bot discovery, over 12 million malware signatures and over 1 million malware-infested sites
Integrated into Check Point's Software Blade Architecture
  • Saves time and reduces costs by leveraging existing security infrastructure
  • Detect and send files to Threat Emulation from any Check Point security gateway with R77
  • Maximize protection through unified management, monitoring and reporting
  • View and manage the "big malware picture" with integrated threat reports and dashboards that show new threats found via Threat Emulation, alongside Bot and Virus attack information
  • The Check Point Threat Emulation Service can also be used with a local emulation device. Two appliances are available, varying the number of parallel virtual sandboxes they run and overall performance

Features

ThreatCloud Emulation Service is a cost-effective subscription where customers pay only for the amount of incoming files to the organization. No changes are required at the organization – files can be sent for emulation from an Existing Security Gateways or from an Agent for Exchange server. A global quota for the organization allows centralized management and visibility of both threat and service usage information.

Check Point Threat Emulation works by intercepting and filtering inbound files, running them in a virtual environment, and flagging those files that engage in suspicious or malicious behavior commonly associated with malware, such as modifying the registry, network connections, new file creation, and more. Once these new threats are discovered, the file signature is sent to Check Point ThreatCloud to turn the new malware into a known and documented threat that can be prevented.

Check Point ThreatCloud Emulation provides multiple simultaneous environments for file simulation: Windows XP, 7, 8, Office 2003, 2007, 2010 and Adobe 9 environments.

A detailed report is generated per any file emulation. The report is simple to understand and includes detailed information about any malicious attempts originated by running this file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.

Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point ThreatCloud Emulation looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.

threat emulation - encrypted traffic protection

Threat Emulation brings industry leading MS Office and Adobe file protections to threat emulation. MS Office and Adobe files comprise the most frequently distributed business critical documents, yet they are often overlooked as easily exploitable attack vectors. Threat Emulation delivers zero-false positives while providing increased security, allowing business to proceed uninterrupted.

treat emulation stops malicious office docs

While less prevalent than common business documents, EXEs and ZIPs still pose a threat. Check Point Threat Emulation catches, detects, and prevents infections from EXEs and ZIP files that uses may download or receive in emails.

Newly discovered threats are sent to ThreatCloud, which can then protect other Check Point connected gateways. Each newly discovered threat signature is distributed to other Check Point connected gateways to block before the threat has a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.

Unified security management simplifies the monumental task of managing growing threats, devices and users. Newly identified threats caught by Threat Emulation are displayed in Malware Reports and dashboards with infection summaries and trends to provide better visibility to organizational malware threats and risks.

threat emulation integrated management

Check Point ThreatCloud Emulation is implemented in a way that works with existing networks Files can be sent to the ThreatCloud Emulation service or to a Private Cloud Emulation Appliance. Any R77 Security Gateway or an agent for exchange server can monitor incoming files and send suspicious ones to emulation.

Specifications

ThreatCloud Emulation Service
Organizational Monthly
Quota for File Inspections

10,000

50,000

150,000

400,000

1,000,000

Recommended # of users

0-150

150-500

300-1500

1000-5000

3000+

Emulation Specifications
Supported files for Inspection

Adobe PDF, MS Office, EXE, ZIP

Supported Emulation Environments

Windows XP, 7, 8
Microsoft Office 2003, 2007, 2010

Adobe Reader 9

Security Gateway Specifications
To detect and send files to ThreatCloud Emulation Service
Supported Platforms

Check Point Appliances: 2000, 4000, 12000, 13000, and 21000 using R77 or higher
Other appliance and Open Servers with equivalent performance to the above models are supported

Supported OS

SecurePlatform or GAiA

The Check Point Threat Emulation Service can also be used with a local emulation device. Two appliance options are available, with overall performance supporting organizations up to 3,000 users and above 3,000 users.

 

TE250

TE1000

Recommended # of File Inspections/Month

250,000

1,000,000

Recommended # of users

Up to 3,000

3,000 users and above