When the worst happens and you get attacked, trust Check Point to mitigate your risk with our Incident Response Service. Just call our dedicated hotline anytime you experience a security threat and our 24×7 experts will instantly respond to help you contain the threat, minimize your losses and return to business as usual. Our Incident Response service will also help you mitigate future risks with post-incident reports and security best practices advisement.


Dedicated 24/7 experts instantly respond to any security attack
  • Real-time log capture and analysis
  • Digital forensics analysis
  • Denial of service response and mitigation
  • Malware, virus and data loss incidents
  • Botnet identification and counteraction
Speed your recovery and return to business as usual
  • Reduce downtime during a security attack
  • Accelerate your ability to contain threats
  • Limit damages, loss and cost from attacks
Mitigate future risks with post-incident advisement
  • Apply industry best practices to strengthen security controls
  • Improve your coordination and ability to respond to security incidents
  • Leverage the latest intelligence from ThreatCloud and your Incident Response portal


Check Point is the only company to offer insight and remediation for several different types of threats including:

  • Firewall
  • IPS
  • Applications
  • Data Loss
  • Malware
  • Botnets
  • Unauthorized access
  • Denial of Service

Real-time remediation is only possible with access to real-time data.  We collect your logs, and then encrypt, compress and store them for immediate access to data should an attack occur. Your logs are refreshed every 30 days to capture the latest information and speed remediation time so you can get back to business.  Customers can always view their logs via the Incident Response portal.

Incident Response customers receive detailed documentation and best practices guidelines to improve processes, speed ability to respond to an attack and meet compliance and reporting requirements including:

  • Incident Response Analysis and Recommended Remediation
  • Incident Response Best Practices Guidelines
  • State of Preparedness Report
  • Annual Summary of Event Activity vs. the Check Point community
  • Attack Profiling

The Incident Response portal offers everything you need to prepare for and respond to a security attack. Via the Incident Response portal customers can view actionable attack remediation data including:

  • Summary of the Security Event
  • Summary of Alerts during the last 24 hours
  • Message Board
  • Report Repository

Customers upload their raw data (logs) to the Incident Response portal for encrypted storage and analysis.

In addition to real-time attack remediation assistance, we also provide expert recommendations to enhance your security protection including:

  • Custom signatures
  • Traffic and attack analysis
  • Rule-base protection activations
  • Custom protection development
  • How to protect 3rd party systems and service providers

ThreatCloud is a real-time security intelligence database, and the first collaborative network to find cybercrime by analyzing over 250 million addresses for Bot discovery, 4.5 million malware signatures, and 300,000 malware-infested websites. ThreatCloud is dynamically updated using a worldwide network of threat sensors to provide the very latest security intelligence.



Within thirty (30) minutes of receiving the call, an Engineer will contact Customer and a conference bridge will be established where all parties can join in on the private conference call.

Once initial contact has been created, an Engineer will work with the customer to identify the type of incident and proceed through the analysis phase, which can include investigation of anomalies associated with:

  • System resources
  • Network Patterns
  • Application performance
  • Device operation

Engineer may also perform log analysis from Check Point products, network equipment and device operating systems and applications. Additional investigative efforts may include reviews of full packet captures and binaries


Within 48 hours of an Incident being closed, Check Point will provide a full report of the circumstances of the Incident to the Customer.  The clock will start once the Customer has indicated that the incident is closed. The report may include:

  • Incident overview and executive summary information
  • Event description and behavior
  • Details of call log and work performed
  • Data and system/network behavior analysis
  • Recommendation and analysis
  • Raw log information