ThreatCloud Incident Response

When the worst happens and you get attacked, trust Check Point to mitigate your risk with our Incident Response Service. Just call our dedicated hotline anytime you experience a security threat and our 24×7 experts will instantly respond to help you contain the threat, minimize your losses and return to business as usual. Our Incident Response service will also help you mitigate future risks with post-incident reports and security best practices advisement.


Dedicated 24/7 experts instantly respond to any security attack

  • Real-time log capture and analysis
  • Digital forensics analysis
  • Denial of service response and mitigation
  • Malware, virus and data loss incidents
  • Botnet identification and counteraction

Speed your recovery and return to business as usual

  • Reduce downtime during a security attack
  • Accelerate your ability to contain threats
  • Limit damages, loss and cost from attacks

Mitigate future risks with post-incident advisement

  • Apply industry best practices to strengthen security controls
  • Improve your coordination and ability to respond to security incidents
  • Leverage the latest intelligence from ThreatCloud and your Incident Response portal


Multi-threat analysis

Check Point is the only company to offer insight and remediation for several different types of threats including:

  • Firewall
  • IPS
  • Applications
  • Data Loss
  • Malware
  • Botnets
  • Unauthorized access
  • Denial of Service

Real-time Remediation

Real-time remediation is only possible with access to real-time data.  We collect your logs, and then encrypt, compress and store them for immediate access to data should an attack occur. Your logs are refreshed every 30 days to capture the latest information and speed remediation time so you can get back to business.  Customers can always view their logs via the Incident Response portal.

Documentation and Guidance

Incident Response customers receive detailed documentation and best practices guidelines to improve processes, speed ability to respond to an attack and meet compliance and reporting requirements including:

  • Incident Response Analysis and Recommended Remediation
  • Incident Response Best Practices Guidelines
  • State of Preparedness Report
  • Annual Summary of Event Activity vs. the Check Point community
  • Attack Profiling

Incident Response Portal

The Incident Response portal offers everything you need to prepare for and respond to a security attack. Via the Incident Response portal customers can view actionable attack remediation data including:

  • Summary of the Security Event
  • Summary of Alerts during the last 24 hours
  • Message Board
  • Report Repository

Customers upload their raw data (logs) to the Incident Response portal for encrypted storage and analysis.

Custom Security Controls

In addition to real-time attack remediation assistance, we also provide expert recommendations to enhance your security protection including:

  • Custom signatures
  • Traffic and attack analysis
  • Rule-base protection activations
  • Custom protection development
  • How to protect 3rd party systems and service providers

ThreatCloud Intelligence Feeds

ThreatCloud is a real-time security intelligence database, and the first collaborative network to find cybercrime by analyzing over 250 million addresses for Bot discovery, 4.5 million malware signatures, and 300,000 malware-infested websites. ThreatCloud is dynamically updated using a worldwide network of threat sensors to provide the very latest security intelligence.

Learn More