The Conseil Départemental du Val de Marne Blocks Threats in Real Time
Thanks to the SandBlast Threat Emulation blade, we can prevent unknown threats. If an attachment is suspicious, it is immediately destroyed.-Mikaël Auzanneau, Networks and Security Engineer, Conseil Départemental du Val de Marne
Located in Créteil, France, this local authority manages all public services for the area’s 1.4 million inhabitants across 47 cities.
Daily Cyber Attacks
The Conseil Départemental computers and those in the IT Department were experiencing attacks regularly. They were mostly caused by suspicious email attachments containing either known or new malicious code. Despite having antivirus programs installed, this malware was so clever that it was capable of evading detection. The IT team had to find a way to halt this growing problem and ensure a secure environment to work in.
Detecting Unknown Attacks
In 2015, the Council’s IT Department researched existing solutions dealing with advanced threats and “Zero-Day” attacks, which were not recognized by traditional antivirus solutions. They then approached Check Point to perform a Security CheckUp.
“We asked Check Point to test their SandBlast solution. Like other government organizations, we have to manage IT attacks. We wanted to increase our security by adding the SandBlast product to complement our suite of IT protection tools,” explained Mikaël Auzanneau, Networks and Security Engineer at the Conseil Départemental. “The result? The management immediately gave us the green light to purchase several SandBlast blades.”
Virtual Machine, Prevention and Consolidated Management
SandBlast offers a range of benefits. Today, thanks to the Threat Emulation blade, each email attachment is inspected in a virtual sandbox to look for malicious code. The technology analyzes it and sends it back to the Conseil Départemental’s IT team.
“This has little impact on our emails,” explained Mikaël Auzanneau, “and allows us to prevent unknown threats. If an attachment is suspicious it is immediately destroyed. In a few months, a new feature called ‘Threat Extraction’ will be installed in our infrastructure. Once this is in place, email attachments will be analyzed in an isolated virtual machine. If there is a problem, it will transform it into a PDF file or neutralize it by deactivating all the macros in an Excel file or links in a Word document.”
“What I like in the latest version of Check Point R80 management console is that multiple administrators can log into the management system simultaneously,” explained Mikaël Auzanneau. “Moreover, all the modules required for the management are now combined in one console – saving us valuable man hours.”
For more information, visit: www.checkpoint.com/sandblast