A U.S. regional bank was expending many hours and resources every week remediating issues caused by infections on the network and endpoints. Advanced threats coming in through email and web were getting past the bank’s existing firewall and negatively impacting the business. To protect their assets, The Bank chose Check Point SandBlast and SandBlast Agent. With these products the bank is able to proactively detect and prevent zero-day attacks and unknown malware from the web and email, significantly reducing remediation efforts.
Protecting Users from Malware
Before choosing Check Point, the bank had been expending resources and man-hours every week remediating issues caused by malware entering the network and infecting the endpoints.
The bank’s network security was jeopardized when internal users visited websites that were malicious or had been compromised. The websites would download malicious content, some of which they had never seen before, infecting the users’ machines.
In addition, spam emails and embedded word documents were getting through the Bank’s firewall and reaching the end users. When users opened the malicious files, it was already too late. The executable code in them would enable attacks on the endpoints. The IT security team had to engage remediation procedures which could take hours or even days. The bank needed to find a solution that would detect the malicious files before they arrived at the endpoints and reduce the time spent on remediation.
Zero Day Protection for Both Network and Endpoints
The regional bank chose Check Point SandBlast Network Security to protect its network as it was the market leader and determined after a detailed process of its own tests to be the best in terms of preventing malware. With SandBlast, the bank secured its network from malicious content accessed by users.
As the bank was satisfied with the performance of SandBlast Network Security, it chose Check Point SandBlast Agent to protect its endpoints.
“We went with SandBlast Agent because it was more effective than the agent we were using; there were things slipping through it,” said the Network Security Administrator at the Regional Bank.
In order to test SandBlast Agent, the Network Security administrator threw a lot of malware at it, all of which was blocked.
“You couldn’t really get anything by it”,” said the Network Security Administrator.
Since implementation, SandBlast Agent has been immensely effective in protecting the bank’s users.
Proactively Detecting and Preventing Threats
Check Point SandBlast Zero-Day Protection includes CPU-level detection which proactively identifies advanced Zero-Day threats. This technology is used by the bank for both its network and endpoints.
With their Check Point solutions, the bank is protected even from out-of-band threats such as malware from CD-ROMs and USB drives with access to the machine.
Day-to-Day Efficiency with Simplified Management
With SandBlast Agent, the bank’s daily process of incident review has become much more efficient.
“We really don’t spend a lot of time dealing with information security incidents since we implemented it. It’s easy to manage,” says the Network Security Administrator. “Once you get it deployed, it’s just a matter of monitoring and looking for logs and alerting.”
Improving Visibility with Actionable Forensics
A big factor in the success of SandBlast for the regional bank was the high-granularity of the forensic reports.
“The forensics was definitely a big influence in the reporting and the ability to manage it and push it out.”said the network Security Administrator.
For every security incident, SandBlast Agent not only remediates the infection, but also provides a full incident analysis report, allowing the company to identify vulnerabilities and the types of malware they have encountered. The easy-to-understand reports paint a full picture of the incident, providing all the details necessary for a security admin to respond, such as entry point, name of malware, and remediation.
“Our experience with SandBlast has been exceptional,” said the Network Security Administrator.