Anti-Bot Software Blade

A bot is malicious software that allows cyber criminals to remotely control computers and execute illegal activities such as stealing data, spreading spam and distributing malware. Check Point Anti-Bot detects bot-infected machines, prevents bot damages by blocking bot C&C communications, and continually updates from ThreatCloud, the first collaborative network to fight cyber crime.


Discover bot outbreaks, detect Advanced Persistent Threats (APT) and stop bot damage

  • Detect infected hosts with our unique multi-tier technology
  • Combine information on remote operator hideouts, botnet communication patterns and attack behavior to accurately identify bot outbreaks
  • Receive up-to-the-minute bot intelligence from the ThreatCloud knowledge base
  • Prevent damage by blocking bot communication between infected hosts and a remote operator

Real-time security intelligence delivered from ThreatCloud

  • Leverage industry's first collaborative network to fight cybercrime
  • Analyze over 75 million addresses daily for bot discovery
  • Dynamically update attack information from worldwide network of sensors and industry’s best malware feeds

First integrated Anti-Bot network solution

  • Integrates threat prevention technologies in a single gateway – IPS, Antivirus, Anti-Spam, Anti-Bot and SandBlast Zero-day Protection
  • Manage access control and threat prevention policy from a single console
  • Investigate infections and easily assess damages with extensive forensics tools in SmartEvent

Our Check Point solution integrates all the security blades we need, such as Anti-Bot and DLP, so we don’t have to pay $20,000 or more to purchase separate security products. Also, we don’t have to manage devices. Instead, we get a complete view of
the security in one place.

Victor Tu

Director of Network Security

SF Police Credit Union



Complete Anti-Bot Solution

Complete Anti-Bot solution integrated into the Check Point Infinity Architecture

  • Discover, stop and assess bot damages on premise and in public and private clouds
  • Unified and centralized policy and event management
  • Included in Check Point Next Generation Threat Prevention
  • Protect endpoints with SandBlast Agent; includes Anti-Bot and SandBlast Zero-day Protection

Multi-Tier Bot Detection Engine

Using Multi-Tier Bot Detection Engine discovers infections by correlating multiple detection methods

  • Reputation – evaluating IPs, URLs, and DNS addresses to determine whether outbound traffic is destined for known botnet Command and Control (C&C) sites.
  • Patterns – detecting unique botnet family communication patterns (over multiple protocols such as HTTP, DNS and SMTP)
  • Bot damages and actions by detecting attack types, such as spam (leveraging outbound mail analysis) and click fraud, as well as anomalies (irregular ports, protocols)
  • Updates security intelligence in real-time by ThreatCloud

Integrated Malware Reports and Dashboards

Malware reports and dashboards are integrated with SmartEvent with infection summaries and trends to provide better visibility to organizational malware threats and risks

  • View infected hosts statistics, malware types and activities, trends/changes vs. previous week/month, amount of data sent or received and more


Inline Bot Prevention

Inline bot prevention – block bot communications from infected hosts.

  • Support inline and out-of-band deployment topologies
  • Block bot specific communication to C&C sites to neutralize bot damages
  • Ensure work continuity by blocking only bot traffic, yet allowing good traffic to continue

ThreatCloud Real-Time Security Intelligence Feeds

ThreatCloud is a collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. The security intelligence identifies emerging outbreaks and threat trends. ThreatCloud powers Anti-Bot, allowing gateways to investigate always-changing IP, URL and DNS addresses where Command and Control Centers are known. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time.

The ThreatCloud knowledge base updates dynamically using feeds from a network of global threat sensors, attack information from worldwide gateways, Check Point research labs and the industry’s best malware feeds. Correlated security threat information is then shared among all gateways collectively.

Extensive Forensics

Forensics provides administrators and security teams with the information they need to analyze security events, investigate infections and assess damages.

  • Detailed infection information per malware type and/or infected users and machines
  • Identify bot names, amount of data sent and infection severity
  • Key bot actions – identify suspicious activities such as participating in DDoS attacks, self-distribution attempts, and participating in click fraud
  • ThreatWiki – extensive infection information (malware type, description and any available details such as the executables run, the protocols used etc.)
  • Packet capture – view data sent using complete per-session packet capture with SSL/TLS inspection

Extended Protection to Endpoints

Anti-Bot capabilities are also available in the optional SandBlast Agent, extending post-infection protection to end-user systems, to keep users safe no matter where they go. Malware contracted while roaming outside the network perimeter will be detected, and Command & Control activity blocked. With the addition of SandBlast Agent, more information is available for Anti-Bot detections, including the specific system and process demonstrating suspicious behavior, even when behind a NAT router.

Learn More

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO