Check Point Antivirus uses real-time virus signatures and anomaly-based protections from ThreatCloud™, the first collaborative network to fight cyber crime, to detect and block malware at the gateway before users are affected.
Real-time security intelligence delivered from ThreatCloud
Prevent damage from malware attacks by stopping them at the gateway
Integrated into the Check Point Infinity Architecture
ThreatCloud is a collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. ThreatCloud powers Antivirus allowing gateways to investigate always-changing malware signatures. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time.
ThreatCloud’s knowledgebase is dynamically updated using attack information from worldwide gateways, feeds from a network of global threat sensors, Check Point research labs and the industry’s best malware feeds. Correlated security threat information is then shared among all gateways collectively.
Antivirus scans outbound URL requests and ensures users do not visit websites that are known to distribute malware. The knowledgebase is updated in real-time with over 300,000 sites from the ThreatCloud and is constantly updated.
Forensics – Provide administrators and security teams with the information they need to analyze security events, investigate infections and assess damages
Check Point Antivirus stops incoming malware attacks with 300x more signatures than previous versions. Multiple malware detection engines are utilized to protect your network, including signature, behavioral and reputation engines. Check Point security intelligence constantly feeds its ThreatCloud database with real-time data, allowing identification of outbound connections to resources that are known to contain malicious content.
Malware reports and dashboards are integrated in SmartEvent with infection summaries and trends to provide better visibility to organizational malware threats and risks.
Scan and secure SSL/TLS encrypted traffic passing through the gateway. When traffic is passed through, the gateway decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts, sending the newly encrypted content to the receiver.
Granularly define exceptions for SSL/TLS inspection to protect user privacy and comply with corporate policy. Some encrypted content passing through the gateway should not be inspected, and therefore can be bypassed with a simple administrator policy definition.