Antivirus Software Blade
Antivirus uses real-time virus signatures and anomaly-based protections from ThreatCloud™, extensive threat intelligence to proactively stop threats and manage security services to monitor your network for rapid incident response and fast attack resolution.
Benefits
Get real-time security intelligence from ThreatCloud
- Leverage the industry's first collaborative network to fight cybercrime
- Identify over 4.5 million malware signatures and 300,000 malicious websites
- Get update attack information dynamically from worldwide network of sensors and industry’s best malware feeds
- Enhanced by signatures from SandBlast Zero-day Protection
Prevent damage from malware attacks by stopping them at the gateway
- Stop incoming malicious files
- Prevent access to malware infested websites
- Receive up-to-the-minute malware intelligence from the ThreatCloud knowledgebase
Integrated into the Check Point Infinity Architecture
- Activate Antivirus on any Check Point Security Gateway
- Saves time and reduces costs by leveraging existing security infrastructure
- View and manage the "big malware picture" with integrated threat reports in SmartEvent
Features
ThreatCloud is a collaborative network and cloud-driven knowledge base, delivering real-time dynamic security intelligence to security gateways. Intelligence identifies emerging outbreaks and threat trends. ThreatCloud powers Antivirus allowing gateways to investigate constant changes with malware signatures. With processing completed in the cloud, millions of signatures and malware protections can be scanned in real time.
ThreatCloud’s knowledgebase gives you dynamic updates from numerous sources. It uses attack information from worldwide gateways, feeds from a network of global threat sensors, Check Point research labs, and the industry’s best malware feeds. Correlated security threat information is then shared among all gateways collectively.
Prevent access to malicious websites
Antivirus scans outbound URL requests and ensures users do not visit websites known to distribute malware. The constantly updated knowledgebase offers over 300,000 sites from ThreatCloud.
Antivirus offers extensive forensics
Forensics provides administrators and security teams with vital information needed to analyze security events, investigate infections, and assess damages. Antivirus includes:
- Detailed infection information per malware type and/or infected users and machines
- Identified malware names and infection severity
- ThreatWiki – extensive infection information (malware type, description and any available details such as executables run, used protocols etc.)
- Packet capture – view data sent using complete per-session packet capture with SSL/TLS inspection
Antivirus stops incoming malware attacks with 300x more signatures than previous versions. Multiple malware detection engines focused on signature, behavioral, and reputation offer full protection. Check Point security intelligence feeds its ThreatCloud database with real-time data, identifying outbound connections to resources known to contain malicious content.
Integrated malware reports and dashboards
Malware reports and dashboards are integrated in SmartEvent with infection summaries and trends to provide better visibility to organizational malware threats and risks. This allows you to view infected hosts statistics, malware types and activities, trends/changes vs. previous week/month, amount of data sent or received, and more.
Inspect SSL/TLS encrypted traffic
Scan and secure SSL/TLS encrypted traffic passing through the gateway. When traffic is passed through, the gateway decrypts the traffic with the sender’s public key, inspects, and protects, then re-encrypts, sending the newly encrypted content to the receiver.
To protect user privacy and comply with corporate policies, Antivirus offers granularly define exceptions for SSL/TLS inspection. As some encrypted content passing through the gateway does not need to be inspected, it can be bypassed with a simple administrator policy definition.