Protect endpoints from today’s most sophisticated attacks and zero-day threats
Neutralize the impact of malware infections contracted through unprotected channels, minimizing potential damages
Enable deep understanding of security events for faster response
Simple, low overhead deployment optimizes existing investments in network security, endpoint tools and management infrastructure
Those of us on the front lines of enterprise security see the reality of modern hacking techniques, where anti-virus solutions are becoming less dependable against these newer threats. It is critical not only to do the best job possible detecting the latest malware, but also to respond rapidly as events occur. By preventing more attacks from reaching our users, and then empowering our team to quickly contain threats before they can impact operations, we allow our highly mobile workforce to manage their business with confidence.
Community Newspaper Group
Check Point SandBlast Agent extends the proven protections of SandBlast Zero-Day Protection to endpoint devices. By quickly inspecting files in a virtual sandbox, Threat Emulation discovers malicious behavior and prevents infection from new malware and targeted attacks. Threat Extraction reconstructs downloaded files, eliminating potential threats and promptly delivering a safe version to users.
With a local version of Anti-Bot security protection, continuously updated with the latest Threat Intelligence data via ThreatCloud, SandBlast Agent identifies and blocks bot communications with command and control servers to contain and quarantine any infected hosts.
SandBlast Agent secures endpoint devices from threats delivered via:
The forensics capability within SandBlast Agent provides full visibility by monitoring and recording all endpoint events, including files affected, processes launched, system registry changes and network activity. SandBlast Agent is able to trace and report the steps taken by malware, including zero-day threats. Continuous monitoring by SandBlast Agent ensures that data is available after a completed attack, even those based on malware techniques that remove files and other indicators of compromise left on the system.
The forensics capability within SandBlast Agent allows you to view event reports, triggered from the gateway or endpoint itself, from a central location using SmartEvent. Security Administrators can also generate reports for known malicious events, providing a detailed cyber kill chain analysis. These reports provide actionable incident analysis, accelerating the process of understanding the complete attack lifecycle, damage and attack vectors.
The forensics analysis process automatically starts when a malware event occurs. Using a combination of advanced algorithms and deep analysis of the raw forensic data, it builds a comprehensive incident summary. The summary provides key actionable attack information, including:
This comprehensive attack diagnostics and visibility supports remediation efforts. System administrators and incident response teams can swiftly and efficiently triage and resolve attacks, getting your organization back to business as usual quicker.
SandBlast Agent works in conjunction with Antivirus and other security solutions from Check Point, as well as from other vendors. It enhances the detection capabilities of existing Antivirus products, enabling protection from advanced threats and providing actionable incident analysis.
When triggered by an event or investigation request by another Check Point component or third-party solution, endpoint forensics logs are analyzed to generate reports viewable in SmartEvent and SmartLog.
SandBlast Agent can be quickly deployed and all policies are managed centrally through SmartCenter. Access to the event logs and incident reports is provided though SmartEvent and SmartLog, providing deep insight to understand even the most advanced attacks.
The non-intrusive, low-overhead deployment utilizes a SandBlast remote sandbox running as a service–on either the SandBlast Cloud or your own private appliances–resulting in minimal impact on local performance and full compatibility with installed applications.
|Operating System||• Windows 7, 8, and 10|
(For SandBlast Browser Extension)
• Internet Explorer 10 and above
THREAT EMULATION AND THREAT EXTRACTION
|Supported Content Channels||• SandBlast Browser Extension
• File-System monitor (Threat Emulation only)
|Supported File Types – Threat Extraction||• Adobe PDF
• Microsoft Word, Excel, and PowerPoint
|Supported File Types – Threat Emulation||Over 40 file types, including:
• Adobe PDF
• Microsoft Word, Excel, and PowerPoint
• Executables (EXE, COM, SCR)
• Shockwave Flash - SWF
• Rich Text Format – RTF
|Threat Emulation and Extraction Deployment Options||• SandBlast Cloud
• SandBlast Appliance
|Enforcement Modes||• Detect and alert
• Block (background & hold modes)
|Analysis Triggers||• Anti-Bot detection on the network
• Anti-Bot detection on the endpoint
• Threat Emulation detection on the network
• Check Point Antivirus detection on the endpoint
• Third-party Antivirus detection on the endpoint
• Manual Indicators of Compromise (IoCs)
|Damage Detection||• Automatically identify: Data exfiltration, data manipulation or encryption, key logging|
|Root Cause Analysis||• Automatically trace and identify root cause across multiple system restarts|
|Malware Flow Analysis||• Automatically generated interactive graphic model of the attack flow|
|Malicious Behavior Detection||• Over 40 malicious behavior categories
• Hundreds of malicious indicators
|Policy Management||• Endpoint Policy Management (EPM)|
|Event Monitoring||• SmartLog
|Endpoint Management Version||• E80.63 and above|
|Endpoint Management - Available Packages||• Included as standard with SmartCenter and Smart-1 appliances
• Available as a software license