Hackers are increasingly targeting enterprise networks using sophisticated tools such as new zero-day threats. A more proactive security approach is required to identify and stop such attacks. SandBlast Zero-Day Protection elevates network security to the next level with evasion-resistant malware detection, and complete protection from even the most dangerous attacks – ensuring quick delivery of safe content to your users.
Stop hackers from evading detection and infiltrating your network, reducing risk of expensive breaches or downtime
Promptly deliver sanitized versions of potentially malicious files – maintaining uninterrupted business flow
Maximize operational value, minimize Total Cost of Ownership, and provide complete threat visibility with integrated threat prevention and security management
CPU-level inspection makes SandBlast even more attractive. It prevents exploits like Return-Oriented Programming attacks, and the sandboxing process is fast. The speed, simplicity, and ease of use mean a lot to us.
Enterprise Security Engineer
Check Point SandBlast Zero-Day Protection provides complete protection against the most dangerous zero-day and targeted attacks at the network, using two core technologies: Threat Emulation and Threat Extraction.
The combination of these cutting-edge technologies makes SandBlast uniquely capable of identifying the most sophisticated, zero-day threats in their infancy, before malware has an opportunity to deploy and even attempt to evade detection, while ensuring quick delivery of safe content to users.
Unlike other solutions, Check Point SandBlast Zero-Day Protection uses a unique technology that does inspection at the CPU-level to stop attacks before they have a chance to launch.
There are thousands of vulnerabilities and millions of malware implementations, but there are very few methods that cyber criminals utilize to exploit vulnerabilities. The Check Point SandBlast Threat Emulation engine monitors CPU-based instruction flow for exploits attempting to bypass operating system and hardware security controls.
By detecting exploit attempts during the pre-infection stage, Check Point SandBlast Threat Emulation sandboxing stops attacks before they have a chance to evade detection by the sandbox.
Check Point SandBlast Zero-Day Protection conducts further investigation with OS-level threat emulation by intercepting and filtering inbound files and inspecting URLs linked to files within emails by running them in a virtual environment. File behavior is inspected simultaneously across multiple operating systems and versions. Files engaging in suspicious activity commonly associated with malware, such as modifying the registry, network connections, and new file creation are flagged and further analyzed. Malicious files are prevented from entering your network.
A detailed report is generated for each file emulated and found to be malicious. The easy to understand report includes file details and information about any abnormal activity or malicious attempts originated by running the file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.
Newly discovered threats are sent to the ThreatCloud intelligence database. Each newly discovered threat signature is distributed across the ThreatCloud ecosystem to protect other Check Point connected gateways. This enables connected gateways to block the new threat before it has a chance to become widespread. Constant collaboration makes ThreatCloud the most advanced and up-to-date threat Intelligence network available.
When it comes to threat protection, it doesn’t have to be a trade-off between speed, coverage and accuracy. Unlike other solutions, Check Point SandBlast Zero-Day Protection can be deployed in detect and prevent mode, while still maintaining uninterrupted business flow.
Our Threat Extraction component within Check Point SandBlast eliminates threats by removing risky content such as macros or embedded links and then reconstructs the document using only known safe elements.
Unlike detection technologies that require time to search for and identify threats before blocking them, Threat Extraction preemptively eliminates risk, ensuring prompt delivery of safe documents.
Check Point SandBlast Zero-Day Protection secures a wide range of the most common document types used in organizations today, from Microsoft Office Word, Excel, Power Point and Adobe PDFs to archive files.
Check Point SandBlast Threat Emulation supports multiple deployment options, providing a cost-effective solution for virtually any size organization. Files can be sent from existing gateways to either the SandBlast cloud-based service or to an on-premise appliance available with a range of throughput capacities.
Installed as an additional software blade on the gateway, Check Point SandBlast Threat Extraction can be applied across the entire organization, or implemented only for specific individuals, domains, or departments. Administrators can configure included users and groups based upon their needs, easily facilitating gradual deployment to the organization.
Check Point SandBlast Zero-Day Protection is fully integrated with Check Point Security Management, allowing creation of security policies and profiles, and configuration from a unified platform. Check Point SmartEvent provides visibility and reporting across your organization’s threat horizon, enabling rapid investigation and resolution of security events.
With the Next Generation Threat Extraction (NGTX) bundle, organizations are able to leverage the protections delivered by Check Point SandBlast Zero-Day Protection, and gain the added protections provided by IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, and Anti-Spam on any Check Point gateway. This comprehensive protection keeps users from downloading malicious files, accessing risky websites, and stops bot communications before damage occurs.
|Supported File Types||Over 40 file types, including: Adobe PDF, Microsoft Office, EXE, files in archives, Flash, Java Applets, and PIF|
|Supported Emulation Environments||Microsoft Windows XP, 7, 8
Microsoft Office; Adobe Reader
|Operating Environment||SecurePlatform or GAiA|
|Supported File Types||Microsoft Office 2003-2013, Adobe PDF|
|Performance||~1% of throughput decrease for 8000 people
1 GB of memory required
|Version and OS||From R77.30 using SecurePlatform or GAiA|
SANDBLAST – NETWORK SECURITY: DEPLOYMENT OPTIONS
|Distributed Deployment – Check Point security gateways, deployed across the network and acting as sensors, send files and objects to be inspected by one or more SandBlast appliances.|
|SandBlast Service – Files can be sent to the cloud-based service for emulation and analysis from an existing security gateway or from an agent for Exchange server. No infrastructure changes are required at the organization. The cloud-based service enables centralized management and visibility of both threat and service usage information.|
|Inline or Span-Port Deployment – Connect the SandBlast appliance inline – files and objects are examined inline by the SandBlast appliance|
|MTA – Acting as a Mail Transfer Agent, the Check Point security gateway receives incoming mails, and scans or cleans their content before forwarding it to the next hop mail server – MTA supports both Threat Emulation and Threat Extraction|
|Threat Prevention API – Open API allows sending files to the SandBlast appliance for inspection by Threat Emulation and Threat Extraction|