As part of the Check Point SandBlast Zero-Day Protection solution, Threat Emulation prevents infections from new malware and targeted attacks. This innovative zero-day threat sandboxing capability within the SandBlast solution delivers the best possible catch rate for threats, and is virtually immune to attackers’ evasion techniques.
Highest catch rate to protect your organization from unknown malware, zero-day and targeted attacks
Stop hackers from evading detection and infiltrating your network, reducing risk of expensive breaches
Provide complete threat visibility with comprehensive integrated threat prevention and security management
CPU-level inspection makes SandBlast even more attractive. It prevents exploits like Return-Oriented Programming attacks, and the sandboxing process is fast. The speed, simplicity, and ease of use mean a lot to us.
Enterprise Security Engineer
Unlike other solutions, Check Point zero-day threat sandboxing uses a unique technology that conducts inspection at the CPU-level to stop attacks before they have a chance to launch.
There are thousands of vulnerabilities and millions of malware implementations, but there are very few methods that cybercriminals utilize to exploit vulnerabilities. The Check Point SandBlast Threat Emulation engine monitors CPU-based instruction flow for exploits attempting to bypass OS security controls.
By detecting exploit attempts during the pre-infection stage Threat Emulation sandboxing stops attacks before they have a chance to evade detection.
Check Point SandBlast Zero-Day Protection conducts further investigation with OS-level sandboxing by intercepting and filtering inbound files and inspecting URLs linked to files within emails by running them in a virtual environment. File behavior is inspected simultaneously across multiple operating systems and versions. Files engaging in suspicious activity commonly associated with malware, such as modifying the registry, network connections, and new file creation, are flagged and further analyzed. Malicious files are prevented from entering your network.
The Threat Emulation engine supports inspection of one the widest range of file types including: MS Office, PDFs, executables, archives, Java, and Flash. In addition, it provides protection against attacks targeting multiple Windows OS environments including Windows XP, Windows 7, and Windows 8.
Unified security management simplifies the monumental task of managing growing threats, devices and users. Newly identified threats caught by the Threat Emulation engine are displayed in Malware Reports and dashboards with infection summaries and trends to provide better visibility into organizational malware threats and risks.
Additionally, a detailed report is generated after any file goes through the sandbox. The report is easy to understand and includes detailed information about any malicious attempts originated by running the file. The report provides actual screenshots of the environment while running the file for any operating system on which it was simulated.
Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point SandBlast looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.
For each new threat discovered by Threat Emulation, a new signature is created and sent to Check Point ThreatCloud, where it is distributed to other Check Point connected gateways. Threat Emulation converts newly identified unknown attacks into known signatures, making it possible to block these threats before they have a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.
Now the advanced protection of Threat Emulation can prevent malware targeting end-user systems while roaming, keeping users safe no matter where they go. SandBlast Agent works with Threat Emulation to detect and block attacks while users are beyond the perimeter, as well as from lateral movement or malware loaded from removable storage devices.
Leveraging the full capabilities of SandBlast Zero-Day Protection, SandBlast Cloud brings proactive protection from sophisticated attacks to Office 365 email users. With the highest malware catch rates, and using CPU-level detection, the Threat Emulation capability within SandBlast Cloud prevents new, unknown and zero-day threats delivered via email and file attachments in cloud-based email environments.
|Threat Emulation (Sandboxing) Specifications|
|Supported file types||Over 40 file types, including Adobe PDF, Microsoft Office, executables, archives, Flash, Java Applets, and PIF|
|Supported Emulation Environments||Microsoft Windows XP, 7, 8
|Deployment options||• Cloud-based Service
• On-premise appliances
• Browser Extension
|Operating Environment||SecurePlatform or GAiA|
|Web Browser Extension||Currently supported on the following browser types:
• Google Chrome