SandBlast Threat Emulation Sandboxing

Evasion resistant detection using cutting edge CPU-level technology

Unlike other solutions, Check Point zero-day threat sandboxing uses a unique technology. Conducting inspection at the CPU-level to stop attacks before they have a chance to launch.

There are thousands of vulnerabilities and millions of malware implementations, but very few methods that cybercriminals utilize to exploit vulnerabilities.  The Check Point SandBlast Threat Emulation engine monitors CPU-based instruction flow for exploits attempting to bypass OS security controls.

By detecting exploit attempts during the pre-infection stage Threat Emulation sandboxing stops attacks before they have a chance to evade detection.

Identify more malware

Check Point SandBlast Zero-Day Protection conducts further investigation with OS-level sandboxing by intercepting and filtering inbound files and inspecting URLs linked to files within emails by running them in a virtual environment. Multiple operating systems and versions inspect file behavior simultaneously. Files engaging in suspicious activity commonly associated with malware are flagged and further analyzed. This prevents malicious files are from entering your network.

Analyze over 40 file types and support multiple operating systems

The Threat Emulation engine supports inspection of one the widest range of file types including: MS Office, PDFs, executables, archives, Java, and Flash. In addition, it provides protection against attacks targeting multiple Windows OS environments including Windows XP, Windows 7, and Windows 8.

Full visibility into attack attempts with integrated security management and detailed reporting

Unified security management simplifies the monumental task of managing growing threats, devices and users. Malware Reports and dashboards display newly identified threats caught by the Threat Emulation engine with infection summaries and trends to provide better visibility into organizational malware threats and risks.

Additionally, a detailed report is generated after any file goes through the sandbox. The report is easy to understand and includes detailed information about any malicious attempts originated by running the file. The report provides actual screenshots of the environment while running the file for any operating system during simulation.

Uncover encrypted threats

Files delivered into the organization over SSL and TLS represent a secure attack vector that bypasses many industry standard implementations. Check Point SandBlast looks inside SSL and TLS tunnels to extract and launch files to discover threats hidden in those protected streams.

Collaboration for the best protection

When Threat Emulation discovers a new threat, a new signature is created and sent to Check Point ThreatCloud, where it is distributed to other Check Point connected gateways. Threat Emulation converts newly identified unknown attacks into known signatures, making it possible to block these threats before they have a chance to become widespread. This constant collaboration makes the ThreatCloud ecosystem the most advanced and up-to-date threat network available.

Implementation flexibility to fit any organization

• Cloud-based service – Files can be sent to the cloud-based service for emulation and analysis from an existing security gateway or from an agent for Exchange server. No infrastructure changes are required at the organization. The cloud-based service enables centralized management and visibility of both threat and service usage information.
• Dedicated appliance – An on-premise solution ideal forcan organizations that prefer not to use cloud applications due to regulatory requirements or privacy concerns. The SandBlast Zero-Day Protection dedicated appliances reduce costs by leveraging your existing security infrastructure. Four options are available to address the performance requirements of your organization.
• Software bundles for the best protection – Check Point SandBlast Zero-Day Protection allows organizations to leverage protections with the Next Generation Threat Prevention & SandBlast™ (NGTX) software bundle. In addition, IPS, Application Control, URL Filtering, Antivirus, Anti-Bot and Anti-Spam provides protection to users from downloading malicious files, accessing risky websites, and stopping bot communications before damage is caused.  Organizations already leveraging the Next Generation Threat Prevention (NGTP) appliance, can add this capability via the TX bundle.
• Web browser extension – The SandBlast Web Extension allows users within organizations to utilize threat emulation and extraction from within the browser, protecting users from malware downloaded over the web.

Extended protection for endpoints with SandBlast Agent

Now the advanced protection of Threat Emulation can prevent malware targeting end-user systems while roaming, keeping users safe no matter where they go. SandBlast Agent works with Threat Emulation to detect and block attacks while users are beyond the perimeter, as well as from lateral movement or malware loaded from removable storage devices.

Best-In-Class Security Expanded To Office 365™ Cloud Email

Leveraging the full capabilities of SandBlast Zero-Day Protection, SandBlast Cloud brings proactive protection from sophisticated attacks to Office 365 email users. With the highest malware catch rates, and using CPU-level detection, the Threat Emulation capability within SandBlast Cloud prevents new, unknown and zero-day threats delivered via email and file attachments in cloud-based email environments.