As part of the Check Point Zero-Day Protection SandBlast solution, the Threat Extraction capability removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.
Proactively protect against threats contained in emailed and web-downloaded documents
Promptly deliver safe content - or sanitized versions of potentially malicious files
Provide complete threat visibility with comprehensive, integrated threat prevention and security management
Documents that we use on a daily basis can contain content within them, including macros or embedded links, that can be exploited to infect your computers and networks. Check Point SandBlast Zero-Day Protection utilizes Threat Extraction technology to eliminate threats by removing exploitable content and reconstructing documents using known safe elements. SandBlast Zero-Day Protection promptly delivers safe, sanitized content to its intended destination, and allows access to original files after completing background analysis by the Threat Emulation engine.
SandBlast Threat Extraction supports the most common document types used in organizations today, including Microsoft Office Word, Excel, and Power Point, and Adobe PDF documents. Administrators can select which of these document types will undergo Threat Extraction when entering the network via email or web download.
Installed as an additional software blade on the gateway as part of the SandBlast Zero-Day Protection solution, SandBlast Threat Extraction is integrated in Mail Transfer Agent-Mode to the email network. It can be applied across the organization, or implemented only for specific individuals, domains, or departments. Administrators can configure included users and groups based upon needs, and can use this to facilitate gradual organizational deployment.
Traditional detection technologies take time to search for and identify threats before blocking them. Due to unacceptable delays, many solutions are deployed only in detect mode, leaving networks vulnerable to threats. SandBlast Zero-Day Protection leverages its Threat Extraction capability to preemptively eliminate delays associated with traditional solutions, reduce risk, and enable real-world deployment in prevent mode.
The SandBlast Web Extension allows users within organizations to utilize threat emulation and extraction from within the browser, protecting users from malware downloaded over the web.
Using SandBlast Agent, the protections of Threat Extraction can now be extended to end-user systems, keeping users safe no matter where they go. For laptop users roaming beyond the perimeter, attacks originating as attachments within emails or web downloads undergo conversion to safe, reconstructed versions with minimal delay.
SandBlast Zero-Day Protection provides flexibility for organizations to select the document protection options that best suit operational needs. For the best protection, it is recommended that documents are reconstructed and converted into a PDF document. Alternatively, organizations can choose to maintain the original document format, and remove content that may pose a threat. This option allows administrators to determine the types of content to remove, from high risk macros to embedded files and external links.
With the Next Generation Threat Prevention & SandBlast™ (NGTX) bundle from Check Point, organizations are able to leverage the protections delivered by Check Point SandBlast Zero-Day Protection, and gain the added protections provided by IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, and Anti-Spam to protect users from downloading malicious files, accessing risky websites, and to stop bot communications before damage is caused. Organizations already leveraging the Next Generation Threat Prevention (NGTP) appliance, can add this capability via the TX bundle.
|Supported File Types||Microsoft Office 2003-2013, Adobe PDF|
|Document Languages Supported||
Latin languages: full support
Non Latin languages: partial support
|Performance||~1% of throughput decrease for 8000 people
1 GB of memory required
|Version and OS||From R77.30 using SecurePlatform or GAiA|
|Web Browser Extension||Currently supported on the following browser types: