SandBlast Threat Extraction

Prompt delivery of safe content

Documents that we use on a daily basis can contain content within them, including macros or embedded links, that can be exploited to infect your computers and networks. Check Point SandBlast Zero-Day Protection utilizes Threat Extraction technology to eliminate threats by removing exploitable content and reconstructing documents using known safe elements.  SandBlast Zero-Day Protection promptly delivers safe, sanitized content to its intended destination, and allows access to original files after completing background analysis by the Threat Emulation engine.

Protects most common file types

SandBlast Threat Extraction supports the most common document types used in organizations today, including Microsoft Office Word, Excel, and Power Point, and Adobe PDF documents. Administrators can select which of these document types will undergo Threat Extraction when entering the network via email or web download.

Easy to deploy

Installed as an additional software blade on the gateway as part of the SandBlast Zero-Day Protection solution, SandBlast Threat Extraction is integrated in Mail Transfer Agent-Mode to the email network. It can be applied across the organization, or implemented only for specific individuals, domains, or departments. Administrators can configure included users and groups based upon needs, and can use this to facilitate gradual organizational deployment.

Proactive protection

Traditional detection technologies take time to search for and identify threats before blocking them.  Due to unacceptable delays, many solutions are deployed only in detect mode, leaving networks vulnerable to threats.  SandBlast Zero-Day Protection leverages its Threat Extraction capability to preemptively eliminate delays associated with traditional solutions, reduce risk, and enable real-world deployment in prevent mode.

Web browser extension

The SandBlast Web Extension allows users within organizations to utilize threat emulation and extraction from within the browser, protecting users from malware downloaded over the web.

Extended protection to endpoints

Using SandBlast Agent, the protections of Threat Extraction can now be extended to end-user systems, keeping users safe no matter where they go. For laptop users roaming beyond the perimeter, attacks originating as attachments within emails or web downloads undergo conversion to safe, reconstructed versions with minimal delay.

Flexible protection options

SandBlast Zero-Day Protection provides flexibility for organizations to select the document protection options that best suit operational needs. For the best protection, it is recommended that documents are reconstructed and converted into a PDF document. Alternatively, organizations can choose to maintain the original document format, and remove content that may pose a threat. This option allows administrators to determine the types of content to remove, from high risk macros to embedded files and external links.

Bundled for the best protection

With the Next Generation Threat Extraction (NGTX) bundle from Check Point, organizations are able to leverage the protections delivered by Check Point SandBlast Zero-Day Protection, and gain the added protections provided by IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, and Anti-Spam to protect users from downloading malicious files, accessing risky websites, and to stop bot communications before damage is caused.  Organizations already leveraging the Next Generation Threat Prevention (NGTP) appliance, can add this capability via the TX bundle.