Stop attacks with award-winning technology and expert analysis
Update your protections with ThreatCloud collaborative intelligence
Provide security monitoring, visibility and compliance
IPS, Anti-Bot and Antivirus Software Blades defend your network against both external and internal (bot) threats.
The IPS Software Blade provides industry-leading IPS protection with breakthrough performance. This full-featured IPS solution provides real-time and preemptive protection against emerging threats and vulnerabilities.
The Anti-Bot Software Blade detects infected hosts on your network with its unique multi-tier ThreatSpect™ engine. Receiving up-to-the-minute bot intelligence from the ThreatCloud knowledge base, it combines information on remote operator hideouts, botnet communication patterns and attack behavior to accurately identify bot outbreaks. It also prevents damage by blocking bot communication between infected hosts and the botnet’s command and control centers.
The Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the gateway, before users are affected.
ThreatCloud is a collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time.
ThreatCloud’s knowledge base is dynamically updated using feeds from a network of global threat sensors, attack information from gateways around the world, Check Point research labs and the industry’s best malware feeds. Based on the resulting security intelligence, updated protections and signatures are created and transmitted to your Check Point gateway. In addition, correlated security threat information is available in your web-based Service Portal so that you can maintain a regional and global perspective of current threats.
Your security logs are uploaded and securely stored at the Check Point SOC for automated threat analysis – without generating any noticeable load on your Internet connection.
The logs are processed by an analytics engine that normalizes them into events, stores them in the database. They are then correlated with previous events and alerts on both your and other service subscribers’ gateways. A variety of rules are applied to decide whether a new alert needs to be generated.
You can choose a service level that fits your needs:
For subscribers to the Premium and Elite versions of the ThreatCloud Managed Security Service, a Check Point expert analyst reviews all of your alerts, in order to verify the criticality of each one, and determine whether an immediate action is required.
If the analyst judges the alert to be critical (e.g., a real attack is now occurring, a vulnerability in your network has been discovered, or an infection is evident), the analyst opens a “ticket”.
Tickets document the interaction between the service SOC and you, and are kept open until the issue is resolved. All past tickets are available for review and discussion in the service portal. In cases that require immediate response, the SOC expert can also contact you by phone at your option.
The Web Portal securely connects to the service’s web server, and provides you with several informative views of the activity on your gateway, event and alert occurrences, as well as the real-time security intelligence that ThreatCloud provides.
A Check Point security expert tunes your gateway’s protection policy periodically, optimizing your security and throughput performance.
The frequency of tuning varies with the service level; for Standard customers, tuning is performed yearly. Premium and Elite customers receive quarterly protection tuning.