Check Point Software Technologies

Description of technology

Anti-malware Sandbox

Check Point Sandblast - Sandboxing is a method of detecting malware without knowing the signatures of malicious programs. Files downloaded from the Internet (including PDF, MS Word, MS Excel files) are opened and analyzed to identify dangerous behaviors, e.g. making unauthorized network connections, making unauthorized changes to system files and registry entries, downloading prohibited code from the Internet, etc. Anti-malware Sandbox can operate in integration with a firewall or as a separate security device. File inspection can be performed locally or in the cloud.The main advantage offered by Anti-malware Sandbox is the ability to recognize malicious files downloaded from the Internet (e.g. infected PDF and MS Office documents), that are not detected by signature-based anti-virus protection (so-called 0-day malware). CheckPoint solutions feature a unique Threat Extraction technology that allows eliminating malicious, active content from MS Office documents (e.g. malicious macro) or PDF files (e.g. javascript).

Cloud Security

Check Point CloudGuard - solutions feature the following basic functions: SaaS application control and incident detection in the cloud; detecting sensitive data leaks through cloud applications; detecting malware in the cloud resources of employees. Some CASBs enable retro-inspection — scanning previously saved employee files in cloud resources to detect security breaches (e.g. data leaks, malware distribution). CASB can fully operate in the cloud, it does not require physical devices, access takes place through cloud services API and does not require agents at the endpoint.

Endpoint security

Check Point Endpoint Security - is a comprehensive security suite for desktops, laptops and mobile devices, integrated with Check Point network security measures. The endpoint solution guarantees: Reducing the risk of corporate computers being taken over by criminals, also in situations where employees are outside the company's headquarters and their computers are not protected by company network security measures and in the event of reckless employee behavior (e.g. surfing the Internet from connected GSM modems, connecting unknown flash drives to corporate computers). In addition, the Check Point Endpoint Security can be equipped with MS Office document encryption module, function for analyzing downloaded files in a sandbox environment or anti-phishing options.

Firewall

Check Point Next Generation Firewall - performs the following tasks: controlling not only the port numbers but the applications used by employees (e.g. P2P, Tor, Gmail, Facebook) as well; identifying employees' identity by communicating with Microsoft Active Directory and other authentication systems; executing Intrusion Prevention (IPS) functions and protecting the users' computers against attacks from the Internet (so-called Drive-by Download attacks); conducting anti-virus and IPS inspection of the traffic encrypted with SSL / TLS protocols.

Mobile security

Check Point Sandblast Mobile - the use of smartphones and tablets for business purposes in multiple organizations has become a standard. The use of mobile devices in a safe way requires the use of security measures adequate to the threats and vulnerabilities as well as potential losses that the organization might incur in the event of a security breach. Sandblast Mobile allows monitoring the behavior of applications installed by users and detecting suspicious activities performed by these applications (e.g. accessing the camera, contacts, billings, geolocation). With Sandblast mobile, every malicious application installation attempt will be detected instantly. The solution also allows detecting MITM (man-in-the-middle) attacks by manipulating SSL certificates when connected to an unknown WiFi network.

SCADA/OT Security

SCADA / OT Security - Detects anomalies in industrial networks based on analysis of behavior and matching patterns of malicious activity. Automatically discovers resources, visualizes communication paths up to the lowest levels of the OT network where technological processes are controlled. Passive monitoring only - it does not influence the OT network, no active scanning is required, there is no need to install software on end devices. Sends security alerts to SOC using SYSLOG.

Virtual Security

Check Point CloudGuard - security mechanisms inside a virtual environment provide protection for virtual machines (VM), which can not be provided by external physical security devices, including inspection of network communication within the virtual environment between VMs. The next-generation firewall security functions are integrated with VMWare NSX virtual environment.

Helpful files