Académique Documents
Professionnel Documents
Culture Documents
ZERO-DAY PROTECTION
September 2015
Threat Emulation
with CPU-Level Detection Threat Extraction
Evasion- Prompt
resistant Delivery of safe
malware reconstructed
detection files
Threat Extraction
Deliver safe version of content quickly
THREAT EXTRACTION
O/S Level Emulation CPU-Level Detection
Stops zero-day and unknown malware Catches the most sophisticated malware
in wide range of file formats before evasion techniques deploy
Malware Malware
Safe Doc
Original Doc
Customizable
Protection
Level
Deployment Highlights
SANDBLAST SANDBLAST
APPLIANCE
CLOUD
CHECK POINT
GATEWAY
SANDBLAST
Check Point Security Gateway
CLOUD
Internet (Requires R77 and above)
Threat Emulation
Threat Extraction
O/S Level Sandboxing
(Prompt delivery of
and CPU-Level Detection
reconstructed clean files)
in Cloud
on Local Appliance
Corporate Network (LAN)
Threat Extraction
Threat Emulation (Prompt delivery of
(O/S Level Sandboxing with reconstructed clean files)
Check Point
CPU-Level Evasion detection)
SandBlast Appliance
©2015 Check Point Software Technologies Ltd. 9
Standalone Deployment
Check Point SandBlast
Zero-Day Protection
Standalone Check Point SandBlast Appliance on-premises
Prevent: Inline – Emulate before allowing into network
Detect: Duplicate network traffic (via SPAN port)
Check Point
SandBlast Appliance
Internet Corporate Network (LAN)
Branch
Agent
Branch
SANDBLAST
CLOUD
Headquarters
Threat Emulation
O/S Level Sandboxing and CPU-Level Detection
in Cloud OR/AND On-Premise Appliance
©2015 Check Point Software Technologies Ltd. 11
Threat Emulation
Admin has comprehensive Attack Visibility
Summary
Details
How Attacker bypass ROP – Return Oriented Use clues to locate the useful
OS Security Controls Programming code in memory
Windows
CentOS 77
Mac OS
Mac
Windows 7 (64bit)
Deployment Highlights