Check Point Sandblast provides comprehensive protection from modern Internet threats. It uses a combination of techniques including IPS, antivirus, anti-bot, threat extraction, and advanced sandboxing to detect known and unknown threats. The advanced sandboxing analyzes files at the CPU level to provide highly effective detection of evasive malware. Check Point has consistently received recommendations and top ratings from independent testing organizations for its security effectiveness.

1. ©2016 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | orapp@checkpoint.com
Security Engineer - CIS
Комплексная защита от
современных Интернет угроз
с помощью решения
Check Point Sandblast

2. ©2016 Check Point Software Technologies Ltd. 2
Фокус на безопасности и лидерство
► $1,6 Млрд (Оборот)
Оборот в 2015 году
Стратегия Software Blades обеспечивает постоянный рост
► 100% (Безопасность)
Специализация исключительно на ИТ-безопасности
Все компании из Fortune 500 - заказчики Check Point
► Мировое признание
Признание NSS Labs, Gartner, Miercom, SC Magazine
“Leader” в Gartner Enterprise Firewall уже 17 лет
Кому вы доверяете вашу IT безопасность?

3. ©2016 Check Point Software Technologies Ltd. 3
CHECK POINT SOFTWARE TECHNOLOGIES NAMED A LEADER IN
THE
GARTNER MAGIC QUADRANTS FOR
ENTERPRISE NETWORK FIREWALLS3
UNIFIED THREAT MANAGEMENT4
MOBILE DATA PROTECTION5
4 YEARS IN A ROW
SINCE 1997
8 YEARS IN A ROW
3Gartner, Inc., Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D'Hoinne, 22 April 2015.
4Gartner, Inc., Magic Quadrant for Unified Threat Management, Jeremy D’Hoinne, Adam Hils, Greg Young, 07 August 2014.
5Gartner, Inc., Magic Quadrant for Mobile Data Protection, John Girard, 08 September 2014.
3-5Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.

4. ©2016 Check Point Software Technologies Ltd. 4
Key Technology
[Restricted] ONLY for designated groups and individuals​
Unified
Management
Network Security
Next Generation
Threat Prevention
Mobile and
Endpoint
Security
Virtualized Security
/ Cloud Security

5. ©2016 Check Point Software Technologies Ltd. 5
Malware that has not previously been seen,
which can often get past traditional security products
WHAT ARE
Unknown Threats?

6. ©2016 Check Point Software Technologies Ltd. 6
Spear Phishing Email

7. ©2016 Check Point Software Technologies Ltd. 7
Enable Macro…..

8. ©2016 Check Point Software Technologies Ltd. 8
Boom…..

9. ©2016 Check Point Software Technologies Ltd. 9
• Encrypts local content rendering user files unusable
• In many cases then encrypts network storage
o Impacting many more users
• Once encrypted, almost no chance to decrypt yourself
• Two choices
o Reimage and restore, losing work since last backup
o Pay up
[Protected] Non-confidential content​
Damage and Response

10. ©2015 Check Point Software Technologies Ltd. 10
How are these bypassing AV?
Exploit kits turn known
into unknown
So long bankers…hello crypto lockers
[Protected] Non-confidential content​
Polymorphic changes
Packing and Obfuscation

11. ©2016 Check Point Software Technologies Ltd. 12
CHECK POINT
Next-Generation Threat Prevention

12. ©2016 Check Point Software Technologies Ltd. 13[Restricted] ONLY for designated groups and individuals​
IPS
Anti Virus
SandBlast
Anti Bot
SandBlast Agent
Комплексный подход
SECURITY GATEWAY

13. ©2016 Check Point Software Technologies Ltd. 14[Restricted] ONLY for designated groups and individuals​
Check Point IPS

14. ©2016 Check Point Software Technologies Ltd. 15[Protected] Non-confidential content
Check Point IPS
Prevents Exploits of Known Vulnerabilities
Enforce Protocol
Specifications
Detect Protocol
Anomalies and Attacks
Signature based
Engine

15. ©2016 Check Point Software Technologies Ltd. 16
©2016 Check Point Software Technologies Ltd.
16
3466
3140
1297
813
# CVE's
# CVE's in Recommended Profile
Microsoft CVE's
Adobe CVE's
2260
3443
2082
2685
2984
854
1129
716
1177 1168
540
805
468
770 705
Number of CVE’s covered by IPS (2010-2016)
Information is current as of Jan 2010 - May 2016 | Source: Check Point Advisories| Palo Alto ThreatVault |Fortinet FortiGuard|Mcafee Threat Intelligence|Tipping Point Digital Vaccine|SourceFire Advisories

16. ©2016 Check Point Software Technologies Ltd. 17
NSS LABS- Check Point’s Track Record of
Security Leadership and Excellence!
IPS Recommended – Jan 2011
Best integrated IPS Security Score of 97.3%!
NGFW Recommended – April 2011
World’s first NSS Recommended NGFW!
FW Recommended – April 2011
Only vendor to pass the initial test!
NGFW Recommended – Jan 2012
Continued NGFW Leadership and Excellence!
IPS Recommended – July 2012
Leading integrated IPS Security Score of 98.7%!
FW Recommended – Jan 2013
Best Security + Management score of 100%!
IPS Individual Test – Feb 2013*
61000 IPS Security Score of 99%! 26.5G IPS
IPS Recommended – Nov 2013
100% Management score and Best annual Management Labor Cost (Upkeep and Tuning)!
NGFW Recommended – Feb 2013
Best Security + Management Score of 98.5%!
• Individual product test and not part of a Group Test.
NSS only awards “Recommended” in Group Tests.
NGFW Recommended – Sept 2014
4th NGFW Recommended
BDS Recommended – Aug 2015
1st time tested , 100% unknown malware catch-rate
©2016 Check Point Software Technologies Ltd.
17
NGFW Recommended – Mar 2016
Best Catch rate 99.8%Continuing Leadership and Excellence …
NGFW Recommended – Mar 2016
99.8% Catch rate and 5th NSS NGFW Recommended!

17. ©2016 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals​
Check Point
Network AV

18. ©2016 Check Point Software Technologies Ltd. 19[Protected] Non-confidential content
Check Point Anti-Virus
Blocks Download of Known Malware
Signatures and MD5 based
Engines
Malware Feeds Blocks Access to Malware
Sites

19. ©2016 Check Point Software Technologies Ltd. 20[Restricted] ONLY for designated groups and individuals​
Check Point
Network Anti Bot

20. ©2016 Check Point Software Technologies Ltd. 21
Stop Traffic to
Remote Operators
Multi-tier
Discovery
Check Point Anti-Bot
[Protected] Non-confidential content
Blocks Bot Communication
PREVENT
Bot Damage
IDENTIFY
Bot infected
Devices
Reputation Patterns SPAM

21. ©2016 Check Point Software Technologies Ltd. 22[Protected] Non-confidential content​

22. ©2016 Check Point Software Technologies Ltd. 23
PROTECT FROM THE UNKNOWN
Rapid delivery
of sanitized
content
PROACTIVE
PREVENTION
Evasion
resistant
malware
detection
ADVANCED
SANDBOX

23. ©2016 Check Point Software Technologies Ltd. 24
Sandblast Threat Extraction
Providing Clean Files
B E F O R E A F T E R
Malware Activated Malware Removed
Immediate Access. Proactive Prevention. Attack Visibility.

24. ©2016 Check Point Software Technologies Ltd. 25[Restricted] ONLY for designated groups and individuals​
.cleaned.doc.pdf
Less than 1% of users need the original
For those who do, it’s a simple click
Original becomes available after found clean by the sandbox

25. ©2016 Check Point Software Technologies Ltd. 26[Restricted] ONLY for designated groups and individuals
Examine:
• System Registry
• Network Connections
• File System Activity
• System Processes
Open and detonate any files
THE TRADITIONAL SANDBOX
HOW IT WORKS (1st Generation)
Watch for telltale signs of malicious code
at the Operating System level
TH R E AT C O N TAI N E D

26. ©2016 Check Point Software Technologies Ltd. 27
VULNERABILITY
EXPLOIT
SHELLCODE
MALWARE
©2016 Check Point Software Technologies Ltd.
THE ONLY SANDBOX WITH CPU-LEVEL TECHNOLOGY
Traditional Sandbox
• Behavioral detection
• Can be evaded
SANDBLAST
• CPU-Level detection
• EVASION RESISTANT

27. ©2015 Check Point Software Technologies Ltd. 28
28©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
A
B C
D
E
F
CPU OPERATION
Normal execution

28. ©2015 Check Point Software Technologies Ltd. 29
29©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
ROP EXPLOIT
(Return Oriented
Programming)
A
B C
D
E
F2
1
3
4
5
6 Hijacks small pieces
of legitimate code
from the memory
and manipulates
the CPU to load and
execute the actual
malware.

29. ©2016 Check Point Software Technologies Ltd. 30[Protected] Non-confidential content
• Highest catch rate
• Evasion-resistant
• Efficient and fast
• Unique to Check Point
CPU-LEVEL &
OS-LEVEL
EXPLOIT
DETECTION

30. ©2016 Check Point Software Technologies Ltd. 31
Борьба с атаками нулевого дня
INSPECT EMULATE
PREVENTSHARE
On site Dedicated APPLIANCESECURITY GATEWAY
Exe files, PDF and
Office documents

31. ©2015 Check Point Software Technologies Ltd. 32
32©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 32©2014 Check Point Software Technologies Ltd.
14,000,000+
FILES INSPECTION / WEEK
February 2016
THREAT EMULATION
CLOUD SERVICE:
55,000+
UNKNOWN MALWARE
DETECTION / WEEK
February 2016
We have the experience!

32. ©2016 Check Point Software Technologies Ltd. 33[Restricted] ONLY for designated groups and individuals​
Block UNKNOWN and ZERO-DAY ATTACKS in Microsoft Office 365™
SANDBLAST CLOUD PROTECTS CLOUD-BASED EMAIL
• Advanced Threat Prevention for Office 365
• Fast and Transparent User Experience
• Easy to Deploy and Manage
OFFICE 365 PROTECTION

33. ©2016 Check Point Software Technologies Ltd. 34
INTRODUCING…
THE POWER TO PROTECT. THE INSIGHT TO UNDERSTAND.

34. ©2016 Check Point Software Technologies Ltd. 35
SANDBLAST
CLOUD
Eliminate Zero Day Malware at the Endpoint
[Restricted] ONLY for designated groups and individuals​
Web downloads sent
to SandBlast cloud1 Sanitized version
delivered promptly2 Original file emulated
in the background3

35. ©2016 Check Point Software Technologies Ltd. 36
CONVERT to PDF for best security,
or SANITIZE keeping the original
format
Instant Protection for Web Downloads
[Restricted] ONLY for designated groups and individuals​

36. ©2016 Check Point Software Technologies Ltd. 37
Access to the Original File
[Restricted] ONLY for designated groups and individuals​
Only After Threat Emulation
when verdict is benign
Self-Catered
No Helpdesk Overhead

37. ©2016 Check Point Software Technologies Ltd. 38
SANDBLAST
CLOUD
Browser Extension
Web downloads
Threat Extraction &
Threat Emulation
File-System Monitor
Any file copied or created
Threat Emulation
Zero-day Protection – in two layers

38. ©2016 Check Point Software Technologies Ltd. 40
Collect Forensics Data and Trigger Report
Generation
[Restricted] ONLY for designated groups and individuals​
FORENSICS data
continuously collected
from various OS sensors1Report generation
automatically triggered
upon detection of network
events or 3rd party AV
2
Digested incident
report sent to
SmartEvent4Processes
Registry
Files
Network
Advanced
algorithms analyze
raw forensics data3

39. ©2016 Check Point Software Technologies Ltd. 42
SandBlast – A Recognized Leader
COOLEST
CYBERSECURITY
PRODUCTS
2 0 1 5
Leader in the Forrester WaveTM
For Advanced Malware Analysis, Q2 2016
Highest Overall Score, Top Score for Strategy
Top-scoring ‘Recommended’ Vendor
Breach Detection Systems, 2015
Leading TCO @ $27 / Protected Mbps
100% Malware
Catch Rate
Highest Detection
Rate of Malicious URLS

40. ©2016 Check Point Software Technologies Ltd.
SUMMARY
[Protected] Non-confidential content

41. ©2016 Check Point Software Technologies Ltd. 44
Family of Solutions
Staying One Step Ahead of
Zero-Day Attacks
SandBlast Appliance GW + Cloud Service
ENDPOINT OFFICE 365™ EMAILNETWORK

42. ©2016 Check Point Software Technologies Ltd. 45
One Step Ahead in
Zero-Day Protection
Proactive
Prevention
Catches
More
Malware
Complete
Integrated
Protection
Emulation
CPU-Level
Detection
Threat
Extraction
Threat
Prevention Suite

43. ©2016 Check Point Software Technologies Ltd. 46©2015 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Olexandr Rapp | orapp@checkpoint.com
Security Engineer – CIS
QUESTIONS