How we Collect Infections by the Numbers?

We have to admit there are advantages to being one of largest data security companies in the market. While our appliances and software blades are out protecting businesses around the globe, they are under attack all the time. Hackers have a lot of time on their hands and there is little downside for them to try different attack styles.

Every attack we counter is another method we add to our repository of knowledge. That knowledge database is what we call ThreatCloud. It is a collection of every known threat, where and when it occurred, and how often. Possessing this amount of data gives our analysts insight. But we do not stop there.

At Check Point, we also have our own research team of analysts, developers and yes, hackers who are constantly adding signatures and knowledge into ThreatCloud as well. We call that the human factor because they can spot trends, methods and attack combinations that are on the rise and ensure protections are in place. We know there are external experts that specialize in areas of interest to our customers, so we created API interfaces and a partnership marketplace called IntelliStore.

Through IntelliStore, we currently offer actionable threat intelligence from iSIGHT Partners, CrowdStrike, IID, NetClean, PhishLabs, SenseCy, and ThreatGRID and there will be more to come. Customers can select and customize intelligence feeds from a variety of sources according to their organizations’ needs in specific geographies, vertical industries, and protection types. In addition to IntelliStore, we can also import other sources of threat indicators into the product as well in CSV or STIX XML. By integrating these external feeds into ThreatCloud, customers can extend the capabilities of their existing Check Point gateways with additional relevant feeds.

When we conduct our annual security survey, we select a set of companies reflecting a wide range of industries located globally. We observe a representative set of security gateways, typically between 9,000-10,000 appliances and we analyze the data over a full 12 months.

We then augment that with threat data for unknown malware from Check Point Threat Emulation sensors. Anonymized Threat Emulation data from the security gateways relays into ThreatCloud for aggregation, correlation and advanced analysis.

Finally, we conduct a meta-analysis of over 1,000 Endpoint Security reports in a variety of organizations. This security analysis scans each host to validate data loss risks, intrusion risks and malware risks. Our research team uses our Endpoint Security report tool to checks whether an antivirus solution is running on the host, if the solution is up-to-date, whether the software is running on the latest version, and more. This tool is free and publically available from the Check Point public website.

From these data sources, we create an annual security report. Like other security companies in our space, we produce this data as part of an education process. We want a world of safe computing and all of the advantages it brings, just like you.

For more information on our 2014 Security Report please visit: