Introducing Check Point SandBlast Zero-Day Protection

Cyber threats are continuing to evolve, and hackers are finding new ways to hide malware inside emailed documents, on websites as “drive by” exploits or in downloadable content. Many attacks begin by exploiting known vulnerabilities and modifying malware to have unrecognizable signatures to evade traditional security measures. By creating these new, unknown variants, hackers aim to avoid detection by signature-based security solutions, to breach the network and steal critical information.


This is where sandboxing has been focused. However, as more organizations have deployed these products, hackers have turned to numerous techniques to avoid detection. By checking to see if the malware is running in a virtual machine or on a physical device, they limit malicious activity to appear benign in the sandbox. Or, they wait for some element of user interaction (a mouse click perhaps), or just insert a time delay, preventing the malware from executing during the inspection. Check Point is taking threat defense to the next level by introducing an advanced sandboxing solution to help businesses defend against these sophisticated threats.


Check Point SandBlast Zero-Day Protection is an innovative solution that stops unknown malware, zero-day and targeted attacks from infiltrating networks. The SandBlast solution is based on new CPU-level exploit detection technology to identify threats earlier, before malware has an opportunity to deploy evasion code. With its unique inspection capabilities, SandBlast delivers the highest catch rate for threats, and cannot be bypassed using evasion techniques.


SandBlast also includes the Threat Extraction capability, allowing practical protection by proactively reconstructing content into safe documents, preventing malware from ever reaching users. With traditional sandboxing products, customers had to make a choice to either delay delivery of files until inspection was complete, or to run in a detection only mode, letting content through while testing was done in parallel. Threat Extraction makes real-world deployment in prevent mode possible by promptly delivering a clean copy of content, and then only delivering the original once it is deemed safe.


Key Advantages of Check Point SandBlast:

  • Best catch rate of unknown malware (as also reflected in the latest NSS BDS results)
  • Evasion-resistant detection to stop attacks attempting to circumvent the sandbox
  • Immediate delivery of safe, reconstructed content via Threat Extraction, allows deployment of SandBlast in full prevent mode, not simply as detection
  • Complete threat visibility with integrated threat prevention and security management
  • Automatic sharing of newly identified malware profiles through ThreatCloud
  • Availability as both a cloud-based solution, or as on-premise appliances


Organizations need more than just traditional sandboxing solutions to protect their networks against today’s advanced attacks. Check Point SandBlast Zero-Day Protection identifies more malware, and actively blocks it with minimal impact on user delivery times. SandBlast offers cutting edge sandboxing capabilities to detect threats before evasion techniques can be used, making this solution the best line of defense against undiscovered exploits, zero-day and targeted attacks.


To learn more about Check Point SandBlast, join our one-hour webinar, featuring Mike Stiglianese, Managing Director, Axis Technology, LLC and former Chief Information Technology Risk Officer for Citigroup on Wednesday, September 16, 2015. Register here.