Closing the Malware Gap: The Rise of Threat Extraction

Attackers most commonly enter organizations through everyday means such as an emailed file. While these documents look innocuous, they can easily contain malicious content delivered in the form of macros, embedded Java script and even external website links. This kind of infection happens more frequently than you’d think. According to Check Point’s 2015 Security Report, 41 percent of organizations surveyed downloaded at least one file infected with unknown malware in 2014. That’s almost a 25 percent increase from the previous year, indicating a serious security gap.


This gap is only going to become wider, given that opening external documents is an everyday occurrence in the business world. From a human resources manager opening a resume to an accountant processing a purchase order, employees receive countless contracts, project files and other materials in their inboxes every hour. And while they might hesitate to download files from unknown sources at home, at work most employees assume their company’s  security solutions make it safe to open any file.


Businesses face a difficult challenge. They need to find a solution that stops these attacks from infecting their networks without impacting the speed of business. Fortunately a powerful technique known as Threat Extraction is revolutionizing the security landscape. As part of Check Point SandBlast Zero-Day Protection, the Threat Extraction capability complements OS-level sandboxing tools and CPU-level threat detection to promptly deliver safe documents to their intended recipients.


 Security and Speed


Threat Extraction provides preemptive and proactive protection. Rather than trying to detect known and unknown malware, Threat Extraction removes exploitable document content like macros or embedded objects that often serve as vehicles for malware. After eliminating all potential risks before the document enters the network, the solution then reconstructs the document using known safe elements and sends it to the recipient clean of threats.


The preemptive and proactive protection is Threat Extraction’s biggest advantage because traditional detection technologies take time to search for and identify threats before blocking them.  Due to unacceptable delays, many solutions are deployed only in detect mode, leaving networks vulnerable to threats.  However, our SandBlast Zero-Day Protection leverages this Threat Extraction capability to preemptively eliminate delays associated with traditional solutions, reducing risk, and enabling real-world deployment in prevent mode, not just detect mode.


Threat Extraction is transparent to the end user. On the front end, employees receive their files as quickly as they normally would. On the back end, the original file can be analyzed and evaluated with our sandboxing capabilities within Check Point SandBlast Zero-Day Protection. If a valid threat is found, the security team will receive a detailed incident log with threat intelligence while access to the original file is blocked to prevent infection.


In a breach-plagued landscape, organizations cannot rely solely on the traditional malware solutions of yesterday. The sophistication of recent attacks has proven that new solutions are required – Check Point’s SandBlast combines the power of Threat Extraction with OS-level sandboxing and CPU-level threat detection to provide the deepest level of protection on the market today.