One of the most complex challenges in the world of cyber security is accurately identifying whether a file is good or bad. Take, for example, an executable file. Unlike Word or Excel files for instance, that function only within the context of a specific program, executables, by their very nature, need to operate in a way that requires access to an entire machine. As a result, this can make it very difficult for a security solution to know with certainty which executable files are malicious or benign. Indeed, it is not enough to look at its actions alone but rather it is necessary to assess the intent of those actions. For example, there is no real way to distinguish between whether the intent of an executable that reads a user’s documents is legitimate or malicious.
Due to this inadequacy of accuracy found in most security solutions, amongst others, it is no surprise then that many IT professionals feel uncomfortable in activating the prevention mode within their security solution’s dashboard. They feel that doing so may well allow too many false positives, which would severely hinder regular business operations.
This is where CADET (Context-Aware Detection and Elimination of Threats), Check Point’s newest and successfully proven AI-based technology, is invaluable.
Instead of analyzing just one specific link or file, CADET works behind the scenes to harness Check Point’s unique visibility into a pool of ‘big rich data’ in order to offer precise context-informed decisions. By extracting thousands of data points from both the inspected element and context in which it was received, CADET’s AI engine is able to reach a single accurate verdict as to whether or not a file, such as an executable, can be trusted.
In practice, CADET evaluates the entire session context to examine all the evidence and arrive at a decisive conclusion. This context includes whether the executable came through email or a web download, who the sender was, when the domain was registered, by whom and where it was registered to, which other domains are connected to the sender’s domain and if they have been attributed to any malicious files in the past few days, etc. As CADET evaluates thousands of these and other variables it is able to provide a highly accurate assessment of the executable’s trustworthiness and thus determine whether it should be allowed into an organization’s network or not.
In fact, since CADET was introduced across Check Point’s SandBlast zero-day protection, it has lead to a ten-fold decrease in the number of false-positives while significantly increasing the detection rate. With a continual feedback loop built in to enable ongoing learning from even more data, CADET’s innovative AI technology is yet another part of our ongoing focus to deliver the best threat prevention in the industry.
So, with this new AI engine deployed across all Check Point products, IT security professionals and their teams can have peace of mind when putting their prevention mode into gear and feel safe in the knowledge that in the fifth generation of the cyber security, CADET has them protected.