Introducing Malware DNA: Gaining Deep Insights into Malware Ancestry

A single drop of blood contains billions of strands of DNA, carrying genetic instructions for the development, functioning, growth, and reproduction of all known organisms. DNA holds the building blocks of life.


Similarly, the lines of malware code make up the building blocks of cyber threats. Sophisticated cyberattacks threaten enterprises constantly putting sensitive data, privacy, and business operations at risk.


Check Point SandBlast Network detects and blocks previously unknown and undiscovered malware, also known as a zero-day. In order to stop these cyberattacks in their tracks, Check Point offers Threat Emulation, an  innovative zero-day sandboxing technology, leveraged by Check Point’s SandBlast Network solution. It delivers the best possible catch rate for threats and is virtually immune to all evasive attack techniques.


To defend against zero-day attacks, a Threat Emulation report is created for every file that goes through its sandbox. The report includes detailed information about any malicious attempt recorded by running the file in the sandbox. The Threat Emulation report is also enriched with threat intelligence directly fed from Check Point ThreatCloud, the world’s largest threat intelligence resource for all IT surfaces – cloud, network, endpoints, and mobile devices.


How is this connected to the DNA of cyber threats?


Interestingly, malware is an evolutionary process as evidenced by the surge in new malware in recent years.  However, this is not surprising as most malware is built from existing bits and pieces of code. For a hacker, why reinvent the wheel when you can just capitalize on previous hacks? Similar to software developers, hackers love to reuse code to save time freeing them to improve their malware techniques, such as avoiding detection and increasing and attack’s efficiency.


Showing the DNA of malware as it relates to genetics

Malware DNA, part of Check Point’s Sandblast Network solution, is the ability to classify a new threat into a malware family offers an unparalleled level of understanding of the threats your organization faces. By tracing the origin of the threat, cybersecurity experts can quickly devise strategies against any suspicious file or attack campaign, such as the:


  • Specific type of threat

  • Repercussions and damages that this threat poses


And apply best practices that relate to previously resolved incidents.

How can we ensure the classification of new or rare families?


For this we have integrated a patent-pending technology that ensures the classification of malware to families also based on the results of the sandbox report. While the solutions available in the market are signatures based engines, our AI technology allow an instant classification, based on thousands of indicators, taking into consideration even the slightest changes.


With Malware DNA, all enterprises can strengthen their security posture and optimize their prevention and detection techniques, all while dramatically reducing the response time to remediate threats with actionable intelligence.


Watch video: