SandBlast Mobile now blocks malicious app downloads and prevents credential theft

By Ran Schwartz, Product Manager, Threat Prevention, and Yael Macias, Threat Prevention Product Marketing Manager

Mobile Security has never looked better. SandBlast Mobile has just added two new capabilities to its market-leading mobile threat defense solution: Download Prevention, which blocks malicious apps and profiles from being downloaded, and Zero-Phishing which prevent credential theft. We’ve been saying it for a while: humans are the weakest link in the cybersecurity kill chain. And in an era where social engineering is constantly used by hackers to trick unsuspecting users into providing sensitive information, staying one step ahead of hackers becomes even more critical.

Let’s explore these two features a bit more in depth:


Side-loading mobile apps has been a frequent practice for several years now. Side-loading refers to the practice of downloading apps to mobile devices from sources other than the official app stores (Apple App Store for iOS and Google Play Store for Android). Users do it because occasionally a specific app they are looking for is not available in the official stores. And let’s be honest – one does not need to be a savvy technologist to do this. In most cases it will be enough to open a browser and search for the desired app, and install it on the device.

For any organization, this practice is nothing less than a nightmare. Users’ capriciousness cannot come at the expense of the company’s corporate data security. Side-loaded apps are completely unregulated meaning that they are not checked by a legitimate third-party for maliciousness Anyone can publish them without any scrutiny. This means that when a user chooses to side-load an app, their device is automatically at risk. What’s worse, when the device is used to access corporate the corporate network and download data the company’s information is at risk.

Until now enforcing policies that block corporate users from side-loading apps was impossible. This is where SandBlast Mobile comes into play. With Download Prevention, organizations can now block app downloads on both iOS and Android devices based on various characteristics, such as the domain URL where they come from, the file extension, certificates and more. This feature will prevent downloading apps from non-trusted sources, which will automatically reduce the risk of installing applications with malicious content. The administrators will be able to white list domains too.

SandBlast Mobile’s dashboard

Check Point scores highest security efficacy in Miercom’s Mobile Threat Defense Industry Assessment


Ninety percent of all cyber-attacks begin with a phishing campaign1, so it’s no surprise that threat actors exploit enterprise mobile devices’ multiple unprotected phishing channels: private and corporate email, SMS, and a host of messaging apps like Slack, Facebook Messenger, WhatsApp and many others. This means that relying on known URLs is not enough. Moreover, roughly 30% of phishing attacks reported by OpenPhish, the phishing intelligence platform, use the https protocol, which means essentially that users cannot be protected without SSL inspection.

In order to properly combat this trend, we’re delivering Check Point’s Zero-Phishing technology to mobile devices. It allows organizations to combat zero-day phishing attacks by inspecting the web page itself and making an informed determination as to whether it is a phishing site. Combined with the SSL inspection feature, organizations can enjoy total protection from phishing sites, no matter which protocol they use or if it is a previously unknown site.

In brief, this is how Zero-Phishing works:

  1. A user browses to the webpage
  2. The moment they try to enter their credentials into a form, Zero-Phishing kicks in
  3. Zero-Phishing looks at a variety of different indicators about the page and its URL, such as IP reputation, visual similarity, title similarity, etc., all powered by machine-learning. This inspection takes less than 1-2 seconds
  4. If it determines based on its analysis that the site is a phishing one, then it will present a block page and a push notification to the end user. This will also generate an event that the admin can see in the dashboard
  5. If the site is benign the user can continue to use it as is.

What makes this approach unique is that it leverages a wide set of data to detect and prevent accessing phishing sites.

With SandBlast Mobile, organizations will no longer need to deal with the hassle of unwanted mobile applications, or phishing sites stealing users’ credentials. This way they can rest assured that their employees have safe and compliant devices before accessing corporate data, while allowing users to have a seamless experience on their mobile devices.