What is ThreatCloud and how does it work

ThreatCloud, the brain behind Check Point Software’s threat prevention power, combines big data threat intelligence with advanced AI technologies to provide accurate prevention to all Check Point Software customers. So how does it work and what does accurate prevention mean?

The past year has seen many cyber-attacks from all threat vectors including ransomware, phishing, supply chain attacks and more. In fact, according to Check Point Research, 2021 saw a 40% increase in all types of cyber-attacks, and 93% increase in ransomware attacks alone.

Adding to the increase in attacks number, sophistication and impact, organizations’ security perimeter has basically dissolved. It’s no news that IT environments have changed even before COVID-19 with the adoption of cloud architectures and cloud native applications. However, the pandemic introduced even more new challenges with the huge and sudden shift to remote work. With work no longer being performed primarily at the corporate office, being productive requires us to always be connected, no matter where we are or what device we are using, and no matter which application we need to access.

The result is that sensitive business data is continually flowing from both corporate and BYOD devices to cloud, IaaS, and datacenters, expanding the attack surface wider than ever.

Enter: Accurate Prevention

With that, in order to stay safe from attacks but maintain business continuity and productivity, your business needs accurate prevention now more than ever. But what is accurate prevention exactly? Accurate prevention means blocking attacks before they reach users and networks, having the best catch rate to never miss an attack, and keeping a minimum of false positives – so your business can stay productive on all fronts.

How ThreatCloud protects your business with accurate prevention

Check Point Software protects your everything from network security through the Check Point Quantum product family, to remote users and access security through the Check Point Harmony product family, and cloud native security through Check Point CloudGuard, all of which are powered by ThreatCloud.

Figure 1: What is ThreatCloud

The ThreatCloud Architecture

You can think of ThreatCloud as a brain, and like the human brain it is made of two lobes that work together. The right lobe, the threat intelligence, consists of millions of IoCs and telemetry updated in real time, in addition to exclusive intelligence discovered by Check Point Research, an elite group of world-renowned researchers. The left lobe, the intellect, consists of AI technology that combines the big data threat intelligence with advanced AI capabilities to detect and block never seen before threats.

These two lobes create together accurate verdicts that tag every request, email, file, SMS, and activity as either malicious or safe, to detect and block phishing attacks, malware, and vulnerability exploits. These verdicts are then fed to the entire Check Point Software portfolio, so no matter which Check Point product you use you harness this power.

Worldwide protection from unknown attacks in under 2 seconds

ThreatCloud’s accurate verdicts are delivered worldwide to all of Check Point Software’s customers in less than 2 seconds. This means that if an unknown threat is identified and tagged as malicious by ThreatCloud, every Check Point product worldwide that will encounter this threat will get this verdict in just 2 seconds, and will block the attack.

To learn more about ThreatCloud, how it works and the people behind it, watch this on-demand webinar: https://www.brighttalk.com/webcast/16731/511217