By Mor Ahuvia, Product Marketing Manager
Which is better—detecting a threat and not knowing how long it’s been in your network, or preventing it from getting in? It’s not a trick question. Threats of all kinds have become increasingly sophisticated and aggressive. As global unrest in 2022 was accompanied by intensified cyber warfare campaigns, more destructive malware, particularly wipers, were used than the past 30 years combined, according to Check Point Research.
Destruction and extortion via malware and other threats have driven up the number and cost of data breaches. The global average cost of a breach is US$4.3 million, but for U.S. companies, the average cost is a whopping US$9.44 million, according to the IBM Security Cost of a Data Breach 2022 Report.
Stopping threats at the door is the best defense. That is why we’re extremely pleased that the threat prevention technologies built into Harmony Connect, Check Point’s Secure Access Service Edge (SASE) solution, utilize the same powerful malware prevention technology as Check Point Quantum’s next generation firewall products—as these platforms were recently proven to block more malware and other threats than any other platform.
Miercom 2023 NGFW Security Benchmark study compares malware prevention capabilities
Miercom, a leading independent network and security testing organization, just announced the results of its Next Generation Firewall (NGFW) Security Benchmark 2023 report. When put through the Zero+1 Day Malware Test, Quantum Next-Gen Security Gateways prevented 99.7% of new malware downloads from a large set of files and file types. This is compared to 72.7% for the nearest competitor and just 54.1% on average for other competing firewalls. Because under the hold, Harmony Connect SASE delivers a cloud-native version of the same NGFW technology, customers can get the same leading threat prevention as a service from the cloud.
Prevention vs. detection—why the first 24 hours are critical
Anti-virus software relies on signatures, or hashes, generated from already-seen suspicious files, such as MD5, SHA1 or SHA256. Each dubious file gets a unique hash, which is a string of alphanumeric characters.
A suspicious file’s hash already needs to be present in your AV software or next-gen firewall to be blocked in real time. But what happens when a malware file is completely new? Will your secure web gateway or FWaaS be able to identify it as malicious and block it? This is where the ability to detect and prevent never-before-seen malware is critical, letting you close an attacker’s window of opportunity to gain a foothold in your network or on a remote user’s device. Being able to shut that door immediately is why the first 24 hours of a malware campaign are critical.
Impact of a prevention-focused SASE on SOC and IR teams
A prevention-focused SASE helps avoid the high costs associated with threat detection and escalation. According to the IBM report, these costs climbed globally to US$1.44 million per breach in 2022, an increase of 16.1% over 2021. Preventing threats also means that they can’t lurk and wreak havoc in your network for an average of 277 days before being detected.
Accuracy is also critical. A low rate of false positive alerts saves time for IT and SOC incident response teams. In Miercom’s False Positive Malware Detection Tests, where content is falsely reported as malicious, Check Point had the lowest false positive rate at 0.13%—up to two times lower than the competitors. An accurate SASE solution with a high block rate is essential to prevent infections during the first 24 hours of a new, free-roaming malware. It significantly reduces risk and the high costs of response and remediation.
Check Point Harmony Connect’s prevention-focused SASE components
The prevention-focused Harmony Connect SASE solution prevents zero-day malware, phishing and ransomware threats with several crucial capabilities.
Zero-day sandboxing
The first critical capability is advanced sandboxing for zero-day threats. To determine if a yet-unseen file is malicious, Harmony Connect SASE’s threat emulation capabilities inspect the file, looking for hundreds of different indicators to reach a ‘benign’ or ‘malicious’ verdict. This includes dynamic and static code analysis. For example, it checks for common evasion techniques, analyzes macros to see if a file is trying to open and run a process or service that is out of context, and scrutinizes many other variables. And it’s fast.
ThreatCloud—Big Data threat intel and AI
Harmony Connect SASE utilizes big-data threat intelligence from Check Point ThreatCloud to prevent access to known phishing websites, malware and ransomware infection points. ThreatCloud continuously acquires Indicators of Compromise (IOCs) and protections against the latest attacks seen in the wild from hundreds of millions of sensors around the globe. ThreatCloud utilizes more than 30 AI and machine learning engines to identify and block emerging threats—even those that have never been seen before.
Virtual patching with a cloud IPS
A cloud-based Intrusion Prevention System, or cloud IPS, is critical to blocking zero-day attacks by stopping anomalous behavior in its tracks. It also virtually patches browsers, applications and systems against newly discovered vulnerabilities. Using deep packet inspection, Harmony Connect’s cloud IPS prevents malicious attempts to exploit weaknesses and offers built-in protection against 25 out of the NSA’s Top 25 Vulnerabilities in the wild.
Full traffic inspection
Finally, a SASE solution should perform full traffic inspection across all ports and protocols. While some secure web gateways inspect only web HTTP/S traffic, Harmony Connect SASE inspects all ports and protocols across business and non-business websites and applications using the Harmony Connect client, a single client that secures internet and remote access.
Check Point Harmony Connect SASE—a big dose of threat prevention
- Harmony Connect SASE secures 55 million corporate access transactions and prevents 240,000 cyber attacks per month. Learn more about the threat prevention capabilities built into Harmony Connect SASE—the only prevention-focused secure access service edge:
- To secure internet access for remote users, learn more about our Secure Web Gateway
- To secure your private applications and networks, learn more about our Zero Trust Network Access
- To learn more about secure internet access for branch offices, read the case study
- For a deeper dive into SASE, check out the webinar