By Yaelle Harel, Technical Product Marketing Manager, published April 27th, 2020
Have you recently examined your security solution for remote workers? Will your Endpoint Protection solution prevent the most complex, damaging attacks that your organization might face these days?
As hackers around the world are taking advantage of the current situation, accelerating the attempts to spread infection and gain access to organizations’ data, your enterprise is more vulnerable than ever. With millions of strains of unknown malware and sophisticated evasion techniques, stopping today’s most dangerous attacks requires a deep level of inspection.
According to a research from last month, 39% of security professionals are not so confident in the resilience of their current Endpoint Protection solution against advanced cyber-attacks [1].
In this blog will review five important principles to follow when choosing your next Endpoint Protection solution: prevention, a multi-layered security approach, cloud management, remediation and industry validation.
Prevention, not detection
It costs less to prevent an attack, than to detect and remediate it after it has breached the network. Therefore, Check Point’s approach to cybersecurity focuses on prevention. SandBlast Agent and SandBlast Mobile include several unique endpoint prevention techniques, including:
- Zero Phishing – Phishing attacks use fraudulent emails, messages, and social applications to trick users into divulging sensitive data. Check Point’s Zero-Phishing engine provides the broadest phishing protection in the market. It scans websites and forms followed by a deep heuristic analysis (includes reputation, similarity algorithms, detection of image-only websites, lookalike favicons, and more) that detects and blocks phishing attacks. The engine is integrated both in Check Point’s Mobile Security solution and in the Endpoint Security solution.
- Files sanitization (CDR) –Threat Extraction proactively prevents attacks by removing exploitable content from documents, while delivering sanitized files to users within seconds.
- Exploits Preventions – Most successful attacks simply exploit known vulnerabilities that have been left unpatched. SandBlast Agent and SandBlast Mobile identify critical applications and OS vulnerabilities and prevents their exploitation.
- Anti-Ransomware – Check Point’s Endpoint Protection Anti-Ransomware engine monitors the changes to files on user drives to identify ransomware behavior, prevents the attack and recovers the encrypted files.
- Download Prevention – Preventing the download of malicious applications and files blocks the attack at the earliest possible stage using Artificial Intelligence (AI) models that blocks the download immediately, also on https traffic.
- Anti-Bot –Monitors all the network traffic of the devices and blocks connections to malicious websites based on dynamic intelligence provided by ThreatCloud™ reputation service
- Man-in-the-Middle (MitM) – Check Point’s Mobile Security solution detects MitM attacks and automatically launches a secure connection.
Multi-Layered advanced technology
91% of security professionals agree that in the past 3 years, the sophistication of cyber-attacks has increased [1].
With millions of strains of unknown malware and sophisticated evasion techniques, stopping today’s most dangerous attacks requires a deep level of inspection. Antiviruses, traditional sandboxing, traditional Endpoint Protection products, UEM tools and even most Enterprise Mobile Security solutions are not providing this level of inspection. They use traditional detection methods, such as signatures or rules, which can’t detect sophisticated, unknown malware and phishing attacks. SandBlast is designed to prevent today’s complex attacks by using a multi-layered technology that includes:
- Dozens of AI engines incorporated in critical decision points that perform static and dynamic analysis of files, applications and executables, malware classification, signatures generation and more.
- ThreatCloud™ – a collaborative knowledge base that shares dynamic, real-time security intelligence across Check Point’s security solutions, using feeds from sensors around the globe and the research labs. The resulting up-to-the-minute security intelligence is shared across the entire product line.
- Cloud-based Risk Engine – Received indicators collected on devices, such as the domain or IP, and returns a risk, calculated using advanced risk probability and similarity algorithms.
- Cloud-based advanced sandboxing – Threat Emulation is the only sandboxing solution that combines the power of CPU-level and OS-level The Endpoint Protection is extended by sending files and applications to sandboxing analysis in the cloud.
- Behavioral Analysis – Check Point’s behavioral engines collects behavioral indicators from the device, correlates them and applies behavioral heuristics, rules and machine learning models in order to identify malware and classify it.
Cloud-based management and simple deployment
Remote, expandable, fully redundant and easy-to-use management is important now more than ever. SandBlast Agent cloud management and SandBlast Mobile cloud dashboard provide all that and enable provisioning and monitoring of devices and policies from the cloud, while keeping full redundancy and automatic backup of the system.
SandBlast Agent and SandBlast Mobile can be deployed using the cloud management in three simple steps.
Post-infection remediation
Even if an organization is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Therefore, strong attack containment and remediation capabilities are critical. SandBlast solution includes robust remediation capabilities:
- Automatically Quarantines infected devices.
- SandBlast Agent Forensics automatically monitors and records endpoint events, including affected files, processes launched, system registry changes, and network activity and creates a detailed forensic report.
- The only solution that automatically remediates the entire cyber kill chain and restores the device to the last clean point.
- SandBlast Anti-Ransomware engine recovers encrypted files regardless of the encryption used, by taking pre-infection snapshot of the system
- Incident Response –Advanced algorithms and a deep analysis of the raw forensic data help building a comprehensive incident summary with actionable attack information allowing system administrators and incident response teams to effectively triage and resolve
Industry validation
Independent evaluation, comparing the effectiveness, performance and simplicity of competing products is an important criterion when choosing security solutions.
SandBlast Agent and SandBlast Mobile are both achieving best prevention rates and recommended by independent analysts including Forrester, Frost & Sullivan, Miercom, NSS and Gartner.
Summary
SandBlast is the industry’s most comprehensive solution for Endpoint Protection and Mobile Security, protecting users wherever they go. Sandblast Agent and Sandblast Mobile are providing the best prevention rate for the most evasive and advanced zero-day and known attacks such as malware, zero phishing, ransomware ,infected apps and Man-in-the-Middle (MitM) attacks.
This is achieved by applying a multi-layered, advanced technology that combines Artificial Intelligence, the largest threat intelligence hub in the world, advanced sandboxing, reputation service, deep behavioral analysis and more.
The solution can be managed from any location using the cloud-based management solution, with intuitive and simple-to-use deployment and configuration solutions and with effective remediation techniques.
If you are new to Check Point, click here for a trial license of SandBlast Agent and here for a trial license for SandBlast Mobile.
If you are an existing Check Point customer, you can get your free trial though your user center account.
[1] According to a research done by “dimensional research” in March 2020