Check Point bakes anti-malware tech into firewall bricks

Software 'blades' whisper from scabbards. En garde


Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology.

"Threat emulation" software blades for Check Point firewalls will be available later in Q2 2013 and will add to other threat prevention layers, such as anti-virus and anti-bot technology launched last year. All of these technologies were developed in-house.

The latest strains of malware are designed to "switch off" if they detect that they are running in a virtual machine, as a means to thwart security analysis. Tomer Teller, a security strategist at Check Point, said that the emulator technology it's developing is much harder to detect than a virtual machine.

The threat emulation technology carries out both static and dynamic analysis to figure out if a file is changing registry settings, altering other files or attempting to connect with blacklisted servers, among other things, before deciding if it ought to be blocked and quarantined.

Prior to putting the technology into its security appliances, Check Point has set up a microsite where files can be uploaded for emulating and checking.

Corporate defenders might appear to be hopelessly outfoxed by the latest generation of cyber-attacks, featuring custom malware and spear-phishing. However, Teller was bullish that IT vendors such as Check Point were coming up with technology capable of "detecting and mitigating" advanced malware attacks.

Even if the initial infection occurs, it might be possible to isolate compromised systems, prevent an attacker accessing corporate resources or extracting sensitive information.

"If you can break one of the layers of an attack then the whole attack fails," Teller told El Reg.

Check Point also owns the Zone Labs line of personal firewall and security suite products but Gabi Reish, head of product, said the only safe assumption in corporate security was to assume that an end-point might be compromised and to design corporate defences appropriately. The anti-bot blade incorporated in Check Point's gateways is designed to block malware-infected zombies from phoning home.

The forthcoming theta emulation and existing anti-bot and anti-virus blades fit in with the "razor-and-blade" model introduced by Check Point in 2009. The Israeli firm's security appliances and gateways are the "razors", while the "blades" are the software that customers buy and use to deliver different types of network protection. For example, the App Control Blade controls social media apps, while the Mobile Access Blade secures employees' smartphones and tablets.

Check Point is pushing this technology and approach down to SMEs with the launch of its new 1100 Appliances. The kit, designed for branch and remote offices with up to 100 users, offers 1.5 Gbps of max firewall throughput and 220 Mbps of max VPN throughput.

Check Point are also offering the Software Blade Architecture on low-end kit for the first time. 1100 Appliances, launched at Check Point's (CPX) user conference in Barcelona earlier this week, start at $599.

Multi-layered protection options include: Firewall, VPN, IPS (intrusion prevention system), application control, mobile access, Data Loss Prevention, anti-bot, identity awareness, URL filtering, anti-spam and anti-virus.

All but standard components cost extra but customers benefit from flexibility while Check Point resellers gain a better opportunity to sell extra add-ons. ®

Similar topics


Other stories you might like

  • To cut off all nearby phones with these Chinese chips, this is the bug to exploit
    Android patches incoming for NAS-ty memory overwrite flaw

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

    The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

    Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • Flaw could have granted criminals control over Ever Surf crypto wallets
    Check Point uncovers web vulnerability that could have led to cryptocurrency theft

    A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research.

    The security vulnerability made it possible for threat actors to decrypt the private keys and seed phrases found in the browser's local storage, opening the door to cracking the victim's wallet and accessing the cryptocurrency stored there, the researchers wrote in a blog post Monday.

    "As the browser's local storage is unprotected, the data stored there must be securely encrypted," they wrote. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."

    Continue reading

Biting the hand that feeds IT © 1998–2022