Check Point sandboxing technology tops zero-day malware block rates

Check Point Software Technologies a worldwide leader in securing the Internet, have announced that Check Point Threat Emulation Service.

March 28, 2014

Check Point earned a malicious file catch rate of 99.83% in recent testing, compared to its nearest competitor’s 75%

Check Point Software Technologies Ltd. (Nasdaq: CHKP), a worldwide leader in securing the Internet, have announced that Check Point Threat Emulation Service, which protects organisations against new, unknown and targeted attacks before they infect a network, has the highest catch rate of malicious files. In recent benchmark testing, 600 malicious files were scanned through Check Point Threat Emulation and other competitive products. The results found that Check Point outperformed all of the others in this test, with a malicious file catch rate of 99.83%. The other competitive products detected an average of 53% of the files as malicious, with the highest competitor’s catch rate at 75%.

As the modern threat landscape evolves with more aggressive and destructive generations of cybercrime, hacktivism, cyber espionage and targeted attacks, Check Point Threat Emulation has accelerated detection and increased awareness of these threats. For example, it typically takes anti-virus and IPS detections nearly three days to detect unknown malware, while some malware can be left undetected for months or even years. Check Point’s global research found that a typical organisation downloads an unknown malware every 27 minutes. An integral part of Check Point’s multi-layered Threat Prevention solution, Threat Emulation discovers and prevents infections from undiscovered exploits, new variants of malware and targeted attacks by dynamically emulating files within a virtual sandbox.

Once identified, Check Point researchers immediately evaluate the behaviours and properties of these unknown threats and quickly develop protections. These protections are automatically distributed across all Check Point gateways globally utilising ThreatCloud. ThreatCloud is Check Point’s collaborative threat intelligence network that provides for automatic, real-time protection to the company’s worldwide customers.

“In the past 30 days alone, Check Point Threat Emulation detected over 53,000 previously undiscovered malware threats through emulation of over 8.8 million files. This staggering statistic is an example of the ever-increasing rate at which organisations are facing advanced and unknown attacks,” said Doros Hadjizenonos, sales manager for Check Point South Africa. “With a malicious file catch rate of over 99%, Threat Emulation provides our customers with the quickest protections against undiscovered malware in the industry’s most comprehensive, multi-layered security solution available.”

Among the 53,000 previously undiscovered malware threats, Check Point researchers recently published the discovery and analysis of a new malware variant designed to deliver the DarkComet remote access Trojan onto targeted systems. An EXE file hidden within a RAR archive file, this malware employed a sophisticated combination of obfuscation techniques to avoid detection by anti-malware solutions. At the time it was detected by Check Point’s Threat Emulation, this malware was not detected by any of the major anti-virus engines.

For more information on Check Point Threat Emulation Service or Private Cloud Emulation Appliance, visit: http://www.checkpoint.com/products/threat-emulation/. For additional information on threats detected by Threat Emulation, visit: http://www.checkpoint.com/threatcloud-central/.