Check Point ‘threat extraction’ cleans booby-trapped attachments

(Image: Check Point)



Read More:

12 March 2015 | 0

As Check Point Threat Extraction’s name suggests, emailed documents are run through the gateway to disable risk content, after which recipients receive a ‘reconstructed’ version with a notice telling them that some content was disabled.

Admins can also choose to leave the cleaned document format in its native format or automatically convert it to a PDF.  If malicious content is detected inside a document, this fact is logged so that security teams can build a picture of any larger campaign targeting their organisation.

The whole system can also work in tandem with Check Point’s Threat Emulation technology, a technique for running potential threats in a virtualised space to see what they do. However, unlike Threat Emulation, Check Point claims Threat Extraction delays documents by seconds rather than up to minutes.

“If an email arrives a couple of minutes later then that’s not an issue if it’s safer,” commented Check Point product manager, Noam Green. “But [this] takes a second or two to reconstruct the document.”

Both systems were options for Check Point’s Blade architecture and could run on premise or as a service, he said.

Threat Extraction will be offered as part of a new Next Generation Threat Prevention package called NGTX from the beginning of April. Pricing it not yet available.



John E Dunn, IDG News Service  

Read More:

Leave a Reply

Back to Top ↑