Check Point ‘threat extraction’ cleans booby-trapped attachments
12 March 2015 | 0
As Check Point Threat Extraction’s name suggests, emailed documents are run through the gateway to disable risk content, after which recipients receive a ‘reconstructed’ version with a notice telling them that some content was disabled.
Admins can also choose to leave the cleaned document format in its native format or automatically convert it to a PDF. If malicious content is detected inside a document, this fact is logged so that security teams can build a picture of any larger campaign targeting their organisation.
The whole system can also work in tandem with Check Point’s Threat Emulation technology, a technique for running potential threats in a virtualised space to see what they do. However, unlike Threat Emulation, Check Point claims Threat Extraction delays documents by seconds rather than up to minutes.
“If an email arrives a couple of minutes later then that’s not an issue if it’s safer,” commented Check Point product manager, Noam Green. “But [this] takes a second or two to reconstruct the document.”
Both systems were options for Check Point’s Blade architecture and could run on premise or as a service, he said.
Threat Extraction will be offered as part of a new Next Generation Threat Prevention package called NGTX from the beginning of April. Pricing it not yet available.
John E Dunn, IDG News Service