As attackers find more ways to squirm into corporate networks, security vendors are creating more counter-moves.
The latest comes from Check Point Software, which on Tuesday said it will shortly be adding a new software blade to its Security Gateways for dealing with malicious attachments in email and documents before being allowed on the network.
Called Threat Extraction, it will work with Check Point’s sandboxing Threat Emulation software to automatically scan, clean or delete attachments before delivering them staff. Security professionals have the option of setting its cleansing to several levels. At the highest, for example, a Microsoft Word document can automatically be converted into a PDF.
In an interview Gabi Reish, vice-president of product management, said Threat Extraction has an “almost 100 per cent” record in internal tests for accurate capture and deletion of malware. It makes a “miminal” hit on network performance.
Reish called Threat Extraction a “radically different” approach that goes beyond mere detection of malware and adds another layer of protection for organizations. Check Point research suggests that 84 per cent of organizations have downloaded documents with malware, he said, and it has found other research indicating that 72 per cent of organizations have recieved email with malicious attachments.
The solution can in effect reconstruct attachments to leave out active malicious content including macros, embedded objects and files, and external links. If the file is found to be malicious, it is stopped and locked down. An administrator will also be notified and given details. Threat Extraction can be configured to wait for a response from Threat Emulation before determining whether a document needs to be reconstructed. Original documents can still be accessed if necessary.
It can be deployed as a mail transfer agent that receives all incoming email and forwards it to the next hop after inspection, a WebAPI that sends files to the machine for reconstruction or a Web browser extension.
Threat Extraction will be released early in the second quarter as part of Check Point’s version 77.30 release for all of its software. No pricing has been announced, but Reish said it will be sold as a bundle with Threat Emulation and not sold separately.