Check Point blade cleans attachments

As attackers find more ways to squirm into corporate networks, security vendors are creating more counter-moves.

The latest comes from Check Point Software, which on Tuesday said it will shortly be adding a new software blade to its Security Gateways for dealing with malicious attachments in email and documents before being allowed on the network.

INSIDE Check Point Software Threat Extraction screen shot

Called Threat Extraction, it will work with Check Point’s sandboxing Threat Emulation software to automatically scan, clean or delete attachments before delivering them staff. Security professionals have the option of setting its cleansing to several levels. At the highest, for example, a Microsoft Word document can automatically be converted into a PDF.

In an interview Gabi Reish, vice-president of product management, said Threat Extraction has an “almost 100 per cent” record in internal tests for accurate capture and deletion of malware. It makes a “miminal” hit on network performance.

Reish called Threat Extraction a “radically different” approach that goes beyond mere detection of malware and adds another layer of protection for organizations. Check Point research suggests that 84 per cent of organizations have downloaded documents with malware, he said, and it has found other research indicating that 72 per cent of organizations have recieved email with malicious attachments.

The solution can in effect reconstruct attachments to leave out active malicious content including macros, embedded objects and files, and external links.  If the file is found to be malicious, it is stopped and locked down. An administrator will also be notified and given details. Threat Extraction can be configured to wait for a response from Threat Emulation before determining whether a document needs to be reconstructed. Original documents can still be accessed if necessary.

It can be deployed as a mail transfer agent that receives all incoming email and forwards it to the next hop after inspection, a WebAPI that sends files to the machine for reconstruction or a Web browser extension.

Threat Extraction will be released early in the second quarter as part of Check Point’s version 77.30 release for all of its software. No pricing has been announced, but Reish said it will be sold as a bundle with Threat Emulation and not sold separately.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now