Hi,
Few weeks ago we released Endpoint Security / SandBlast Agent version E80.89 for Mac.
This newsletter will summarize the new features and enhancements delivered in this release.
You are welcome to contact us directly with feedbacks or any suggestions for improvements.
E80.89 - Mac client:
- Full macOS Mojave (10.14) support
- Full macOS 64-bit support.
- Adding SandBlast Agent support for Mac
In this release we introduced the first set of SandBlast Agent advanced threat prevention technologies for Mac:
o Threat Emulation – Zero-day attacks which bypass regular anti-viruses continue to evolve and grow. Threat Emulation is an advanced threat prevention solution that includes both an evasion resistant sandbox and many static analysis technologies to prevent zero-day attacks.
- As in Windows the protection is available in 2 levels:
- Protecting from files written to the file system. New files created on the machine are inspected locally, and if relevant, they are sent for further inspection by Check Point Sandblast Threat Emulation Sandbox.
- Inspecting files downloaded by Chrome, using the Chrome browser extension, preventing malicious files from even getting to the file system. Relevant files are sent to Check Point Sandblast Threat Emulation Sandbox before they are downloaded.
o Anti-Ransomware - Ransomware attacks continue to grow in macOS environments. Anti-Ransomware is a unique solution to detect and quarantine the most evasive Ransomware variants. It includes the unique capability of restoring any files that were encrypted during an attack.
o Google Chrome Extension – Malicious files downloaded from the browser and Phishing attacks continue to plague the macOS environment. Similar to our unique offering in Windows, the extension can now protect against such attacks using:
- Threat Extraction - Reconstructs downloaded file, delivering sanitized risk-free files to users in real time.
- Threat Emulation (as described above)
- Zero Phishing - Blocks deceptive phishing sites and alerts on password reuse in real-time.
- FDE - Native Encryption Management (NEM) support for mobile network users
This release has fixes relating to network (domain) users with mobile accounts.
The deployment scenario is improved by introducing additional documentation and a new command line tool.
Importantly, the release supports in place upgrade. This is the process of upgrading a Mac running an older macOS version while having the disk encrypted at all times.
For more information about this release, refer to: Enterprise Endpoint Security E80.89 Mac Clients
Future capabilities – Forensics for Mac:
- Future release & CPX demo
We are now working on Forensics for Mac, the next step on our Mac client offering which will be available on the coming months.
You are welcome to come to our table at the CPX Tech Room and see it in action.
- Early availability open for registration
We are already registering customers for the Mac Forensic EA that will start soon. If you are interested please contact CP_EA@checkpoint.com
Thank you,
Gil Sasson
Endpoint Cyber Security Project Manager