Materials available to CheckMates members:
Q&A from the session is below.
What is the name of the platform Check Point developed and is it available for customers to use?
It's called the Attack Simulation Platform and it's for internal use.
What if I have a Check Point firewall, will it be able to detect and block the C&C communication?
Yes, assuming you have enabled Anti-Bot and other Threat Prevention blades.
Does Check Point plan on share its knowledge / integrate with for example Virus Total?
Yes
Which are the components of the Anti-bot solution?
We are looking at reputation of the destination as well as known malicious traffic patterns.
Can we put DNS classification at Hold instead of Background to prevent C&C domain resolution?
You can do this, yes, but it does create the potential risk of resolving and potentially connecting to a malicious site.
Does the solution provide a graph ( e.g white to red ) with suspect network areas where a possible/suspected threat is present ?
What we're discussing here is how we test our various security solutions to ensure they are effective. We do have solutions that can show this to you based on our data (e.g. Infinity SOC and SandBlast Now).