This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CP_TME
Employee
Employee
Tuesday

Zero Phishing in R82.10 - What's New?

Quantum Zero Phishing in R82.10 – Now Protecting HTTPS Traffic Without HTTPS Inspection 

Hey CheckMates, 

One of the most meaningful enhancements in R82.10 is a major architectural improvement to Quantum Zero Phishing—and it directly addresses one of the most common deployment challenges we’ve all faced: HTTPS Inspection. 

In R82, HTTPS Inspection was required to detect phishing over encrypted traffic. In R82.10, that’s no longer mandatory. 

Zero Phishing can now detect and block phishing attempts on HTTPS websites without enabling HTTPS Inspection, by using: 

  • SNI (Server Name Indication) 
  • Real-time domain intelligence from ThreatCloud AI 

This is a significant step forward for performance, privacy-sensitive environments, and simplified deployments. 

 

Quick Refresher: What Is SNI? 

SNI (Server Name Indication) is part of the TLS handshake and allows the client to declare the target hostname before encryption is fully established. 

From a security perspective, this means: 

  • Multiple domains can share a single IP 
  • The gateway can still see the destination hostname even when traffic is encrypted 

That single capability unlocks phishing prevention without decryption. 

 

How Zero Phishing Uses SNI in R82.10 

1️⃣ SNI Inspection at Connection Time 

When a user connects to an HTTPS site: 

  • The gateway inspects the SNI field 
  • The destination hostname is extracted before encryption completes 

2️⃣ ThreatCloud AI Domain Analysis 

The hostname is sent to ThreatCloud AI and evaluated against: 

  • Known phishing domains 
  • Newly discovered malicious infrastructure 
  • Suspicious hosting and redirect networks 

3️⃣ Automated Enforcement 

  • If the domain is malicious: 
     The session is blocked immediately 
     No HTTPS Inspection is required 
  • If SNI alone isn’t sufficient: 
  • The gateway can optionally fall back to full SSL/TLS Inspection (if enabled) 

4️⃣ Full Visibility & Logging 

  • Users receive a block page or warning 
  • Full event details are logged in: 
  • Infinity Portal 
  • SmartConsole logs 

 

Why This Matters in the Real World 

 No Mandatory HTTPS Inspection 
Great for regulated, privacy-sensitive, and performance-critical environments. 

 Better Performance at Scale 
Lower CPU overhead, faster TLS handling. 

 High Detection Accuracy 
SNI allows precise identification—even when multiple domains share the same IP. 

 Native Protection for Encrypted Traffic 
Zero Phishing now works by default on HTTPS sites. 

 

Bottom Line 

With R82.10, Zero Phishing is no longer dependent on HTTPS Inspection for encrypted traffic protection. By combining SNI-based visibility with ThreatCloud AI, Check Point delivers: 

  • High-confidence phishing detection 
  • Reduced operational complexity 
  • Improved performance 
  • Strong protection for modern encrypted environments 

If you’re already running R82.10, this is one enhancement you should absolutely take advantage of. 

Technical Marketing Engineering Team
2 Replies
the_rock
MVP Platinum
MVP Platinum
Tuesday

Great update!

Best,
Andy
genisis__
MVP Silver
MVP Silver
Tuesday

Really good step!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events