Hi all,
We recently released SandBlast Agent E81.20.
E81.20 introduces new features, stability and quality improvements.
A complete list of improvements can be found on the release Secure Knowledge sk158912
New Cloud based Zero Phishing
Phishing is still one of the major attack vector and a common initial attack vector in multi-vector attacks campaign.
Zero Day phishing protection is part of SandBlast offering and until now was based on local analysis on the agent.
We are happy to introduce a major enhancement to the Zero-Phishing protection which now powered by Check Point Cloud and enhanced by new Machine Learning algorithm.
Phishing detection is based on:
- Static analysis – URL reputation check against Check Point’s cloud threat intelligence to see if the URL is known to be malicious or not.
- Dynamic analysis – Cloud Machine Learning based inspection analyze the page in real-time using multiple indicators (domain, Geo location, text, images, favorite icon, and many others indicators) to confirm the authenticity of the website.
The new enhancements will improve the detection rate and reduce the fault positive of new zero day phishing sites
Malicious scripts protection before execution
Behavioral Guard engine detect and prevent complex file-less attacks and malicious scrips.
E81.20 introduces enhancements to the Behavioral Guard engine. This version blocks malicious scripts like PowerShell, prior to the execution (In earlier releases, Behavioral Guard detected and terminated the scripts after their execution).
Performance improvements
Performance improvements is an on-going effort with numerous enhancements introduced in previous SW releases.
E81.20 includes some major performance improvement, overall performance improved in average of 30%.
New VPN capabilities
- Ability to match the VPN user to the logged-in Windows user and display it in the username field of the connect dialog.
- Ability to disable implicit SDL when SDL is enabled.
- Ability to choose a customized Display Name when creating a site from a link.
- Ability to enable the Connect button before any response is written.