Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tal_Eisner
Contributor

Context Aware Detection (CADET) is now in production !

 

Hello,

We are pleased to announce the release of Threat Emulation Engine Update 7

which features CADET (Context-Aware Detection and Elimination of Threats) :

our newest AI-based technology.

CADET harnesses Check Point’s unique visibility into all parts of the traffic in order to offer precise context-informed decisions.

We are currently utilizing the CADET technology to address one of the most complex threat prevention challenges: accurately identifying unknown malicious executables.

By utilizing AI-based machine learning, CADET evaluates the entire session context rather than a specific file or link: Did it come through email or as a web download? Who is the sender? When was his domain registered? By Whom? And so forth.

We extract thousands of parameters from the inspected element and from the transaction context, and using the CADET AI engine, we are able to reach a single accurate verdict.

The CADET technology significantly increases our detection rate, while at the same time dramatically lowering false positives.

This new innovative AI engine is part of our ongoing focus on delivering the best threat prevention in the industry.

 

Learn more:

Artificial Intelligence in Check Point

AI Is moving forward

Podcast on AI In Check Point

 

  • Note: CADET is working in production on our SandBlast Emulation Cloud environment and will be released to SandBlast TE appliances in coming weeks.

 

4 Replies
Charris_Lappas
Collaborator

Dear Tal,

Couple of questions:

a) How do we will know when CADET will be active and applied to our TE appliances?

b) Is there going to be any fail save measurements in order to avoid false positives?

c) Any configuration from our site?

d) Any plans to extend this behaviour analytics to the SBA?

e) Any additions to the reporting or to forensics?

Thanks,

Charris

0 Kudos
PhoneBoy
Admin
Admin

A) CADET is in Engine version 57.990002566 and above. See: Threat Emulation Engine Update - What's New? 

B) The machine learning we are using has been tested and shown to decrease false negatives and false positives. If you encounter a false positive, please follow the process for reporting it: How to submit a False Positive case for Threat emulation? 

C) The Threat Emulation engine is typically updated automatically. We roll out updates gradually to all appliances. 

D) If you have SBA, it should also leverage CADET (if available).

E) We are enhancing the Threat Emulation reports separately from CADET: New Threat Emulation reports 

0 Kudos
Huseyin_Rencber
Collaborator

If the threat emulation analysis location is locally setted, will cadet still useful?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin

My guess is that SK will be updated with the version that applies to local emulations.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events