Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Djelo_Arnautali
Participant

Sandblast average emulation time?

Hello,

on the link bellow on the page 12/23 (2.8.6.7 and 2.8.6.8) it states that the average emulation time for verdict bening is under 60 seconds and 3 minutes for a bad verdict. Where is this average time from? I cant find theese values on any official Check Point documents. Where can i found this?

https://www.slideshare.net/MotiSagey/advanced-threat-prevention-requirements

Regards,

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

The numbers come from internal tests we've done.

Let me put this in the SandBlast Network‌ space so one of our experts can comment further.

Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Djelo,

benign file with 60 seconds can be easily explained by the maximum emulation time setting which is set in the GUI config. The emulation will last for 60 seconds in general so including some preparation before and after you can expect an on-premise emulation time at around 60-90 seconds for a file that needs to go into emulation (on a properly sized emulator). For "average" you have to take into account that 30-60% of files are checked but never go "into" emulation because of e.g. local cache hit or static analysis. Therefore the average time can be below 60 seconds.

For malicious files we re-emulate exclusively at least once and maximum up-to 4 time. So you can expect a verdict in between 2-4 minutes.


Regards Thomas

0 Kudos
Djelo_Arnautali
Participant

Hello Thomas,

thank you for the explaination. I need theese values in some kind of official document for a tender where the requested time for a bening emulation verdict has to be under 60 sec. and malicious emulation verdict under 3 minutes.

Regards,

PhoneBoy
Admin
Admin

We discuss the typical emulation time for cloud in the following SK: Latency during Threat Emulation on Cloud 

While older, we've had the three minute emulation time validated by Miercom: Check Point Next Generation Threat Prevention Receives Highest Scores in Recent Miercom Testing | Ch... 

The 60 seconds is something that you can verify in SmartConsole (it's actually a setting):

Thomas_Werner
Employee Alumnus
Employee Alumnus

Just wondering what vendor could fulfill these requirements. We have done a lot of competitive PoCs but I didn't find any other be vendor that has lower emulation times than us for a single full file emulation cylce. 

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events