cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Sandblast average emulation time?

Hello,

on the link bellow on the page 12/23 (2.8.6.7 and 2.8.6.8) it states that the average emulation time for verdict bening is under 60 seconds and 3 minutes for a bad verdict. Where is this average time from? I cant find theese values on any official Check Point documents. Where can i found this?

https://www.slideshare.net/MotiSagey/advanced-threat-prevention-requirements

Regards,

0 Kudos
5 Replies
Admin
Admin

Re: Sandblast average emulation time?

The numbers come from internal tests we've done.

Let me put this in the SandBlast Network‌ space so one of our experts can comment further.

Employee++
Employee++

Re: Sandblast average emulation time?

Hi Djelo,

benign file with 60 seconds can be easily explained by the maximum emulation time setting which is set in the GUI config. The emulation will last for 60 seconds in general so including some preparation before and after you can expect an on-premise emulation time at around 60-90 seconds for a file that needs to go into emulation (on a properly sized emulator). For "average" you have to take into account that 30-60% of files are checked but never go "into" emulation because of e.g. local cache hit or static analysis. Therefore the average time can be below 60 seconds.

For malicious files we re-emulate exclusively at least once and maximum up-to 4 time. So you can expect a verdict in between 2-4 minutes.


Regards Thomas

0 Kudos

Re: Sandblast average emulation time?

Hello Thomas,

thank you for the explaination. I need theese values in some kind of official document for a tender where the requested time for a bening emulation verdict has to be under 60 sec. and malicious emulation verdict under 3 minutes.

Regards,

Admin
Admin

Re: Sandblast average emulation time?

We discuss the typical emulation time for cloud in the following SK: Latency during Threat Emulation on Cloud 

While older, we've had the three minute emulation time validated by Miercom: Check Point Next Generation Threat Prevention Receives Highest Scores in Recent Miercom Testing | Ch... 

The 60 seconds is something that you can verify in SmartConsole (it's actually a setting):

Employee++
Employee++

Re: Sandblast average emulation time?

Just wondering what vendor could fulfill these requirements. We have done a lot of competitive PoCs but I didn't find any other be vendor that has lower emulation times than us for a single full file emulation cylce. 

Regards Thomas