This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tal_Eisner
Employee
Employee
‎2018-05-28 06:02 AM

Context Aware Detection (CADET) is now in production !

 

Hello,

We are pleased to announce the release of Threat Emulation Engine Update 7

which features CADET (Context-Aware Detection and Elimination of Threats) :

our newest AI-based technology.

CADET harnesses Check Point’s unique visibility into all parts of the traffic in order to offer precise context-informed decisions.

We are currently utilizing the CADET technology to address one of the most complex threat prevention challenges: accurately identifying unknown malicious executables.

By utilizing AI-based machine learning, CADET evaluates the entire session context rather than a specific file or link: Did it come through email or as a web download? Who is the sender? When was his domain registered? By Whom? And so forth.

We extract thousands of parameters from the inspected element and from the transaction context, and using the CADET AI engine, we are able to reach a single accurate verdict.

The CADET technology significantly increases our detection rate, while at the same time dramatically lowering false positives.

This new innovative AI engine is part of our ongoing focus on delivering the best threat prevention in the industry.

 

Learn more:

Artificial Intelligence in Check Point

AI Is moving forward

Podcast on AI In Check Point

 

  • Note: CADET is working in production on our SandBlast Emulation Cloud environment and will be released to SandBlast TE appliances in coming weeks.

 

4 Replies
Charris_Lappas
Collaborator
‎2018-06-19 09:26 PM

Dear Tal,

Couple of questions:

a) How do we will know when CADET will be active and applied to our TE appliances?

b) Is there going to be any fail save measurements in order to avoid false positives?

c) Any configuration from our site?

d) Any plans to extend this behaviour analytics to the SBA?

e) Any additions to the reporting or to forensics?

Thanks,

Charris

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-21 05:09 PM
In response to Charris_Lappas

A) CADET is in Engine version 57.990002566 and above. See: Threat Emulation Engine Update - What's New? 

B) The machine learning we are using has been tested and shown to decrease false negatives and false positives. If you encounter a false positive, please follow the process for reporting it: How to submit a False Positive case for Threat emulation? 

C) The Threat Emulation engine is typically updated automatically. We roll out updates gradually to all appliances. 

D) If you have SBA, it should also leverage CADET (if available).

E) We are enhancing the Threat Emulation reports separately from CADET: New Threat Emulation reports 

0 Kudos
Huseyin_Rencber
Collaborator
‎2018-06-22 06:53 AM
In response to PhoneBoy

If the threat emulation analysis location is locally setted, will cadet still useful?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-22 10:23 AM
In response to Huseyin_Rencber

My guess is that SK will be updated with the version that applies to local emulations.