This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Djelo_Arnautali
Participant
‎2017-09-27 02:42 AM

Sandblast average emulation time?

Hello,

on the link bellow on the page 12/23 (2.8.6.7 and 2.8.6.8) it states that the average emulation time for verdict bening is under 60 seconds and 3 minutes for a bad verdict. Where is this average time from? I cant find theese values on any official Check Point documents. Where can i found this?

https://www.slideshare.net/MotiSagey/advanced-threat-prevention-requirements

Regards,

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2017-09-28 02:52 PM

The numbers come from internal tests we've done.

Let me put this in the SandBlast Network‌ space so one of our experts can comment further.

Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-09-29 07:02 AM

Hi Djelo,

benign file with 60 seconds can be easily explained by the maximum emulation time setting which is set in the GUI config. The emulation will last for 60 seconds in general so including some preparation before and after you can expect an on-premise emulation time at around 60-90 seconds for a file that needs to go into emulation (on a properly sized emulator). For "average" you have to take into account that 30-60% of files are checked but never go "into" emulation because of e.g. local cache hit or static analysis. Therefore the average time can be below 60 seconds.

For malicious files we re-emulate exclusively at least once and maximum up-to 4 time. So you can expect a verdict in between 2-4 minutes.


Regards Thomas

0 Kudos
Djelo_Arnautali
Participant
‎2017-09-29 07:35 AM
In response to Thomas_Werner

Hello Thomas,

thank you for the explaination. I need theese values in some kind of official document for a tender where the requested time for a bening emulation verdict has to be under 60 sec. and malicious emulation verdict under 3 minutes.

Regards,

PhoneBoy
Admin
Admin
‎2017-09-29 09:10 AM
In response to Djelo_Arnautali

We discuss the typical emulation time for cloud in the following SK: Latency during Threat Emulation on Cloud 

While older, we've had the three minute emulation time validated by Miercom: Check Point Next Generation Threat Prevention Receives Highest Scores in Recent Miercom Testing | Ch... 

The 60 seconds is something that you can verify in SmartConsole (it's actually a setting):

Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-09-29 11:24 AM
In response to Djelo_Arnautali

Just wondering what vendor could fulfill these requirements. We have done a lot of competitive PoCs but I didn't find any other be vendor that has lower emulation times than us for a single full file emulation cylce. 

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top