This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HUNT_LEE
Participant
‎2020-02-20 08:17 PM

Difference between Signature based protection (IPS, Antivirus, Anti-bot) Versus Sandboxing

Hi all,

I am trying to build a business case for CheckPoint Sandboxing solution (i.e. ThreatCloud or TX appliances)

The question i have is what's the extra value that Sandboxing brings?

As in, when my security gateways already have IPS, Anti-virus, Anti-Spam, these protections are all based on signatures automatically released and download to my CheckPoint Security Gateways from CheckPoint.  And with these, I thought they can scan any incoming/outgoing files on email attachments, files sending to and from my sFTP server etc.

Being the devil's advocate, why would i need to spend more to get Sandboxing? I know Sandboxing does provide protection for zero-day attacks (aka anything that is "unknown").  But if Checkpoint research and release a new signature and automatically push to my Security Gateways, what's the point of getting Sandboxing?

Cheers,

Hunt

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-02-20 08:34 PM

You're running the risk of potentially getting compromised by a zero-day before there is a signature available to prevent the relevant threat, assuming it is even possible to write a signature.
Whereas with SandBlast, the threat can be prevented in your environment before there is a signature for it.
Further, you have the benefit of Threat Extraction where your users can be provided safe versions of documents they download or receive in email while the real document is sandboxed to ensure it is safe.

A couple of competing vendors have sandboxing solutions similar to what we have.
However, their sandboxing solution cannot block threats in real time the way ours can.
One vendor is able to generate signatures automatically based on what their sandbox says and update signatures on all their gateways every five minutes.
Meanwhile, five minutes is plenty of time for patient zero to begin infecting other systems in your environment.
Another vendor doesn't even make block based on their sandboxing technology, which makes you wonder what the point of having it is.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events