Category Archives: Check Point

  • 0

Are You Prepared for the Next Attack?

Category : Check Point


From WannaCry and Petya to the most recent attacks today, #LeakTheAnalyst and HBO—it is now apparent that anyone or any organization is a target for cyber criminals. Attacks continue to grow at an alarming rate – in volume, sophistication and impact. As of May 2017, Check Point products are detecting over 17 million attacks each week, more than half of these attacks include payloads which are unknown at the time of detection and cannot be detected by conventional signature-based technology. These attacks serve as a wake-up call, illustrating how fragile and vulnerable organizations have become in recent years.

In response to the many recent outbreaks, organizations are implementing point solutions to protect their separate IT environments; however, many of these solutions focus on detection and mitigation rather than prevention. This reactive approach to cyber attacks can be costly and ineffective, complicates security operations and creates inherent gaps in security posture. Enterprises need a more complete architecture that scales with dynamic business demands and focused on prevention to ensure all IT environments are protected. Check Point Infinity is the only fully-consolidated cyber security architecture that future- proofs your business and IT infrastructure across all networks, cloud and mobile. The architecture is designed to resolve the complexities of growing connectivity and inefficient security

Falling victim to cyber attacks is a fate which can be avoided in most cases. The next attack can and should be prevented!


The impacts of the WannaCry, Petya and numerous other successful attacks were not inevitable. Indeed, with the correct measures, best practices and technologies in place, many organizations were able to avoid these attacks.

Our vast experience at the forefront of cyber security, protecting some of the most sensitive and highly targeted organizations on the planet, has proven to us time and again that effective defense can be achieved. The ability to prevent sophisticated attacks stems from applying a few core principles – here they are:


Sustaining solid security hygiene across all IT systems will reduce the attack surface and can help prevent or contain many attacks.

  • Apply up-to-date security patches across all systems and software
  • Segment your network
  • Review security products policies and continuously monitor incident logs and alerts
  • Conduct routine audits and penetration testing
  • Keep user privileges to a minimum


We often hear companies and other players in the industry claim that attacks will happen anyway, there is no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network, and mitigate the damages as soon as possible. This is simply not true!

Don’t settle for detection – attacks, even sophisticated and zero-day ones, can be blocked! Invest in technologies and products that put prevention rather than detection at the forefront, and that do so without disrupting the normal business flow.


Many companies attempt to build their security using a patchwork of point products from multiple vendors. This approach usually has limited success: it results in disjoint technologies that don’t collaborate – creating security gaps, and it introduces a huge overhead of working with multiple systems and vendors. As a result of this inefficient approach many attacks are not prevented, forcing companies to invest more on post-infection and breach mitigation.

In order to achieve excellent security, you should adopt a unified multi-layer approach that protects all IT elements – networks, endpoint, cloud and mobile – all sharing the same prevention architecture and the same threat intelligence.


Attackers use many malicious tricks to penetrate – through email, web browsing, mobile apps, exploiting unpatched vulnerabilities in online hosts and more.

Seek a single solution that can cover all bases, one that provides a broad prevention across all surfaces of attack.


Unfortunately there is no silver-bullet single technology that can protect from all threats and all threat vectors.

There are many great technologies and ideas available – machine learning, sandbox, anomaly detection, content disarmament and numerous others. Each of these methods can be highly effective in certain scenarios, covering specific file types or attack vectors.

Strong solutions integrate a wide range of technologies and innovations, in order to effectively combat modern attacks in our IT environments.


The principles covered above are not just theory. The Check Point Infinity platform and SandBlast Zero-Day Protection products are built around them, empowering our customers to achieve proactive prevention of tomorrow’s attacks.

Learn how to prevent the next cyber attack with Check Point – click here



  • 0

Re-Thinking the Cyber Consolidation Paradigm

Category : Check Point

The Battle of Consolidation vs. Best-of-Breed, does more security mean better security?

You’re probably frequently scrutinizing whether or not your own organization’s cyber security is being properly managed. We’re constantly being bombarded with news of the latest cyber security attacks and hoping there are no gaps in our own organization’s security. With every new ransomware or phishing attack, the red flags start to wave. The immediate reaction is to ramp up our security and increase the number of vendors with the assumption that with these new products will keep us better protected. In reality, this unfortunately isn’t the case.

In a recent survey, executives were asked various questions about their cyber security requirements, including their day-to-day challenges and concerns. One of the questions asked was what do they consider the best approach. Overwhelmingly, C-level executives stated they were satisfied with a best-of-breed strategy and promoted it within their organization. However, once asked more probing questions regarding their security posture, it became obvious that their sense of what was best for their organization was a false sense of security, noting a significant difference in the attack recovery processes:



Organizations who chose a consolidation approach were capable of identifying and recovering from attacks 20 times faster on average, and at merely 1% of the cost than those choosing a best-of-breed strategy.

Reducing the number of vendors not only simplifies having to monitor multiple management consoles, between the various technologies but vendor consolidation allows for a higher level of security through superior integration versus decisions made across multiple vendor products. Additionally, it significantly reduces the time, cost and resources of the remediation process. Notably, Gartner has consistently cited in “  a single-vendor approach more effectively detects and stops advanced threats, increasing the efficiency of resources and reducing configuration and management problems while requiring less training and problem-solving costs.

Check Point CEO, Gil Shwed, highlighted on these issues during a recent event in Tel Aviv, Cyber Week 2017Forbes published an article on Shwed’s lecture, “In cyberspace today our roof is very very leaky,” said Shwed. “With almost 1,600 cybersecurity companies worldwide, we hope that by building many point solutions we get protection from the rain. The reality is that the rain is coming through the inherent gaps in this architecture.” Shwed recommended replacing the widespread approach of using point solutions and mitigating the damage after the attack with a new approach of focusing on security prevention and using a unified architecture for managing security threats in the network, the cloud, and mobile devices.

An overgrowing concern within the cyber world is the scarcity of cyber professionals. Unfortunately, most companies suffer from this phenomenon and more will in upcoming years. This shortage directly translates into an inferior security posture and lack of knowledge needed to assess and adopt vendor products. There is an industry perception that by having multiple-vendors, you’re decreasing the risk of an attack, because “more will cover more”- therefore reducing costs and time. Our survey found this common misconception to be false.

A consolidated vendor approach through Check Point Infinity architecture drives simplicity and efficiency, and streamlines handling of events as they occur. Check Point Infinity architecture’s single management centrally correlates all types of events across all network environments, cloud services and mobile infrastructures. Check Point’s preemptive threat prevention strategy focuses on prevention rather than detection to block the most sophisticated attacks before they occur.

Our survey showed that the majority of organizations still prefer usage of various best-of-breed disparate security products. We can’t blame them for thinking this; we’re told as a society bigger is better. But the end results speak loud and clear: When it comes to security vendors, less is more.


  • 0

Cyber Attacks Can Be Prevented

Category : Check Point

Based on the latest news headlines —from WannaCry to HBO Game of Thrones—it is now apparent that anyone or any organization can be the target of a cyber attack. Furthermore, Check Point data suggests that 99% of enterprises are still not effectively protected against cyber attacks. But getting attacked is preventable.

The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, mobile, and cloud.

Check Point Infinity does exactly that. It consolidates management of multiple security layers, providing superior policy efficiency and control through a single pane of glass. With centralized management, you’re able to correlate events across all network environments, cloud services and mobile infrastructures.

Read Preventing the Next Cyber Attack and learn:

  • Top 5 cyber attack prevention principles
  • How to protect all IT elements with an effective security architecture
  • Which attack vectors to watch out for
  • The cyber security technologies and strategies that prevent cyber attacks



  • 0

Introducing Check Point SandBlast Mobile for Microsoft Intune

Category : Check Point

If your enterprise is using Microsoft EMS and is looking to further secure mobile devices while ensuring employee’s privacy and productivity, you’d be happy to know that Check Point has teamed with Microsoft Intune to secure enterprise mobility.

Today, Check Point announces the collaboration with Microsoft which allows Check Point’s SandBlast Mobile security solution to integrate with Microsoft Intune.  The integration is the latest in a line of joint efforts between Check Point and Microsoft to serve customers together and secure modern enterprise infrastructure – from cloud to mobile. Previous joint work includes Check Point vSec Cloud Security for Microsoft Azure.


Why is another security layer needed? While EMMs are essential for a successful enterprise mobile deployment, as they are used for policy management and enforcement, they were not designed to detect and protect against advanced mobile threats. As a result, integrating with SandBlast Mobile, a product designed to protect from known and unknown mobile threats, is paramount to protecting enterprise data.


What you should know about this integration: The integration with Microsoft Intune is enabled by Check Point Infinity, the first unified security architecture to enable businesses to protect their networks, cloud and mobile deployments with a single security infrastructure. Infinity leverages unified threat intelligence and open interfaces, helping all environments to stay protected against targeted attacks.

In addition, Infinity provides rich integration capabilities through flexible APIs and simplifies how customers can apply SandBlast Mobile’s threat intelligence, as an additional input to Intune’s device compliance settings. Once a threat is detected, SandBlast Mobile immediately applies on-device protections and notifies Intune to enforce device status changes and conditional access controls to ensure that company data stays protected until the threat is remediated.

This allows Check Point SandBlast Mobile and Microsoft Intune to provide enterprises with an integrated, comprehensive security solution that protects against advanced mobile cyberattacks and secures corporate data and access to internal resources, while ensuring employees’ privacy and productivity.


Why now? Check Point brings long-standing cyber security leadership, the most advanced security architecture with Check Point Infinity, and over 900 enterprise customers using SandBlast Mobile to protect against mobile threats. Together with Microsoft’s market presence in the EMM space, the integration of SandBlast Mobile with Microsoft Intune provides enterprise customers a sweeping offering with global coverage and support to protect their mobile workforce from advanced cyberattacks.


How does it work? SandBlast Mobile provides a centralized security solution that safeguards against progressive mobile cyberattacks, while ensuring employees’ privacy. SandBlast Mobile, the only mobile threat defense solution to detect and block 100% of tested threats (Miercom MTD Industry Assessment Report, March 17’), protects employees’ devices from: malware attacks via infected apps, man-in-the-middle attacks through compromised Wi-Fi networks, operating system vulnerabilities, and malicious links sent via SMS messages.

The integrated solution with Microsoft Intune makes it easy to apply SandBlast Mobile’s threat intelligence as an additional input into Intune’s device compliance settings. Once a threat is detected, SandBlast Mobile immediately applies on-device protections and notifies Intune to enforce device status changes and conditional access controls to ensure that company data stays protected until the issue is remediated.


This integration is now generally available. Read the solution brief

Learn more about Check Point SandBlast Mobile


  • 0

Cloudy Forecast, Are you Naked in the Cloud?

Category : Check Point

What do high-clearance government employees, telecommunication customers and WWE fans all have in common? While this sounds like the beginning of a joke, in reality what unifies all of them is the fact that their personal, sensitive data is now part of an alarming statistic; the increasing frequency of data breaches in popular cloud services.

Over the past few weeks, we have witnessed a rapidly growing trend of data exposure due to poor cloud security practices. In a recent example, Upguardearlier this week discovered yet another case of millions of sensitive customer details exposed to anyone with an active internet connection. The data was openly available on the internet until an independent third party informed its owner of the issue. When this kind of information reaches the wrong hands, the (rather cloudy) sky is the limit as to the fraudulent schemes and damage its owners are potentially exposed to.

With the growing popularity of public cloud services, sensitive data is now being stored beyond corporate IT security controls. While public cloud providers deliver strong security controls over the cloud infrastructure, the responsibility to protect the data that resides on the cloud is incumbent upon customers. The cloud infrastructure providers refer to this as the shared responsibility model.

A best practices approach for securing customer data in the cloud should include at a minimum strong network security, identity and access controls, as well as data encryption. These key security capabilities are on the customer’s side of the shared responsibility model and applying them to their cloud environment not only helps prevent data leakage but also keeps track of who and what are coming in and out of their cloud.

The key here is to apply the same measures to securing sensitive information stored on the cloud as on premise. Understanding the customer responsibility role versus the role of cloud providers helps organizations make the best decisions concerning the security of their cloud environments. It also ensures that an organizations cybersecurity strategy efficiently and cost-effectively aligns with the rest of the business goals while delivering consistent protections for all corporate data both on-premise and in the cloud.

Check Point vSEC compliments native cloud security controls to ensure customers can fulfill their shared security responsibilities. With Check Point vSEC, customers can secure their workloads and applications running in cloud environments, minimizing threats from breaches, data leakage as well as zero-day threats. Check Point vSEC provides comprehensive threat prevention security, access, identity, strong authentication, compliance reporting and multi-cloud connectivity to help organizations embrace the cloud with confidence.


Author: Don Meyer

  • 0

BROKERS IN THE SHADOWS – Part 2, Analyzing Petya’s DoublePulsarV2.0 Backdoor

Category : Check Point

In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again is engaged in another large scale attack. Important distinctions in this case, however, are that the attacks targeted mainly a specific country, and are used solely for destruction. While Petya may look like ransomware, it appears that despite a victim paying the ransom, there is no way to decrypt the files afterward.

Petya was first seen in 2016, as a very different attack. Compared to its first appearance, in 2017 it targeted fewer file types in order to proliferate more quickly. Another difference is that the current Petya sample, which would be highly irregular for Ransomware, focuses on lateral movement over the same domain. It seeks to infect computers on the same internal network. Security services worldwide are now shifting focus, giving priority to blocking attacks from within. The initial attack vector is still unclear.

In the most recent iteration, Petya has adapted the tools used by the WannaCry ransomware as mentioned in our previous blog post. The creators of this new version of Petya reverse engineered the DoublePulsar backdoor used by WannaCry, probably in order to avoid detection. Petya is now using its own modified version of this backdoor that we call DoublePulsarV2.0.

To protect against the new Petya threat, a patch for Ms17-10 continues to be the most essential patch since Conficker in 2008, and it seems this will be relevant for years to come. Check Points IPS offers similar protection on DoublePulsar, SMB Touch, CVE-2017-0144 (EternalBlue), and others.

In Part 2 of Brokers in the Shadows, we will explore this new backdoor.


Kernel Analysis:

The DoublePulsar implant found in Petya behaves much like its predecessor, which appeared in WannaCry (and was originally in the Shadow Broker’s dump). Both have a similar flow of execution, with the former having minor implementation differences. The installation of DoublePulsar consists of several stages. Each stage is responsible for obtaining vital information for the subsequent level, until the backdoor is finally set up and ready to accept further commands. The backdoor comes in 2 flavors, 32 and 64 bit, and is able to determine at run-time which version should execute according to the system architecture.

This is an outline of the installation process:

Stage 1 – Obtaining Kernel Export Functions: Before any action can take place, the backdoor must get a basic set of tools to navigate in kernel memory. These come in the form of several functions exported by ntoskrnl.exe, the Windows NT kernel image. The functions used in this case are:

  • ZwQuerySystemInformation– Obtains various system information details, divided into classes of information.
  • ExAllocatePool– Allocates blocks of memory in memory pools, which are the kernel space equivalent of the user mode heap.
  • ExFreePool– Frees any blocks allocated in the aforementioned pools.

To retrieve pointers for these functions, DoublePulsar’s payload begins by getting a pointer to the Processor Control Region or KPCR struct, which is an undocumented data structure in the kernel containing various helpful fields. One example is a field located at offset 4 of the struct, which points to the Interrupt Dispatch Table (IDT). This field is of particular interest for the sole reason that the table it points to resides in the memory of the ntoskrnl.exe image. Furthermore, this table is aligned to the beginning of a memory page, so that once this is reached, the code is able to navigate the memory backwards in page size hops, checking each page to see if it begins with MZ (the PE magic number). Once such a page is found, it is safe to say that the beginning of the ntoskrnl.exe is reached.

Figure 1: Code that locates the ntoskrnl.exe image in memory

After getting a pointer to the ntoskrnl image, the backdoor’s code follows the PE structure to get to the image’s Export Address Table. This table holds the entry points of exported functions within the image, which can be leveraged for execution by any other code. The existing function names are scanned by following the AddressOfNames array of the export directory, hashing each name with a particular algorithm (described later), and comparing the result with an argument hash. The latter represents the requested function name. Once a function name is found, the address of its entry point can be obtained by taking the element with the name’s index from the AddressOfFunctions array of the export directory.

Stage 2 – Obtaining the SMB Driver: At this point, it is possible to use the retrieved functions as primitives for retrieving further helpful information. Namely, ExAllocatePool is used to reserve memory, in which information obtained by ZwQuerySystemInformation will be written. The latter function is invoked with the SystemQueryModuleInformation information class argument, which causes it to return a list of all drivers loaded in the system. This list is scanned by the backdoor’s code, hashing the full path of each driver (with the same aforementioned algorithm) and comparing it to a predefined hash, corresponding to the SMB driver (which is srv.sys).

Stage 3 – Installing a Driver Function Hook: The pointer to the srv.sys driver is used in the final stage of the backdoor installation. The code looks for the .data section of the driver’s image, where a table named SrvTransaction2DispatchTable resides. This table contains pointers for functions that handle a particular type of incoming SMB packets, and has one function of interest named SrvTransactionNotImplemented. This function deals with any malformed packets in which reserved or otherwise unexpected fields (e.g. Timeout , Reserved etc.) are used. This makes these fields particularly useful for passing commands to the backdoor and issuing responses back to the sender, which can be achieved by replacing the function with a designated handler.

However, instead of fully omitting the SrvTransactionNotImplemented function, the backdoor’s code ‘remembers’ its entry in the dispatch table, and replaces it with a pointer to its own function that handles commands passed on the aforementioned packet fields. This handler is written to an allocated memory region, and will be invoked each time a malformed packet is received. When the handler is done running, it calls the original function with any required modifications in the passed arguments, to enable sending customized command responses to the sender.

At this point, it is worth noting that handler found installed in the current instance of Petya varies slightly from the one observed in WannaCry. Particularly, there is a change in the values of the commands it inspects (in Petya’s case: 0xf0, 0xf1 and 0xf2), as well as values passed as responses (0x11 and 0x21). The check for these values in code is depicted in the following figures, and explained in further detail later on.

Figure 2: New command codes found in Petya’s version of DoublePulsar


Figure 3: New response codes found in Petya’s version of DoublePulsar.

The string hash function used throughout the whole backdoor execution is outlined in the following Python code:

This table shows the strings corresponding to the hash values observed in the backdoor’s code:

Finally, this figure summarizes the whole flow of execution described in the above analysis:

Figure 5: Summary of the DoublePulsar backdoor installation stages

SMB Analysis:

Once installed, the DoublePulsarV2.0 backdoor provides a basic communication interface based on the SMB_COM_TRANSACTION2 (0x32) command using the TRANS2_SESSION_SETUP (0x000E) subcommand.

In contrast to the previous version which was used by Wannacry and was part of the Shadow Brokers leak, the DoublePulsarV2.0 backdoor sends the messages over the “Timeout” and “Reserved” fields.
In this case, it allows the backdoor communication to bypass rules and scanners such as the Metasploit and Doublepulsar detectionhigh profile open- sources tools.

The “Timeout” field is used to deliver the command itself in a hardcoded manner (without using any encoding or XOR method) while the “Reserved” field is used to get a positive or negative answer from the backdoor for the requested command.

As written at the “Common Internet File System (CIFS) Protocol”:
“The ‘Reserved’ field is reserved and SHOULD be set to 0x0000.”

This confirms it has indeed been abused.

This leads us to the 3 basic commands as detailed in Figure 2:

“Timeout” field:

  1. 0xf0 (0.240 sec) – Checks if a backdoor is installed.
  2. 0xf1 (0.241 sec) – Uninstalls the backdoor.
  3. 0xf2 (0.242 sec) – Loads DLL or Executes shell code.

And 3 options for answer as seen in Figure 3:

“Reserved” field:

  1. 0x0000– Negative answer.
  2. 0x1100– Positive answer.
  3. 0x2100 – Error message, for illegal command.

Here we demonstrate the backdoor communication flow seen in Petya.

The first step uses the 0xf0 command to check if the backdoor is installed:

It receives the negative answer that indicates that the backdoor isn’t installed.

After it’s installed by leveraging the EternalBlue exploit, the following check using the same 0xf0 command ends with receiving acknowledgement of the installation.


Now, the payload can be sent to the next targeted machine in the same network by using the 0xf2 command:

The response codes also contain error messages for illegal commands, as in this case when we sent the backdoor the illegal command 0xf7demonstrated below:

The illegal request which raises the error message:


Check Point IPS Coverage

The list below outlines the IPS protections released by Check Point and cover the relevant Petya attack vectors.

Check Point IPS Blades provides full protection against all Petya exploits.

 IPS Coverage:

  • Microsoft Windows SMBTouch Scanner
  • Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)
  • Microsoft Windows SMB Information Disclosure (MS17-010: CVE-2017-0147)
  • Microsoft Windows EternalBlue SMB Remote Code Execution
  • Petya Ransomware Lateral Movement Remote Code Execution
  • Microsoft Windows DoublePulsar SMB Remote Code Execution



  • 0

Securing the Cloud, Ward Off Future Storms

Category : Check Point

A recent incident has left the voting records of 198 million Americans exposed. The data included the names, dates of birth, addresses, and phone numbers of voters from both parties. It also included voter’s positions on various political issues and their projected political preference. Although it is not unusual to collect this type of information, it should raise alarm bells that the platform hosting this data was not secured. This is the largest known data exposure in the United States, leaving the sensitive information of millions of Americans unprotected.

When it comes to protecting personal information and sensitive data, extensive measures should be taken to keep the information private and secure, however, that’s easier said than done. The growth and popularity of cloud solutions continues to drive more data beyond traditional IT security protections – into network environments no longer owned, managed or controlled by corporate IT teams. On premise IT security controls do not touch the cloud, leaving customer data at risk from the same types of threats targeting applications in corporate data centers.

While cloud providers deliver strong security controls to protect the cloud fabric, they have no knowledge of “normal” customer traffic and thus are unable to determine malicious content or activity from benign. To fully embrace the cloud, it is essential to understand where the balance of responsibility lies between protecting the cloud infrastructure (incumbent upon the cloud provider) and protecting the data that resides in the cloud (incumbent upon the customer). Security controls must now be shared between cloud providers and anyone using the cloud, thus it’s a common misconception to assume your cloud data is secure in and of itself. To avoid unintentional exposure or leaks of information in the cloud, you should employ the following best practices:

  1. Don’t assume your data is “automagically” protected – it can’t be expressed enough; it’s your responsibility to secure any data you place in the cloud. Cloud services are just like any other IT component which must be managed and secured using policies.
  2. Encrypt everything – the best strategy in the cloud is to use strong encryption for data in transit and at rest; anything less is not worthwhile. When using the cloud, all data and metadata should be encrypted at the edge, before it leaves your premises and makes its way to the cloud. A good rule of thumb is trust no one in the cloud, only yourself.
  3. Establish and enforce strong access control policies – Cloud providers are only responsible for safeguarding the infrastructure and not the customer environment (remember cloud security is a shared responsibility), thus it is up to you to put in place the correct safeguards to prevent unauthorized access.
  4. Avoid default / weak passwords – with so many cracking tools available today, anyone using the cloud should get in the habit of utilizing strong passwords. In particular, it’s wise to use passwords with more than 10 characters, incorporating multiple words and symbols.

With so much information now being virtually stored, we need to actively take the proper measures to protect our data in the cloud. Organizations should ensure cloud security is a top priority, as the RNC exposure is just one example of what could happen to many businesses if they leave their cloud data unprotected. Through diligent management, awareness, proper governance, and regular security updates, we can dramatically improve the security of our cloud-based assets and ward off future storms.


  • 0

vSEC for your AWS Workloads

Category : Check Point

Utilizing the same security management tool across your hybrid cloud architecture can help your organization be more secure and agile. Maximize the strength of your security posture and capacity for innovation in cloud environments with vSEC.

  • 0

Check Point Infinity NGFW Earns NSS “Recommended” Yet Again for Security Effectiveness and Value

Category : Check Point

NSS Labs, Inc. released their results for the 2017 Next Generation Firewall Test, recognizing Check Point Infinity NGFW with “Recommended” rating. This marks our sixth NGFW “Recommended” rating for security effectiveness and value, and the fourteenth NSS “Recommended” rating overall since 2011.

This reinforces the Check Point Infinity goal of delivering the most effective and efficient security to customers across all network segments, with a Security Effectiveness Score of 99.56% in this test.

Key Check Point results from NSS Labs 2017 NGFW report include:

  • 100% protection against recent attacks (2013 – 2016) and against Apple, IBM and Oracle vulnerabilities
  • 99.9% protection against Microsoft and 99.2% protection against Adobe vulnerabilities
  • $18 TCO per Protected-Mbps

Download a copy of the NSS Labs NGFW Test Report and the Security Value Map™ for Next Generation Firewall (NGFW) today to learn how Check Point Infinity continually delivers advanced security protections at exceptional value to keep your businesses protected against any threat, anytime and anywhere.

  • 0

Check Point Infinity NGFW Earns NSS “Recommended” Yet Again for Security Effectiveness and Value

Category : Check Point

NSS Labs, Inc. released their results for the 2017 Next Generation Firewall Test, recognizing Check Point Infinity NGFW with “Recommended” rating. This marks our sixth NGFW “Recommended” rating for security effectiveness and value, and the fourteenth NSS “Recommended” rating overall since 2011.

This reinforces the Check Point Infinity goal of delivering the most effective and efficient security to customers across all network segments, with a Security Effectiveness Score of 99.56% in this test.

Key Check Point results from NSS Labs 2017 NGFW report include:

  • 100% protection against recent attacks (2013 – 2016) and against Apple, IBM and Oracle vulnerabilities
  • 99.9% protection against Microsoft and 99.2% protection against Adobe vulnerabilities
  • $18 TCO per Protected-Mbps

Download a copy of the NSS Labs NGFW Test Report and the Security Value Map™ for Next Generation Firewall (NGFW) today to learn how Check Point Infinity continually delivers advanced security protections at exceptional value to keep your businesses protected against any threat, anytime and anywhere.