Check Point Advances ThreatCloud for Zero-Day Security

Check Point expands Software Blade Architecture with new sandboxing, content inspection and compliance technologies.

Check Point Software Technologies is updating its Software Blade Architecture for network security services with the R77 release today. The R77 release provides new threat emulation capabilities that are intended to help limit the risk of zero-day exploits.

The Software Blade Architecture is Check Point's platform for delivering multiple "blades" of security capabilities, including firewall, virtual private network (VPN) and intrusion prevention system (IPS). With the R77 update, Check Point is adding the new ThreatCloud Emulation Service to the mix, expanding the company's existing ThreatCloud services for the Software Blade Architecture.

Check Point first began talking about its ThreatCloud in 2012. Fred Kost, head of product marketing for Check Point, explained to eWEEK that the initial ThreatCloud announcement was about the cloud delivery of a threat database. Some of Check Point's products are both feeding into and using the ThreatCloud data.

"With R77, we’re announcing the ThreatCloud Emulation Service where we're doing sandbox analysis in the cloud to stop zero-day and unknown attacks," Kost said.

The ThreatCloud Emulation Service is a stand-alone subscription to send files to Check Point's sandbox service in the cloud, according to Kost. The basic idea behind a security sandbox is to provide a secure facility in which malware can be safely analyzed. Instead of getting free rein over a potentially vulnerable enterprise network, the sandbox limits the ability of malware to do any real harm, while enabling researchers to examine and understand the malware's goals.

In addition to the emulation service, another aspect of ThreatCloud going live today is ThreatCloud Central, which is Check Point's portal with which customers gain visibility into the latest threat research.


As part of the R77 update, Check Point is integrating support for the IF-MAP standard. Interface for Metadata Access Point (IF-MAP) was first proposed as a standard by industry consortium Trusted Computing Group (TCG) back in 2008. The basic idea behind IF-MAP is that it enables the sharing of the security posture from devices on the network. As to why Check Point is integrating IF-MAP now, Kost said that the company now has enough customer demand for it, such that it is worthwhile to include in the R77 release.


Compliance is another key aspect of the R77 update. The release includes an improved Compliance Software Blade, which can help enterprises track their posture for regulatory compliance requirements, including Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS standard is currently at its 2.0 release, with a new 3.0 release set for the end of this year. Kost expects that Check Point will be ready for PCI-DSS 3.0.

"We're continually updating the Compliance Software Blade to adapt to the latest compliance regulations," Kost said. "An update will likely be delivered in time to meet the requirement."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.