printer friendly version

AI-based malware detection

Check Point Software Technologies has introduced a new artificial intelligence-based malware detection engine to its SandBlast Network threat prevention solution, to enable faster, more accurate prevention of malicious attacks. The new Malware DNA engine classifies new forms of malware into known malware families, accelerating the ability to identify and block zero-day threats before they can cause any damage.

Malware DNA scans each malware variant that passes through the Check Point SandBlast Network sandbox to find code patterns and behavioural similarities that match existing, known malware families. As the overwhelming majority of malware is built using existing blocks of malicious code, Malware DNA accelerates identification of new, previously undiscovered malware and reduces response times to further strengthen organisations’ security postures.

Malware DNA’s AI and machine-learning processes are supported by intelligence on the millions of malware samples already detected by Check Point’s ThreatCloud. The new engine augments SandBlast Network’s detection, inspection and safe content delivery capabilities to deliver complete protection against the most dangerous zero-day and targeted attacks on enterprise networks.

“For hackers, reusing existing code that is already proven to work saves them time and effort, so the overwhelming majority of malware is created this way. The lines of code that make up malware are the DNA of cyber threats, and the new Malware DNA engine enables the code used in even brand-new malware to be quickly matched to existing families of threats,” said Maya Horowitz, head of threat intelligence research at Check Point. “By quickly tracing the origins of even new, zero-day threats, response times are accelerated even further, reducing the risks to organisations.”

SandBlast Network is a complete network threat prevention solution. It detects evasion-resistant malware to keep organisations’ networks threat-free, and ensures shared content is safe to use throughout your organisation, maximising users’ productivity. SandBlast Network is an integral component of Check Point’s consolidated cybersecurity architecture, Infinity, which protects all facets of modern IT, including the network, endpoints, cloud, and mobile. It uses real-time threat intelligence from Check Point’s ThreatCloud knowledge database to continually monitor for threats across all platforms through a single pane of glass.

NSS Labs, a trusted source for independent, fact-based cybersecurity testing, gave a ‘recommended’ rating to Check Point’s SandBlast solution for detecting 100% of HTTP and email threats, and 100% of malware using sophisticated evasion techniques, while giving zero false positives.

For more information, go to www.checkpoint.com

Share this article:

Further reading: