Industry Leading Protection Against Advanced Threats and Data Theft

Web access is a necessity; we expect to have it everywhere we go. It is also the leading route for the spread of malware and viruses. The combination of the always-on Internet and growing malware sophistication can be dangerous. To prevent widespread infection across the organization, companies need adequate protection in place when employees are using the Internet—in other words, around the clock. The costs to mitigate malware are high, including IT labor, loss of productivity and risk of data theft. Whether through sophisticated, granular controls and filters, threat intelligence monitoring or simple URL filtering, organizations need help from Check Point to keep web-borne threats at bay. Most of today’s attacks are targeted to get something valuable-sensitive personal information, intellectual property, authentication credentials, insider information-and each attack is often multi-faceted with at least two stages-one to get in, one to get valuables out.


Advanced Persistent Threats, Zero-Day, & Targeted Attacks Protection from FireEye:

Web access is a necessity; we expect to have it everywhere we go. It is also the leading route for the spread of malware and viruses. The combination of the always-on Internet and growing malware sophistication can be dangerous. To prevent widespread infection across the organization, companies need adequate protection in place when employees are using the Internet—in other words, around the clock. The costs to mitigate malware are high, including IT labor, loss of productivity and risk of data theft. Whether through sophisticated, granular controls and filters, threat intelligence monitoring or simple URL filtering, organizations need help from Check Point to keep web-borne threats at bay. Most of today’s attacks are targeted to get something valuable-sensitive personal information, intellectual property, authentication credentials, insider information-and each attack is often multi-faceted with at least two stages-one to get in, one to get valuables out.


Advanced Persistent Threats Break Through Traditional Network Security

Heuristic-based protection alone has not proven to be operationally effective. They use rough algorithms to estimate suspicious behavior generating lots of false alerts. While these heuristic techniques have merit, the true positive to false positive ratio (a.k.a. Signal-to-Noise ratio) is too low for a cost-effective ROI. The false positives clutter up security event logs and real-time blocking based on these heuristic alerts is simply not an option. Administrators often “dumb down” available heuristics to catch only the most obvious suspicious behavior. Multi-stage targeted attacks don’t trip this coarse-grained filter.


Advanced Malware & Targeted APT Attacks in the New Threat Landscape

Cyber criminals have figured out how to evade detection by bypassing traditional defenses. Using toolkits to design polymorphic threats that change with every use, move slowly, and exploit zero-day vulnerabilities, the criminals have broken in through the hole left by traditional and next-generation firewalls, IPS, anti-virus and Web gateways. This new generation of organized cybercrime is persistent, capitalizing on organizational data available on social networking sites to create highly targeted ‘phishing’ emails and malware targeted at the types of applications and operating systems (with all their vulnerabilities) typical in particular industries. Once inside, advanced malware, zero-day and targeted APT attacks will hide, replicate, and disable host protections. After it installs, it phones home to its command and control (CnC) server for instructions, which could be to steal data, infect other endpoints, allow reconnaissance, or lie dormant until the attacker is ready to strike. Attacks succeed in this second communication stage because few technologies monitor outbound malware transmissions. Administrators remain unaware of the hole in their networks until the damage is done. APTs can be characterized by the attackers’ quest to gain long-term control of compromised computer systems. Whether attackers use viruses, Trojans, spyware, rootkits, spear phishing, malicious email attachments or drive-by downloads; their malware enables the simple disruption or long-term control of compromised machines. APTs can be nation-state or rogue actors using completely unknown malware or buying access to systems previously compromised with known malware installed through social engineering, spear phishing, or drive-by downloads. The new generation of threats has exposed the need for next-generation protection against advanced threats. Over 95% of companies already have compromised systems within their networks. Why? Advanced malware has eroded the effectiveness of traditional defenses, leaving a hole in the network. Designed to use signatures to block known threats, traditional, and next-generation firewalls, IPS, AV, and gateways do nothing when zero-day, targeted APT malware attacks. To fill this gap in network defenses, a new generation of security protections has emerged, ready to do battle against advanced malware, zero-day, and targeted APT attacks. These next-generation security systems must plug the hole left by firewalls, IPS, AV, and Web gateways by applying advanced, coordinated techniques to identify, confirm and block the activities of next-generation threats.


Designer Malware:
  • Targeted
  • Stealthy
  • Personalized and zero-day

Advanced Malware & Targeted APT Attacks in the New Threat Landscape

Cyber criminals have figured out how to evade detection by bypassing traditional defenses. Using toolkits to design polymorphic threats that change with every use, move slowly, and exploit zero-day vulnerabilities, the criminals have broken in through the hole left by traditional and next-generation firewalls, IPS, anti-virus and Web gateways. This new generation of organized cybercrime is persistent, capitalizing on organizational data available on social networking sites to create highly targeted ‘phishing’ emails and malware targeted at the types of applications and operating systems (with all their vulnerabilities) typical in particular industries. Once inside, advanced malware, zero-day and targeted APT attacks will hide, replicate, and disable host protections. After it installs, it phones home to its command and control (CnC) server for instructions, which could be to steal data, infect other endpoints, allow reconnaissance, or lie dormant until the attacker is ready to strike. Attacks succeed in this second communication stage because few technologies monitor outbound malware transmissions. Administrators remain unaware of the hole in their networks until the damage is done. APTs can be characterized by the attackers’ quest to gain long-term control of compromised computer systems. Whether attackers use viruses, Trojans, spyware, rootkits, spear phishing, malicious email attachments or drive-by downloads; their malware enables the simple disruption or long-term control of compromised machines. APTs can be nation-state or rogue actors using completely unknown malware or buying access to systems previously compromised with known malware installed through social engineering, spear phishing, or drive-by downloads. The new generation of threats has exposed the need for next-generation protection against advanced threats. Over 95% of companies already have compromised systems within their networks. Why? Advanced malware has eroded the effectiveness of traditional defenses, leaving a hole in the network. Designed to use signatures to block known threats, traditional, and next-generation firewalls, IPS, AV, and gateways do nothing when zero-day, targeted APT malware attacks. To fill this gap in network defenses, a new generation of security protections has emerged, ready to do battle against advanced malware, zero-day, and targeted APT attacks. These next-generation security systems must plug the hole left by firewalls, IPS, AV, and Web gateways by applying advanced, coordinated techniques to identify, confirm and block the activities of next-generation threats.


FireEye Defends Against Advanced Persistent Threats for Complete Network Security

  • Dynamic defense to stop targeted, zero-day attacks – Analyze network traffic to identify new and unknown attacks in real time, rather than just comparing bits of code to signatures or shielding known vulnerabilities.
  • Real-time protection to block data exfiltration attempts – Stop outbound callback communications to disrupt compromised systems from being controlled and exploited from the external Command and Control servers.
  • Integrated inbound and outbound filtering across protocols – Take protective action across multiple protocols in both directions of communications, inbound exploits and infections and outbound callback channel communications to malicious Command and Control servers.
  • Accurate, low false positive rates – Confirm malware through comprehensive, automated testing that avoids the flood of false alarms inevitable with crude heuristics
  • Global intelligence on advanced threats to protect the local network – Efficiently distribute newly confirmed malware intelligence, both within a site and across the Internet, to share the latest insight on both inbound attacks and outbound callbacks.

Malware Protection Systems automate these techniques to supplement traditional defenses, adding integrated inbound and outbound protection to combat today’s stealthy Web and email threats. While these traditional security defenses provide a relevant policy enforcement function, they are now outmoded in terms of threat protection. Appliances combine signature-based detections to detect the known with signature-less code execution to reveal the unknown. By linking inbound and outbound protections with dynamically generated malware intelligence exchanged through the Malware Protection Cloud, The solution uniquely short-circuits the multiple stages and subtle communications of next-generation attacks. FireEye – Signature-Less Defenses for Advanced Threat Protection.


Our Web security platform specialization:
  • Fire Eye
  • Websense