Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Check Point Introduces New CPU-Level Threat Prevention 135

An anonymous reader writes: After buying Israeli startup company Hyperwise earlier this year, Check Point Software Technologies (Nasdaq: CHKP) now unveils its newest solution for defeating malware. Their new offering called SandBlast includes CPU-Level Threat Emulation that was developed in Hyperwise which is able to defeat exploits faster and more accurately than any other solution by leveraging CPU deubgging instruction set in Intel Haswell, unlike known anti-exploitation solutions like kBouncer or ROPecker which use older instruction sets and are therefore bypassable. SandBlast also features Threat Extraction — the ability to extract susceptible parts from incoming documents.
This discussion has been archived. No new comments can be posted.

Check Point Introduces New CPU-Level Threat Prevention

Comments Filter:
  • by dreamchaser ( 49529 ) on Wednesday September 02, 2015 @09:07PM (#50448389) Homepage Journal

    I do a lot of Check Point engineering/consulting services and this is one of the more exciting things they've done in awhile. Even though they didn't actually develop it they've done a good job integrating into their firewall suite. It is not a panacea; nothing in security is, but it is good stuff.

    • by Monoman ( 8745 )

      I would rather they buy out a company that has good tech support and services. We have been a CP customer for over a decade and their stuff is great until things go wrong. Dealing with their support/services can be a nightmare at times.

      • Oh I agree. I rarely have to call the TAC but it can be a struggle. That's why a lot of our clients use our support services. I don't work our support desk, I do design/pre-sales/installation/consulting, but the guys who take calls are really good. They rarely have to escalate to the TAC unless it's a bug.

    • by Anonymous Coward

      Take all of this with a grain of salt as I'm an outsider who has never worked for them. This might not be the case with all of their offices. Buuuut....

      To souce talent, Check Point uses some of the lowest quality recruiters I've had the, erm, "pleasure" of meeting. You know, the kind of agencies that hire ex-retail workers with a year of total working experience to screen serious IT folk.

      Entry level people are often paid well under $20 per hour for networking-related labour, while "free lunches" (aka never

  • by Billly Gates ( 198444 ) on Wednesday September 02, 2015 @09:09PM (#50448401) Journal

    I never heard of deubging before and can't seem to find a Wikipedia article on it?

    However, what is stop malware from using this to avoid detection at the cpu level where there is no footprint. It could be used to disable AV endpoint software as well.

    • by AmiMoJo ( 196126 ) on Thursday September 03, 2015 @06:48AM (#50450097) Homepage Journal

      Those instructions are privileged. If normal software tries to execute them it will simply crash (remember those privileged instruction errors when running old software on Windows 95, Mr. Gates?)

      To execute these instructions the code needs to ask the OS to run it at the highest privilege level, normally reserved for the core OS and certain drivers that need to do some tricky hardware stuff. If a virus can get to that level you are screwed anyway.

  • by Quinn_Inuit ( 760445 ) <Quinn_Inuit&yahoo,com> on Wednesday September 02, 2015 @09:36PM (#50448541)

    Is the anonymous reader just quoting a press release? It doesn't seem like there's much analysis or original thought in this "story."

    • by cdrudge ( 68377 )

      It doesn't seem like there's much analysis or original thought in this "story."

      I thought almost every /. post was just the first paragraph of the article. There's summaries that aren't just copy/paste jobs?

      • It doesn't seem like there's much analysis or original thought in this "story."

        I thought almost every /. post was just the first paragraph of the article. There's summaries that aren't just copy/paste jobs?

        Right. PLUS- I haven't seen a comparison to other anti-exploitation methods in any of their PR

      • A fair point. I guess I'm used to it copying the first few paragraphs of an article about the topic, so there's at least some analysis involved. For instance, I thought these two articles from yesterday were much more helpful than a press release-type article like the one in the OP:
        http://tech.slashdot.org/story... [slashdot.org]
        http://developers.slashdot.org... [slashdot.org]

    • It's very informative that they thought to put Checkpoints trading symbol in the advert^H^H^H^H^H article though, now I know where to invest my money - that's the kind of information I come to slashdot to find.

    • Is the anonymous reader just quoting a press release? It doesn't seem like there's much analysis or original thought in this "story."

      I couldn't even get through the summary without choking on the Checkpoint marketing bullshit.

      This might be a good product - might not. What I'm sure of is that it won't fix the underlying problems with the layers of ancient code that they're going to stack it on top of.

  • Interesting (Score:5, Insightful)

    by Tough Love ( 215404 ) on Wednesday September 02, 2015 @09:38PM (#50448547)

    Interesting. It should up the game for threat prevention, however it is a practical certainty that the black hats will learn from this technique in order to develop new and nastier exploits. If they have not already.

  • by Karmashock ( 2415832 ) on Wednesday September 02, 2015 @09:50PM (#50448609)

    You have a white list of acceptable code and instructions and those are the only ones permitted...

    Or you're basically daring the hackers that you're smarter than they are and you have thought of and dealt with any conceivable exploit they could think of or find.

    And guess what... you are not smarter than they are... individually man for man... maybe... collectively? Not even remotely.

    And it gets better because not only are you not smarter than them but you're also not aware of every exploit they're going to use.

    Which means your blacklisting of naughty bits of code will accomplish fuck all.

    You stop this by WHITE LISTing good code and good instructions. And yes yes... the thing that makes some things good or bad is the context... but that is implicit in the concept of white listing isn't it, chum? So there you go.

    You white list.

    Now is the home user douchebag going to white list properly? of fucking course not. Fuck him. He's on his fucking own. Sell him some of your blacklist snake oil. But for the SECURE environments... I'm talking about corporate and government systems that you don't want to be a giant fucking shit show... You whitelist or go fuck yourself.

    Its that simple.

    No no... White list... or:
    https://www.youtube.com/watch?... [youtube.com]

    • by Anonymous Coward
      Dangerous comments - you're going to invoke APK talking like that!
      • I hold the distinction so far as I know of being the only person on this site that has gotten along well with APK... to give you some idea of how crazy you probably think I am.

        He's an interesting guy and unlike most of his detractors he's actually built something that actually works and he actually knows "something". He's abrasive, largely indifferent to the opinions of people he sees as knowing less than him, and some what robotic in his communication style.

        That said... I empathize with that entire persona

        • by KGIII ( 973947 )

          Nah, you're not the only one who gets along with him. I get along with him and I don't even usually use a host file - however, I articulated my reasoning and know the consequences of my actions and make that choice based on security versus convenience. He might be a bit abrasive but I have a handy wheel on my mouse and don't actually care to silence anybody. Also, he knows some surprisingly esoteric stuff. I approached him much like you did. I enjoy poking the strange things - that's how you learn stuff. He

          • Its good to know I'm not alone in this respect. Its always distressing for me to see people ragging on the guy when most of the people doing it are f'ing useless fuckwits.

            If there's anything I decry in the modern era it is that the playing field has been leveled not just between the haves and have nots but also between the competent and incompetent.

            APK is a man on a mission... and he's actually built something pretty cool. To get dog piled by witless nothings is an indignity.

            • by KGIII ( 973947 )

              Who among us is not abrasive when we know we're right? I'd not take his approach but that's probable because I'm a bit lazy and don't tend to care that much. I've noticed that his comments don't get repeated if nobody mods them down - he seems to repeat them because they are no longer visible by default.

    • by CODiNE ( 27417 )

      And whitelisting blocks ROP?

      • How are you introducing the malware into the system? Specifically.

  • by JoeyRox ( 2711699 ) on Wednesday September 02, 2015 @10:12PM (#50448699)
    Electron-level threat protection. It analyzes randomly-moving electrons to decide how best to separate people from their IT budget dollars.
  • by johannesg ( 664142 ) on Thursday September 03, 2015 @02:33AM (#50449433)

    The software Checkpoint makes already prevents any kind of useful work from being done on a machine. Now it takes the logical final step, and just completely stops the CPU from doing anything at all! Our IT department will love it for sure. Anything they can do to slow down actual business processes.

    Seriously. We use Checkpoint at work. On a fast machine with an SSD, compiling takes longer than on machines with a normal harddisk...

    • by Anonymous Coward

      > The software Checkpoint makes already prevents any kind of useful work from being done on a machine.

      So it's taking over from MacAfee Home Edition?

  • An Advert (Score:5, Insightful)

    by Stonefish ( 210962 ) on Thursday September 03, 2015 @03:41AM (#50449607)

    I expect my ads to be off to the side and not the main course on slashdot. What was the price of this post?
    +2 for subtlety......... cocks

    • by nazsco ( 695026 )

      not to mention the fake first post adds to the ad instead of cursing, as usual. can it get more obvious?

Fast, cheap, good: pick two.

Working...