Slashdot Mirror

← Back to Stories (view on slashdot.org)

Check Point Introduces New CPU-Level Threat Prevention

Posted by samzenpus on from the raise-shields dept.

An anonymous reader writes: After buying Israeli startup company Hyperwise earlier this year, Check Point Software Technologies (Nasdaq: CHKP) now unveils its newest solution for defeating malware. Their new offering called SandBlast includes CPU-Level Threat Emulation that was developed in Hyperwise which is able to defeat exploits faster and more accurately than any other solution by leveraging CPU deubgging instruction set in Intel Haswell, unlike known anti-exploitation solutions like kBouncer or ROPecker which use older instruction sets and are therefore bypassable. SandBlast also features Threat Extraction — the ability to extract susceptible parts from incoming documents.

2 of 135 comments (clear)

  1. Excited about what deubging Instructions are by Billly+Gates · · Score: 3, Interesting

    I never heard of deubging before and can't seem to find a Wikipedia article on it?

    However, what is stop malware from using this to avoid detection at the cpu level where there is no footprint. It could be used to disable AV endpoint software as well.

    --
    http://saveie6.com/
  2. White list or you're jerking off by Karmashock · · Score: 2, Interesting

    You have a white list of acceptable code and instructions and those are the only ones permitted...

    Or you're basically daring the hackers that you're smarter than they are and you have thought of and dealt with any conceivable exploit they could think of or find.

    And guess what... you are not smarter than they are... individually man for man... maybe... collectively? Not even remotely.

    And it gets better because not only are you not smarter than them but you're also not aware of every exploit they're going to use.

    Which means your blacklisting of naughty bits of code will accomplish fuck all.

    You stop this by WHITE LISTing good code and good instructions. And yes yes... the thing that makes some things good or bad is the context... but that is implicit in the concept of white listing isn't it, chum? So there you go.

    You white list.

    Now is the home user douchebag going to white list properly? of fucking course not. Fuck him. He's on his fucking own. Sell him some of your blacklist snake oil. But for the SECURE environments... I'm talking about corporate and government systems that you don't want to be a giant fucking shit show... You whitelist or go fuck yourself.

    Its that simple.

    No no... White list... or:
    https://www.youtube.com/watch?...

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.