Slashdot Mirror

← Back to Stories (view on slashdot.org)

Check Point Introduces New CPU-Level Threat Prevention

Posted by samzenpus on from the raise-shields dept.

An anonymous reader writes: After buying Israeli startup company Hyperwise earlier this year, Check Point Software Technologies (Nasdaq: CHKP) now unveils its newest solution for defeating malware. Their new offering called SandBlast includes CPU-Level Threat Emulation that was developed in Hyperwise which is able to defeat exploits faster and more accurately than any other solution by leveraging CPU deubgging instruction set in Intel Haswell, unlike known anti-exploitation solutions like kBouncer or ROPecker which use older instruction sets and are therefore bypassable. SandBlast also features Threat Extraction — the ability to extract susceptible parts from incoming documents.

8 of 135 comments (clear)

  1. It seems to work, too by dreamchaser · · Score: 4, Insightful

    I do a lot of Check Point engineering/consulting services and this is one of the more exciting things they've done in awhile. Even though they didn't actually develop it they've done a good job integrating into their firewall suite. It is not a panacea; nothing in security is, but it is good stuff.

  2. Excited about what deubging Instructions are by Billly+Gates · · Score: 3, Interesting

    I never heard of deubging before and can't seem to find a Wikipedia article on it?

    However, what is stop malware from using this to avoid detection at the cpu level where there is no footprint. It could be used to disable AV endpoint software as well.

    --
    http://saveie6.com/
    1. Re:Excited about what deubging Instructions are by AmiMoJo · · Score: 3, Informative

      Those instructions are privileged. If normal software tries to execute them it will simply crash (remember those privileged instruction errors when running old software on Windows 95, Mr. Gates?)

      To execute these instructions the code needs to ask the OS to run it at the highest privilege level, normally reserved for the core OS and certain drivers that need to do some tricky hardware stuff. If a virus can get to that level you are screwed anyway.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Article or press release? by Quinn_Inuit · · Score: 4, Insightful

    Is the anonymous reader just quoting a press release? It doesn't seem like there's much analysis or original thought in this "story."

    --

    Stop learning! Only you can prevent esoterrorism.
  4. Interesting by Tough+Love · · Score: 4, Insightful

    Interesting. It should up the game for threat prevention, however it is a practical certainty that the black hats will learn from this technique in order to develop new and nastier exploits. If they have not already.

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  5. I'm working on something even better by JoeyRox · · Score: 4, Insightful

    Electron-level threat protection. It analyzes randomly-moving electrons to decide how best to separate people from their IT budget dollars.

  6. The final straw by johannesg · · Score: 4, Funny

    The software Checkpoint makes already prevents any kind of useful work from being done on a machine. Now it takes the logical final step, and just completely stops the CPU from doing anything at all! Our IT department will love it for sure. Anything they can do to slow down actual business processes.

    Seriously. We use Checkpoint at work. On a fast machine with an SSD, compiling takes longer than on machines with a normal harddisk...

  7. An Advert by Stonefish · · Score: 4, Insightful

    I expect my ads to be off to the side and not the main course on slashdot. What was the price of this post?
    +2 for subtlety......... cocks