Check Point software takes aim at botnets

Check Point Software is coming out with technology designed specifically to fight bots by discovering infections, finding command and control servers and cutting off communications with them.

Anti Bot Software Blade is a program that runs on Check Point gateways that also runs other security applications. The company founder and CEO Gil Schwed says it is a landmark for the company. "This is probably our biggest product announcement ever," he says.

ZOMBIES: Bot army being assembled 

Anti-bot software blade monitors network traffic and discovers machines that get infected and stops bot damage by blocking command and control communications and any attempts to send out stolen data or carry out orders to send spam. The product includes forensics that give reports on the level of the attack, the number of machines hit, and details down to activity of individual machines that have been taken over

The heart of the new software is ThreatSpect, the anti-bot engine that identifies bots and focuses in three areas - detecting command and control computers via IP address, DNS and URL, detecting communications patterns and detecting and blocking what data it is trying to send, Schwed says.

The company claims that Anti Bot Software Blade identified active bots at 100% of test sites. "This is an amazing statistic," Schwed says. A pharmaceutical company found 61 bot infected machines in one department in the first hour the software was running, he says.

The new product is the latest security application available as a blade in Check Point's software-blade architecture, which lets customers pick and choose which security functions it wants running on a single hardware platform. Other blades include firewall, VPN, IPS, identity awareness and application control.

Check Point is also announcing a new family of hardware devices for delivering high-performance deployments of the security software. The new devices sell for about the same price as current Check Point devices but support up to triple the performance. Check Point says it will continue to sell and support the older models.

For example, at the low end, Check Point's UTM-1 130 appliance costs $3,500 and has 1.5Gbps firewall throughput and 1Gbps IPS throughput. The new analogous device Check Point 2200 costs $3,600 and has 3Gbps firewall throughput and 2Gbps IPS throughput.

In another example, data-center appliance Check Point 12200 costs $29,000 has 15Gbps firewall throughput and 8Gbps throughput. It is analogous to the current UTM-1 3070 that costs $27,900, has 4.5Gbps throughput and 4Gbps IPS throughput.

The new appliances are shipping now. Their names and prices are: Check Point 2200 ($3,600); Check Point 4200 ($4,900); Check Point 4600 ($11,000); Check Point 4800 ($21,000); Check Point 12200 ($29,000); Check Point 12400 ($45,000); Check Point 12600 ($59,000),

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags check pointsecurityanti-malware

More about Check Point Software TechnologiesCheck Point Software TechnologiesIPSLAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts